FIU | FAQs

The goAML system provides users with the Forgot Password button next to Log In button.

Click Forgot Password button.
The Reset Password Request window populates, enter User Name > Email > Submit

The registered email address will then receive an email with a link redirecting to the goAML portal where the Reset Password Request page will open.

After entering all the required details, the new password will be set.

In order to update an organization’s details, the user must follow these steps:

Step 1: The user should login to the FIU’s portal using the user login credentials they acquired during the registration process
Step 2: Once the user has logged in, he/she should go to the My goAML menu, then click on the My Org Details menu item
Step 3: The user should then update entity details like the name, Incorporation number, acronym, commercial name, business activity, email, website, contact person, telephone number, address of the institution, etc.

Once the request has been submitted, the Supervisory Body will verify this information and upon approval, the system will send an automated confirmation email to the organization.

Yes. Delegation is possible on the goAML system. The registered reporting entity may delegate reporting function to a third party. However, it is recommended that the delegated party should create an account on the FIU’s goAML platform (using the ‘Register as an Organization’ option) before receiving delegation of reporting responsibilities on behalf of an organization.

After logging on to the goAML portal, the MLRO should navigate to the Admin menu and Select Active Organizations from the drop-down menu. Kindly note that this feature is only available to the admin user of the organization i.e. the MRLO.

The Active Organizations page will be displayed, in which the user will need to click the Change Selected Delegating Organization. Kindly note that the delegated party should be registered and approved on the goAML platform by the Supervisory Body before proceeding with this step. Please refer to the registration guide for details on how to register on the system as a new organization.

A Registering Organization form will then expand, in which the user will be required to specify the desired delegated party by selecting the Change Delegation checkbox.

The Change Delegation dialogue box will then populate, in which the user will be required to click OK.

Subsequently, the user should specify the Organization ID associated with the delegate party on the goAML system.

Once the request is submitted, it should then be approved by the Supervisory Body before the delegation function is enabled.

goAML users can change their user details when required by navigating to the My goAML menu and selecting My User Details.

A registering person window will then expand; details on how to fill it out are available in the goAML Registration Guide. After submitting the request, the user should await approval from the admin user (MLRO) of the organization or if the MLRO has submitted the changes then the Supervisory Body will carry out the approval.

The respective regulator / Supervisory Body will be approving their regulated entities registrations and any changes related to its details or its MLRO’s details.

The MLRO may submit additional information pertaining to an existing report by submitting a relevant ‘AIF’ (Additional Information File) or AIFT (Additional Information File with Transactions) if the additional transactions need to be reported.

The MLRO must quote the original report reference number by referencing the report’s web reference number in the FIU reference field as shown below.

An Organization is required to select the Register as an Organization option when registering on the goAML system for the first time. Once the Supervisory Body approves the request, the reporting entity may subsequently allow internal users within the organization to register on the system by selecting the Register as a Person option.

Yes. All reports can be printed before submission. The user will have to click the preview button before submitting the report then click the printer icon to print the report as shown in the below figures.

The goAML Message Board is the internal means of communication between the FIU and goAML users. The advantage of such an internal communication channel is that it allows two-way communication between reporting entities and the FIU.

Reporting entities are notified immediately through the Message Board if their reports are accepted or rejected. Similarly, this feature is used in the instance where the FIU requires further information from a reporting entity.

The Message Board is not linked to any specific user but rather the organization as a whole.

The goAML is preconfigured with two roles that are defined in the system for both the organization’s admin user RE Admin (user who registered the organization i.e. MLRO) and the organization’s users RE User (user who registered as a person under the same Org ID). These roles have been designed with several access rights being allowed for each specific subset of users in the system. The reporting entity’s admin user can specify what roles the organization’s users are to assume as shown below:

Navigate to Admin, then click User-Role Management

Click on the desired user within the organization and specify their role.

Should the organization’s admin user consider that the preconfigured user access rights defined are not suitable for their users, and then they may add a new role for their organization as shown below:

Navigate to Admin, then click Role Management

Click on Add a new role for this entity

The system will then allow the organization’s admin to create a new role for their organization, in which they can specify their own access rights for different types of users in the organization.

An “Account” should be chosen when the report involves transactions. A “Person” or an “Entity” should be chosen if no “Account” details are available to the organization.

Examples: For cash deposit transactions, the organization should choose “Bi Party”, from “Person” to “Account”. For cash withdrawal transactions, the organization should choose “Bi Party” from “Account” to “Person”. For remittances, the organization should choose “Bi Party” from “Account” to “Account”.

In case of non-banking/non-MSBs organizations, a “Person” or an “Entity” will be more convenient to use.

Fraud is not a report type on the goAML. However to file a fraud incident, organizations may opt to file a Suspicious Transactions Report or a Suspicious Activity Report depending on the type of fraud incident that the organization is reporting. Additionally the most suitable Reason For Reporting should be chosen to carefully describe the red flags that should be highlighted.

Organizations, who were previously using the STR System, will be provided access to a platform on which they can search and view their historical STRs.

MPLS connection is still required for those organizations who need to access CBSP for Payment Systems i.e. all CBUAE regulated organizations. Other than that, organizations may access the goAML using a normal internet connection through the eservices portal “Secured Access Control Management” (SACM).

As per Section (7) – Article (20) item (3) of the Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation Of Decree Law No. (20) Of 2018 on Anti- Money Laundering and Combating the Financing of Terrorism and Illegal Organizations, “Appropriate arrangements for compliance management for combating the Crime, including appointing a compliance officer” and Section (8) – Article (21) lists down the expected tasks of the Compliance Officer.

No. goAML is a platform to submit suspicious reports only.

5 calendar days.

15 calendar days.

5 calendar days. Hence, please Click Revert, edit the report in the draft mode and resubmit it before the
10 days grace period allowed for resubmission. Otherwise, the organization will need to submit a fresh
report.

4000 characters.

Please check the junk mailbox. If not found there, then the email may have been blocked by your
entity’s mail servers. Please request your IT team to whitelist the system’s email address
webmaster@eservices.centralbank.ae and inform the goAML Support team so it can be resent
via emailing goaml@cbuae.gov.ae

Please register yourself as a Person under the same Org ID. Your request will be assessed by
your regulator and approved or rejected accordingly. Please refer to Section 5.1 of the goAML
Registration Guide – Version 2.0. to understand how to register as a Person.

You can contact your previous employer’s regulator to deactivate your old user on both the
eservices portal (SACM) and goAML so you can use your details to create new profiles under
your new employer.

In the pop up screen, fill in using the username received from
webmaster@eservices.centralbank.ae and the Google authenticator passcode as the password.

OTPs have a 24-hour validity. Please contact goaml@cbuae.gov.ae to request OTPs to be
refreshed.

You need to register as an organization and not as a person. The "register a person button" is
available for additional users only after an organization is active.

You need to revoke their SACM access.

Login to SACM as a Supervisory Body:

Go to Approved Requests:

Select the Entity that needs to be revoked
Click on the Revoke button

Email the goAML Support Team via goaml@cbuae.gov.ae to disable the entity on goAML
Portal

You need to revoke the user SACM access.

Login to SACM as a Supervisory Body:

Go to Approved Requests:

Select the indiviudal that needs to be revoked
Click on the Revoke button

Email the goAML Support Team via goaml@cbuae.gov.ae to disable the user on goAML
Portal

Click on this link to login https://services.cbuae.gov.ae
Navigate to Systems
Click on Production – GOAML Web

You will then see the below pop-up screen; where you need to use the username
received from webmaster@eservices.centralbank.ae and the Google Authenticator
Passcode as the password

You will be directed to the goAML homepage
Click the Login Button

Type in the username and password created at the time of registering on goAML and
click login

Each attachment size should not exceed 5MB. The file name should be short and should not
include any special characters. For report attachments, there is a max capacity of 20MB per
report.

Please send an email to the goAML Support team on goaml@uaefiu.gov.ae to revoke your current request so you can re-register using the correct mobile number.

We suggest that download the Google Authenticator App on the new mobile phone and redo the setup following section 5 of the Pre-Registration Guide found HERE.

Your Supervisory Body approves both request for your organization.

You may follow up with the admin user of your organization who is usually the MLRO. All additional users registering under the same entity are to be approved by the entity’s admin user i.e. the MLRO.

Please check the junk mailbox. If not found there, then the emails may be blocked by your entity’s mail servers. Please request your IT team to whitelist the system’s email address goAML.Workflow@cbuae.gov.ae and inform the goAML Support team.

Please click on browse to select the documents you would like to upload, and then click on upload. You should then see a pop-up message on your screen asking for a confirmation to upload the documents. If you do not see the pop-up then you will need to adjust your web browser setting and enable pop-ups. Otherwise, the documents will not be uploaded on the system.

The MLRO is the registering person for any organization. Hence, he is registered by default once the organization is registered on goAML. This means that no Person registration is required. Person registration is only needed if the organization wishes to register additional users beside the MLRO.

This obligation is applicable to all banking and non-banking financial institutions (FIs) as well as designated non-financial business and professions (DNFBPs).

The obligation for reporting as well as hold the transaction/activity is for cross border transactions through banking or remittance channels. These transactions may include; transactions destined to, originated from or being routed through jurisdictions which are classified as a ‘High-Risk Jurisdiction subject to a Call for Action’ by FATF (list available here).

It also includes any transaction(s) (from/to any country in any currency) where the remitter or the beneficiary is an individual who is associated with a country classified under the aforementioned category by virtue of nationality or residency (including both, residents and non-resident of UAE). The same applies for transactions where any of the parties is an entity, which is associated with such a country by virtue of place of incorporation, or a person of such nationality has a stake or signing authority within that entity.

No, such transactions must be reported to the FIU irrespective of the amount of value being transacted.

The only medium, which is available for filing any kind of report to the FIU, is the goAML Platform while using the commensurate report type. Kindly refer the goAML Web Submission Guide available of the UAE FIU’s website.

As such, the FIU will not accept any filing through emails, hard copies or even through the goAML Message Board in the form of a message.

Such transactions must be reported to the FIU in the form of a High Risk Country Transaction Report - HRC while ensuring all those transactions are duly and accurately populated in the transactions fields of the report. However, if due to the nature of transaction, the reporting entity does not have sufficient details to populate the mandatory transaction(s) fields, they must report the transaction attempt in the form of High Risk Country Activity Report – HRCA while detailing the attributes of the transactions such as amount, account numbers etc. in the available field as text.

This obligation does not apply to currency exchange transactions and domestic transactions for value added services. However, if the transaction is a cross border payment (even for a bill payment), the obligation will be applicable.

The obligation only applies to international or cross border transfers in any currency. As such all other transaction types such as card purchases, card payments, WPS transactions, domestic cheques, domestic utility payments etc. do not fall under the purview of this obligation.

The transactions related to trading will fall under the purview of this obligation if they are cross border in nature. If not, they are exempted.

For example, if a national of a designated high risk country purchases stock through a stock broker in the UAE while remitting funds from outside the UAE or if such a person liquidates his bonds or sell his crypto assets and wants the money to be remitted to an account outside the UAE; such transactions need to be reported.

The transactions must be placed on hold for three working days during which the FIU may respond to the report with an instruction or advice regarding the reported transaction(s). In the meantime, the reporting entity can also perform their due diligence on the transaction(s) as well as the associated parties. In absence of any response from the FIU within the stipulated timeline, the reporting entity can take a call at its own discretion based on their due diligence as to whether to execute or not execute the transaction.

Please send the goAML Support Team on goaml@uaefiu.gov.ae the below information to verify your identity and retrieve your username:

First and last name as registered on goAML
Registered email address
Emirates ID Number
Passport Number
Date of Birth
Org ID
Nationality

Appoint new MLRO/Compliance Officer/Contact Person
Request the regulator's approval via email
New MLRO to register on SACM and obtain the regulator's approval to obtain their own login credentials to the network
New MLRO to register on goAML as a Person under the same Org ID
Inform the goAML Support team (goaml@uaefiu.gov.ae) to deactivate old MLRO and activate the new one based on the regulator’s approval
After initial login, new MLRO needs to change the contact person details under My ORG details on goAML following Q2 above
Regulator should approve these changes on goAML

Register on the eservices portal (SACM) to gain access to the network
Regulator to approve the SACM pre-registration
New user to receive SACM username and security key
New user to download Google Authenticator app on their mobile phone and use the secret key to set up their account
New user to use the received username and the Google Authenticator 6 digit passcode to login to the network and access goAML
New user to register as a Person under the same Org ID
Organization admin user (MLRO) to approve the new user request following the steps depicted in Section 5 of the goAML Registration Guide

Notifications

Accessibility settings

FAQs

Notifications

Accessibility settings

FAQs

1. What do I do if I forgot my password?

2. How Do I update my Organization details? Or, there have been some changes in the organization details (e.g.name/licensed activity/address/contacts). How do I reflect the same on goAML?

3. Is it possible to delegate reporting responsibilities to external parties?

4. How do I delegate reporting to a third party?

5. There have been some changes in my details (e.g. name/ID number/nationality/address/title/occupation/contact). How do I reflect the same on goAML?

6. Who will approve an organization registration?

7. How do I add additional information to an STR/SAR that has been already submitted?

8. There are two registration options on the website. Which one should I select?

9. Can a report be printed before submission?

10. What is the ‘Message Board’?

11. Is the ‘Message Board’ specific to a user or the entire organization?

12. How can I set access rights for users registered under my organization?

13. When should an Account / Person / Entity be chosen?

14. How do I file a fraud related report?

15. Where can reporting entities view the historical data (the previous STR) after deploying the goAML?

16. Do reporting entities still need MPLS connection to file suspicious reports?

17. Will the MLRO be accountable for the reports he submits?

18. Should the goAML be used to submit responses related to Search and Freeze Notices received from the FIU?

19. How long will the processed reports remain the goAML web before they are cleaned?

20. How long will the draft report remain in the draft mode before they are cleaned up from the goAML Web?

21. How long will the rejected reports remain in the goAML web before they are cleaned up?

22. What is the character count/capacity of the “Summary of the Case” field on the web form?

23. I submitted my Pre-registration request and received the SMS OTP; however, I did not receive the email OTP?

24. I am the new Compliance Officer & MLRO for an active entity on goAML, how do I register myself?

25. I switched employers and need to register myself as the new MLRO for my new employer.

26. My mobile number is still associated with my previous employer and I am unable to use this number for pre-registering with my current employer?

27. When I go to https://services.cbuae.gov.ae > AML Production it opens the username and password tab as per below. Once filled, the same login screen pops up again, if I cancel this then it shows the unauthorized Screen.

28. I logged in to the URL provided - https://eservices.centralbank.ae/sacm/getkey.php then entered my email address, email OTP and the SMS OTP. I am getting the below error.

29. My organization ID is not being recognized and I am getting the below error

30. If the organization’s license has been revoked, as a Supervisory Body, what should I do?

31. If the organization’s MLRO has resigned, how can a Supervisory Body deactivate his user profiles on both eservices portal (SACM) and goAML?

32. If we have completed both stages of registration, how do we login to goAML?

33. I’m having trouble uploading documents on the goAML. What should I do?

34. I have registered the wrong mobile number on SACM and I’m not receiving the SMS OTP. What do I do in this case?

35. I have changed my mobile phone and lost my Google Authenticator App. How do I login?

36. Who approves my organization’s pre-registration on SACM and my registration on goAML?

37. I registered as a person under my entity’s Org ID in goAML; however, my request has not been approved yet. Who do I follow up with?

38. I am not receiving email notifications from goAML. What is the issue?

39. My Supervisory Body has rejected my goAML requests a few times for not uploading the required documents, although I have uploaded them while I submitted my request. What is the solution?

40. I am the MLRO of ABC Company. I have registered my organization on goAML; do I need to register myself as a Person under the organization in order to complete the registration process?

41. Which kind of reporting entities is the obligation to report High Risk Countries (HRC) related transactions/activities applicable to?

42. What is the scope of obligation to file HRC/HRCA reports and to which transactions must the three days holding period apply?

43. Does the HRC reporting obligation have any threshold in terms of the amount of the transaction(s)?

44. What is the channel or medium, which the reporting entities must use to file HRC/HRCA reports?

45. Is currency exchange and value added services such as utility bill payments exempted from the HRC reporting obligation?

46. What other transaction types are exempted from the HRC reporting obligation?

47. Is the HRC reporting obligation applicable for transactions related to trading such as stocks, forex, crypto assets, bonds, mutual funds, commodities etc.?

48. What is expected from the reporting entities during and after the three-day holding period for HRC reporting?

49. I forgot my goAML username, how can I retrieve it?

50. What is the process of changing the entity's MLRO/Compliance Officer/Contact Person on goAML?

51. What is the process of adding additional users under the same entity on goAML?