Resource Portal
AML

AML Audit Requirements

📅 December 28, 2025 🏢 Bullion

In the UAE, bullion and precious metals businesses are classified as high-risk DNFBPs. As a result, regulators expect these firms to undergo independent AML audits to test the effectiveness of their compliance frameworks.

An AML audit is not a formality. It is a critical control used by regulators to assess whether a bullion business is managing its AML risks effectively.

 

1. What Is an Independent AML Audit?

An independent AML audit is a formal, objective review of a company’s AML policies, procedures, systems, and controls, conducted by:

  • A qualified external audit or compliance firm, or

  • An internal audit function that is independent from day-to-day AML operations

For bullion businesses, independence is essential—self-assessments or informal reviews are not sufficient.

 

2. Why Bullion Businesses Are Expected to Conduct AML Audits

Precious metals dealers face elevated AML risk due to:

  • High-value and cash-based transactions

  • Complex international supply chains

  • Exposure to trade-based money laundering

  • Cross-border customer relationships

Because of these risks, UAE supervisors expect bullion businesses to demonstrate ongoing oversight, not just written policies.

 

3. Is an AML Audit Mandatory in the UAE?

While UAE AML legislation does not always state “annual audit” explicitly, regulatory expectation is clear, especially for high-risk DNFBPs such as bullion dealers.

In practice:

  • Supervisory authorities routinely request audit reports

  • License renewals and inspections often require evidence of an independent review

  • Absence of an AML audit is treated as a compliance weakness

For bullion businesses, regular independent AML audits are effectively mandatory.

 

4. Who Can Perform the AML Audit?

The audit must be conducted by a party that is:

  • Competent in UAE AML regulations

  • Independent from AML implementation and operations

  • Experienced in precious metals or DNFBP compliance

Typical auditors include:

  • External AML consulting firms

  • Audit firms with AML expertise

  • Independent compliance professionals

 

5. What an AML Audit Covers

A proper AML audit for a bullion business typically reviews:

  • Enterprise-wide AML risk assessment

  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

  • Cash transaction controls

  • goAML reporting procedures

  • Sanctions and PEP screening

  • Staff training and awareness

  • Record-keeping and data retention

  • Governance and Compliance Officer effectiveness

The audit tests both documentation and actual practice.

 

6. Frequency of AML Audits

For high-risk sectors like bullion trading, best practice—and regulatory expectation—is:

  • Annual AML audits, or

  • More frequent reviews where transaction volumes or risk exposure are high

Newly licensed bullion businesses may also be expected to undergo an audit within the first year of operations.

 

7. Common Findings in Bullion AML Audits

Regulators frequently identify:

  • Outdated or generic AML policies

  • Weak source-of-funds verification for cash transactions

  • Poor documentation of customer risk ratings

  • Delayed or inadequate goAML reporting

  • Lack of independent oversight

These findings often lead to corrective action plans or penalties.

 

8. What Happens After the Audit

An AML audit should result in:

  • A written audit report

  • Clear findings and risk ratings

  • Practical remediation recommendations

  • Management action plans with timelines

Supervisors may request the report during inspections or licensing reviews.

 

Final Thought

For bullion businesses, an independent AML audit is more than a compliance exercise—it is evidence that the company takes its regulatory obligations seriously.

In the UAE’s high-risk precious metals sector, the absence of an independent AML audit is itself a red flag.