Comprehensive Customer Risk Assessment Framework (AML/CFT/CPF)

Our experts have supported leading global regulators in strengthening Customer Risk Assessment frameworks, delivering practical, trusted solutions for financial institutions and DNFBPs

As regulatory expectations rise under the UAE’s enhanced AML/CFT/CPF framework, financial institutions are required to demonstrate accurate, dynamic and behaviour based Customer Risk Assessments (CRA). Kroll helps organisations modernise their CRA models to meet these standards with confidence.

Why CRA Matters

Supervisory reviews across the UAE continue to highlight deficiencies in how institutions score, monitor and update customer risk. Under Federal Decree-Law No. (10) of 2025, licensed financial institutions (LFIs) must adopt a dynamic, behaviour-linked CRA model that updates in real time as customer activities evolve.

A strong CRA framework enables institutions to:

Detect red flags earlier
Strengthen CDD/EDD decision-making
Demonstrate compliance with federal and sector-specific rules
Ensure accurate, auditable and up-to-date customer profiling

Key Customer Risk Factors in the UAE

The UAE’s rapidly evolving financial and trade environment presents distinct ML/TF/PF risk drivers. Financial institutions must ensure their CRA models capture these nuanced and emerging risks across four core categories:

Customer Risk Assessment Framework

The CRA Lifecycle: From Onboarding to Exit

The CRA journey covers multiple steps to identify, evaluate and mitigate customer risks for a robust AML/CFT/PF compliance framework.

Customer Risk Assessment Framework

Key Challenges with the CRA

CRA frameworks in the UAE often face structural gaps that lead to inconsistent or inaccurate customer risk ratings. These issues typically stem from infrequent recalibration, outdated methodologies and limited use of behavioural indicators.

Most models set a risk score at onboarding and rarely update it as customer activity evolves, resulting in ratings that no longer reflect true risk. Key challenges across UAE LFIs include:

Static models with no dynamic risk recalibration
Transactional behaviour not incorporated into the CRA
Country risk ratings are not regularly refreshed
Industry/sector risk not applied at the customer level,
Complex ownership structures not adequately captured
Additional framework level weaknesses

Emerging Risk Areas in the UAE

Virtual Assets and Cryptocurrency

Elevated risk scoring for VA-linked customers
Assessment of unregulated/foreign VASP relationships
Behavioural indicators such as rapid layering

Proliferation Financing (PF)

PF-specific red flags, dual use goods, sanctions lists
Trade-flow vulnerabilities and supply chain assessment

Trade-Based Money Laundering (TBML)

Higher scoring for trade-dependent customers
Enhanced documentation and verification of trade flows

DNFBPs and Professional Services

Inherently elevated ML/TF risk profiles
Deeper UBO checks and stronger SOF/SOW evidence

How Kroll Can Help

Kroll brings extensive global and regional experience, having worked with regulators including the CBUAE, DFSA, ADGM, FCA, HKMA, MAS and Central Bank of Ireland.

We support institutions across all elements of CRA design, enhancement and validation. Our services include:

Connect with Us

Javed Alam

Managing DirectorFinancial Services Compliance and RegulationDubai

Javed Alam javed.alam@kroll.com +971 4449 6718

Harry Fagan

Vice President
Financial Services Compliance and Regulation
Dubai

Harry Fagan

Sidhant Bhatia

Senior Associate
Financial Services Compliance and Regulation
Dubai

Sidhant Bhatia

Stay Ahead with Kroll

Financial Services Compliance and Regulation

In the ever-evolving financial services landscape, Kroll's award-winning team offers comprehensive regulatory and compliance services, guiding clients through registration, licensing, and compliance support to minimize risks and enhance efficiency globally.

Learn more

Middle East Solutions

Kroll’s Financial Services Compliance and Regulation experts help clients build, manage and protect their businesses both in the United Arab Emirates and more broadly in the Middle East.

Learn more

Market Conduct Risk

Conduct risk refers to how well a financial institution ensures fair outcomes for consumers, strengthens market integrity and builds public trust.

Learn more

Operational Resilience

Operational resilience is a priority for UAE regulators, who are actively developing frameworks to ensure financial institutions can withstand disruptions and continue delivering critical services.

Learn more

Let's solve for the future

Yes, I would like to receive periodic event invitations, reports and news from Kroll.

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.

Download the Brochure