UAE-resident AML compliance · goAML-native

Every filing your FIU expects, traced to the moment it began.

AML Platform runs your whole compliance operation in one place: onboarding, screening, monitoring, cases, and goAML filings, in English and Arabic. Every STR traces back to the alert that raised it, and every XML file is checked against the UAE FIU's own schema before you submit.

Create your org Free to evaluate · English & Arabic · no card required
Transaction
AED 96,400
cash · precious metals
Alert
Structuring
3 transactions near threshold
Case
Investigated
analyst → MLRO decision
Report
STR drafted
case closed with STR
goAML
XSD valid
FIU XSD V2.00 · goAML 5.0.2
Report provenance: every filing starts from a real trigger and carries its evidence with it.
Validated in CI against FIU XSD V2.00 (goAML 5.0.2) 8 report types: STR, SAR, FFR, DPMSR, REAR and more Same-day TFS auto-freeze on list match English + Arabic, full RTL, day one

Regulatory reporting

Built around goAML, not bolted onto it.

The platform ships the UAE FIU's goAML XML schema and checks every filing against it before submission, so rejections happen on your screen instead of at the FIU. There is no freeform drafting; each report is generated from its legal trigger with the evidence already attached.

str_2026_00142.xml Valid against FIU XSD V2.00 (goAML 5.0.2)
<report>
  <report_code>STR</report_code>
  <submission_date>2026-07-11</submission_date>
  <transaction>
    <amount_local>96400</amount_local>
  </transaction>
</report>

Byte-exact XML, validated before you file

A schema-locked serializer generates the XML, and its output is re-checked against the FIU's XSD every time the platform changes.

The pickup queue does the remembering

Close a case with an STR, confirm a freeze, or log a qualifying deal, and the matching report appears in your queue with the trigger and evidence attached.

Every UAE report type

Suspicious-activity, freeze, threshold, and name-match filings all move through the same queue and the same submission steps.

STR suspicious transactionSAR suspicious activityFFR funds freezeDPMSR precious metals & stonesREAR real estatePNMR / CNMRA name-matchAIF / AIFT additional information

Detection & risk

Detection you can tune, scoring you can read.

Six monitoring scenarios check every transaction the moment it lands, with no overnight batch to wait for. Thresholds and windows are yours to tune, and the 12-factor risk model shows its working: every score breaks down into the weights you set.

Single threshold Any single transaction at or above your reporting threshold. default AED 55,000
Linked threshold Related transactions that cross the threshold in aggregate inside a time window. window tunable
Structuring Repeated amounts sitting just under the threshold, the classic smurfing pattern. band 0.8× to 1.0×
Rapid movement Funds in and straight back out, a common layering signal. window tunable
High-risk country Counterparties in FATF-listed jurisdictions, flagged at entry. FATF list
Dormant reactivation A quiet account that suddenly wakes up after months of silence. dormancy 180 days

Risk scoring applies two hard overrides you can't tune away: a confirmed sanctions match or active freeze forces a high rating, and any PEP exposure floors it at medium, as Article 16 requires.

Screening & sanctions

Fail-closed screening with a same-day freeze path.

Customers, UBOs, and counterparties are screened against live sanctions data. If the provider is unreachable, the platform refuses to pretend there were no hits. Ongoing re-screening checks your whole book against current lists, so a new designation doesn't sit waiting for your next review cycle.

New designation
Match on UN / UAE Local List
caught by continuous re-screening
Automatic
Funds frozen instantly
Cabinet Decision 74/2020
Investigation
Case opened
evidence pre-attached
EOCN filing
FFR drafted
ready for submission
The TFS hot path: from designation to a draft freeze report with no manual steps in between.

Fail-closed by design

If the screening provider goes down, you get an explicit error. The platform never records a silent “no hits.”

Adverse media, scored

News screening runs automatically when a PEP hit is confirmed, and every article is scored against a fixed AML risk vocabulary so the relevant ones surface first.

Two-tier review ladder

Analysts disposition hits; the MLRO resolves them. Nobody clears their own alert, and the trail shows who did what.

Governance & evidence

Evidence that holds up under inspection.

When the examiner asks who decided this, when, and on what evidence, the answer is already written down, hash-chained, and impossible to quietly edit.

Tamper-evident audit trail

Every compliance-relevant action is appended to a hash-chained log, and any edit after the fact visibly breaks the chain.

Frozen decision snapshots

Material judgements such as onboarding, EDD approvals, case closures, and exits carry the KYC, UBO, and document state exactly as it stood when the decision was made.

Four-eyes, enforced in code

The approver and the senior-management acknowledger of an EDD or AML exit must be different people, and the platform enforces it rather than leaving it to a checklist.

Tipping-off protection, structurally

STR data lives in a restricted schema that ordinary queries can't reach, and report notifications go only to the MLRO tier.

Entry 4,381
EDD approved
hash 9f2c…a1
Entry 4,382
Case closed
prev 9f2c…a1
Entry 4,383
STR submitted
prev 41d8…c7
Each entry seals the one before it. Verify the whole chain in one click.

Language

English and Arabic, from day one.

Every screen, tutorial, and notification ships in both languages with full right-to-left layout. Arabic-speaking analysts get the same product as everyone else.

Suspicious Transaction Report

Drafted from case #C-2041 · pending MLRO review · valid against goAML schema 5.0.2

تقرير معاملة مشبوهة

تمت صياغته من القضية C-2041 · بانتظار مراجعة مسؤول الإبلاغ · مطابق لمخطط goAML ‏5.0.2

Who it's for

Built for UAE-regulated businesses.

If you file to the UAE FIU through goAML and answer to a supervisor, this was built for your desk.

Dealers in precious metals & stones

DPMSR threshold filings, from the till

Qualifying cash deals surface a draft DPMSR straight from the transaction record, with the amount, counterparty, and screening result already in place.

Real estate brokers & developers

REAR without the spreadsheet

Reportable transactions carry their evidence with them, and buyer and UBO screening runs before the deal is on your book.

Corporate services, exchange & fintech

An MLRO desk that scales

Roles for the whole function, from analyst to deputy MLRO to auditor, with delegation for leave cover and an audit trail the owner can see.

Questions

What compliance officers ask first.

Does this actually generate valid goAML XML?

Yes. The platform ships the UAE FIU's published XSD (bundle V2.00, goAML schema 5.0.2) and validates generated filings against it, both in the product before you submit and in our build pipeline on every change. STR, SAR, FFR, DPMSR, REAR, name-match, and additional-information report types are supported.

Where does our data live?

Your data is UAE-resident, isolated per organization with row-level security in Postgres. STR and report data additionally sits in a restricted schema that ordinary queries can't reach, supporting your tipping-off obligations.

Can we tune the detection rules, or are we stuck with defaults?

Every scenario is configurable: thresholds, time windows, the structuring band, the risk-model weights, and the rating boundaries. Two legal floors are deliberately not tunable: confirmed sanctions matches force a high rating, and PEP exposure floors it at medium.

How does it handle TFS obligations?

Continuous re-screening checks your customer book against current lists. A match on a mandatory list (UN Consolidated or UAE Local Terrorist List) triggers an automatic freeze, opens an investigation case, and drafts the funds-freeze report for EOCN submission the same day.

We're a small team. Do we need a big compliance department to run this?

No. One MLRO and one analyst is a complete setup: the pickup queue tells you what needs filing, the dashboard rail tells you what needs attention first, and bilingual in-app tutorials cover every workflow. Deputy delegation covers leave without handing over the whole function.

What happens if the screening provider goes down?

Screening fails closed. You get an explicit error and the action blocks; the platform will never silently record “no hits” because a provider was unreachable.

Get started

Be ready for the examiner before the examiner is ready for you.

Set up your organization, tune your thresholds, and see the filing pipeline on your own data, in English or Arabic.

AML Platform · UAE-resident AML compliance goAML-native · English & Arabic · tamper-evident by design