- All Financial Institutions, DNFBPs (like real estate brokers, precious metals dealers, and legal consultants), and Virtual Asset Service Providers operating in the UAE are mandatorily required to register for the GoAML portal.
- The registration process typically takes a few business days after submission, depending on document accuracy and supervisory authority review times.
- No formal certificate is issued after GoAML registration. You’ll receive an email confirmation from UAE FIU with your unique Registration Number.
GoAML registration is one of those things that should take 10 minutes but somehow always turns into a 2-hour struggle. The form looks simple enough. Then you hit submit and get some cryptic error about “invalid organizational structure” or whatever.
I looked into this because our compliance team kept asking me about it. Turns out there are maybe 4-5 specific things that mess people up every single time, and once you know what they are, it’s actually pretty easy.
Here’s what I figured out – I’ll walk you through each step so you can get this done without hassles.
GoAML Registration Happens in Two Stages
Before getting into the steps, it’s important to know that registering on GoAML isn’t a single form you fill out.
It happens in two stages, and both are equally important:
- SACM Registration: This is where you get access credentials for the GoAML portal. Without completing this, you can’t proceed.
- GoAML Portal Registration: This is where you officially register your organization as a reporting entity.
With that said, let’s now see all the steps.
GoAML Registration Process Steps
Each step builds on the previous one, so following this sequence will keep you on track.
Stage 0: Get Your Documents in Order
Before you touch the portal, make sure all your documents are ready. Upload errors and delays usually happen because people miss something or upload the wrong file.
Save your documents as PDFs and merge them into a single file to avoid upload issues. The GoAML registration process varies by business type. Different business types are subject to varying obligations under AML law. Below is a quick breakdown to help you stay on track.
| Entity Type | SACM/goAML Registration Path | Key Documents Required |
| Financial Institutions (FIs) | Reporting Entity | – AML/CFT Compliance Officer authorization letter
– Compliance Officer’s passport, Emirates ID, visa – Trade license |
| VASPs (Virtual Asset Service Providers) | Reporting Entity | – Compliance Officer documents
– Authorization letter – Trade license (must show virtual asset services) |
| DNFBPs (Designated Non-Financial Businesses & Professions) | Reporting Entity | – Compliance Officer documents
– Authorization letter – Trade license (must reflect actual business) |
| Stakeholders | Stakeholder | – Depends on role
– Organizational proof – Role-based documentation |
| Supervisory Bodies | Supervisory Body | – Proof of supervisory role
– Official authority documentation |
Make sure to install Authenticator on your phone. You’ll need it later for generating OTP codes. Now that your documents are ready, it’s time to move to the actual pre-registration step, SACM.
Stage 1: SACM Pre-Registration and Getting Credentials
SACM is the first step where the UAE’s Financial Intelligence Unit (FIU) verifies whether an entity is eligible to enter the GoAML system.
The applications are reviewed by the supervisory body (ADGM, DFSA, SCA, etc.) you’ll choose. If they approve your registration, you’ll get your login credentials, username, and secret key for the GoAML portal. The form itself is straightforward, but getting the details right is important. Small mistakes like using the wrong license number or skipping a required field can cause delays or rejections. So, take your time and make sure all details are filled in correctly.
Here’s how to fill out the SACM form correctly:
- Go to https://services.uaefiu.gov.ae/
- Select “Reporting Entity” as your registration type
- Choose your Supervisory Body
- Enter your license number exactly as on your trade license
- Fill the user details
- Use a valid email and phone number for OTPs
- Upload your merged PDF document
- After uploading, click the “Upload” button again and confirm the pop-up window.
If you skip this confirmation, your file may not be submitted, and your application could be rejected due to “missing documents.”
Once submitted, you’ll receive:
- A Username and Secret Key
- An OTP is valid for 24 hours only
Open the Authenticator app and use the secret key to create an account named “GoAML Portal.” This will generate the six-digit code needed to log in later.
Now that you have access credentials, you’re ready to register your organization on the GoAML portal.
Stage 2: Registering on the GoAML Portal
With your approval in hand, it’s time to complete your organization’s onboarding. You’ll need to log in to the GoAML portal using your SACM username and the six-digit code generated by your Authenticator app.
Once inside, you’ll enter your business details and submit the registration form for FIU review and approval.
After logging in:
- Click on “Register as a New Organization.”
- Select “Reporting Entity” again
- Fill in your business and Compliance Officer details accurately
- Upload additional documents if prompted
You’ll receive an email letting you know if your application was approved or rejected. If approved, you’ll be assigned a unique Registration Number, which identifies your organization within the GoAML system.
If Your GoAML Application Gets Rejected
Getting rejected isn’t the end of the world – it happens more often than you’d think. The supervisory authority reviews your application and will send you an email explaining what went wrong.
Most rejections are document issues. Sometimes, it’s as simple as your browser blocking the upload confirmation pop-up – enable pop-ups for the goAML site and try uploading again. Other times, it’s missing information or the wrong document format. Read the rejection email, fix whatever they flagged, and resubmit. You don’t have to start from scratch.
Staying Compliant After Registration
Getting registered is just the beginning – the real work is ongoing monitoring and reporting.
- Customer verification becomes a daily task – you need to identify who your customers really are, check their backgrounds, and figure out their risk levels before doing business with them.
- Finding the actual people behind companies is trickier than it sounds – corporate structures can hide beneficial owners through multiple layers, and you need to dig through all of it.
- Watching transactions for weird patterns means reviewing volumes, frequencies, and destinations that don’t match normal customer behavior.
- Filing reports on time with accurate information while keeping detailed records for when regulators come knocking
Here, technology can help handle repetitive stuff automatically. Instead of manually checking every customer and transaction, you can use PEP API to screen people against watchlists, trace company ownership chains via UBO API, and even flag suspicious activity patterns before they become compliance headaches.
Signzy’s UAE API stack can handle exactly these verification needs. If you’re looking to automate your compliance processes, book a demo here to see how these tools can fit into your workflow.
FAQ’s
What is a GoAML account?
GoAML is an online system created by the United Nations Office on Drugs and Crime (UNODC). It’s used by Financial Intelligence Units (FIUs) to collect and analyze reports related to financial crimes like money laundering and terrorism financing. You can access it at goaml.unodc.org.
What is the purpose of the GoAML software?
The GoAML portal is used to submit:
- Suspicious Transaction Reports (STRs)
- Suspicious Activity Reports (SARs)
- These reports help regulators spot and track unusual or illegal financial activity.
How to deregister from goAML?
To deregister a user or organization from the GoAML system in the UAE:
- Log in to the GoAML portal as an admin.
- Go to the Active Users or Active Organizations section.
- Select the user or entity you want to remove.
- Click Revoke, Deactivate, or Delete as applicable.
- Confirm the action.
- Revoke access from the SACM portal as well since GoAML and SACM are linked.
- Email goaml@uaefiu.gov.ae to confirm that the deactivation is complete.
Note: If you’re replacing a Compliance Officer (MLRO), the old user must be deactivated
What reports do I need to file through GoAML?
Main reports include Suspicious Transaction Reports (STR), Suspicious Activity Reports (SAR), and other specific reports based on your business type and transactions.
