What are designated non-financial businesses and professions (DNFBPs)?

Designated non-financial businesses and professions (DNFBPs) include professionals such as lawyers, accountants, and real estate agents, as well as sectors including casinos and precious metals dealers. 

DNFBs are critical to the financial system yet often operate outside traditional financial oversight and pose unique challenges in anti-money laundering and countering the financing of terrorism (AML/CFT) compliance. They function as both service providers and potential gateways for money laundering (ML), due to vulnerabilities in their typically less-regulated environments.

As the perimeter of financial oversight expands in many jurisdictions, DNFBPs have transitioned from mere subjects of enhanced due diligence (EDD) to primary gatekeepers. For these entities, robust compliance is no longer a secondary concern – it is a mandatory pillar of operational integrity in an era where non-financial sectors are held to the same rigorous standards as global banking.

Which industries are most commonly classified as DNFBP?

While the specific sectors subject to oversight can vary by jurisdiction, most national frameworks are built upon a global standard set out by the Financial Action Task Force (FATF). The following industries are typically classified as DNFBPs because they facilitate the high-value transactions or legal structures most vulnerable to exploitation:

• Lawyers and notaries: Specifically, when handling client funds, securities, or the purchase and sale of business entities and real estate.
• Accountants and auditors: External firms providing tax advice or financial auditing, which serve as a verification layer for corporate legitimacy.
• Formation agents and nominee shareholders: Firms that create or manage legal entities, such as trusts or shell companies, which can be used to obscure beneficial ownership.
• Real estate agents: Facilitating the purchase and sale of property, which can be used to integrate large sums of illicit funds into legitimate financial systems.
• High-value dealers
  • Dealers in precious metals and stones (DPMS): Handling transactions with high-value, easily transportable assets that can be used to obscure the origin of funds and transfer value.
  • Dealers in high-value goods (fine art, antiques, luxury cars, yachts):  Engaging in the sale of unique and high-priced items, which can be exploited to launder money due to subjective valuations and the privacy of the markets.

How does the FATF regulate DNFBPs?

The FATF sets out its guidance for the regulation and supervision of DNFBPs primarily in its 40 recommendations, specifically recommendation 28. This recommendation requires jurisdictional authorities to take specific supervisory steps, including:

• Implementing licensing requirements and strictly regulating ownership for casinos.
• Introducing effective monitoring systems to ensure compliance with AML/CFT requirements (risk-based supervision).
• Preventing criminals and their associates from holding a significant or controlling interest in a DNFBP.
• Implementing proportionate and dissuasive sanctions for non-compliance.

Additionally, recommendations 22 and 23 define the specific customer due diligence (CDD) and reporting obligations that these businesses must follow.

In most jurisdictions, DNFBPs are regulated in much the same way as credit and financial institutions (FIs). Some regulators have tailored their AML/CFT regulations to counter the unique ML threats posed by different types of DNFBP.

How do jurisdictions adapt to local risks?

Different jurisdictions tailor their AML/CFT regulations for DNFBPs to address specific local risks. This targeted approach allows countries to focus on the industries and sectors most vulnerable to financial crime within their borders.

Below are key examples of how different regions have tailored their oversight to combat illicit financial activities:

United Arab Emirates (UAE)

The UAE has identified the real estate and precious metals sectors as high-risk for ML and has implemented a robust AML/CFT framework to mitigate these risks. 

The UAE government requires real estate agents, brokers, and DPMSs to register as DNFBPs and adhere to strict AML regulations. These regulations mandate CDD, risk assessments, and the reporting of suspicious transactions to the UAE’s Financial Intelligence Unit (UAEFIU). 

Notably, for dealers in precious metals and stones, AML/CFT obligations are triggered for any single or series of interrelated transactions exceeding AED 55,000. In a move to ensure compliance, the UAE has intensified its enforcement efforts, levying significant fines against non-compliant entities in these sectors.

European Union (EU)

The EU has taken significant steps to address the art market’s vulnerabilities to ML. The 5th Anti-Money Laundering Directive (5AMLD) was the first to bring art dealers, galleries, and auction houses within the scope of AML/CFT regulations.

The art market has historically been characterized by anonymity and high-value cash transactions, making it an attractive channel for illicit funds. 5AMLD specifies that “persons trading or acting as intermediaries in the trade of works of art,” including art galleries and auction houses, must implement a risk-based AML program for any transaction or series of linked transactions valued at €10,000 or more.

Art market participants are obligated to conduct the following compliance checks:

• CDD
• Know-your-customer (KYC)
• Disclosure of ultimate beneficial owners (UBOs) of transactions. 

The subsequent 6th Anti-Money Laundering Directive (6AMLD) further strengthens this framework by harmonizing the definition of ML across member states, expanding the list of predicate offenses, and increasing penalties.

Australia

Australia’s Tranche 2 reforms significantly expand the country’s AML/CFT regime to include “gatekeeper” professions such as lawyers, accountants, and real estate agents. 

A unique challenge in implementing these reforms has been navigating the interaction between submitting suspicious matter reports (SMRs) and maintaining legal professional privilege (LPP). The latter is a principle that protects confidential communications between lawyers and their clients.  

The Australian government has affirmed that LPP will be preserved and lawyers will not be compelled to disclose privileged information. Nevertheless, the new rules will introduce significant obligations. Legal professionals will be required to conduct CDD and report SMRs to the Australian Transaction Reports and Analysis Centre (AUSTRAC), the national financial intelligence agency. 

This creates a delicate balance for legal practitioners who must comply with their new reporting obligations without breaching their fundamental duties of confidentiality to their clients.

Singapore

Recognizing the high risk of ML associated with the precious stones and metals (PSM) sector, Singapore enacted the Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing, and Proliferation Financing) Act in 2019.  

This legislation establishes a comprehensive regulatory regime for dealers in this sector, who are considered attractive targets for criminals due to the high value and portability of their goods. 

Under this act, DPMS dealers are required to register with the Ministry of Law, conduct CDD, maintain transaction records, and report any suspicious activities. 

The framework also includes a tiered registration system with different requirements based on the value of the products being sold, demonstrating a nuanced, risk-based approach to regulation.

The State of Financial Crime 2026

What do 600 global industry leaders have to say about the state of financial crime in 2026? To stay ahead of the curve and understand the specific trends impacting your sector and region, download the full report today.

Download now

What DNFBPs pose a higher AML compliance risk?

While all DNFBPs face regulatory pressure, authorities prioritize certain industries due to their high transaction volumes and inherent vulnerability to layering illicit funds. These include: 

1. Casinos

Casinos are uniquely high-risk because they act as high-speed financial conduits. Criminals often attempt to “clean” cash by converting it into gaming instruments (chips or digital credits) and then “cashing out” to create a seemingly legitimate trail of winnings.

For example, in June 2024, the Federal Court ordered a large entertainment destination to pay a $67 million AUD penalty for serious and systemic non-compliance with AML/CFT laws. The failures identified by AUSTRAC include:

1. High-risk customer failures: Allowing customers to move millions of dollars through the casino without source-of-funds checks.
2. Governance gaps: Failing to maintain an appropriate framework for board and senior management oversight.
3. Ongoing unsuitability: In August 2024, the ‘Bell Two’ inquiry found that a rival operator remained unsuitable to hold a casino license and was fined $15 million USD due to persistent governance and cultural failings, despite previous enforcement actions.

2. Precious metals and stones

DPMSs are prime targets for ML because they deal in high-value, easily portable, and highly liquid assets. These characteristics enable criminals to convert large volumes of illicit cash into “untraceable” wealth, allowing them to move the funds across borders with ease.

The primary risk in this sector is supply chain opacity, where the true origin of a metal or stone is obscured through smelting or re-cutting, allowing “blood gold” or conflict diamonds to enter the legal market.

Recent investigations have highlighted how geopolitical actors exploit weak DPMS oversight to fund global conflicts.

1. The “blood gold” pipeline: Reports from 2024 and 2025 reveal that the Russian Wagner Group (and its successors) generated over $2.5 billion USD from illicit trade in African gold to fund military operations in Ukraine.
2. The laundering process: Operating in the Central African Republic (CAR), Mali, and Sudan, these groups seize control of artisanal mines. The gold is smuggled to transit hubs, where it is sold to complicit or negligent DPMS entities and refineries.
3. Obscuring origins: By remelting the gold and mixing it with legitimate stocks, these refineries strip away its conflict history, successfully integrating looted resources into the global financial system.

Despite these high-stakes risks, the regulatory floor for DPMS remains lower than in other sectors. Under current FATF standards, many DPMS are only required to apply full AML/CFT measures to cash payments of $15,000 USD or more. Criminals frequently split transactions to stay just below this limit.

Furthermore, the FATF does not strictly define “precious metals and stones,” leaving it to individual countries. This creates regulatory havens where certain high-value assets (like specific rare gems or industrial-grade metals) may fall through the cracks of national legislation.

3. Real estate

The real estate sector is a key industry for ML, providing a stable environment where criminals can integrate massive amounts of illicit capital into the legitimate economy. Unlike the casino or DPMS sectors, this is accomplished through one single, high-value transaction. Illegal actors frequently rely on complex, opaque ownership structures and shell companies to conceal the true beneficiary of the property, detaching the asset from its criminal origins.

In Australia, AUSTRAC’s 2024 National Risk Assessment underscored the urgency of reforming DNFBPs’ AML/CFT compliance, identifying the real estate market as a persistent ML channel due to its high value and opaque legal structures for holding assets. The assessment noted that domestic and transnational criminal groups continue to exploit the sector to park illicit wealth, with the Australian Federal Police (AFP) successfully restraining over $940 million AUD in criminal assets, much of it real estate, between 2019 and 2023.

What are the key AML/CFT compliance obligations for DNFBPs?

The key AML/CFT compliance obligations for DNFBPs are regional and sector-specific, tailored to local risks. The FATF provides a framework for businesses it considers DNFBPs, along with recommended actions, and it is up to individual jurisdictions to enshrine these recommendations in national law. 

To remain compliant, it is best practice for DNFBPs to adopt a risk-based approach, tailoring controls to the specific risks posed by their clients and services. This involves implementing a robust compliance program that includes appointing a dedicated AML/CFT compliance officer at the management level to oversee the program and serve as the liaison with regulators. 

To maintain comprehensive compliance, DNFBPs should focus on three core areas:

1. Identification requirements for clients

CDD is the cornerstone of DNFBP obligations. Businesses cannot simply accept a client at face value; they must verify exactly who they are dealing with before providing a designated service and ensure proper record-keeping of transaction records.

The identification process is comprehensive and includes:

• Initial CDD: Verifying the identity of the customer and any authorized representatives.
• UBOs: Looking beyond the corporate structure, including complex ownership structures, to identify the actual individuals who own or control the funds.
• Politically exposed person (PEP) and relatives and close associates (RCAs): Checking if a client is a PEP, or if they are an RCA, which includes family members such as spouses, children, siblings, and close professional/personal associates who may influence or be influenced by a PEP’s illicit financial activity.
• Sanctions screening: Checking if a customer is subject to international sanctions.
• Ongoing monitoring: Continuously monitoring client behavior and transactions to ensure they match the expected risk profile.

2. Record-keeping requirements

Record-keeping is not just an administrative task; it is a legal defense. DNFBPs should maintain accurate records of all customer identification checks, risk assessments, and transactions, including details for their registered office.

3. Reporting requirements

A critical component of the AML/CFT framework is the obligation to report financial crime risks to authorities. DNFBPs must have clear, documented procedures for identifying and submitting suspicious activity reports (SARs) in accordance with FATF recommendations.

It is recommended that staff are trained to spot red flags and understand how to escalate them. If an employee suspects that a transaction involves high-value proceeds of crime or is linked to terrorism financing (TF), the business is required to report this. This reporting mechanism relies heavily on the AML/CFT compliance officer, who is responsible for ensuring these reports are submitted correctly and on time.

What are examples of regional challenges?

Just as DNFBP obligations are regional and sector-specific, so too are the specific compliance challenges. Illicit actors systematically target and exploit loopholes across jurisdictions, probing for the weakest links in regional frameworks, and create new challenges. This strategic exploitation of regulatory gaps is how legitimate business structures are transformed into conduits for financial crime.

Below is a breakdown of significant DNFBP challenges by region:

Australia

As of late 2025, the estimated cost of organized crime in Australia has reached over $82.3 billion AUD per year. The introduction of the new Tranche 2 reforms, via the AML/CFT Amendment Act, will help close critical gaps of exploitation in the financial ecosystem by extending regulations to DNFBPs, including lawyers, accountants, and real estate agents. 

After unsuccessfully passing DNFBP AML legislation in 2008 due to the financial crisis, a 2015 FATF mutual evaluation report (MER) highlighted the need for new reforms. It stated:

“Most designated non-financial business and profession sectors are not subject to AML/CFT requirements, and did not demonstrate an adequate understanding of their ML/TF risks or have measures to mitigate them effectively. This includes real estate agents and lawyers, both of which have been identified to be of high ML risk in Australia’s National Threat Assessment.”

Anti-money laundering and counter-terrorist financing measures, FATF

Known vulnerable loopholes exploited are:

• Laundering through real estate: Criminals are purchasing high-value property using “dirty” cash or complex loans to integrate illicit funds into the legitimate economy.
• Misuse of professional trust accounts: Exploiting the lack of oversight on lawyer and accountant trust accounts to move funds across borders without triggering SMRs
• Opaque ownership structures: Hiding beneficial ownership behind shell companies and complex corporate structures that real estate agents and lawyers were previously not required to investigate.
• High-value cash transactions: Dealers in precious metals and stones are accepting large cash payments without the due diligence checks required of FIs.

As of early 2026, the Tranche 2 reforms are set to take effect on July 1. To combat DNFBP exploitation, the reforms will require businesses to:

• Enroll with the AUSTRAC: Register as a reporting entity within 28 days of providing a designated service (mandatory by July 2026).
• Conduct CDD: Implement mandatory identity verification checks for all clients, including identifying UBOs and screening for PEPs.
• Appoint a compliance officer: Designate a senior-level individual to oversee the AML/CFT program and serve as the liaison with regulators.
• Submit SMRs: Monitor for and report any suspicious behavior or transactions to AUSTRAC within statutory timeframes (e.g., 24 hours for TF suspicions)
• Maintain records: Keep detailed records of all transactions, risk assessments, and customer identification for at least seven years.

Mexico

Mexico’s DNFBP AML/CFT compliance framework, known legally as ‘vulnerable activities’ (Actividades Vulnerables), has historically been supervised by the Tax Administration Service (SAT) rather than by standard financial regulators. This has created regulatory gaps compared to global FATF standards, making Mexico’s DNFBP economy more susceptible to the integration of illicit proceeds.

While the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin (LFPIORPI) established initial baselines, the unique ‘dual-threshold’ system often allowed high-risk activities to go unreported. Recent legislative moves have sought to close these gaps, particularly regarding beneficial ownership transparency and the real estate sector.

Known vulnerable loopholes exploited are:

• Laundering through real estate: Developers and agents facilitating property transactions that fall below reporting thresholds or fail to identify the true funding source.
• Misuse of professional services: Lawyers and accountants managing client assets or accounts without the same stringent oversight applied to FIs.
• Complex corporate structures: The use of notaries and public brokers to attest transfers of rights or incorporations that obscure the ultimate beneficial owners of legal entities.
• High-value trade and assets: Dealers in precious metals, art, and armored vehicles accepting payments that bypass standard banking controls.

As of July 2025, significant reforms to the LFPIORPI have tightened the compliance framework, aligning Mexico more closely with international standards.

This will now require businesses to:

• Register with the SAT: Obligatory enrollment for any entity performing a defined ‘vulnerable activity’ immediately upon engaging in those operations.
• Identify beneficial owners: Apply a stricter definition of ‘controlling beneficiary’ to identify any individual with effective control.
• Conduct mandatory audits: Perform annual internal or external AML audits tailored to the entity’s specific risk profile.
• File regulatory notices (Avisos): Adhere to the dual-threshold system by identifying clients at the initial threshold and filing direct notices to Mexico’s Financial Intelligence Unit (UIF) when amounts exceed the reporting limit.
• Implement automated monitoring: Deploy automated systems to detect unusual transaction patterns and report suspicious activity within 24 hours, regardless of the transaction amount.

What is the role of AML software in DNFBP compliance?

Automated AML software is crucial for effectively identifying potential risks in less-regulated sectors and supporting comprehensive DNFBP compliance. Software solutions that incorporate advanced artificial intelligence (AI) are seeing widespread adoption, as they facilitate the detection of unusual patterns indicative of illicit activity with greater certainty and speed.

These technologies can offer:

• Automated CDD: Advanced software can instantly verify identities and screen clients against global watchlists during onboarding. This reduces friction for legitimate clients while flagging high-risk individuals immediately.
• Real-time screening (PEPs and sanctions): Real-time screening monitors PEP and sanctions lists in real-time, alerting you immediately if a client’s status changes after onboarding; something a manual check at day one would miss.
• Intelligent transaction monitoring (TM): In sectors such as real estate and high-value dealers, identifying complex ML typologies is difficult. AI-driven software analyzes transaction behaviors to detect anomalies (such as structuring or unusual payment sources) that human reviewers might overlook.
• Adverse media detection: Sophisticated AI and ML tools scour global news sources to identify negative news associated with a client, providing early warning signs of reputational risk or involvement in financial crime.
• Audit-ready record-keeping: AML software automatically creates an immutable, digitally recorded trail of every check, alert, and decision, ensuring you are always audit-ready without the paperwork burden.