Regulators are no longer treating professional services as a secondary AML concern. In 2024, Abu Dhabi authorities fined 29 DNFBP organisations AED 22.6 million for AML failures — a figure that more than doubled to AED 42 million in H1 2025 alone. Australia passed legislation in December 2024 bringing lawyers and accountants under mandatory AML/CTF obligations for the first time, with a compliance deadline of 1 July 2026.
For law firms, accounting practices, tax advisors, and trust and corporate service providers (TCSPs), the message is clear: AML compliance is no longer a banking sector issue.
• 44% of countries were rated non-compliant on FATF Recommendation 28 (DNFBP supervision) as of 2021 — enforcement is now closing that gap
• Australia’s Tranche 2 reforms impose penalties up to AUD $33 million for non-compliant corporate bodies from 1 July 2026
• Regulators consistently find the same failures: inadequate EDD, weak STR processes, and generic risk methodologies
Under FATF Recommendations 22and 23, professional services firms must implement customer due diligence(CDD), identify ultimate beneficial owners (UBOs), file suspicious transaction reports (STRs), retain records for at least five years, and maintain a written AML programme with annual reviews.
For high-risk clients, Enhanced Due Diligence (EDD) applies — requiring source of funds verification and senior management sign-off. Generic frameworks copied from templates do not satisfy regulators. The risk methodology must reflect the firm’s actual client base, services, and jurisdictions.
A 2024 thematic review by the Abu Dhabi Global Market Registration Authority — covering 202 DNFBPs — found the same gaps repeatedly: weak EDD processes, absent senior management approval for high-risk clients, STR escalation routes that staff didn’t understand, and annual AML reviews that simply hadn’t happened. (ADGM Registration Authority, 2024)
Banks filed over 2.193 million SARs in the United States in 2025 alone. (FinCEN, 2026) DNFBPs contribute a disproportionately small fraction — signalling systematic under-reporting that regulators are now actively targeting.
Most professional services firms don’t have the compliance infrastructure of a bank. Purpose-built platforms address this directly — automating CDD and EDD workflows, running continuous sanctions and PEP screening, and generating audit-ready records of every decision.
Width platform data shows a 65%reduction in compliance backlogs ahead of regulatory inspections for DNFBP clients, and an 80% reduction in manual alert triage. Width’s AI case reviewer assembles evidence, flags risk factors, and prepares STR narratives — with every step logged and explainable. Agents execute; the compliance officer decides and signs off.
What professional services firms are covered as DNFBPs?
Law firms, accounting and audit practices, tax advisors, and trust and corporate service providers (TCSPs) —where work involves handling client funds, forming legal structures, or facilitating asset transfers.
What are the penalties for non-compliance?
Australia’s Tranche 2 regime imposes fines up to AUD $33 million for corporate bodies. In the UAE, DNFBP fines reached AED 42 million in H1 2025 alone. Firms also face reputational damage and loss of professional licences.
Do small firms have the same obligations as large firms?
Yes — obligations apply based on services provided, not firm size. FATF’s risk-based approach allows controls to be scaled proportionally, but core requirements apply regardless.
Enforcement is accelerating. The firms that navigate this well are those with clear, documented, and auditable compliance processes — maintained consistently through technology, not individual effort.
About WIDTH
WIDTH is an AI-native unified compliance platform dedicated to helping global regulated industries complete compliance work in a more efficient, auditable, and scalable way. By integrating intelligent workflows, risk automation, and audit-grade execution capabilities, WIDTH enables institutions to achieve both greater efficiency and greater trust in an evolving regulatory environment.
