In many jurisdictions, DPMS are not required to comply with requirements related to identification of customers and reporting suspicious activities. In other jurisdictions, these requirements are nominally in place, but DPMS are not subject to effective supervision and enforcement. Even in a jurisdiction that imposes and enforces such requirements, they frequently apply only to DPMS that engage in cash transactions above a certain value threshold. Where DPMS are unregulated or under-regulated, they are unlikely to be taking effective measures to protect themselves from abuse.

In contrast, an effective AML/CFT framework and supervisory regime for DPMS can protect DPMS and LFIs that serve them by effectively imposing AML/CFT requirements and by detecting, deterring, and prosecuting ML/TF crimes. It is important to note that, like LFIs, certain DPMS in the UAE are required to comply with all requirements of AML-CFT Decision, including the requirement to perform Customer Due Diligence (CDD) and report suspicious transactions (see section 2.1.4).