The 3 C’s of AML program remediation

Competence, clarity, and collaboration: Turning regulatory expectations into a catalyst for sustainable change 

Following the UAE’s removal from the FATF grey list in February 2024, the regulatory spotlight within the UAE has not dimmed—it has simply shifted. With the 2026 UAE Mutual Evaluation on the horizon, licensed financial institutions (LFIs) must now demonstrate not only compliance, but the effectiveness of their AML frameworks. 

At a recent panel hosted by Grant Thornton UAE, “The 3 C’s of successful AML program remediation”, I had the privilege to moderate and explore with fellow panellists how LFIs can rise to the challenge with strategic intent and operational precision. The discussion brought together regulatory veterans, banking executives, and remediation experts to explore what truly drives success in AML compliance program remediation. The consensus? It’s not just about fixing what’s broken. It’s about building something better—with competence, clarity, and collaboration as the foundational elements.

Competence

Competence begins with understanding the scope and scale of the remediation effort. Institutions must assess their internal capabilities early and honestly. If gaps exist - whether in time, expertise, or bandwidth/budgets - engage external consultants to help augment efforts before the window for flexible support closes. For example, if your “Run the Bank” (RTB) teams are already stretched thin, expecting them to simultaneously “Change the Bank” (CTB) is a recipe for failure. This dual burden often leads to further lapses in both areas.

Equally critical is project management. AML remediation is not a side hustle for the Chief Compliance Officer at an LFI. A dedicated PMO function is essential to coordinate efforts, timelines, and deliverables, and to ensure accountability across departments/functions involved. The PMO should be empowered to make decisions, escalate issues, and maintain momentum throughout the remediation lifecycle to demonstrate progress.

Clarity 

Once a regulatory transmittal letter or enforcement notice is issued, the time for debate is over. Institutions must pivot swiftly from defence to design. This means being transparent and detailed on three fronts: what must be done to address the findings, what does not need to be done (avoiding scope creep is vital) and what you want to achieve. Is this a patchwork or a complete framework redesign or overhaul?

Clarity also extends to timelines. Be ambitious, but not unrealistic. Internal deadlines that require extensions signal poor planning and can erode regulatory confidence in the LFI’s remediation efforts. A well-structured roadmap with milestones, dependencies, and a contingency plan is essential. Institutions should also consider the sequence of remediation activities to avoid bottlenecks and ensure smooth execution.

Collaboration

Collaboration is perhaps the most underappreciated element of successful remediation. AML is not the sole responsibility of compliance. IT, operations, business units, and internal audit all have roles to play. Senior management must set the tone from the top—resolving turf wars, clarifying ownership, and ensuring that AML compliance is embedded across the enterprise.

Leadership visibility is key. Regular steering committee meetings, cross-functional workshops, and transparent communication channels help foster a culture of accountability and shared ownership. Institutions that treat AML remediation as a collective effort are more likely to achieve sustainable outcomes.

To translate these insights into action, here are five practical steps for LFIs preparing for remediation or seeking to future-proof their AML frameworks:

The road to 2026 will be paved with scrutiny, but also with opportunity. Institutions that embrace the 3 C’s—competence, clarity, and collaboration—won’t just survive in the current environment. They’ll emerge stronger, smarter, and more resilient.

Our Grant Thornton UAE Risk & Regulatory Advisory practice helps clients strengthen their Financial Crime Compliance (FCC) Programs. Our services span the full FCC lifecycle, from diagnostics and advisory to implementation and managed services. Our approach is practical, scalable and aligned with regulatory expectations.

This article draws on themes discussed during a recent panel hosted by Grant Thornton UAE. We thank the panellists for their valuable contributions and insights.