AML infrastructure for UAE & GCC

Built for Arabic naming complexity
global screening tools struggle with

Screen sanctions, PEPs, and high-risk entities across 2.9M+ global records — with corroboration-aware matching, GCC false-positive suppression, and audit-defensible reporting built for UAE regulated businesses.

Book compliance demoView API docs
2.9M+ entities282 data sourcesArabic name intelligenceAudit-grade PDFsEnterprise API
KYCer compliance screening dashboard showing 187 screenings and 773 matches

Live dashboard — KYCer Technologies production environment

Built for regulated sectors
Gold TradersMSBsFintech PlatformsDigital Asset BusinessesPayment ProvidersDNFBPs
2.9M+
Entities across sanctions, PEP & watchlists
282
Global data sources updated daily
195+
Countries and territories
6-layer
Hybrid matching algorithm
Daily
Source snapshot refresh
SHA-256
Report integrity verification

Engine differentiators

Built for naming complexity
western engines miss

Generic AML tools were not designed for Arabic naming conventions, GCC transliteration patterns, or the false-positive density of common Muslim names. KYCer was.

01
Name variant normalisation
Arabic spelling variants resolve to one canonical form before matching.
Mohd
Mohammed
Mohamad
Mohammed
Muhammed
Mohammed
Abdallah
Abdullah
Yousuf
Yousef
Ahmad
Ahmed
02
Corroboration-aware suppression
Common GCC names are not escalated to HIGH without DOB, nationality, alias, or identifier support.
200+ common name dictionary
DOB / nationality / alias scoring
OFAC identifier bypass protection
03
Corporate entity isolation
Corporate entities route through a dedicated path — personal suppression never bleeds into corporate screening.
LLC · DMCC · FZCO · PJSC
Legal suffix stripping
Isolated corporate scoring
04
Deterministic, auditable decisions
Every result includes score breakdown, suppression reason, and immutable decision path.
score_breakdown object
decision_rule_path field
suppression_reason field

Inside the platform

Real product, real workflows

Every feature you need for a defensible AML compliance programme — screening, monitoring, reporting, and API access in one platform.

KYCer screening dashboard
Screening Dashboard
187 screenings, 773 matches — risk breakdown with High, Medium, Low classification
KYCer API key management
API Key Management
Live API keys with usage tracking — 88 screenings, 96 total requests shown
KYCer PDF audit report
PDF Audit Report
SHA-256 checksummed, audit-defensible reports with OFAC match details and compliance officer review section
CONTINUOUS MONITORING
Marjan Bullion LLC
Today 08:14
CLEAR
Ahmed Al Rashidi
Today 07:32
REVIEW REQUIRED
Rexcon DMCC
Yesterday
CLEAR
Abdullah Hassan Khan
Yesterday
POTENTIAL MATCH
Ongoing Monitoring
Daily re-screening alerts with webhook delivery when subject status changes

Security & governance

Built for regulated teams
with strict procurement requirements

Every security control your compliance, legal, and IT teams will ask about — documented and implemented.

Access Control
Role-based access: Owner, Admin, Analyst, Viewer
MFA enforced for Tenant Owner and Compliance Admin
Scoped API keys with rotation and revocation
Per-key rate limiting with quota response headers
Audit Integrity
SHA-256 hash-chained screening records
Tamper-evident immutable audit log
Report verification endpoint with checksum
Engine version + snapshot date on every record
Data Security
TLS 1.2+ encryption in transit (Nginx + Cloudflare)
bcrypt-hashed API keys — plaintext never stored
HMAC-SHA256 signed webhook payloads
Multi-tenant data isolation enforced at application layer
Operational Reliability
Sentry error monitoring with real-time alerts
Health, status, and version endpoints
Celery + Redis async architecture
API traffic monitoring and alerting
Webhook Security
SSRF protection — private IP ranges blocked
DNS rebinding protection at delivery time
Automatic retry with exponential backoff
Dead-letter logging for failed deliveries
Enterprise Governance
Data Processing Agreement available on request
Jurisdiction-neutral data retention language
Subject access and data deletion controls
Multi-tenant organisation isolation enforced

Platform architecture

Production infrastructure,
not a prototype

Hardened production stack with full observability, async processing, and security audit logging.

API key security
bcrypt-hashed. Plaintext never stored. Rotation, revocation, per-key scopes.
Rate limiting
Per-key and per-IP throttling with Retry-After and X-RateLimit headers.
Async bulk screening
Celery + Redis queue for high-volume jobs without blocking API requests.
Webhook delivery
HMAC-SHA256 signed. Auto-retry with backoff. SSRF-protected endpoints.
Immutable audit trail
SHA-256 hash-chained records. Tamper-evident. Verification endpoint.
Monitoring & alerts
Continuous re-screening. Email and webhook alerts on status changes.
Role-based access
4-role model. MFA enforced for privileged roles. Tenant data isolation.
Observability
Sentry tracking, health endpoints, API usage analytics, traffic monitoring.

Developer API

Screen in 3 lines of code

REST API with full JSON explainability. Every response includes classification, score breakdown, suppression reason, and audit metadata.

API key authentication
Per-key rate limits, scopes, rotation, and usage analytics.
Structured explainability
Decision path, algorithm scores, and suppression reasoning in every response.
Bulk async endpoint
Submit CSV/JSON batches. Webhook notification on completion.
HMAC-signed webhooks
Cryptographically signed. Replay protection. Auto-retry with dead-letter logging.
View full API docs
KYCer API keys management showing live key with 88 screenings
bash — requestcopy
curl -X POST \
  "https://api.kycertechnologies.com/api/v1/screen" \
  -H "X-API-Key: kyc_live_dEX..." \
  -H "Content-Type: application/json" \
  -d '{"name":"Vladimir Putin",
       "dob":"1952-10-07",
       "nationality":"RU"}'
json — responsecopy
{
  "match_status": "match",
  "risk_level": "high",
  "classification": "SANCTIONS MATCH CONFIRMED",
  "score": 97.0,
  "corroboration": "dob_exact + nationality",
  "decision_path": "score_threshold",
  "suppression_applied": false,
  "sources": ["OFAC SDN", "EU FSF", "UN"],
  "engine_version": "3.2",
  "snapshot_date": "2026-05-22"
}

Regulatory alignment

Designed to support UAE
compliance obligations

UAE AML enforcement has materially intensified. KYCer provides the audit-ready evidence trail your compliance programme requires.

UAE Federal AML/CFT Law

Primary AML obligation for all DNFBPs including gold traders, bullion dealers, and precious metal refiners.

CBUAE AML Standards

Central Bank guidance on customer due diligence, sanctions screening, and record retention for MSBs.

FATF 40 Recommendations

International AML/CFT standard. Recommendation 6 (targeted financial sanctions) and Recommendation 12 (PEPs).

DMCC AML Guidance

Compliance requirements for DMCC member gold, diamond, and precious metals traders.

OECD Gold Due Diligence

Five-step responsible sourcing framework. Required for traders seeking LBMA alignment.

LBMA Responsible Sourcing

Counterparty screening supports LBMA Good Delivery programme documentation requirements.

KYCer is a screening technology platform. This page does not constitute legal advice. Customers are responsible for their own regulatory compliance obligations under applicable law.

Pricing

Transparent compliance pricing

All plans include access to all 282 data sources. No hidden charges for list updates, PDF reports, or monitoring alerts.

Starter
AED1,500/mo

For gold traders and MSBs beginning their AML compliance programme.

500 screenings per month
All 282 sanctions & PEP sources
Audit-grade PDF reports
Basic API access
3 team members
Book a demo
Most popular
Professional
AED4,000/mo

For established traders with ongoing monitoring and bulk screening needs.

2,500 screenings per month
Ongoing monitoring + alerts
HMAC-signed webhooks
Bulk async screening
News-based adverse media
10 team members + RBAC
Book a demo
Enterprise
Custom

For fintech platforms and institutions requiring API-first integration.

Unlimited screenings
Full API + webhook suite
Data Processing Agreement
Dedicated implementation support
Priority support SLA
Unlimited team members
Contact sales

Common questions

Before you book a demo

Screen counterparties
in minutes, not days

Book a compliance walkthrough tailored for UAE regulated businesses. We'll demonstrate Arabic name handling, audit reports, and API integration against your real use case.

Book compliance demoView API docs
Implementation support includedDPA available on requestEnterprise onboarding