Designated non-financial businesses and professions (DNFBPs) are businesses outside the traditional financial sector, including casinos, real estate agents, precious-metals dealers, lawyers, accountants, and trust and company service providers, that global anti-money-laundering standards require to run KYC and AML controls whenever they handle defined high-risk transactions.
The catch for most of these firms is that they never set out to be compliance operations. A jeweller sells gold. A property agency closes deals. A law firm sets up companies for clients. None of them think of themselves as gatekeepers of the financial system, and yet each one sits on exactly the kind of high-value, hard-to-trace flow that money launderers look for. That is why the rules found them.
What Are Designated Non-Financial Businesses and Professions (DNFBPs)?
The financial system has an obvious front door, banks and payment firms, and a set of side doors that move just as much value with far less scrutiny. DNFBPs are those side doors. When a launderer cannot push dirty money through a bank without tripping controls, they buy an apartment, a kilo of gold, or a shell company instead. Designating these businesses closes the gap.
DNFBP Meaning and Full Form
The full form of DNFBP is Designated Non-Financial Businesses and Professions. The word that does the work is “designated”: these businesses are named by the Financial Action Task Force (FATF), the global anti-money-laundering standard-setter, as obligated to apply AML controls even though they are not financial institutions.
The logic is simple. A business becomes a DNFBP not because of what it is, but because of what passes through it. High-value goods, large property transfers, and the machinery of company formation are all effective ways to place and layer illicit funds. Once a sector can be used that way at scale, the standards that already governed banks get extended to it.
The DNFBP List: Sectors in Scope
The DNFBP list is defined by FATF and adopted, with local variation, by countries worldwide. Six categories carry obligations:
- Casinos, when customers conduct financial transactions above a set threshold.
- Real estate agents, when they act for a client buying or selling property.
- Dealers in precious metals and stones (DPMS), such as jewellers and bullion traders, on large cash transactions.
- Lawyers, notaries, and other independent legal professionals, for defined client transactions.
- Accountants, when preparing or carrying out the same categories of client transactions.
- Trust and company service providers (TCSPs), who form and administer legal entities.
Each sector earns its place for a specific reason. A casino converts cash into chips and back into a clean-looking payout. Real estate absorbs large sums in a single transfer and holds value quietly. Precious metals are portable, liquid, and easy to undervalue on paper. Legal and corporate service providers can build the ownership structures that hide the person behind the money. The obligation follows the risk, and for most of these firms the right response is treating AML checks as part of the business, not a bolt-on.
FATF Recommendations 22 and 23: Where the Obligation Comes From
DNFBP duties are not invented by each country from scratch. They trace back to two FATF Recommendations, numbers 22 and 23, which extend the AML rules written for banks onto non-financial businesses. Understanding these two is the difference between guessing at compliance and knowing exactly what is required.
Recommendation 22: CDD and Record-Keeping for DNFBPs
Recommendation 22 takes the customer due diligence and record-keeping obligations that already applied to financial institutions and applies them to DNFBPs in specific situations. In other words, the same identity checks a bank runs on an account holder now attach to a jeweller’s cash buyer and a property agent’s purchaser.
The triggers are activity-based, and this is where the detail matters.
- Casinos must run customer due diligence on transactions at or above a designated threshold of USD/EUR 3,000.
- Dealers in precious metals and stones are pulled in when they engage in a cash transaction at or above USD/EUR 15,000.
- Real estate agents are covered whenever they act in a buy or sell transaction for a client, with no monetary floor.
- Lawyers, notaries, and accountants come into scope when they prepare or carry out defined client transactions, such as managing client money, creating or running companies, or buying and selling business entities.
That difference in triggers changes how each firm configures its controls. A bullion dealer builds a cash-value threshold into the point of sale, so a qualifying transaction forces an identity check before it completes. A real estate agency cannot rely on a value threshold at all, because every mandate to buy or sell trips the obligation, so it verifies the client at the start of the engagement. A law firm keys its controls to the type of instruction, running due diligence the moment a matter involves company formation or the movement of client funds rather than at a fixed rupee or dollar figure. Same standard, three different operating models.
Recommendation 23: Reporting, Tipping-Off, and Internal Controls
Recommendation 23 covers everything beyond the initial identity check. It requires DNFBPs to identify and report suspicious transactions, maintain internal controls and staff training, and pay particular attention to business from higher-risk countries.
In practice this means a DNFBP needs a suspicious-transaction reporting process, not just a onboarding checklist. It also inherits the wider set of measures FATF wrote for financial institutions, covering internal controls, screening of new hires, and the prohibition on tipping off a customer that a report has been filed. There is a carve-out for genuine legal professional privilege, which is why the obligations for lawyers are framed carefully around the type of work rather than every client interaction.
How Countries Implement DNFBP Rules
FATF sets the standard, but it does not police individual businesses. Each country writes the standard into its own law and names a supervisor, which is why the exact wording and thresholds shift between jurisdictions even when the underlying obligation is the same.
India, for example, brings DNFBP-type entities into its anti-money-laundering regime as reporting entities, supervised through the national financial intelligence unit. The European Union runs the obligations through its anti-money-laundering directives, and Gulf jurisdictions use the DNFBP label directly in their regulations. The common thread is that a business in one of the six sectors should assume it is in scope somewhere and check its local rule rather than wait to be told.
DNFBP KYC and Customer Due Diligence: What “In Scope” Actually Requires
Being designated is the easy part to understand. The harder question is operational: once a firm is in scope, what does DNFBP KYC actually involve day to day? The answer is a due-diligence workflow that mirrors what banks do, scaled to the firm’s risk.

Identifying and Verifying the Customer (and the UBO)
At minimum, a DNFBP has to identify its customer and verify that identity from reliable, independent sources before or during the transaction. For an individual, that means capturing a government identity document and confirming the person presenting it is its genuine holder. Automated document verification and a face match handle this in seconds, which matters when the check has to happen at a jewellery counter or a property signing rather than a bank branch.
The part that trips firms up is the entity behind the individual. When the customer is a company, a trust, or a partnership, the obligation extends to identifying the ultimate beneficial owner (UBO), the real person who owns or controls it. This is where non-financial firms feel the weight of the rule most, because they rarely have the tooling banks use to unwind an ownership chain.
“The part of onboarding a corporate client that actually stalls is never capturing the person in front of you. It is proving who sits behind them. A bullion buyer or a property purchaser can pass identity checks cleanly and still be a front for someone you would never knowingly take on. Until a firm can resolve the real owner quickly, its due diligence is only as strong as the shell it is looking at.”
– Vignesh Krishnakumar, CTO, HyperVerge
Risk-Based Approach and Enhanced Due Diligence
Not every customer warrants the same depth, and FATF does not ask for that. A risk-based approach means rating each customer and transaction, then matching the intensity of due diligence to the risk. A repeat retail buyer paying below the threshold sits at one end; a first-time cash purchaser routing a large sum through an offshore structure sits at the other.
The high-risk end triggers enhanced due diligence. That means additional verification, understanding the source of funds, and screening the customer against sanctions lists, politically exposed person lists, and adverse media. PEP screening and sanctions checks are not optional extras here; they are how a DNFBP catches the names that turn an ordinary sale into a reportable event. Studying the common money-laundering typologies that target each sector is what makes that risk rating accurate rather than a guess.
A DNFBP AML Compliance Checklist by Obligation
FATF tells a business what to achieve, not how to run it. In practice, the obligations resolve into two layers a compliance owner can actually configure: the program that has to exist before any customer walks in, and the controls that fire on each transaction.
Program-Level Controls
These are the standing elements of an AML program, the things a supervisor expects to see documented regardless of transaction volume:
- A written AML policy covering the firm’s specific sector risks.
- A named compliance officer or money-laundering reporting officer with real authority.
- A documented business-wide risk assessment, refreshed as the business changes.
- Staff training so front-line employees can recognise and escalate red flags.
- An independent audit or review of the program’s effectiveness.
- Record retention that keeps identity and transaction records available for the required period.
Each item exists to make the firm’s decisions defensible. When a supervisor or an investigator asks why a transaction was allowed, these are the artifacts that answer the question, and their absence is what turns a single lapse into a systemic finding.
Transaction-Level Controls
These controls run every time a customer meets a trigger, turning the program on paper into protection in practice:
- Customer due diligence at onboarding and at each triggering event, not once and forgotten.
- UBO identification for any customer that is a legal entity or arrangement.
- Sanctions, PEP, and adverse-media screening, with re-screening as lists change.
- Transaction monitoring tuned to the sector’s typologies and thresholds.
- Suspicious-transaction reporting, filed without tipping off the customer.
- Threshold-based reporting where local law requires it.
Read together, the two layers are the difference between a business that can show it manages money-laundering risk and one that simply hopes it never sees any. That capability is also what verification technology is built to deliver.
Where Identity Verification and Screening Fit for DNFBPs
Every obligation above resolves to two practical questions: do you know who your customer really is, and do you know whether they are someone you must not deal with. Identity verification answers the first; screening answers the second. Both have to work at the speed and setting a non-financial business actually operates in.
Onboarding Controls: IDV, KYB, and UBO
At onboarding, the control depends on who the customer is. For an individual, document verification plus a face match and a liveness check confirms a real, present person holding a genuine ID. For a corporate customer, the work shifts to Know Your Business (KYB), verifying the entity’s registration and unwinding its ownership to the real people in control.
That split is why a one-size template fails across DNFBP sectors. A jeweller mostly onboards individuals fast at a counter and needs frictionless identity capture. A trust and company service provider onboards entities and lives or dies on ownership resolution, so it needs business verification that can trace a structure. A real estate agency sits in between, handling both individual buyers and corporate vehicles on the same deal.
Ongoing Controls: Screening and Monitoring
Verification at the door is necessary but not sufficient, because a customer who was clean at onboarding can appear on a list tomorrow. Ongoing sanctions screening and periodic re-screening catch that change, and transaction monitoring flags the patterns, such as structured cash purchases sitting just under a threshold, that a single check never would.
Getting this layer right is also the cheapest insurance a DNFBP can buy against the penalties for money laundering, which fall on the business that let the transaction through as readily as on the launderer. The firms that treat screening and monitoring as a live system, rather than a file they update once a year, are the ones that stay out of enforcement headlines.
If your business falls into one of the DNFBP sectors, the practical challenge is running bank-grade due diligence without a bank’s compliance department. HyperVerge helps non-financial firms verify customers, resolve beneficial owners, and screen against sanctions, PEP, and adverse-media lists in a single flow built for counters and closings, not just branches. Talk to our team to see how DNFBP compliance fits your onboarding.
FAQs
What is the full form of DNFBP?
DNFBP stands for designated non-financial businesses and professions. The term refers to businesses outside the financial sector, such as casinos, real estate agents, precious-metals dealers, lawyers, accountants, and trust and company service providers, that anti-money-laundering rules require to perform customer due diligence and report suspicious activity in defined situations.
What are examples of designated non-financial businesses and professions?
The six FATF-designated categories are casinos, real estate agents, dealers in precious metals and stones such as jewellers, independent legal professionals like lawyers and notaries, accountants, and trust and company service providers. Each is covered because its transactions, from property sales to company formation, can be used to launder money.
What is FATF Recommendation 22?
FATF Recommendation 22 extends customer due diligence and record-keeping obligations from financial institutions to DNFBPs. It applies activity-based triggers, including casino transactions above a designated threshold, real estate deals, large cash purchases of precious metals, and defined transactions handled by lawyers, accountants, and company service providers.
Do DNFBPs have to do KYC?
Yes. When a DNFBP performs a triggering activity, it must identify and verify the customer, and identify the beneficial owner if the customer is a legal entity. This is the same core KYC standard banks apply, scaled to the firm’s risk, and it is a legal obligation rather than a voluntary practice.
What is the difference between a financial institution and a DNFBP?
A financial institution, such as a bank, handles money as its core business and is AML-regulated across all its activity. A DNFBP is a non-financial business that becomes AML-obligated only for specific high-risk transactions, like a large cash sale or a property transfer, rather than for everything it does.
