• Nasdaq Governance Solutions
  • TItanium Escrow - LeaderBoard
March 15, 2026
Subscribe Now
Practice Directory
LN BUTTON
New Membership

Operationalising the new UAE AML Law

The new regulations expand compliance obligations for financial institutions and introduce stricter due diligence, transparency and supervisory powers.  A commentary by Gabriella Savastano, James Abbott and Yasmin Johal of CMS.

Following the introduction of Federal Decree Law No.10 of 2025 Regarding the Combating of Money Laundering Crimes, the Combating of the Financing of Terrorism, and the Financing of the Proliferation of Weapons (the “New AML Law”) which repeals and replaces the original 2018 legislative framework, the United Arab Emirates (“UAE”) Cabinet has issued Cabinet Decision No. 134 of 2025 (the “Executive Regulations”) to the New AML Law. The Executive Regulations were published in Official Gazette No. 811 on November 15, 2025, and entered into force 30 days after publication (December 14, 2025). The Executive Regulations repeal and replace Cabinet Decision No. 10 of 2019 (the “2019 Regulations”) and introduce an expanded and modernised compliance framework for Financial Institutions (“FIs”), Designated Non‑Financial Businesses and Professions (“DNFBPs”). Whilst the UAE market practice was that Virtual Asset Service Providers (“VASPs”) adhered to the 2019 Regulations, the Executive Regulations now explicitly bring VASPS into scope of the regime.

The Executive Regulations recalibrate the UAE’s expectations in relation to combatting anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) in line with evolving Financial Action Task Force (“FATF”) standards, technology developments and risk typologies. The Executive Regulations codify enhanced obligations for ultimate beneficial ownership (“UBO”) transparency, tighten controls for VASPs and virtual asset transfers and expand the powers of supervisors including the Financial Intelligence Unit (“FIU”).

We summarise below some of the key changes introduced by the Executive Regulations and how they may impact businesses within the region.

EXPANDED SCOPE OF THE AML FRAMEWORK

The Executive Regulations have expanded the scope of the AML regulatory framework in a number of ways, including (i) expansion to capture proliferation financing obligations and second, (ii) broadened the scope of the types of entities which are considered a DNFBP and (iii) introduced a comprehensive regime for VASPs.

In relation to each of these categories, the Executive Regulations include the following:

  • Proliferation financing: the Executive Regulations operationalise proliferation financing within the risk-based framework by requiring in scope entities (FIs, DNFBPs and VASPs) to identify, mitigate and document proliferation financing risks and to implement targeted financial sanctions controls. The New AML Law explicitly brought in to scope proliferation financing as a new offence (which was not the case previously) and the Executive Regulations set out new compliance and supervisory expectations (e.g. enhanced controls and documented measures in higher risk cases) which in scope entities will now need to embed into their AML frameworks. This will be an additional compliance obligation that firms will be required to comply with.
  • DNFBP expanded to now capture commercial gaming: A DNFBP is now defined to also include persons who operate commercial gaming halls, operate commercial gaming online, operate sports betting, or operate lottery games (“Gaming Operators”). This is a newly introduced category of a DNFBP and Gaming Operators will need to comply with a host of new legal and regulatory obligations which did not apply to them beforehand, which will be a significant shift for the gaming industry. Interestingly, the Executive Regulations specifically include the following within scope “commercial games conducted onboard a vessel or marine craft, when carrying out any single financial transaction or several transactions that appear to be linked and whose value equals or exceeds eleven thousand dirhams (AED11,000)”, showing that riverboat casinos may now be caught, when docked in UAE waters.
  • VASPs: the Executive Regulations introduce a full regulatory compliance regime for VASPs, similar to that of traditional FIs, which did not exist in the 2019 Regulations, meaning that VASPs will now need to comply with the full suite of AML obligations (and also the New AML Law). This is in line with the market practice and the expectation of regulators such as VARA. The expanded obligations on VASPs are extensive and include (but are not limited to) compliance with wire transfer obligations, specific CDD requirements (set out in further detail below), record keeping, ongoing monitoring obligations and sanctions compliance. VASPs should review the wording of the Executive Regulations and the New AML Law closely to understand the specific obligations that apply to them and where there may be differences between the Executive Regulations and the VARA rulebooks.

STRENGTHENED AND EXPANDED CUSTOMER DUE DILIGENCE (“CDD”) OBLIGATIONS

The Executive Regulations strengthen and further tighten the CDD requirements applicable to FIs, DNFBPs and VASPs. In particular:

  • Whilst CDD triggers for FIs remain at AED55,000 or more (single or linked) or 3,500 for occasional wire transfers, VASPs will be required to conduct CDD, at a lower amount of AED3,500 or more (for single or linked). This is a significant shift for VASPs, given that the 2019 Regulations were silent on VASP specific CDD and indicates that VASPs clients may be seen as “higher risk” than other in scope entities.
  • UBO requirements under the Executive Regulations are now more prescriptive than the 2019 Regulations. In particular new obligations include registrars verifying and, in part, publishing core company data, companies being required to update UBO details within 15 working days, bearer shares being expressly prohibited (with 30-day conversion), nominee status having to be disclosed promptly and trusts and other legal arrangements facing clearer, broader duties. These requirements expand the 2019 Regulations and enhance the UBO obligations that in scope entities must meet. Firms should review these changes and consider whether any changes to their CDD information requirements for UBOs are now required.
  • The types of acceptable enhanced due diligence (“EDD”) measures have now been expanded and the Executive Regulations now specifically set out what is acceptable EDD (this was not included in the 2019 Regulations). In particular, in scope entities are now required, as part of their EDD obligations, to identify source of wealth (the 2019 Regulations only included source of funds), require first payments to be made from an account in the customer’s name at a CDD comparable institution (a new obligation) and obtain senior management approval for the relationship (previously only required for politically exposed persons (“PEPs”)).

The 2019 Regulations were light touch on UBO requirements and did not specifically address detailed corporate transparency provisions. As such, the Executive Regulations are a significant compliance uplift for in scope entities.

PEPs AND LIFE INSURANCE

The Executive Regulations expand the UAE’s position on PEPs. In particular the Executive Regulations explicitly list senior officials of political parties and persons entrusted with the management of international organisations as PEPs, together with members of senior management within these bodies. This goes further than the 2019 Regulations, which referenced persons “entrusted with prominent public functions” and did not detail roles within international organisations. Senior Management is also now explicitly defined and refers to “individuals vested with authority to take strategic or executive decisions affecting risk management, compliance policies, and operational governance, including CEOs, general managers, and board members”, which is a welcomed clarification. The Executive Regulations refer broadly to “international organisations” however do not provide an exhaustive list of what is captured, leaving slight ambiguity for firms to navigate and interpret.

Additionally, the Executive Regulations introduce completely new requirements for PEPs in life insurance, requiring firms to identify whether the beneficiary or the beneficiary’s UBO is a PEP before payout, inform senior management if a high-risk PEP beneficiary exists and consider filing a suspicious transaction report in higher risk cases.

SUSPICIOUS TRANSACTION REPORTING (“STR”) AND TIPPING OFF

The requirements for firms in relation to STRs and tipping off have also now been tightened. Firms in scope must establish and update indicators of suspicion, report promptly to the FIU via its electronic system and cooperate with any follow up requests. While these core obligations existed in the 2019 Regulations, the Executive Regulations reinforce and extend these obligations to VASPs and clarify limited exemptions for legal professionals and auditors. Tipping off remains explicitly prohibited, as under the 2019 Regulations but the Executive Regulations define a narrow carve out allowing those professionals to attempt to dissuade a client from unlawful conduct and sets out what does not constitute disclosure or tipping off.

RECORD KEEPING

Record keeping remains a minimum five-year retention and thus unchanged from the 2019 Regulations, however the Executive Regulations expand the scope and triggers by expressly including CCTV/ATM recordings and analysis results. The tightening of the retention period is now clearer and clarifies that the start of the retention clock is the “most recent event” standard to avoid premature destruction. Record keeping policies and procedures should be updated by firms to reflect these additional obligations.

EXPANDED SUPERVISORY POWERS

In relation to the FIU, as set out in our previous article on the New AML Law, the New AML Law has strengthened the FIU’s independence, data gathering powers and reinformed its international cooperation role. The Executive Regulations now put the legislation into practice. The Executive Regulations empowers the FIU Head to order immediate suspensions (up to 10 working days), and 30-day freezes of suspected criminal funds. This is a clear step up from 2019 Regulations when freezing powers of up to 7 working days rested with the CBUAE Governor and applied only to CBUAE licensed FIs.

Furthermore, the Executive Regulations clarify the FIU’s operational independence, information access, security and clearance and secure channel requirements. The FIU can request additional information not only from FIs and DNFBPs but also from VASPs and other authorities, specifically including disclosure systems, customs, tax, geospatial data and beneficial ownership datasets within timelines and formats it sets. The FIU’s feedback loop now expressly includes VASPs (in addition to FIs and DNFBPs) on the quality and effectiveness of STR submissions and related reporting. This expanded scope is an extension of the FIU’s remit, which did not apply previously, and firms should be prepared to implement FIU issued requirements swiftly and be ready to share information with the FIU within short timelines via different channels, than previously.

In addition to the above prosecutorial and court powers have now been expanded. Key highlights include the following:

  • Access to information is more explicit and time bound. Authorities are granted “prompt” access to companies’ basic and UBO information which was not the case under the 2019 Regulations. As before, banking or professional secrecy cannot be invoked to block access or cooperation an existing concept now coupled with clearer access and exchange mechanisms.
  • International cooperation and asset recovery is strengthened end to end. The Executive Regulations now emphasise the “widest possible measure” of assistance which did not apply under the 2019 Regulations. Other extended cooperation measures include UAE authorities applying for membership in joint inter-agency networks or bodies and participating in multilateral networks to facilitate rapid and constructive international cooperation in the field of asset recovery – all of which are new methods for asset recovery. Overall, the execution mechanics are more granular in the Executive Regulations than the 2019 Regulations.
  • National cooperation duties have been enhanced with an entire chapter on national cooperation and coordination. In particular there is explicit reference to private sector partnerships to support asset identification and recovery, which was not the case with the 2019 Regulations. International cooperation now focuses on speed and a broader cooperation with clearer standards, timelines and safeguards.
  • VASPs who were not expressly integrated in the 2019 Regulations are now fully integrated including in relation to freezing execution and asset recovery.
  • The Executive Regulations include detailed information in relation to the exchange of information b UAE authorities and foreign counterparts / non counterpart authorities with a greater focus on cross sharing of information. The 2019 Regulations did not include prescriptive provisions in relation to this.
  • There is a greater focus on international judicial cooperation including UAE judicial authorities providing foreign judicial assistance, cooperating in seizing, freezing or confiscating criminal property that is subject to foreign judicial dispute, and helping execute foreign judicial decisions in the UAE. The 2019 Regulations were silent focus on international allyship in terms of AML.

The Executive Regulations operationalise the New AML Law’s enhancements, significantly strengthening the FIU’s authority, the speed and scope of access to information, and both national and international cooperation, while fully integrating VASPs across the regime. Firms should expect faster and broader FIU demands along with upgraded cooperation expectations.

CONCLUDING REMARKS

The Executive Regulations and the New AML Law represent a substantial enhancement to the UAE’s AML framework introducing broader regulatory coverage, strengthened institutional powers and more prescriptive operational obligations. In line with evolving FATF standards, the Executive Regulations reinforce the UAE’s commitment to international cooperation, risk based supervision and transparency of beneficial ownership, while introducing sector specific controls that require tailored risk management for high-risk products, technologies, jurisdictions and business models.

With the Executive Regulations coming into force in mid-December, all in scope entities should conduct a comprehensive gap assessment of their current AML frameworks to determine what enhancements are needed to achieve full compliance. Priorities include expanding internal CDD, EDD and PEP measures, proliferation financing risk integration and having clear records in place (including in relation to UBOs and documents). Firms should be ready for faster freezes and earlier regulatory engagement and ensure that they can produce accurate UBO information promptly, supported by clear ownership maps, data quality checks and retrieval processes aligned to regulator timelines. Expanded supervisory and investigative powers will increase scrutiny and firms should maintain records of risk assessments, legal analyses and actions taken in response to orders or requests.

Timely alignment with these updated requirements will be essential not only to meet regulatory obligations but also to position institutions to operate confidently in a more stringent and internationally harmonised compliance landscape.

Text by:

 

 

 

 

 

  • Gabriella Savastano, partner, CMS Dubai
  • James Abbott, managing partner, CMS Dubai
  • Yasmin Johal, senior associate, CMS London

Previous Editions

Privacy Policy © 2016 The Oath All rights reserved. Developed by 360 Inc