The Evolution of UAE's AML Framework

The United Arab Emirates has long positioned itself as a global financial hub, attracting businesses and investors from around the world with its stable economy, strategic location, and business-friendly environment. However, this prominence has also made it a target for illicit financial activities, prompting continuous enhancements to its anti-money laundering (AML) regime. In recent years, particularly leading up to 2026, the UAE has accelerated reforms to align with international standards set by the Financial Action Task Force (FATF). These efforts culminated in the UAE's removal from the FATF 'grey list' in early 2024, a milestone achieved through rigorous improvements in supervision, enforcement, and risk management.

The latest wave of reforms builds on this progress, introducing sophisticated oversight mechanisms and comprehensive risk assessments. Driven by the Central Bank of the UAE (CBUAE) and the National Committee for Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Financing, these changes emphasize a proactive, risk-based approach. This shift not only safeguards the financial system but also bolsters the UAE's reputation as a compliant jurisdiction ahead of the FATF's mutual evaluation scheduled for June 2026.

New Federal Decree-Law No. 10 of 2025: A Cornerstone Reform

At the heart of the UAE's AML reforms is Federal Decree-Law No. 10 of 2025, promulgated in September 2025 and effective from October 14, 2025. This legislation, along with its executive regulations under Cabinet Resolution No. 134 of 2025, replaces the previous 2018 framework, marking a significant evolution. The law adopts a holistic risk-based methodology, expanding the scope to include previously under-regulated sectors such as commercial gaming operators—encompassing lotteries, betting, and online gaming—classifying them as Designated Non-Financial Businesses and Professions (DNFBPs). Virtual Asset Service Providers (VASPs) are now fully integrated into the core AML obligations, eliminating prior technical distinctions and treating them akin to traditional financial institutions.

Key innovations include a standalone criminal offense for proliferation financing (PF), defined as providing funds or services for weapons of mass destruction programs. Penalties are severe: up to 15 years imprisonment and fines ranging from AED 1 million to AED 10 million, or twice the value of criminal property. Beneficial ownership rules have been tightened, requiring 'adequate, accurate, and up-to-date' information on ultimate beneficial owners (UBOs)—natural persons holding 25% or more ownership or control. Nominee shareholders and directors are explicitly excluded unless they exercise independent control. The Financial Intelligence Unit (FIU) gains enhanced powers, including transaction suspension for 10 days and asset freezing for 30 days, positioning it as a pivotal player in investigations.

Evidentiary standards have been lowered, allowing liability based on 'sufficient indications or evidence' of criminal proceeds, inferred from objective factors like transaction patterns or inconsistencies. This suspicion-based approach mirrors international best practices, reducing the need to prove predicate offenses explicitly.

National Committee Adopts Groundbreaking Measures

In its second meeting of 2026, chaired by CBUAE Governor Khaled Mohamed Balama, the UAE National Committee approved transformative measures. These include restructuring subcommittees for better coordination, developing standardized work methodologies, and adopting the 'National Guide on Financial Intelligence and Money Laundering Investigations.' This guide modernizes procedures for asset tracking, confiscation, inter-agency coordination, virtual asset inclusion, and international recovery.

Crucially, new risk assessments were greenlit for financial institutions, VASPs, and DNFBPs, enabling precise sectoral risk classifications and targeted supervision. The second public 'National Risk Assessment for Proliferation Financing' and a dedicated 'National Risk Assessment for Non-Profit Organisations' (NPOs) introduce risk-based transparency for these entities. Governor Balama emphasized that these steps represent 'a transition to a more advanced stage of integration,' enhancing governance and financial system integrity.

CBUAE's April 2026 Guidance Package: Six Key Documents

On April 16, 2026, the CBUAE issued six pivotal documents—four supervisory guidelines and two best practice manuals—for Licensed Financial Institutions (LFIs). These operationalize the new law, focusing on emerging threats without new deadlines but under existing compliance obligations.

• Proliferation Financing Risk Assessment and Mitigation: Mandates PF as a distinct Enterprise-Wide Risk Assessment (EWRA) component, covering customer bases, products, geographies, and emerging threats via UN sanctions and advisories.
• Trade-Based Money Laundering (TBML) and Transshipment Risks: Targets invoice manipulation and re-export schemes in free zones, requiring EDD for high-risk indicators like value discrepancies or multiple intermediaries.
• Correspondent Banking Relationships: Demands detailed due diligence on respondents' AML programs, ownership, and nested arrangements, prohibiting shell banks.
• Customer Due Diligence (CDD), KYC, and Record-Keeping: Introduces lifecycle CDD with triggers for reassessment, UBO verification, and five-year record retention.
• Risk-Based Approach (RBA) Manual: Guides proportional controls, risk scoring, and senior oversight.
• Role-Based Training Manual: Tailors programs for staff levels, from frontline red-flag spotting to board governance.

These tools shift compliance from reactive to predictive, integrating PF and TBML into core operations.

Five Critical Changes Impacting Banks and Exchange Houses

Banks and money exchange houses face heightened scrutiny under the reforms. Gulf News highlights five pivotal shifts:

1. Proliferation Financing Focus: Continuous EWRA updates and control enhancements to detect PF patterns.
2. TBML Scrutiny: Deeper monitoring of trade finance, imports/exports, and transshipment red flags.
3. Correspondent Banking Oversight: Rigorous due diligence and visibility into cross-border flows.
4. Lifecycle CDD Expansion: Risk profiling from onboarding through relationship end, with robust records.
5. RBA and Training Push: Customized methodologies and role-specific education for proactive defense.

These changes compel institutions to invest in technology for real-time monitoring and analytics.

Implications for Businesses, DNFBPs, and VASPs

Beyond banks, DNFBPs—real estate agents, lawyers, accountants, dealers in precious metals/stones—and VASPs must update EWRAs to include PF, revise policies, expand CDD, and train staff. NPOs face new risk assessments for transparency. Senior management bears personal liability for oversight failures, demanding active engagement in risk appetite setting and control efficacy.

Businesses should prioritize UBO verification, transaction pattern analysis, and STR filing. For VASPs, Travel Rule compliance for crypto transfers is non-negotiable. Free zone operators handling re-exports need TBML safeguards. For more on CBUAE guidelines, visit the official CBUAE AML page.

Enforcement Trends and Penalties

Enforcement is intensifying. Recent FSRA fines include AED 75,000 on UHY James for inadequate policies and AED 188,000 on FWS Group for CDD failures. The new law escalates penalties, with courts empowered for provisional measures and asset confiscation. FIU-led intelligence drives swift actions, signaling a 'zero-tolerance' era. Over AED 130 million in DNFBP fines since 2024 underscores the stakes.

Stakeholder Perspectives and Challenges

Compliance experts praise the reforms for maturity but note implementation hurdles: resource strains for SMEs, tech upgrades for monitoring, and balancing innovation with controls. VASPs welcome clarity but seek sandbox support. International firms view UAE as more attractive post-reforms. Challenges include talent shortages in compliance roles and adapting to dynamic threats like cyber-enabled laundering.

Solutions: Leverage AI for anomaly detection, partner with regtech firms, and foster public-private dialogues. Training investments yield long-term ROI through risk mitigation.

Alignment with Global Standards and FATF Outlook

These reforms operationalize the UAE's National AML/CFT/CPF Strategy 2024-2027, harmonizing with FATF recommendations. MENAFATF presidency in 2026 positions UAE as a regional leader. The public NRAs for PF and NPOs demonstrate transparency. Experts anticipate a strong FATF performance, potentially elevating UAE's global standing. Detailed insights are available in the Federal Decree-Law text.

Future Outlook: Sustainable Compliance in a Digital Era

Looking ahead, expect annual risk reassessments, AI integration in supervision, and expanded FIU analytics. Businesses succeeding will embed AML into culture, viewing it as a competitive edge. The UAE's proactive stance ensures resilience against evolving threats, from TBML to PF via virtual assets. As Governor Balama noted, these measures sustain 'the integrity of the financial system and the confidence of the international community.'

Stakeholders are urged to audit current programs against new guidance, upskill teams, and engage regulators early. This comprehensive overhaul cements UAE's role as a secure financial powerhouse.

Photo by Ben Koorengevel on Unsplash