The Central Bank of the UAE’s recent update to its Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Countering Proliferation Financing (CPF) framework marks a significant evolution in the country’s regulatory landscape. Issued on 16 April 2026, the revised guidance reflects a broader strategic push to align the UAE with global best practices while strengthening its position as a secure and trusted financial hub. More importantly, the update signals a clear shift in regulatory philosophy, from policy-based compliance to demonstrable effectiveness.

A STRATEGIC SHIFT IN REGULATORY EXPECTATIONS

The updated framework forms part of the UAE’s National Strategy for AML/CFT (2024–2027) and aligns with global standards set by the Financial Action Task Force (FATF). It introduces enhanced supervisory expectations across key risk areas, including proliferation financing, trade-based money laundering, and correspondent banking. While the guidance is expressly directed at financial institutions, it reflects broader regulatory expectations under the UAE AML framework. As highlighted in the guidance, regulators now expect institutions to move beyond static compliance models and adopt continuous, risk-driven monitoring systems. This represents a fundamental shift: compliance is no longer about having policies in place, but about demonstrating how effectively risks are identified, assessed, and mitigated. Importantly, although DNFBPs are not the direct addressees of this guidance, the same principles apply to them under the UAE’s AML legal framework and FATF standards, which require all regulated entities to adopt a risk-based, proportionate approach to managing ML/TF/PF risks. Accordingly, DNFBPs are expected to internalise these expectations in a manner aligned with their size, nature, and risk exposure. KEY PILLARS OF THE UPDATED FRAMEWORK

1. Proliferation Financing (PF): A Core Compliance Priority - One of the most notable aspects of the updated guidance is the heightened regulatory focus on proliferation financing. Institutions are now expected to adopt a structured approach to identifying and mitigating PF risks by assessing their inherent exposure, evaluating the adequacy of internal controls, and continuously monitoring evolving typologies and actors involved in such activities. This represents a significant expansion of traditional AML frameworks, requiring organisations to move beyond transaction-based monitoring and incorporate broader intelligence, including geopolitical developments, trade flows, sanctions regimes, and the movement of dual-use goods into their risk assessment processes. As highlighted in the CBUAE guidance, PF risk is dynamic and must be understood through the lens of threats, vulnerabilities, and potential consequences, necessitating ongoing review and adaptation of compliance frameworks.
2. Trade-Based Money Laundering (TBML): Increased Scrutiny- The guidance highlights trade-based money laundering (TBML) as a key channel for illicit value transfer, focusing on risks such as misinvoicing, fictitious goods, and the use of shell or intermediary entities. These typologies allow illicit actors to disguise value through seemingly legitimate trade transactions. The risk is particularly relevant in global trade hubs like the UAE, where complex, cross-border supply chains increase exposure. As a result, AML frameworks must evolve to integrate trade data, logistics patterns, and counterparty analysis into ongoing risk monitoring.
3. Strengthened CDD, KYC and Record-Keeping Frameworks- Customer Due Diligence (CDD), Know Your Customer (KYC), and record-keeping obligations have been further clarified and reinforced, with a clear shift toward a lifecycle-based approach. Institutions are now expected to conduct identity verification not only at onboarding but throughout the customer relationship, apply simplified or enhanced due diligence on a risk-sensitive basis, and implement continuous monitoring rather than relying on one-time checks. As emphasised in the CBUAE guidance, CDD/KYC is an ongoing, risk-based process that requires institutions to understand customer behaviour, source of funds, and expected activity over time. This reflects a broader regulatory understanding that customer risk is dynamic and must be continuously reassessed.
4. Correspondent Banking and Indirect Risk Exposure- For financial institutions, Correspondent banking continues to be identified as a high-risk area due to indirect exposure to global financial crime, requiring enhanced due diligence, ongoing monitoring, and clear ownership of risk management responsibilities. Regulators now expect institutions to demonstrate active risk ownership, rather than reliance on third-party controls.
5. Risk-Based Approach (RBA) and Institutional Risk Assessments- The updated framework reinforces the importance of the Risk-Based Approach (RBA), requiring institutions to assess inherent, control, and residual risks through structured methodologies and update them in line with evolving threats. As set out in the CBUAE Best Practices guidance, the RBA enables institutions to apply AML controls proportionate to their risk exposure rather than adopting a uniform approach.
6. From Training to Capability Building- The CBUAE has emphasized the importance of role-based AML/CFT/CPF training as a critical component of an effective compliance framework. Institutions are expected to design training programs that are tailored to specific roles and corresponding risk exposures, ensuring that employees understand the particular ML/TF/PF risks relevant to their functions. This includes enhancing awareness of real-world typologies, regulatory obligations, and internal controls, while equipping staff with the practical judgement required to identify and respond to suspicious activity. As highlighted in the guidance, role-based training goes beyond general awareness by building role-specific expertise and strengthening decision-making capabilities across all levels of the organisation, thereby reinforcing human intelligence as a key line of defence in financial crime prevention.

CONCLUSION The CBUAE’s updated AML/CFT/CPF guidance marks a clear inflection point in the UAE’s regulatory landscape. It reinforces a shift away from formalistic, policy-driven compliance toward frameworks that are demonstrably effective in identifying, assessing, and mitigating financial crime risks. The direction of travel is unambiguous: compliance must be risk-driven, controls must be embedded into operations, and systems must be capable of responding to evolving threats in real time. In this environment, the differentiator will not be the sophistication of documentation, but the ability to translate regulatory expectations into practical, functioning controls.

HOW WE CAN HELP? We assist clients in:

• Designing and enhancing AML/CFT/CPF frameworks aligned with UAE regulatory requirements and global standards;
• Conducting enterprise-wide and sector-specific risk assessments, including TBML and PF exposure analysis;
• Reviewing and strengthening policies and procedures to ensure they are not only compliant but operationally effective;
• Implementing risk-based CDD and monitoring frameworks, tailored to business models and risk profiles;
• Developing role-based training programs aligned with regulatory expectations and real-world typologies;
• Preparing for regulatory inspections, including gap assessments, remediation plans, and documentation alignment; and
• Ensuring the frameworks are operational, defensible, and aligned with how regulators assess effectiveness in practice.