In line with its commitment to combat financial crimes, the UAE government has established a comprehensive framework of Anti Money Laundering (“AML”), Countering Terrorism Financing (“CTF”) and Proliferation Financing (“PF”) regulations (“New AML Law”). These regulations are reinforced by detailed guidance issued by various supervisory authorities, which articulate principles, methodologies, and best practices for the identification, assessment, and mitigation of financial crime risks. The framework ensures that entities operating within the UAE adhere to rigorous standards for detecting suspicious activities and implementing preventive measures, thereby aligning operational practices with the requirements of federal AML legislation.

In October 2025, the UAE introduced Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Countering Terrorism Financing and Proliferation Financing i.e. New AML Law, which took effect on 14 October 2025 and replaces the earlier 2018 law.

This important reform updates the UAE’s AML laws to match international standards set by Financial Action Task Force (“FATF”). It increases the types of activities and businesses covered by the law and gives regulators stronger powers to enforce the rules and impose penalties for violations.

The new AML law expands the range of offences, integrates targeted financial sanctions, strengthens the Financial Intelligence Unit (“FIU”) authority, and brings Virtual Asset Service Providers (“VASP”) under the AML/CTF/PF framework, reflecting the UAE’s commitment to FATF standards and a more resilient financial system.

Who Falls Under UAE AML Regulations?

The UAE AML Law applies to Financial Institutions, DNFBPs, and Virtual Asset Service Providers to ensure comprehensive coverage of the financial ecosystem.

Financial Institutions (“FI”): Banks, investment firms, insurance companies, and exchange houses must follow AML/CFT rules, including customer due diligence, transaction monitoring, and reporting suspicious activities.

Designated Non-Financial Businesses and Professions (“DNFBPs): Real estate brokers, commercial gaming/ commercial gaming operators, dealers in precious metals and stones, lawyers, auditors, and corporate service providers must implement compliance frameworks, conduct risk assessments, and maintain proper documentation.

VASPs: Crypto exchanges, digital wallets, and virtual asset platforms are required to follow the same AML/CFT standards as traditional financial institutions.

This ensures all key sectors—traditional, non-financial, and digital—adhere to international AML standards and help prevent financial crimes.

What Has Changed Under the Law?

The updated AML law broadens offences, strengthens enforcement, increases penalties, and aligns the UAE framework with FATF standards-

• Wider Offences: Covers money laundering, terrorism and proliferation financing (including WMDs), tax evasion, and other serious crimes.
• Easier Enforcement: Authorities may rely on circumstantial evidence.
• Stronger Penalties: Fines up to AED 100 million or value of proceeds; custodial sentences for individuals.
• Expanded Powers: FIU and regulators have broader investigative and asset-freezing authority.
• Digital Assets Covered: Virtual assets, digital systems, and encrypted transactions expressly included.
• Asset Recovery Strengthened: Clear rules on freezing, seizure, confiscation, and recovery of criminal property.
• Trusts Included: Trusts and similar structures are now within the AML framework.

Prevention is Better Than Cure- How to Control the Risk?

FI’s, DNFBPs, and VASPs are required to assess all relevant risk factors and maintain proper documentation of their risk identification process and supporting information. Effective risk management depends on establishing robust internal policies, controls, and procedures, continuously monitoring their implementation, and regularly assessing their effectiveness. These measures, including the application of enhanced due diligence where appropriate, enable entities to manage and mitigate identified AML/CFT risks in a structured and proportionate manner.

Identification of the customer and the beneficial owner (permanent or occasional) before or during the establishment of the business relationship or when conducting occasional transactions (single or several), understanding the purpose and nature of the business relationship, applying customer due diligence measures and ongoing monitoring of the business relationship by reviewing transactions and ensuring that the documents, data obtained are updated and appropriate will help identify the high risk customer categories.

FI’s, DNFBPs, and VASPs may rely on a third party to perform customer due diligence measures relating to customer identification, beneficial owner identification, understanding the nature and purpose of the customer’s business. However, the accountability of the accuracy of such information relies on the FI’s, DNFBPs, and VASPs

FI’s, DNFBPs, and VASPs are prohibited from establishing or continuing any business relationship where they are unable to apply the customer due diligence method. In the event of any suspicion of any commission of crime, reporting to FIU via a Suspicious Transaction Report is a procedural requirement.

For the purposes of monitoring, accessing records, developing, reviewing and documenting the internal regulation, a compliance officer will be appointed by the FI’s, DNFBPs, and VASPs.

FI’s, DNFBPs, and VASPs shall retain all records, documents and data relating to all financial and cash transactions for a period of not less than five years from the date of completion of the transaction or the end of the business relationship with the customer.

Enhanced Regulatory Expectations for Legal and Compliance Practitioners

The UAE’s evolving AML framework reflects heightened regulatory expectations for legal, governance, and compliance practitioners. Authorities now demand proactive engagement rather than passive adherence, requiring practitioners to adapt their strategies to a regime that prioritizes accountability, documented oversight, and effective implementation. Legal advisors, compliance professionals, and corporate leaders are expected to play an active role in preventing financial crime by identifying risks early, ensuring robust controls are in place, and demonstrating that AML obligations are meaningfully enforced across the organization. This shift underscores a clear regulatory message: professional responsibility under the AML regime extends beyond technical compliance to active supervision and informed decision-making.

Conclusion: Why These AML Services Matter for Your Business?

The New AML Law marks a fundamental shift from procedural compliance to active accountability and enforcement. For businesses operating in the UAE, whether financial institutions, DNFBPs, or VASPs, AML compliance is no longer a regulatory formality but a core governance and risk-management obligation. Regulators now expect entities to demonstrate not only that policies exist, but that they are effectively implemented, continuously monitored, and supported by senior management oversight.

In this environment, professional AML advisory and compliance services play a critical role in helping organizations navigate heightened regulatory expectations, mitigate legal and reputational risks, and maintain business continuity. Robust risk assessments, tailored AML frameworks, effective training, and accurate regulatory reporting are essential to protect organizations and their leadership from severe penalties, personal liability, and operational disruption. Proactive investment in AML compliance is therefore not just about avoiding sanctions, it is about safeguarding trust, enabling sustainable growth, and ensuring long-term resilience in an increasingly enforcement-driven regulatory landscape.