The United Arab Emirates (UAE) has built one of the most active anti-money launderings (AML) and counter-terrorist financing (CTF) regimes in the world. Whether you’re a bank, fintech, real estate brokerage, corporate services provider, law/accounting firm, or a multinational with a UAE entity, you are expected to operate a robust, risk-based AML compliance programme that aligns with federal law and, where applicable, free-zone rules. This guide walks you through the legal framework, who is covered, the core obligations, reporting mechanics, enforcement trends, and practical steps to stay compliant.

The Legal Backbone (and Why It Matters)

The key legislation governing Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) in the UAE includes:

• Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering, Combating the Financing of Terrorism, and Financing of Illegal Organisations, as amended by Federal Decree-Law No. (26) of 2021.
• Cabinet Decision No. (10) of 2019 issuing the Implementing Regulations of Decree-Law No. (20) of 2018, as amended by Cabinet Resolution No. (24) of 2022.

In addition to these core laws, compliance also requires adherence to the following related legislation:

• Cabinet Decision No. (109) of 2023 on Regulating Beneficial Owner Procedures.
• Cabinet Resolution No. (132) of 2023 setting out Administrative Penalties for violations of Cabinet Decision No. (109) of 2023.
• Cabinet Decision No. (16) of 2021 establishing the Unified List of Violations and Administrative Fines related to AML/CFT measures supervised by the Ministry of Justice and the Ministry of Economy.
• Cabinet Resolution No. (74) of 2020 concerning Terrorism Lists Regulation and the Implementation of UN Security Council Resolutions on combating terrorism, terrorist financing, the proliferation of weapons of mass destruction and its financing, as well as other relevant resolutions.

 Who Must Comply? (It’s Broader Than Banks)

Financial institutions, including banks, insurers, money service businesses, exchange houses, finance and payment companies, securities firms, and more, all fall squarely within the AML Law and its Implementing Regulation.

DNFBPs( Designated Non-Financial Businesses and Professions): Real estate brokers/agents, DPMS, auditors/accountants, company service providers, and certain legal professions. DNFBP obligations are outlined in MoEc guidance and the Implementing.

Free-Zone Firms (DIFC/ADGM): comply with their zone regulator’s AML Rulebook and relevant federal criminal law

Core Compliance Duties (What You Must Actually Do)

a) Risk-Based Approach (RBA)

You must identify and assess money laundering/terrorist financing (ML/TF) risks at the business, product, geographic, delivery channel, and customer levels; then calibrate controls accordingly. This is explicit in the UAE Implementing Regulations and in both DFSA and FSRA rulebooks.

Practical actions

• Maintain a documented business-Wide Risk Assessment (BWRA), update at least annually or with major changes.
• Assign customer risk ratings (e.g., low/medium/high) and align CDD/EDD and monitoring intensity to those ratings.

b) Customer Due Diligence (CDD) & KYC

Before onboarding and during the relationship, verify customer identity, understand the purpose/nature of the relationship, identify Beneficial Owners (UBOs), and screen for sanctions and PEP status. Federal rules plus DIFC/ADGM modules mirror FATF standards.

• When to apply EDD: higher-risk customers, PEPs, complex ownership, high-risk countries, or unusual transactions.
• Ongoing monitoring: monitor transactions for consistency with known customer profile and investigate anomalies.

c) Beneficial Ownership (UBO) Registers

All UAE entities (with specified exemptions) must maintain accurate UBO registers and submit information to the relevant registrar under Cabinet Resolution 109/2023, which supersedes the 2020 UBO decision. Expect enforcement checks.

d) Targeted Financial Sanctions (TFS)

Institutions must screen against UN Security Council lists and the UAE Local Terrorist List, implement asset freezes “without delay,” and prevent making funds or services available to listed parties. Supervisors (CBUAE/MoEc) and the Executive Office provide mechanisms and alerts for list updates.

• MoEc requires DNFBPs to register for automatic sanctions notifications and keep evidence of screening and freeze actions.

e) Suspicious Activity/Transaction Reporting (STR/SAR)

If you know, suspect, or have reasonable grounds to suspect ML/TF or sanctions breaches, you must file an STR (Suspicious Transaction Report) to the UAE FIU ( Financial Intelligence Unit)

f) Record-Keeping

Maintain CDD records, transaction data, internal reports, and STR filings for at least the minimum periods required by the regulations (generally five years; check your regulator’s specific retention rules).

g) Governance, Training, and Independent Testing

Appoint a suitably senior MLRO/Compliance Officer, train staff periodically, and conduct independent testing (internal audit or external review). Risk-based policies, procedures and controls (PPCs) must be documented and approved by senior management/board.

Common Pitfalls (and How to Avoid Them)

1. Treating AML as a one-time project: The UAE expects continuous improvements and documented updates, especially after the national risk assessments and FATF follow-ups. Keep your BWRA, policies and risk registers living and version-controlled
2. Weak beneficial ownership evidence: Don’t stop at shareholder registers, seek corporate filings, declarations, and independent evidence. Ensure UBO registers match registrar submissions.
3. Sanctions screening only at onboarding: Lists update frequently. Implement real-time and periodic batch re-screening; subscribe to official update channels and test your match logic. C
4. Free-zone blind spots: If you’re in DIFC/ADGM, follow your zone rulebook and federal criminal law. Dual-track your procedures and registers.

Penalties and Personal Accountability

Violations can lead to administrative fines, licence restrictions/suspensions, asset freezes, and, where criminal offences are proven, imprisonment and criminal fines under the AML Law.

Conclusion

The UAE has made significant strides in strengthening its Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) framework, aligning closely with international standards. From robust legislation to enhanced enforcement and supervision, the country has positioned itself as a trusted global financial hub. For businesses, staying compliant is not just a legal obligation but also a critical step in safeguarding reputation and ensuring long-term success in the UAE’s evolving regulatory environment. For more information, contact us.