Guide to New Cabinet Resolution No. 134 of 2025 on AML Law No. 10 of 2025
Protect your business with reliable and effective AML strategies with AML UAE.
Cabinet Resolution No. (134) of 2025: At a glance
- Cabinet Resolution No. (134) of 2025 to take effect from December 14, 2025 and it will repeal the Cabinet Resolution No. (10) of 2019
- The scope expands from AML/CFT to include Proliferation Financing (PF) explicitly across all sectors impacted by the resolution
- Gaming Operators are now included in the definition of DNFBPs, reporting threshold being AED 11,000
- The authority, powers, and scope of the UAE FIU increased to include PF risks and the expansion of Freezing and Suspension powers
- Scope expansion of risks that VASPs must mitigate, increased regulatory scrutiny, and detailed requirements for Virtual Asset Transfers.
The Shift from Cabinet Resolution No. 10 of 2019 to Cabinet Resolution No. 134 of 2025
Starting from December 14, 2025, the Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons repeals the Cabinet Resolution No. (10) of 2019 and brings forth sweeping changes to the anti-financial crime framework in UAE.
The primary legislative shift is the replacement of the words “Combating the Financing of Illegal Organisations” with the explicit obligations to combat and mitigate the Financing of the Proliferation of Weapons (PF).
This requires all Regulated Entities, i.e., Financial Institutions (FIs), Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) to identify, assess, and mitigate PF risks in their AML/CFT compliance framework.
The scope of the resolution is expanded to include Commercial Gaming Operators as the newly introduced category of DNFBPs, subject to AML/CFT and CPF compliance obligations.
VASPs face increased scrutiny and obligations pertaining to wire transfer rules requiring retention of accurate information of originators and beneficiaries according to the “Travel Rule”.
Additionally, the UAE FIU’s powers have significantly increased in the context of freezing of suspicious funds, and new definitions for roles such as Nominee Director and Nominee Shareholder have been included to facilitate beneficial owner (UBO) identification.
Read our comprehensive guide to Anti-Money Laundering (AML) laws in the UAE for a more detailed understanding.
Major Scope Expansions: Proliferation Financing and New Sectors
The 2025 cabinet resolution fundamentally restructures the regulatory landscape by focusing on three major areas, namely: the inclusion of PF, the introduction of the commercial gaming sector into DNFBPs’ definition and the deep integration of AML/CFT and CPF obligations for VASPs.
Integration of Proliferation Financing (PF)
The new resolution explicitly mandates the inclusion of Proliferation Financing risk mitigation for all sectors requiring Regulated Entities to include PF into their:
- Risk Assessment: Regulated Entities must now identify, assess, and implement control measures to mitigate PF risks to their business through Enterprise-Wide Risk Assessment (EWRA).
- TFS Measures: Conduct a rigorous review of business relationships to ensure non-violation of Targeted Financial Sanctions (TFS) requirements by detecting and preventing potential TFS violations by identifying PF risks and mitigating them in a timely manner. Regulated Entities must specifically screen business relationships against PF risks.
- AML Compliance Officer Responsibilities: Must include reviewing internal policies and procedures’ efficacy in the context of mitigating PF risks effectively.
The New "Commercial Gaming" Sector
The Commercial Gaming Sector, which includes Commercial Games and Gaming Operators, are formally recognised and defined as DNFBPs under the new resolution. The AML/CFT and CPF obligations for Gaming Operators get triggered when the threshold of 11,000 (eleven thousand) AED is crossed either through a single or a series of transactions.
Deep Integration of VASPs
The new 2025 resolution solidifies the role of VASPs and enforces detailed operational requirements, which were previously only imposed on traditional FIs. Some of these expanded obligations upon VASPs include compliance with wire transfer obligations as specified under Articles 26 to 33, as specified under Article 36 of the 2025 resolution. These requirements include
- Originator VASP Obligations
- Beneficiary VASP Obligations
- TFS Obligations as applicable to FIs
- Record-keeping obligations as applicable to FIs.
Operational Impact: Changes to the Core AML Obligations
The operational steps for AML/CFT and CPF compliance remain the same, while the intensity or depth of scrutiny required varies according to the 2025 resolution and can be divided under four major categories such as Governance and Risk Management, Customer Onboarding and Due Diligence, Transaction Monitoring and Regulatory Reporting, and Data Maintenance and Record Keeping.
The Executive Regulations of Federal Decree Law No. (10) of 2025 (Cabinet Resolution No. 134 of 2025), while remaining fundamentally and structurally consistent with repealed legislation, do expand or enhance the scope of earlier provisions, making their compliance an unavoidable obligation upon Regulated Entities.
Governance and Risk Management
The goAML Registration and Reporting methodology remains consistent, while the roles and responsibilities of Senior Management are expanded in terms of having to approve internal policies and controls and approve high-risk business relationships (specifically including PF risk emanating from a business relationship). The Compliance Officer must review the internal AML, CFT and CPF Compliance Framework to manage and mitigate identified PF risks. REs are also required to assess ML, FT and PF risks arising from the introduction of new products, professional services, or technologies prior to their implementation.
Customer Onboarding and Due Diligence
The broadened scope of DNFBPs, now including Gaming Operators, must implement and continue CDD obligations prescribed under the legislation while keeping in mind that the Screening obligations, Customer Risk Profiling, and risk-based due diligence measures are implemented while considering PF risks posed by customers to the business. In simple words, the customer onboarding and due diligence process must be risk-based and recalibrated to include the PF risks faced by the business. The identification of the UBO process is sharpened with definitions clarifying the position of Nominee Shareholders and Nominee Directors, who cannot be deemed as UBOs.
Transaction Monitoring and Reporting
The monitoring of Business Relationships obligations remains consistent; however, VASPs must now comply with Wire Transfer Obligations for obtaining and retaining originator and beneficiary information. All Regulated Entities must continue to file STRs/SARs with FIU immediately without delay, regardless of transaction value.
Data Maintenance and Record Keeping
The mandatory record retention period of 5 (five) years remains the same. Regulated Entities are obligated to update essential information, including the beneficial ownership database, within 15 (fifteen) working days of any change identified. All records must be accessible and retrievable for tracing the legitimacy of transactions.
|
Operational Impact of Cabinet Resolution No. (134) of 2025 to the 12 Core AML Obligations |
||
|
AML/CFT Compliance Obligations |
Comparative Analysis of Cabinet Resolution No. (134) of 2025 vs. Cabinet Resolution No. (10) of 2019 |
Action Required by Regulated Entities, including Gaming Operators, as a newly introduced category of DNFBPs |
|
Governance and Risk Management |
||
|
1. Reporting System (goAML) |
Consistent |
Regulated Entities can continue relying on the goAML portal |
|
2. Appointing Compliance Officer |
Expanded Scope |
The Compliance Officer must review the AML Framework of the Regulated Entity for effective mitigation of Proliferation Financing (PF) risks |
|
3. Enterprise-Wide Risk Assessment |
Expanded Scope |
Regulated Entities must factor in the PF risks to which their business is exposed while conducting and revising EWRA |
|
4. Internal Policies & Controls |
Expanded Scope |
RE’s AML Policies must consider PF red-flags, typologies, and control measures to identify, assess and mitigate PF risks |
|
Customer Onboarding and Due Diligence |
||
|
5. CDD Process |
Consistent |
The CDD Process remains largely consistent. |
|
6. Name Screening (TFS Compliance) |
Enhanced |
Screening of business relationships to identify PF risks is now mandatory, including the identification of foreign PEP and TFS compliance |
|
7. Customer Risk Profiling |
Expanded Factors |
RE’s customer Risk profiling must take into account the PF risks a customer may pose (for instance, involvement of dual-use goods traders, high-risk jurisdictions for weapons) |
|
8. Risk-Based Due Diligence |
Refined |
In the case of high-risk customers, Enhanced Due Diligence (EDD) for PF risk clients is now mandatory. While for low-risk customers, Simplified Due Diligence (SDD) is allowed when no suspicion of crime |
|
Transaction Monitoring and Reporting |
||
|
9. Ongoing Monitoring |
Consistent |
Ongoing Monitoring Obligations remain consistent |
|
10. Suspicious Transaction Reporting |
Strict |
REs are required to report to the UAE Unit (FIU) immediately. The FIU Head has the power to order a 10-day suspension |
|
Data Maintenance and Record Keeping |
||
|
11. Updating Customer Info |
Time-Bound |
Regulated Entities are required to update Beneficial Owner/Nominee info within 15 working days |
|
12. Record Keeping |
Consistent |
Record-Keeping Obligations Remain consistent |
Critical Updates to Definitions
The following definitions in the 2025 resolution have been introduced to reflect the enhanced scope of the law and improve transparency goals, such as:
- Commercial Gaming
- Commercial Gaming Operators
- Nominee Shareholder
- Nominee Director
Key Takeaways for UAE Business Owners
Regulated Entities in UAE, including DNFBPs, VASPs, FIs, and Gaming Operators, need to
- Develop/Update EWRA to include PF risk oversight
- Develop/Update AML/CFT/CPF Policy and Procedures
- Develop/Update CDD measures to include PF risk oversight
- Develop/Update Customer Risk Assessment Methodology in line with the new regulations
- Compliance Officer Job Description expansion to include PF oversight
- Identification of Nominee Directors and Shareholders to exclude them from UBO categorisation
- Impart training on the updated AML/CFT policy and procedures
to ensure compliance with Cabinet Resolution No. (134) of 2025 and Federal Decree Law No. (10) of 2025.
How AML UAE can help you navigate this regulatory change?
AML UAE can help conduct EWRA, draft updated AML/CFT policies and procedures, impart training, update KYC/CDD forms and procedures, update customer risk assessment methodology, and more.
FAQs on the Cabinet Resolution No. 134 of 2025
What is Cabinet Resolution No. 134 of 2025?
The new Cabinet Resolution No. 134 of 2025 on AML Law No. 10 of 2025 provides the detailed implementing rules that financial institutions, DNFBPs, and VASPs must apply.
When does Cabinet Resolution 134 of 2025 come into effect?
Starting from December 14, 2025, the Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons comes into effect.
How does this Resolution relate to the new AML Law No. 10 of 2025?
Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons is the new law which repealed the Federal Decree Law No. (20) of 2018. The new Cabinet Resolution No. 134 of 2025 on AML Law No. 10 of 2025 provides the detailed implementing rules that financial institutions, DNFBPs, and VASPs must apply and it repeals the Cabinet Resolution No. (10) of 2019. The new Cabinet Resolution no. 134 of 2025 will come into force with effect from December 14, 2025.
Does Cabinet Resolution 134 of 2025 replace Cabinet Decision 10 of 2019 and its amendments?
Yes, the new Cabinet Resolution No. 134 of 2025 replaces the Cabinet Decision No. 10 of 2019 and its amendments.
Which entities are covered by Cabinet Resolution 134 of 2025?
The new Executive Regulation applies to:
The new Executive Regulations apply to:
Financial institutions
Virtual asset service providers
DNFBPs including lotteries and commercial gaming sector
What should regulated entities do now to comply with the requirements of Cabinet Resolution No. 134 of 2025?
The regulated entities should take the following steps to comply with the requirements of Cabinet Resolution No. 134 of 2025:
- Study the Cabinet Resolution No. 134 of 2025 thoroughly
- Analyse the new resolution’s impact on the EWRA and AML/CFT policy and procedures
- Update EWRA
- Update AML/CFT policy and procedures
- Update customer risk assessment methodology
- Conduct training on the updated policy and procedures
- Document the change and maintain version history
Our Timely and Accurate AML consulting Services
For your smooth journey towards your goals
Add a comment
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.
Reach Out to Pathik