AML Regulations for Trust and Corporate Service Providers (TCSPs) in UAE
Last Updated: 04/16/2026
Protect your business with reliable and effective AML strategies with AML UAE.
Quick Overview on AML Regulations for Trust and Corporate Service Providers (TCSPs)
- AML regulations for TCSPs in the UAE apply to any business that, on a commercial basis, forms companies, acts as or supplies a director, shareholder or trustee, provides registered office services or a business address, or acts as a nominee shareholder.
- Mainland and commercial free zone TCSPs are supervised by the Ministry of Economy and Tourism (MoET) and must comply with Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, Cabinet Decision No. 74 of 2020 on targeted sanctions, Cabinet Decision No. 109 of 2023 on beneficial ownership, Cabinet Resolutions No. 71 of 2024 and No. 132 of 2023 on administrative penalties, MoET Circular 4 of 2021 and the Supplemental Guidance for Trust and Company Service Providers (May 2019).
- The full body of DNFBP-wide guidance issued by MoET, EOCN and the UAE Financial Intelligence Unit also applies to TCSPs alongside this sector-specific framework, as TCSPs are one of the designated DNFBP categories under UAE law.
Who this guide is for
- This TCSP AML compliance UAE guide is written for trust and company service providers in the UAE mainland and commercial free zones, supervised by the Ministry of Economy and Tourism.
- If you are licensed inside ADGM, use the ADGM AML page. If you are licensed inside DIFC, use the DIFC AML page. Those jurisdictions apply separate rulebooks and supervisors.
Definition of TCSP
A Trust and Company Service Provider (TCSP) is a business that, on a commercial basis, provides one or more of these services to third parties: forming companies or other legal persons; acting as (or arranging for another to act as) a director, secretary, partner or similar officer; providing registered office services or a business, correspondence or administrative address; providing trustee services for an express trust or equivalent legal arrangement; or acting as (or arranging for another to act as) a nominee shareholder for another person.
Who Counts as a TCSP in the UAE?
Under UAE AML/CFT law, a trust and company service provider is defined by the activities it performs. Article 3 of Cabinet Resolution No. 134 of 2025 (Executive Regulations of Federal Decree-Law No. 10 of 2025) lists the five activities that bring a business within the DNFBP definition of a TCSP. These are the activities at the heart of AML laws for tcsp UAE.
The five TCSP activities recognised by UAE AML law:
- Acting as a formation agent of legal persons.
- Acting as, or arranging for another person to act as, a director or secretary of a company, a partner of a partnership, or a similar position in other legal persons.
- Providing a registered office, business address, correspondence or administrative address for a company, partnership or any other legal person or legal arrangement (registered office services).
- Acting as, or arranging for another person to act as, a trustee of an express trust or performing an equivalent function for another form of legal arrangement (trustee services).
- Acting as, or arranging for another person to act as, a nominee shareholder for another person.
If your business carries out even one of these activities as part of its regular commercial offering, you are a TCSP for AML purposes. This typically includes corporate services firms, PRO and business setup consultancies acting as registered agents, law and accounting firms offering company formation or directorship on the side, family office administrators holding nominee roles and free-zone registered agents in IFZA, Meydan, SPC, RAKEZ and similar commercial free zones.
Being licensed under a mainland Department of Economic Development or a commercial free zone authority does not change the classification. The moment a licensee offers any of the five activities above, the AML/CFT framework applies in full. This is the position taken in both MoET Circular 4 of 2021 and the May 2019 Supplemental Guidance for Trust and Company Service Providers.
Key TCSP AML Terms
- BO (Beneficial Owner): The natural person who ultimately owns or controls the customer, typically any individual holding 25 percent or more of shares or voting rights, or exercising control by other means.
- CDD (Customer Due Diligence): Identifying and verifying the customer, beneficial owner and the purpose of the business relationship.
- EDD (Enhanced Due Diligence): Additional checks applied to higher-risk customers, such as PEPs or customers from high-risk jurisdictions.
- SDD (Simplified Due Diligence): Reduced verification measures, permitted only where risk is assessed as low.
- CRA (Customer Risk Assessment): The customer-level risk rating that drives CDD intensity and ongoing monitoring.
- STR / SAR: Suspicious Transaction / Activity Report filed through goAML to the UAE Financial Intelligence Unit.
- TFS: Targeted Financial Sanctions under UN Security Council resolutions and the UAE Local Terrorist List.
- PEP: Politically Exposed Person, plus family members and close associates.
- goAML: UAE FIU reporting portal where DNFBPs register and file STRs, SARs, HRC and other reports.
AML Supervisory Authority for Trust and Corporate Service Providers in UAE
The Ministry of Economy and Tourism (MoET), previously the Ministry of Economy, is the supervisory authority for mainland and commercial free zone TCSPs. Supervision is delivered through the MoET Anti-Money Laundering Department, working with the Executive Office for Control and Non-Proliferation (EOCN), the UAE Financial Intelligence Unit and local licensing authorities.
In practice, MoET issues sector-specific circulars, conducts thematic inspections and reviews AML/CFT risk assessments, examines customer due diligence files, and verifies goAML registration and reporting. TCSPs should expect both announced and unannounced inspections, request-for-information exercises and follow-up reviews after remediation.
The two foundational MoET publications for trust and company service providers AML UAE are MoET Circular No. 4 of 2021 and the May 2019 Supplemental Guidance for Trust and Company Service Providers. Together they define the sector, set the core obligations and explain the higher-risk typologies unique to corporate structures and trusts.
Mainland & commercial free zone TCSPs vs ADGM TCSPs vs DIFC TCSPs
The federal AML framework (Federal Decree-Law No. 10 of 2025 and its executive regulations) applies across the entire UAE, including ADGM and DIFC. What differs is the sector rulebook, supervisor and reporting surface.
| Dimension | Mainland & Commercial Free Zone TCSPs | ADGM TCSPs | DIFC TCSPs |
|---|---|---|---|
| Federal law | Federal Decree-Law 10/2025 and Cabinet Resolution 134/2025 apply in full. | Federal Decree-Law 10/2025 and Cabinet Resolution 134/2025 apply in full. | Federal Decree-Law 10/2025 and Cabinet Resolution 134/2025 apply in full. |
| Primary supervisor | Ministry of Economy and Tourism (MoET) | ADGM Registration Authority | Dubai Financial Services Authority (DFSA) |
| Operational rulebook | Cabinet Decisions 74/2020 and 109/2023, Cabinet Resolutions 71/2024 and 132/2023, MoET DNFBPs Guideline, Circulars, May 2019 Supplemental Guidance. | ADGM FSRA AML Rulebook (AML and sanctions) and related guidance. | DIFC DFSA AML, Counter-Terrorist Financing and Sanctions Module (AML Module) and related guidance. |
| Reporting channel | goAML (UAE FIU) | goAML (UAE FIU), plus FSRA notifications | goAML (UAE FIU), plus DFSA notifications |
| This guide applies? | Yes | No. Use the ADGM AML page on amluae.com. | No. Use the DIFC AML page on amluae.com. |
Not sure if your activity makes you a TCSP?
Our team can review your licence, services and client book and confirm whether the UAE TCSP AML regime applies to you.
AML Regulations Applicable to TCSPs in UAE
TCSPs must comply with a layered framework made up of federal laws, executive regulations, Cabinet decisions, overarching guidance, the National Risk Assessment, DNFBP-wide circulars and TCSP sector-specific guidance. The sections below follow the regulatory architecture that the UAE uses to supervise the sector.
AML rules that apply to TCSPs: the five layers at a glance
Layers 1 to 4 apply because a TCSP is a DNFBP. Layer 5 adds the sector playbook. Mainland and commercial free zone TCSPs are supervised by MoET; ADGM and DIFC TCSPs follow their own free-zone AML rulebooks alongside the federal statute.
LAYER 1 | FOUNDATION | 7 INSTRUMENTS
1. Federal AML Laws and Executive Regulations Applicable to TCSPs in UAE
Federal Decree-Law 10 of 2025, Federal Law 7 of 2014, Cabinet Resolution 134 of 2025, Cabinet Decisions and Resolutions on targeted sanctions, beneficial ownership and administrative penalties.
LAYER 2 | CROSS-SECTOR | 14 PUBLICATIONS
2. Overarching AML Guidance Applicable to TCSPs
Cross-sector guidance from EOCN and the UAE FIU on targeted financial sanctions, proliferation financing, red flags, typologies, and EOCN NAS and ARS reporting systems.
LAYER 3 | RISK BASELINE | 1 CORE ASSESSMENT
3. NRA, SRA, and Other Important Guidelines Applicable to TCSPs
The UAE ML/TF National Risk Assessment 2024 sets the sector risk rating that must be reflected in every TCSP enterprise-wide risk assessment and customer risk engine.
LAYER 4 | DNFBP-WIDE | 10 PUBLICATIONS
4. DNFBP Sector-Specific Guidance Applicable to TCSPs
Ministry of Economy circulars and implementation guides that bind all DNFBPs: September 2025 DNFBP Guidelines, CRA and CDD Implementation Guides (November 2024), and 2025 and 2026 circulars on sanctions, NRA emphasis, SDD and high-risk countries.
LAYER 5 | SECTOR-SPECIFIC | 2 PUBLICATIONS
5. TCSP Sector-Specific Guidance
MoET Circular No. 4 of 2021 defining the five covered TCSP activities and core obligations, and the May 2019 Supplemental Guidance for Trust and Company Service Providers covering risk factors, CDD, ongoing monitoring and typologies unique to corporate structures and trusts.
Federal AML Laws and Executive Regulations Applicable to TCSPs in UAE
Federal AML Laws at a glance
1. Federal Decree-Law 10 of 2025
AML/CFT/PF statute
2. Federal Law 7 of 2014
Combating Terrorism Crimes
3. Cabinet Resolution 134 of 2025
Executive Regulations of FDL 10/2025
4. Cabinet Decision 74 of 2020
Terrorism lists and UN sanctions
5. Cabinet Resolution 71 of 2024
Administrative penalties (MoJ/MoE)
6. Cabinet Decision 109 of 2023
Beneficial Owner procedures
7. Cabinet Resolution 132 of 2023
BO administrative penalties
Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing
Federal Decree-Law No. 10 of 2025 is the foundational AML/CFT/CPF statute in the UAE. It criminalises money laundering, terrorism financing and proliferation financing; establishes the Financial Intelligence Unit, the Supreme Committee for AML/CFT and the National AML/CFT Committee; and sets out the duties of financial institutions, DNFBPs and VASPs. As a DNFBP, every mainland and commercial free zone TCSP must implement the obligations flowing from this law and its executive regulations.
Key obligations that flow to TCSPs include identifying and verifying customers and beneficial owners, assessing and managing ML/TF/PF risk, applying targeted financial sanctions, filing suspicious transaction reports with the Financial Intelligence Unit through goAML, appointing a compliance officer, maintaining records for at least five years, and cooperating fully with supervisors.
Federal Law No. (7) of 2014 Combating Terrorism Crimes
Federal Law No. 7 of 2014 criminalises a range of terrorism-related offences, including the financing of terrorist organisations and individuals. It underpins the UAE Local Terrorist List regime and supports the obligation on TCSPs to screen customers and beneficial owners against both the Local Terrorist List and the UN Consolidated Sanctions List, and to freeze and report any relevant funds or assets without delay.
Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons
Cabinet Resolution No. 134 of 2025 operationalises Federal Decree-Law No. 10 of 2025. It defines DNFBPs (including the five TCSP activities), sets out the detailed requirements for customer due diligence, simplified and enhanced due diligence, ongoing monitoring, record keeping, internal controls, customer risk assessment and the appointment and duties of compliance officers. For TCSPs, this regulation is the operational rulebook that converts the statute into day-to-day procedures.
Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorist Financing, Countering the Proliferation of Weapons of Mass Destruction and related resolutions
Cabinet Decision No. 74 of 2020, together with its amendments, implements the UAE Local Terrorist List and the targeted financial sanctions arising from UN Security Council resolutions. TCSPs must screen all customers, beneficial owners and related parties at onboarding and on an ongoing basis, freeze funds and assets without delay where a match is confirmed, and report any freeze or attempted transaction to EOCN and the Financial Intelligence Unit.
Cabinet Resolution No. (71) of 2024 Regulating Violations, Administrative Penalties Imposed on Violators of Measures for Confronting Money Laundering and Combating Financing of Terrorism Subject to the Control of the Ministry of Justice and the Ministry of Economy
Cabinet Resolution No. 71 of 2024 sets out the administrative fines and penalties that MoET and the Ministry of Justice can impose on DNFBPs, including TCSPs, for AML/CFT breaches. Fines range from a few thousand dirhams to AED 1,000,000 per violation, depending on severity. Penalties escalate for repeat violations and can include written warnings, suspension of licence, removal of board members or compliance officers and referral for criminal prosecution.
Cabinet Decision No. (109) of 2023 On Regulating the Beneficial Owner Procedures
Cabinet Decision No. 109 of 2023 governs the identification, disclosure and registration of beneficial owners of UAE legal persons. TCSPs are doubly affected because they help clients set up and administer the very entities this regulation targets.
TCSPs must help clients identify the ultimate beneficial owner (typically anyone owning or controlling 25 per cent or more of shares or voting rights, or exercising control by other means), maintain up-to-date beneficial ownership registers and share information with the registrar on request. TCSPs that act as nominee shareholders or nominee directors must disclose their nominee status and the identity of the person they act for. See our guide to beneficial ownership in the UAE for the federal beneficial ownership section in detail.
Cabinet Resolution No. (132) of 2023 Concerning the Administrative Penalties against Violators of The Provisions of the Cabinet Resolution No. (109) of 2023 Concerning the Regulation of Beneficial Owner Procedures
Cabinet Resolution No. 132 of 2023 specifies the administrative fines for breaches of the beneficial ownership regime. Typical TCSP-relevant breaches include failing to maintain an accurate beneficial ownership register, failing to notify changes to the registrar within the prescribed timelines, and failing to disclose nominee arrangements.
Overarching AML Guidance Applicable to TCSPs
The Executive Office for Control and Non-Proliferation (EOCN) and the Financial Intelligence Unit publish cross-sector guidance that binds TCSPs alongside the federal laws. The most relevant pieces are listed below.
Overarching AML guidance at a glance
1. EOCN TFS Guidance
March 2026
2. FIU Terrorist Financing Report
May 2025
3. TFS Case Studies
April 2024
4. PF Institutional RA Guidance
December 2023
5. TF/PF Red Flags Guidance
December 2023
6. Unlicensed VASPs Joint Guidance )
November 2023
7. Counter PF Guidance
November 2022
8. Satisfactory/Unsatisfactory Practice
June 2021
9. TFS Circumvention Typologies
March 2021
10. Grievance Procedures Guideline
11. Grievance Procedures Guideline
12. Combating PF & Sanctions Evasion
13. EOCN NAS Subscription Guide
14. Registration in the Automatic Reporting System
Guidance on Targeted Financial Sanctions for Financial Institutions, Designated Non-Financial Business and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs) issued by the Executive Office for Control and Non-Proliferation (EOCN) – March 2026
The latest EOCN sanctions guidance restates the expectation that DNFBPs, including TCSPs, screen all customers, beneficial owners and counterparties at onboarding, periodically through the lifecycle and immediately following sanctions list updates. It also clarifies expectations around proportionate list-management technology, subscription to the EOCN Notification Alert System (NAS) and registration on the Automatic Reporting System.
FIU’s Strategic Analysis Report on Terrorist Financing – May 2025
The FIU strategic analysis report flags the misuse of shell and front companies, nominee structures and opaque trusts as recurring terrorism financing typologies. TCSPs should read the report as a risk map, focusing on red flags around rapid changes of ownership, unclear source of funds and clients whose stated business does not match their transaction behaviour.
Strategic Review on Targeted Financial Sanctions Case Studies - April 2024
The EOCN case studies illustrate real sanctions-evasion attempts through UAE corporate structures, including layered ownership, use of nominee directors and diversion of funds through related-party loans. TCSPs should cross-refer the typologies back to their own customer book during enterprise and customer risk assessments.
Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPS, and VASPs - December 2023
This guidance expects DNFBPs to conduct a specific proliferation financing risk assessment (separate from, but aligned with, the ML/TF risk assessment). TCSPs are particularly exposed because front companies in dual-use trade sectors are a classic proliferation financing typology.
Terrorist and Proliferation Financing Red Flags Guidance - December 2023
The red flags guidance lists behavioural, transactional and documentary indicators that should drive enhanced scrutiny and, where appropriate, STR or SAR filings. TCSPs should consider the TCSP-relevant red flags in their customer risk rating engine and ongoing monitoring rules.
Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE – November 2023
Where a TCSP forms or services a client whose activity involves virtual assets, the client must be licensed by the competent UAE VASP supervisor or equivalent. TCSPs must not knowingly enable unlicensed VASP activity and should treat any such red flag as grounds for enhanced due diligence and, if suspicion persists, an STR.
Guidance on Counter Proliferation Financing for FIs, DNFBPs, and VASPS - November 2022
This foundational guidance underpins the UAE proliferation financing framework. TCSPs should use it to structure their proliferation financing policy, controls and staff training.
Joint Guidance – satisfactory/unsatisfactory practice – June 2021
The satisfactory/unsatisfactory practice note sets supervisory expectations by describing examples of good and poor AML/CFT practices observed during inspections. TCSPs can use the unsatisfactory examples as a self-assessment checklist.
Typologies on the circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction - March 2021
The March 2021 typologies note describes methods used to evade targeted financial sanctions, many of which involve TCSPs unknowingly. It should shape the red flags built into the sanctions screening and ongoing monitoring framework.
Guideline on Grievance Procedures
This guideline explains how regulated entities, including TCSPs, can challenge supervisory decisions or administrative penalties through the online grievance system operated by the supervising authority.
Online Grievance System User Guide
The online grievance system user guide gives step-by-step instructions for submitting and tracking grievances and supporting documentation.
Combating Proliferation Financing and Sanctions Evasion
A practical reference on recognising and responding to proliferation financing and sanctions-evasion schemes, including transaction monitoring techniques and reporting expectations.
Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)
The NAS delivers real-time updates on amendments to the UAE Local Terrorist List and UN sanctions lists. TCSPs are expected to subscribe to and integrate NAS alerts into their sanctions screening workflow.
NRA, SRA, and Other Important Guidelines Applicable to TCSPs
UAE ML/TF National Risk Assessment — 2024
The NRA 2024 confirms that trust and company service providers sit in the medium-high vulnerability band for money laundering and terrorism financing, driven by the sector’s use of nominee arrangements, complex ownership structures and international flows. Every TCSP must read the NRA, reflect its findings in the enterprise-wide risk assessment and document how the NRA drives the customer, product, geography and delivery-channel risk ratings inside the customer risk assessment engine.
DNFBPs Sector-Specific Guidance Applicable to TCSPs
Ministry of Economy and Tourism circulars apply to the entire DNFBP population, but the practical impact on TCSPs is particularly significant because of the way TCSPs interact with ownership, control and cross-border flows.
DNFBP sector-specific guidance: 10 key publications
1. Circular 1 of 2026
High-risk country list update
2. DNFBP AML/CFT Guidelines
September 2025
3. Circular 3 of 2025
Sanctions list screening
4. Circular 4 of 2025
NRA 2024 emphasis
5. Circular 6 of 2025
Risk-based CDD (SDD focus)
6. Circular 7 of 2025
UN sanctions on Iran
7. Circular 8 of 2025
High-risk country list update
8. CRA Implementation Guide
November 2024
9. CDD Implementation Guide
November 2024
10. Circular 2 of 2022
TFS under UNSCRs 1718 and 2231
Circular No. (1) of 2026 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures
Circular 1 of 2026 rolls the latest FATF public statements into UAE supervisory expectations. TCSPs must apply enhanced due diligence and, where required, counter-measures to customers, beneficial owners and transactions connected to jurisdictions identified as high-risk or subject to increased monitoring.
AML/CFT Guidelines for Designated Non-Financial Businesses and Professions – September 2025
The September 2025 DNFBP Guidelines consolidate MoET expectations across the full AML/CFT lifecycle: enterprise risk assessment, customer risk assessment, CDD, EDD, simplified due diligence, ongoing monitoring, sanctions screening, beneficial ownership, record keeping, training, independent audit, governance and reporting. TCSPs should treat the Guidelines as the default baseline and only deviate where a supervisor confirms otherwise.
Circular No. (3) of 2025 on emphasize the importance of screening sanctions and terrorist lists
Circular 3 of 2025 emphasises the importance of screening customers, beneficial owners, counterparties and transactions against both the UAE Local Terrorist List and the UN Consolidated List, at onboarding and on an ongoing basis, including following every list update.
Circular No. (4) of 2025 on emphasize the importance Understanding the Importance of the UAE 2024 National Risk Assessment
Circular 4 of 2025 instructs DNFBPs to embed NRA 2024 findings in their risk frameworks. For TCSPs, this means reflecting the sector rating in the enterprise risk assessment and calibrating CDD intensity, sanctions screening scope and transaction monitoring rules accordingly.
Circular No. (6) of 2025 on Emphasizing the Implementation of Risk-Based Customer Due Diligence Measures (with a Focus on Simplified Due Diligence)
Circular 6 of 2025 clarifies that simplified due diligence is permitted only where the underlying risk is assessed as low and no red flags are present. TCSPs should default to standard CDD and document any application of SDD with a clear low-risk rationale.
Circular No. (7) of 2025 Regarding the Reimposition of United Nations Sanctions Related to Iran Pursuant to United Nations Security Council Resolution No. 1737 (2006) and Subsequent Resolutions
Circular 7 of 2025 addresses the reimposition of UN sanctions related to Iran under UNSCR 1737 (2006) and subsequent resolutions. TCSPs must update screening lists, review existing customer books and file reports as required.
Circular No. (8) of 2025 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures.
Circular 8 of 2025 aligns UAE supervisory measures with the latest FATF public statements on high-risk and increased-monitoring jurisdictions.
Implementation Guide For DNFBPs on Customer Risk Assessment (CRA) – November 2024
The CRA Implementation Guide provides a methodology and template for rating individual customer risk. TCSPs should align their customer risk assessment engine to this guidance, covering customer type, beneficial ownership risk, geography, product, delivery channel and transaction risk.
Implementation Guide For DNFBPs on Customer Due Diligence (CDD) – November 2024
The CDD Implementation Guide sets out step-by-step expectations for identifying and verifying natural and legal persons, identifying and verifying beneficial owners, understanding the purpose and intended nature of the business relationship, verifying the source of funds and conducting ongoing monitoring.
Circular No. (2) of 2022 regarding Implementation of Targeted Financial Sanctions (TFS) on UNSCRs 1718 (2006) and 2231 (2015)
Circular 2 of 2022 operationalises targeted financial sanctions in relation to proliferation financing, particularly the regimes around the DPRK (UNSCR 1718 of 2006) and Iran (UNSCR 2231 of 2015).
TCSP Sector-Specific Guidance
1. MoET Circular No. 4 of 2021
Core sector circular
2. Supplemental Guidance for TCSPs
May 2019 — sector playbook
MoET Circular No. (4) of 2021
MoET Circular No. 4 of 2021 remains the foundational sector-specific circular for corporate and trust service providers. It defines the activities that make a business a company service provider, sets out core obligations around appointment of a compliance officer, customer due diligence, record keeping, STR reporting through goAML, targeted financial sanctions and registration on the supervisory portal, and outlines inspection procedures and supervisory expectations. This is the single most-cited reference in MoET inspections of the sector.
Supplemental Guidance for Trust and Company Service Providers – May 2019
The 2019 Supplemental Guidance is the most detailed publicly available view of how MoET expects TCSPs to manage their specific risk profile. It covers covered activities and services, customer risk factors (including nominee arrangements, complex structures, cross-border beneficial owners, PEPs and high-risk source of funds), CDD expectations at onboarding and through the lifecycle, ongoing monitoring, suspicious transaction reporting typologies, record keeping, training and independent audit. Used alongside the September 2025 DNFBP Guidelines, it is the core playbook for TCSP AML compliance UAE.
Practical TCSP AML compliance programme
The sequence below converts the regulatory framework into a practical implementation path, ordered so that earlier steps feed later ones (for example, the enterprise risk assessment must exist before you can risk-rate customers under the customer risk assessment engine).
- Register on goAML as a DNFBP reporting entity and set up users, alert subscriptions and reporting permissions.
- Register on the MoET supervisory portal and complete or refresh the AML/CFT returns.
- Appoint a Compliance Officer and an alternate, and document the reporting line to senior management or the board.
- Carry out an enterprise-wide ML/TF/PF risk assessment that reflects NRA 2024, the DNFBP Guidelines and the TCSP Supplemental Guidance.
- Develop AML/CFT policies and procedures covering customer risk assessment, CDD, EDD, SDD, beneficial ownership, sanctions screening, PEP handling, ongoing monitoring, record keeping and reporting.
- Build a customer risk assessment engine aligned with the November 2024 CRA Implementation Guide.
- Operationalise CDD and EDD at onboarding and throughout the lifecycle, aligned with the November 2024 CDD Implementation Guide.
- Implement sanctions and PEP screening at onboarding, periodically and immediately after any list update, including subscription to the EOCN Notification Alert System.
- Configure ongoing monitoring with rules and red flags drawn from FIU strategic reports, EOCN typologies and sector-specific guidance.
- File STRs or SARs through goAML without delay where suspicion arises and maintain tipping-off controls.
- Maintain records for no less than five years after the end of the relationship or the completion of the transaction.
- Deliver annual AML/CFT training to all relevant staff, covering typologies and red flags specific to TCSP activity.
- Commission an independent audit or review of the AML/CFT programme on a risk-sensitive frequency, at least annually for higher-risk TCSPs.
- Escalate any sanctions hit, STR or SAR to senior management immediately, with evidence retained in the case file.
Ready to operationalise your TCSP AML programme?
AML UAE can deliver the full programme for mainland and commercial free zone TCSPs
Conclusion: AML regulations for TCSPs in the UAE
AML regulations for TCSPs in the UAE are comprehensive and exacting for a reason: the sector sits at the gateway of UAE company ownership and control. If you operate as a mainland or commercial free zone TCSP, the practical stance is simple. Treat Federal Decree-Law 10 of 2025, Cabinet Resolution 134 of 2025, Cabinet Decisions 74 of 2020 and 109 of 2023, Cabinet Resolutions 71 of 2024 and 132 of 2023, MoET Circular 4 of 2021 and the 2019 Supplemental Guidance as the non-negotiable spine of your programme. Layer on the September 2025 DNFBP Guidelines, the November 2024 CRA and CDD Implementation Guides and the latest MoET and EOCN circulars as operational detail.
Prioritise beneficial ownership, sanctions screening and customer risk assessment. Keep documented evidence of every risk-based decision. Where uncertainty exists, escalate to senior management and, where appropriate, seek supervisory clarification rather than improvising. And if you are inside ADGM or DIFC, move to the dedicated jurisdiction pages rather than using this guide as your rulebook.
Build a Robust AML Compliance Program
We provide customised AML/CFT Policies and Procedures that are compliant with UAE Laws
Frequently Asked Questions
Who is treated as a TCSPS under UAE AML law?
Any natural or legal person who, on a commercial basis, forms companies, acts as or arranges a director, partner, secretary, trustee or nominee shareholder, or supplies registered office services or a business address for a legal person or legal arrangement. The test is activity-based under Cabinet Resolution 134 of 2025 and MoET Circular 4 of 2021.
Which regulator supervises TCSPs for AML in the UAE?
The Ministry of Economy and Tourism (MoET) supervises mainland and commercial free zone TCSPs. ADGM TCSPs are supervised by the ADGM Registration Authority, and DIFC TCSPs by the DFSA under their own AML rulebooks.
What are the main AML controls TCSPs must implement?
TCSPs must register on goAML, appoint a compliance officer, run an enterprise-wide ML/TF/PF risk assessment, implement CDD and EDD, verify beneficial ownership, screen against sanctions and PEP lists, subscribe to the EOCN Notification Alert System, conduct ongoing monitoring, file STRs/SARs without delay, keep records for at least five years, train staff and commission an independent audit.
Why is beneficial ownership especially important for TCSPs?
Because TCSPs get involved in various services (company formation, nominee shareholder and trustee services) that are used to obscure ownership. Cabinet Decision 109 of 2023 places strict obligations on the legal person and, in practice, on the TCSP administering it, to identify and keep current the 25% or more beneficial owner or anyone otherwise exercising control, and to disclose nominee arrangements.
Do ADGM and DIFC TCSPs follow separate rules?
Yes. ADGM and DIFC operate as financial free zones with their own AML rulebooks, supervised by the FSRA and DFSA, respectively, with their own rulebook-level penalties. The federal statute Federal Decree-Law 10 of 2025 still overarches the UAE AML system, but the operational rulebook for ADGM and DIFC TCSPs is the free-zone one, not the MoET Circulars. Use the dedicated ADGM and DIFC jurisdiction pages on amluae.com for those regimes.
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.
Reach Out to Pathik