AML Regulations for Exchange Houses in UAE

Published On: 07/13/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Last Reviewed On: 07/13/2026   |   Last Updated On: 07/13/2026

Key Highlights

  • Exchange houses are Licensed Financial Institutions under Federal Decree-Law No. 10 of 2025 and its Executive Regulations in Cabinet Resolution No. 134 of 2025, so CBUAE guidance for LFIs is relevant to them, some of it applying generally and some depending on the firm’s products, customers, corridors and delivery channels.
  • The Central Bank of the UAE is the primary AML/CFT/CPF supervisor for exchange houses, while the UAE FIU, the Executive Office and other competent authorities carry reporting, sanctions and enforcement roles. Money service businesses in the DIFC and ADGM answer to the DFSA and FSRA and sit outside this guide.
  • The sector’s residual money laundering risk is rated medium-high in the national risk assessment, driven by banknote shipments, reliance on foreign remittance partners, and third-party transactions.
  • The risks that matter most are structured cash at the counter, high-risk remittance corridors, and third-party senders and beneficiaries, so transaction monitoring and sanctions screening are central.
  • On top of the general LFI framework, the Central Bank issues guidance written specifically for exchange houses, including a dedicated typologies report on money and value transfer services.
  • Registered hawala providers are covered under their own framework, which we treat separately, and this article links across to it.

Exchange houses move money for millions of people in the UAE, sending remittances home for workers, exchanging currency, and trading banknotes at scale. That same speed, cash intensity, and cross-border reach are exactly what make the sector attractive to money launderers and sanctions evaders, which is why the Central Bank supervises it closely. This guide sets out the AML regulations for exchange houses in the UAE: who is in scope, who supervises them, the full legal framework that applies, and how the national risk assessments rate the sector’s money laundering, terrorist financing, and proliferation financing risk. It covers exchange houses and money transfer businesses licensed by the Central Bank of the UAE.

Exchange houses licensed by the Central Bank of the UAE must comply with the applicable UAE AML/CFT/CPF framework, including Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, Cabinet Resolution No. 74 of 2020, the CBUAE exchange business standards, relevant CBUAE AML/CFT guidance, and UAE FIU goAML reporting requirements. The sector’s key AML risks are cash-intensive transactions, cross-border remittances, high-risk corridors, banknote shipments, third-party senders, and sanctions exposure.

Who counts as operating in the Exchange House Sector for AML purposes in the UAE?

An exchange house, for AML purposes, is a business licensed by the Central Bank of the UAE to carry on exchange business, whether that is currency exchange, remittance, or the wholesale movement of banknotes. The categories below all sit inside the AML regulations for exchange houses in the UAE. Registered hawala providers operate under a separate registration framework and are dealt with on their own page, and money service businesses in the DIFC and ADGM are supervised by the DFSA and FSRA and are not covered here.

Currency exchange and money changing

Firms that buy and sell foreign currency for retail and corporate customers, often on a walk-in, one-off basis, sit at the front of the sector. Their exposure runs through cash, rapid conversion between currencies, and customers the firm may deal with only once.

Remittance and money transfer

Outbound and inbound remittance is the sector’s highest-volume activity, moving value across borders through corridors that vary widely in risk. Reliance on foreign remittance partners, third-party senders and beneficiaries, and the Wage Protection System all shape the money laundering and sanctions risk here.

Wholesale banknote trading

Exchange houses that import and export physical banknotes in bulk carry a distinct risk, since large cross-border banknote shipments can be used to move value outside the transparent payment system.

AML Supervisory Authority for Exchange Houses in the UAE

The Central Bank is the primary supervisor for exchange houses, while other competent authorities carry reporting, sanctions and enforcement roles.

Central Bank of the UAE (CBUAE)

The Central Bank of the UAE licenses exchange houses, sets the exchange business standards they operate under, supervises their AML programmes, issues sector guidance, and inspects them. It can impose administrative and financial penalties, restrict activities, or withdraw a licence for breaches. It is the primary AML/CFT/CPF supervisor for the sector, working alongside the UAE FIU, the Executive Office for Control and Non-Proliferation and other competent authorities that carry reporting, sanctions and enforcement roles. Money service businesses established in the DIFC and ADGM are supervised instead by the DFSA and FSRA under their own AML rulebooks, while still operating within the wider UAE AML/CFT framework, and fall outside this guide.

UAE FIU and goAML

In-scope exchange houses must register on the UAE Financial Intelligence Unit’s goAML platform and use it to submit suspicious transaction reports, suspicious activity reports, targeted financial sanctions filings and other required reports where applicable. See our goAML registration guide for the practical steps.

AML Legal Framework Applicable to Exchange Houses in the UAE

The framework has five layers: the core federal laws, the guidance that applies to all reporting entities, the national risk assessments, the Central Bank’s general guidance for licensed financial institutions, and the Central Bank’s exchange-house-specific guidance. This section catalogues each layer, grounded in the official CBUAE AML/CFT and exchange business materials. Because exchange houses are Licensed Financial Institutions, CBUAE guidance for LFIs is relevant to them, some of it applying generally and some depending on the firm’s products, customers, corridors and delivery channels. Older guidance, standards and outreach material should be read together with, and subject to, Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, to the extent they remain in force and are not inconsistent with the current framework.

The table below shows how these layers fit together, from the core statute down to the risk assessments that calibrate day-to-day controls.

Layer Instrument Why it matters 
AML statute Federal Decree-Law No. 10 of 2025 Core AML/CFT/CPF offences, FIU powers, reporting and penalties 
Executive regulation Cabinet Resolution No. 134 of 2025 Practical duties: risk-based approach, CDD, EDD, monitoring, beneficial owner, STR and records 
Central Bank regulatory law Federal Decree-Law No. 6 of 2025 Central Bank and licensed financial activity framework (regulatory background) 
Sanctions framework Cabinet Resolution No. 74 of 2020 and EOCN guidance Screening, freezing, confirmed and partial name match reporting, and sanctions reporting 
Exchange-house standards CBUAE Standards for Exchange Business, Chapter 16 Sector-specific AML/CFT compliance programme 
CBUAE LFI guidance STR, CDD, transaction monitoring, TFS, payments, PEPs, VASPs, PF and TBML Supervisory expectations for licensed financial institutions 
NRA and PF NRA UAE ML/TF NRA 2024 and UAE PF NRA 2026 Baseline for the exchange house risk assessment 

Federal AML Laws and Executive Regulations Applicable to Exchange Houses in the UAE

These instruments are the legal foundation for every exchange house in scope.

Federal Decree-Law No. 10 of 2025 on AML, CFT and CPF

For an exchange house moving outbound and inbound remittances and dealing in currency, Federal Decree-Law No. 10 of 2025 is the source of the whole obligation to fight money laundering, terrorist financing and proliferation financing. It fixes the definitions that shape how the firm screens walk-in and one-off customers, third-party senders and beneficiaries, and recognises that the crime can travel through digital systems, virtual assets and cryptographic technologies. It establishes the Financial Intelligence Unit as the destination for the exchange house’s suspicious transaction reports, empowers that Unit to demand further information, and provides for temporary suspension and freezing measures within the limits and procedures set by the law and the related FIU regulation. Supervision and penalties flow from here.

Cabinet Resolution No. 134 of 2025, the Executive Regulations

Cabinet Resolution No. 134 of 2025 issues the Executive Regulations of Decree-Law No. 10 of 2025, turning the statute into the working rulebook a money transfer business runs on. It confirms that funds transfers and money and currency exchange fall within scope, including services offered through agents and brokers, and defines wire transfers, intermediary and beneficiary institutions, and beneficial owners. From here come the substantive duties: a risk-based approach, customer due diligence and beneficial owner verification on customers and originators, screening of beneficiary information, and ongoing monitoring with refreshed records. The exchange house must adopt internal policies approved by senior management and proportionate to its remittance and cash-intensity risks, and meet the wire transfer requirements that supervisors test.

Cabinet Resolution No. 109 of 2023 on beneficial owner procedures

When a corporate customer walks in to send a wholesale remittance or trade banknotes, the exchange house must know who really stands behind it, and Cabinet Resolution No. 109 of 2023 supplies that transparency. It defines the real beneficiary as the natural person who ultimately owns or controls a legal person, or on whose behalf transactions are conducted. It obliges legal persons to obtain accurate, up-to-date beneficial owner information, identify nominee board members, and maintain a real beneficiary register and a shareholders register, updated generally within fifteen days of any change. These records feed the firm’s due diligence. They apply to legal persons licensed or registered in the State, including commercial free zones, but exclude the financial free zones, the DIFC and ADGM, which operate their own beneficial ownership regimes.

Cabinet Resolution No. 132 of 2023 on penalties for beneficial owner violations

Cabinet Resolution No. 132 of 2023 puts teeth behind the beneficial ownership rules by setting the penalties for breaching Cabinet Resolution No. 109 of 2023. It empowers the registrar to fine legal persons that fail their obligations, such as keeping accurate registers, per a schedule annexed to the Resolution and without prejudice to other sanctions. Consequences escalate: on a third violation, the registrar may suspend the licence and close the premises until the fine is paid and the breach is corrected. For an exchange house, this shows why the corporate remitters it onboards must keep ownership data current. These penalties apply to legal persons licensed or registered in the State, including commercial free zones, but not to the financial free zones, the DIFC and ADGM, which follow their own regime.

Cabinet Resolution No. 74 of 2020 on terrorist lists and UNSC resolutions

Sanctions screening sits at the core of an exchange house, and Cabinet Resolution No. 74 of 2020 defines it. It regulates the UAE terrorist lists, gives effect to the local Cabinet list and the United Nations Security Council lists, and requires that freezing measures be applied without delay, meaning within twenty-four hours. Practically, the firm must register on the Executive Office website to receive designation and de-listing notices, then continuously screen its customer database, potential clients, beneficial owners and the parties to every remittance, including third-party senders and beneficiaries, both routinely and whenever the lists change. On any match, the exchange house freezes without delay, enforces unfreezing decisions and reports to its supervisor.

Federal Law No. 7 of 2014 on combating terrorism crimes

Federal Law No. 7 of 2014 on Combating Terrorism Crimes is the criminal statute that these controls serve. It defines terrorist crime, terrorist purpose, terrorist organisation and terrorist person, distinguishes conventional from nonconventional weapons, and prescribes penalties up to life imprisonment and, in cases, death. For a money transfer business, the sharpest edge is terrorism financing: it penalises anyone who provides, collects, prepares or maintains funds, or helps obtain them, for a terrorist organisation, person or crime, and addresses freezing funds suspected of such a purpose held with financial institutions. Because the wider framework defines terrorist acts by reference to this law, it explains what an exchange house’s remittance screening must detect.

Some of the CBUAE, FIU and supervisory materials below were first issued under the earlier 2018 and 2019 AML frameworks. They should be read subject to Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025 and later rulebook updates, and only so far as they remain in force and are not inconsistent with the current framework.

AML Guidance Applicable to All Reporting Entities

Beyond the core laws, the Central Bank, the FIU, and the Executive Office issue guidance and typologies that apply to all reporting entities, exchange houses included.

UAE FIU Regulation No. 1 of 2026 on Suspension and Freezing Powers, April 2026

UAE FIU Regulation No. 1 of 2026, dated April 2026, governs the postponement or suspension of suspicious transactions and the freezing of funds. Issued under the AML/CFT Decree-Law, it applies to reporting entities, including exchange houses, and complements existing suspicious transaction reporting duties. It introduces the Postponement Suspicious Transaction Report, an urgent filing where a remittance or withdrawal suspected of criminal links is about to be transferred, drawn down or dissipated. It sets a monetary threshold that falls away for higher-threat predicate offences, third-party laundering, organised crime or terrorist financing, and defines a Suspension Order of up to ten working days and a Freezing Order of up to thirty days.

UAE FIU Strategic Analysis Report on Human Trafficking, April 2026

The UAE FIU Strategic Analysis Report on Human Trafficking, dated April 2026, analyses money laundering flows tied to trafficking, drawing on suspicious transaction and activity reports filed with the Financial Intelligence Unit. It covers objectives, methodology and scope, and the main forms of trafficking, including sexual exploitation, forced labour and organ removal. It sets out patterns across themes such as adult and child exploitation, forced labour and proceeds laundering, profiles the subjects involved, including designated traffickers, organised crime groups, foreign politically exposed persons and money mules, and assesses vulnerable sectors. It then develops risk indicators around customer profile, behaviour and transactional activity, helping exchange houses spot mules moving trafficking money.

Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs, March 2026

First published in January 2021 and last amended in March 2026, this Executive Office guidance clarifies targeted financial sanctions obligations for financial institutions, DNFBPs and VASPs. It sets out four duties central to any exchange house: registering in the Notification Alert System; screening customers, senders and beneficiaries against the UAE Local Terrorist List and the United Nations Consolidated List; freezing funds without delay and never releasing them to designated persons; and reporting the measures taken. It explains ownership, control and acting-on-behalf concepts that matter for third-party remittances. The March 2026 update renames the Funds Freeze Report as the Confirmed Name Match Report and addresses screening during weekends and public holidays.

Joint Guidance on the Compliance Officer and MLRO, 2026

Issued in 2026 by the UAE Supervisory Sub-Committee, this joint guidance sets a unified framework for appointing, empowering and defining the Compliance Officer or Money Laundering Reporting Officer across regulated sectors, including firms supervised by the Central Bank that licenses exchange houses. Building on Federal Decree-Law No. 20 of 2018, Cabinet Decision No. 10 of 2019 and the 2025 legal framework, it treats the role as a cornerstone of effective AML, CFT and counter-proliferation work. It sets expectations on appointment and resignation, requiring seniority, experience, operational independence, freedom from conflicts, direct board access and adequate resources, and covers the compliance function, its outsourcing and the officer’s duties.

FIU Strategic Analysis Report on Terrorist Financing, May 2025

Published in May 2025 by the UAE Financial Intelligence Unit, this strategic analysis on terrorist financing typologies and facilitators draws on Unit data from 2021 to 2024, including suspicious transaction and activity reports, disseminated cases and open source material. For exchange houses it is especially pointed, identifying how terrorist funds move through financial institutions, unlicensed hawala, corporate networks, trade-based schemes, high-value goods, real estate, virtual assets and crowdfunding. It profiles facilitators such as designated individuals, family members, money mules, corporate nominees and professional intermediaries who sit behind third-party senders and beneficiaries. The developed risk indicators help remittance staff detect, trace and report attempts to obscure funds through one-off and layered transfers.

goAML FAQs, April 2024

The goAML FAQs, version 2.1 dated 18 April 2024, is a practical question and answer guide from the UAE Financial Intelligence Unit to help reporting entities use the goAML system and its registration and access services. It walks through common snags such as expired one-time passwords at first login, pop-up authentication screens requiring the system-issued username with a Google Authenticator passcode, the correct login sequence through the services portal, and resetting a forgotten password. It sets out where to enter credentials, which emails issue usernames and codes, and who to contact when errors persist. For an exchange house, reliable goAML access underpins timely reporting.

PF Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs, December 2023

Published in December 2023, this guidance sets out how financial institutions should assess and manage exposure to proliferation financing, built around inherent risks, control effectiveness and residual risks. It names the risk categories and factors an exchange house should weigh when scoring its remittance and currency exchange business. Mitigating measures span client onboarding, know your customer and due diligence, enhanced due diligence, screening customers for sanctions and adverse media, ongoing and transaction monitoring, suspicious activity reporting, and employee training. A customer risk scoring questionnaire, elevated risk factors and worked case studies, including sanctions and adverse media matches, show how to calibrate controls and document risk decisions supervisors can review.

Terrorist and Proliferation Financing Red Flags Guidance, December 2023

Updated in December 2023, this Red Flags Guidance gives exchange houses a consolidated set of indicators for spotting terrorist and proliferation financing, including attempts to evade targeted financial sanctions imposed under UN Security Council Resolutions or local designations. It flags evasion tactics such as renaming, front companies, intermediaries and alternative financial networks that a walk-in remitter or third-party sender might exploit. The document first sets out the legal basis for reporting, then lists terrorist financing indicators followed by proliferation ones grouped by customer profile, account and transaction activity, maritime and trade finance, with sanctions appendices. For counter staff and compliance teams it sharpens detection and guides reporting decisions.

Suspicious Activity and Transaction Reporting Thematic Review, January 2023

Issued in January 2023, this thematic review sets out findings and regulatory expectations from the 2022 AML and CFT examination of licensed financial institutions and DNFBPs, focusing on the suspicious transaction and activity reporting framework and the transaction monitoring systems that feed it. It is meant to be read alongside existing guidance on reporting and on monitoring and sanctions screening. It contrasts acceptable and deficient practice across governance, policies, risk-based deployment of monitoring, data management, alert review, case investigation, reporting decisions and the post-reporting process. It applies expressly to exchange houses alongside banks, finance companies and payment providers, offering a benchmark to test remittance monitoring and close gaps before inspection.

Counter Proliferation Financing Guideline, November 2022

Published in November 2022 by the Executive Office for Control and Non-Proliferation, this guideline supplements the wider Guidance on Targeted Financial Sanctions and raises awareness of proliferation financing threats among regulated entities. For an exchange house, it explains how weapons-related funds can be raised or moved through remittances and currency exchange, and how to fold proliferation risk into the firm’s own risk assessment. It sets out preventive measures including enhanced due diligence on customers and transactions, alertness to shell and front companies, dual-use goods and trade routes, and staff training. The red flag list helps counter staff spot sanctions evasion attempts by walk-in and corporate senders.

goAML Web Submission Guide, July 2022

The goAML Web Submission Guide, issued by the UAE Financial Intelligence Unit in July 2022, sets out how to submit a report to the FIU through the goAML platform. It is addressed to the designated Compliance Officer or Money Laundering Reporting Officer of a registered reporting entity, or the deputy where the lead officer is unavailable. It reviews the report types, including the Suspicious Transaction Report and the Suspicious Activity Report, the latter covering suspected activity or an attempted, non-executed transaction, plus Additional Information Files and High Risk Country reports. It explains access for Central Bank-regulated and other entities, then covers selecting a report, completing the cover, and submitting.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers, March 2022

Issued in March 2022, this joint guidance from the UAE Supervisory Authorities, including the Central Bank, the Securities and Commodities Authority and the Virtual Assets Regulatory Authority, aligns with FATF’s risk-based approach and warns the public and regulated firms about unlicensed virtual asset providers. It urges confining virtual asset dealings to licensed entities and reminds exchange houses of their AML obligations. Expectations include vigilance to fraud, factoring emerging risks into assessments, adequate due diligence, spotting customers who seek unlicensed providers, and reporting suspicions. Red flags include no licence, no physical presence, unrealistic promises or Ponzi schemes, poor websites and pressure to invest quickly, helping counter staff intercept suspect remittances.

IEMS User Guide for Reporting Entities, March 2022

Dated March 2022, this practical manual from the UAE Financial Intelligence Unit explains its Integrated Enquiry Management System, which automates information requests, prosecution decisions and other AML and CFT instructions from domestic authorities. It provides an end-to-end flow between the Unit, the authorities and reporting entities such as exchange houses. Firms already registered on goAML reuse those credentials, reaching the system through the Services Portal or eServices Portal. The guide walks through the dashboard, request management and the reply workflow covering account holder and signatory details, and sets out Admin, Maker and Checker roles. It stresses meeting due dates and implementing freeze orders immediately on the amount or whole balance.

goAML Pre-Registration Guide, March 2022

The goAML Pre-Registration Guide, issued by the UAE Financial Intelligence Unit in March 2022, explains how reporting entities gain access to the Services Access Control Manager, or SACM, before reaching goAML to register and file suspicious reports. The application is reached through a public portal for entities not regulated by the Central Bank of the UAE, except hawaladars, with entities under various Supervisory Bodies following the stated steps. SACM hosts the links to the production and testing environments, secured by a time-based one-time password from Google Authenticator. The guide covers pre-registration, confirming intent, and safeguarding a personal Secret Key issued after FIU due diligence, which cannot be shared.

goAML Registration Guide, March 2022

The goAML Registration Guide, issued by the UAE Financial Intelligence Unit in March 2022, sets out how an organisation registers with the FIU on its reporting platform, goAML. It applies to registration as a reporting entity, a stakeholder or a supervisory body, and confirms that every accountable and reporting entity in the UAE, whoever its regulator, must register to submit suspicious reports. Access runs through the Services Access Control Manager, with Central Bank-regulated institutions needing a dedicated MPLS link and others over the internet. It walks through selecting the registration type, entering organisation and address details, adding the registering person, uploading attachments, setting access rights and resetting passwords.

Strategic Review on Targeted Financial Sanctions Case Studies, November 2021

Dated November 2021, this strategic review examines targeted financial sanctions reporting in the United Arab Emirates, sitting within the framework by which the UAE, through Cabinet Resolution No. 74 of 2020, implements United Nations Security Council Resolutions on terrorism, terrorist financing and proliferation, including freezing measures and prohibitions on providing funds. It sets out its methodology, then classifies sanctions reports by source, by suspicion and by instrument. It distinguishes terrorist financing patterns from proliferation patterns and presents red flags, statistics and recommendations, plus the Executive Office’s role in circulating list updates. For an exchange house, it shows how sanctions suspicions arise and are reported, sharpening screening across remittance flows.

Typologies on the Circumvention of Targeted Sanctions, November 2021

Last amended in November 2021 and issued by the Executive Office, this typologies report compiles cases showing how sanctioned persons, groups and entities try to circumvent targeted sanctions relating to terrorism and the proliferation of weapons of mass destruction. Drawing on public UAE and foreign sources, it groups methods by channel, expressly covering exchange houses alongside banking services, money remitters, hawala and similar providers, online payment facilities, misused non-profits, cash and gold smuggling, trade in dual-use goods, misused legal entities and virtual assets, plus proliferation-side banking and cyberactivity. Illustrated with named case networks and red flags, it turns evasion tactics into learning that sharpens screening, due diligence, monitoring and reporting.

Update to the List of High Risk Jurisdictions, November 2021

This November 2021 decision of the National Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations Committee updates the list of high-risk jurisdictions subject to a call for action, the list under increased monitoring, and the counter-measures to apply. It is addressed to bodies including the supervisory authorities and the Financial Intelligence Unit, and revises an earlier March 2021 decision. Reflecting the Committee’s mandate to identify high-risk countries and set proportionate counter-measures, it instructs supervisors to ensure due diligence is applied. For exchange houses, it signals which remittance corridors warrant enhanced due diligence and keeps customer and transaction risk ratings aligned with the latest listings.

Joint Guidance on Satisfactory and Unsatisfactory Practice, June 2021

Issued in June 2021 by the UAE Supervisory Authorities, including the Central Bank, the DFSA, the FSRA, the Securities and Commodities Authority and the Ministries of Justice and Economy, this joint guidance draws on inspections between January 2020 and May 2021. It contrasts satisfactory and unsatisfactory practice across the AML framework, targeted financial sanctions and counter proliferation financing. For an exchange house it covers governance and management oversight, the risk assessment, three lines of defence, policies, training and the compliance officer or MLRO role, plus customer onboarding, monitoring, risk rating, due diligence, transaction monitoring, sanctions screening and record keeping, letting firms benchmark controls before an examination exposes weaknesses.

Typologies on the Circumvention of TFS, PF and WMD, May 2021

Last amended in May 2021 and issued by the Executive Office, this typologies report examines how sanctioned persons and entities receive financing in violation or evasion of UN Security Council Resolutions on terrorism and the proliferation of weapons of mass destruction. It explains that targeted financial sanctions cover both asset freezing and bans on making funds available, directly or indirectly, to designated parties. Organised by method, it addresses the misuse of banking services, money remitters, hawala and similar providers, online payment facilities, non-profits and cash smuggling on the terrorist side, and banking, cyberactivity, trade and legal entities on the proliferation side, closing with red flags drawn from real cases.

goAML FAQs, September 2020

The goAML FAQs Guide, version 1.5 dated 8 September 2020 from the UAE Financial Intelligence Unit, answers the practical questions reporting entities raise while using the goAML portal, from resetting a forgotten password to fixing a rejected submission. For an exchange house filing frequent remittance-related suspicious transaction reports, it is a quick reference for the operational snags that would otherwise stall a filing, covering login and access, report status and common submission errors. It sits alongside the newer April 2024 FAQs and keeps the compliance team moving when the portal behaves unexpectedly.

goAML Registration Guide Stage 2, September 2020

The goAML Registration Guide, version 3.3 dated 16 September 2020, sets out how an organisation registers with the UAE Financial Intelligence Unit as a reporting entity, stakeholder or supervisory body. It applies to every accountable and reporting entity whatever its regulator, so a newly licensed exchange house follows it to secure goAML access before filing its first suspicious transaction or activity report. It works through organisation and user details, document uploads and approval, giving the exchange house its onboarding path onto the single national reporting channel.

Guideline on Grievance Procedures

Issued by the Executive Office for Control and Non-Proliferation, this guideline explains how grievance requests tied to the UAE Local Terrorist List and the United Nations Consolidated List, collectively the Sanctions Lists, are submitted and reviewed. Under Cabinet Resolution No. 74 of 2020 it covers three request types: de-listing a designation, lifting freezing measures, and seeking permission to use frozen funds. For each it distinguishes Local List designations by the UAE Cabinet from United Nations designations by the Security Council. It clarifies the procedures apply only to Sanctions List freezes, not court orders. For an exchange house, it maps the lawful routes a frozen remittance customer can take.

Online Grievance System User Guide

This user guide from the Executive Office for Control and Non-Proliferation walks applicants through its Online Grievance System, launched to streamline requests relating to the UAE Local Terrorist List and the United Nations Consolidated List, collectively the Sanctions Lists. It explains how to submit the three online request types: de-listing, cancellation of freezing measures, and permission to use frozen funds. Users identify the aggrieved individual or entity, select the relevant list and grievance type, declare previous requests, attach documents and give contact details. It notes the form is in Arabic while the manual is in English. For exchange houses, it shows the route a frozen remittance customer can follow.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

This short guide explains how to subscribe to the Notification Alert System on the Executive Office’s website so users receive timely updates to the sanctions lists applied in the United Arab Emirates. Targeted financial sanctions rest on two lists, collectively the Sanctions Lists: the UAE Local Terrorist List issued by the Cabinet, and the United Nations Consolidated List issued by the Security Council, both updated periodically. It shows where the lists sit and gives step by step subscription instructions through to confirmation. For an exchange house, this supports a core control: screening senders and beneficiaries only works against current lists, and prompt alerts let counter staff apply freezes without delay.

Emerging ML, TF and PF Risks and Trends in the Financial Sector

Issued by the Supervisory Subcommittee under Article 16 of Federal Decree-Law No. 10 of 2025, this report gives regulated firms a current picture of the money laundering, terrorist financing and proliferation financing threats reshaping the sector. Its typologies and red flags can be factored into exchange house risk assessments and monitoring. It examines abuse of artificial intelligence, greenwashing and ESG-related fraud, trade finance misused for proliferation, growth in illicit virtual asset transactions, and sanctions evasion linked to the Commonwealth of Independent States. Case studies on money mule networks, trade-based laundering and virtual asset conversion, plus typologies in stored value and retail payment services, sharpen detection of layered remittance flows.

Typologies in the Financial Sector

Typologies in the Financial Sector is a joint report from the Supervisory Authorities Sub-Committee and the Financial Intelligence Unit, developed with the Executive Office and a pilot group of firms. It shares money laundering, terrorist financing, sanctions, fraud, and bribery and corruption typologies seen in the market, several surfacing during the COVID-19 pandemic, to help the private sector anticipate emerging risks. Sitting above the National Risk Assessment, it flags the growing use of unlicensed money service operators that settle books over time rather than moving each transfer individually, lists indicators that combine to obscure a transaction, and notes links to modern slavery and human trafficking.

NRA, SRA, and Other Important Guidelines for Exchange Houses in UAE

The UAE assesses its money laundering, terrorist financing, and proliferation financing risk at national level, and exchange houses must align their own business and enterprise-wide risk assessments to those findings.

UAE PF National Risk Assessment 2026

The UAE Proliferation Financing National Risk Assessment 2026 rates exchange houses medium-high in the mainland, exposed mainly through currency exchange and cross-border transfers that sanctioned networks may exploit to evade targeted financial sanctions relating to the Democratic People’s Republic of Korea and Iran. Prepared in response to FATF revised Recommendation 1, it examines threats and vulnerabilities across mainland and free zone sectors on a low-to-high scale, with overall country risk medium-high. Virtual asset service providers rate highest at high; banks and hawala providers medium-high; free zone banks and money service businesses medium; maritime insurance medium to medium-low; and stored value facilities medium-low. It should shape sanctions screening and due diligence.

The table below summarises the residual risk ratings the exchange house sector should reflect in its own risk assessment.

UAE ML and TF National Risk Assessment 2024

The UAE Money Laundering and Terrorist Financing National Risk Assessment 2024, the country’s second, rates the exchange house sub-sector residual medium-high, driven by cash intensity, banknote shipments, reliance on foreign remittance partners and third-party transactions. Prepared using the World Bank methodology on data from 2019 to 2023, it identifies threats, vulnerabilities and residual risks across the mainland and financial free zones, with overall national money laundering risk medium-high and drug trafficking and fraud among the highest threats. Registered hawala providers are rated high, banks medium-high, finance companies and insurance medium, and securities medium to medium-high. For exchange houses, it sets the baseline that should shape customer risk ratings and controls.

Assessment Exchange house sector residual risk 
Money laundering and terrorist financing (NRA 2024) Medium-high, driven by banknote shipments, reliance on foreign remittance partners, and third-party transactions 
Proliferation financing (PF NRA 2026) Medium-high in the mainland, through currency exchange and cross-border transfers 

Alongside the national assessments, sector risk assessments, red flag guidance, and typologies reports give exchange houses the detail they need to keep their enterprise-wide risk assessment current and defensible.

CBUAE Guidance Applicable to Exchange Houses in UAE

The Central Bank’s guidance for licensed financial institutions applies to exchange houses as Licensed Financial Institutions. The documents below make up that guidance set.

CBUAE Best Practices for Licensed FIs on Implementing Role-Based AML/CFT/CPF Training, October 2025

Published in October 2025, the CBUAE Best Practices on Implementing Role-Based AML/CFT/CPF Training shows exchange houses how to tailor learning to each job rather than issuing one generic course. Counter and teller staff handling walk-in remittances, and compliance teams overseeing corridors, receive content matched to their own exposure and to the red flags of money laundering, terrorist financing and proliferation financing they realistically meet. The guidance applies a risk-based approach so frequency and intensity track each role’s risk, spanning regulatory requirements, global standards, internal policies, products, customers and geographies. It covers the Board, senior management, the three lines of defence, delivery methods, documentation and records.

CBUAE Best Practices for Licensed FIs on a Risk-Based Approach and Institutional Risk Assessments, October 2025

Dated October 2025 and issued under Article 44.11 of Cabinet Decision No. 10 of 2019, this CBUAE Best Practices document guides exchange houses in building a risk assessment methodology, running an institutional risk assessment and embedding a risk-based approach across money laundering, terrorist financing and proliferation financing. It explains the framework, appropriate granularity, accountability and assessment frequency, then how to score inherent risk across customers, products, delivery channels, geographies and operating structure before weighing controls to reach residual risk. For a remittance and currency-exchange business, this means scaling scrutiny to the corridors served and the exposure each carries. It expressly applies to exchange houses alongside banks and other institutions.

CBUAE Guidance for Licensed FIs on Correspondent Banking, October 2025

Exchange houses depend on foreign remittance partners and correspondent relationships to settle cross-border transfers, and this October 2025 CBUAE Guidance explains how to control the money laundering, terrorist financing and proliferation financing risks that dependence brings. It describes correspondent banking, the requirements for processing cross-border funds transfers, and the risk factors attaching to respondent institutions, including third-party transaction risk from nested relationships and payable-through accounts, geography, ownership, products and customer base. On mitigation it covers enterprise-wide and relationship-specific risk assessment, standard, specific and enhanced due diligence, ongoing monitoring, suspicious activity reporting, targeted financial sanctions, governance, independent audit, training and record-keeping. Robust due diligence guards against exposure to unknown parties.

CBUAE Guidance for Licensed FIs on Customer Due Diligence and Record-Keeping, October 2025

For exchange houses serving walk-in and one-off remittance and currency-exchange customers, this October 2025 CBUAE Guidance on Customer Due Diligence and Record-Keeping sets out controls the regulator calls foundational to fighting financial crime. It stresses understanding each customer’s occupation, source of funds, source of wealth and expected activity so suspicious transactions surface. The document details general principles, identification and verification for natural persons, legal persons, arrangements and those acting on a customer’s behalf, then risk profiling through segmentation and geography. It addresses ongoing monitoring, simplified and enhanced due diligence, non-face-to-face relationships, name screening, customer rejection and exit, third-party reliance, record-keeping and red flag indicators. Reliable records underpin reporting.

CBUAE Guidance for Licensed FIs on Risks Related to Proliferation Finance, October 2025

Issued in October 2025, this CBUAE Guidance on Proliferation Finance helps exchange houses counter the financing of weapons of mass destruction as it moves through cross-border payments and banknote flows. Read alongside the CBUAE Procedures and Guidelines, it states regulatory expectations rather than new law, defining proliferation financing before examining the vulnerable channels it exploits, including correspondent banking, hawala and other alternatives to traditional banking, offshore accounts, free trade zones and shell companies. It sets out UNSC and FATF obligations, local requirements, and a risk-based approach across customer, product, geographic and operational risk. Controls span due diligence, transaction monitoring, suspicious reporting, targeted financial sanctions, governance, audit, training and record keeping.

CBUAE Guidance for Licensed FIs on Risks Related to Trade-Based ML and Transshipment, October 2025

Published in October 2025, this CBUAE Guidance on Trade-Based Money Laundering and Transshipment helps exchange houses recognise how criminals abuse international trade, cross-border payments and the movement of goods and banknotes. It explains trade finance, distinguishing documentary from non-documentary and open account trade, then sets out typologies including over- and under-invoicing, over- and under-shipment, multiple invoicing, falsely described goods, shell, front and shelf companies, free trade zones, illicit cash integration, third-party intermediaries and pass-through accounts. It also covers services-based laundering, vulnerable sectors such as gold and precious metals, and illicit transshipment. On mitigation, it addresses enterprise-wide risk assessment and enhanced due diligence. Trade can disguise value or movement.

Federal Decree-Law No. 6 of 2025 on the Central Bank (regulatory background)

Federal Decree-Law No. 6 of 2025 on the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business, issued on 8 September 2025, is not the AML law, but it matters as regulatory background for a CBUAE-licensed exchange house. It governs the Central Bank’s role and the regulation of licensed financial institutions and financial activities, which is the regime under which the firm holds its licence and answers to its supervisor. An exchange house should read it alongside the AML framework when assessing its licensing, conduct and supervisory position.

CBUAE AML and CFT Guidelines for Financial Institutions, July 2023

Dated July 2023, the CBUAE AML/CFT Guidelines for Financial Institutions name exchange houses, money service businesses and hawaladars expressly among those they bind, so a remittance operator cannot treat them as banking-only material. Prepared jointly by the country’s Supervisory Authorities, they consolidate the minimum expectations for identifying, assessing and mitigating money laundering, terrorist financing and illegal organisation risks into one reference. For a money transfer business, the value lies in the risk-based approach chapters covering business-wide assessment and the customer, product, delivery channel and geographic factors that shape a remittance book. They anchor the firm’s compliance programme, customer due diligence on remitters and beneficiaries, and reporting practices in supervisory expectations.

CBUAE Guidance for Licensed FIs on Risks Related to Virtual Assets and VASPs, February 2023

Issued on 20 February 2023, this CBUAE Guidance helps exchange houses grasp the money laundering and terrorist financing risks where remittances are funded from, or converted into, virtual assets, and where customers deal with virtual asset service providers. It sets out the threats and vulnerabilities, the routes by which an institution becomes exposed, and the UAE framework covering the SCA, CBUAE, VARA and FSRA. It explains the CBUAE non-objection required before opening administrative or transactional accounts for such providers. On mitigation, it addresses the risk-based approach, customer due diligence for provider customers, and enhanced measures for higher-risk customers and transactions. Value can move rapidly and pseudonymously.

CBUAE Guidance for Licensed FIs on Digital Identification for Customer Due Diligence, October 2022

As remittance onboarding moves to apps and remote channels, this CBUAE guidance of 31 October 2022 helps an exchange house understand how digital identity systems can identify and verify customers and support ongoing due diligence. It explains the systems and their participants, key terminology, identity proofing and enrolment, authentication, lifecycle management, and the portability that lets a remitter onboard once. It then covers using such systems for identification and verification, ongoing due diligence and third-party reliance. It examines the risks, from proofing weaknesses to authentication failures, and explains how to assess a system’s assurance and reliability. For app-based money transfer businesses, sound digital identification supports remote onboarding while introducing risks to control.

CBUAE Guidance for Licensed FIs on Suspicious Transaction Reporting, August 2022

Suspicious remittances are the daily bread of an exchange house, and this CBUAE guidance of 3 August 2022 explains how to identify, investigate and report them. It sets out the legal basis for filing, the protection for those who disclose, the meaning of a suspicious transaction, and the consequences of staying silent on structured cash or unusual transfer patterns. The document maps the three lines of defence, the role of the compliance officer or MLRO, transaction monitoring methods from manual to intelligence-led, and how to draft and submit a report. It also covers immediate-attention activity, confidentiality and the strict prohibition on tipping off remittance customers.

CBUAE Guidance for Licensed FIs on Risks Relating to Payments, August 2022

Payments are the very trade of an exchange house, and this CBUAE guidance of August 2022 addresses the money laundering and terrorist financing risks running across the sector. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it applies to institutions providing payment products directly and to those serving other payment participants. It explains what makes payments vulnerable: the speed at which funds move, peer-to-peer transfers, cross-border movement, regulatory gaps, intermediation, nesting, and the use of agents. Mitigation covers risk assessment, customer and enhanced due diligence, ongoing monitoring, wire transfer requirements, targeted financial sanctions and suspicious transaction reporting, helping a money transfer business calibrate controls to a fast, intermediated flow.

CBUAE Guidance for Licensed FIs on Risks Relating to Politically Exposed Persons, August 2022

A prominent remittance customer can be a politically exposed person, and this CBUAE guidance of August 2022 sets out how an exchange house identifies and manages the heightened risks they bring. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it stresses that the aim is not to refuse such customers but to complete thorough due diligence before accepting or continuing a relationship. It distinguishes domestic and foreign politically exposed persons and heads of international organisations, extending to family and close associates. It covers classification, time limits on status, screening, risk rating, enhanced due diligence, monitoring, reporting, governance and training, with an annex of red flags for high-value transfers.

CBUAE Guidance for Licensed FIs on Transaction Monitoring and Sanctions Screening, September 2021

Issued on 8 September 2021, this CBUAE guidance tells exchange houses how to design, operate and maintain the systems that flag suspicious remittances and identify sanctioned parties on transfers. On transaction monitoring, it covers risk assessment, risk-based deployment, data management, rule definition and pre-implementation testing, alert scoring, outcomes analysis and reporting, plus post-implementation tuning and validation. On sanctions screening, it addresses name and transaction screening design, list management and testing so remitters, beneficiaries and counterparties are caught reliably. A governance section covers oversight, vendor use, role-specific training and record keeping. For a money transfer business, well-calibrated, regularly validated systems are the difference between spotting structured cash and missing it.

CBUAE Guidance for Licensed FIs to Cash-Intensive Businesses, September 2021

No customer type sits closer to an exchange house than the cash-intensive business, and this CBUAE guidance of September 2021 addresses precisely the risks that arise when clients handle large volumes of notes at the counter. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it explains why cash is so vulnerable to abuse, the risks of bearer negotiable instruments and prepaid cards, and specific concerns including cross-border cash movement, couriers and currency exchange. On mitigation, it sets a risk-based approach built on enterprise and customer risk assessment, enhanced due diligence, beneficial owner identification, ongoing and transaction monitoring, suspicious transaction reporting, governance and training for high cash flows.

CBUAE Guidance for Registered Hawala Providers and LFIs, August 2021

Issued in August 2021, this CBUAE combined Guidance for Registered Hawala Providers and the Licensed Financial Institutions serving them reaches exchange houses as LFIs providing services and as remittance businesses operating near this space. Read alongside the CBUAE Procedures and Guidelines, it states regulatory expectations rather than new law and is organised in parts covering each audience. It draws on the FATF description of hawaladars as money transmitters who arrange transfers and settle through trade, cash and long-term net settlement, often tied to particular regions. It sets out global risks, UAE regulation, permitted and non-permitted services, sanctions and freezing without delay, registration, a bank account, and a full AML/CFT programme.

CBUAE Guidance for Licensed FIs on Implementation of Targeted Financial Sanctions, July 2021

Exchange houses should screen customers, originators, beneficiaries, beneficial owners and counterparties to a transfer against applicable sanctions lists, and this CBUAE guidance of 4 July 2021 sets out how to identify, freeze and report assets connected to designated persons. Read with the Executive Office guidance, it builds a sanctions programme from senior management commitment, risk assessment and risk appetite through internal controls, training, audit and record keeping. It then addresses screening against the UN Consolidated List and Local Terrorist List, name and payments screening of remitters and beneficiaries, false positive verification and confirmed matches. Red flag indicators for terrorist financing, proliferation financing and evasion help catch counterparties routing funds through the firm’s counters.

CBUAE Guidance for Licensed FIs to Legal Persons and Arrangements, June 2021

When a corporate remitter approaches the counter, this CBUAE guidance of June 2021 governs how an exchange house manages the money laundering and terrorist financing risks that companies, other legal persons and legal arrangements carry. It explains how such structures obscure identity and beneficial ownership, hide the purpose of a transfer, and conceal the source of funds, and it sets out common typologies of abuse. It then covers formation requirements, beneficial owner identification, record keeping, and how legal persons operate under UAE law, including economic substance. Mitigation runs through the risk-based approach, customer risk rating, institutional risk assessment and enhanced due diligence on opaque remitters.

CBUAE Guidance for Licensed FIs to the Real Estate and Precious Metals and Stones Sectors, June 2021

Issued on 16 June 2021, this CBUAE guidance matters to an exchange house whose remittance customers include dealers in precious metals and stones or parties moving funds tied to real estate, both flagged as higher-risk. It is organised around understanding and mitigating the risks each sector presents, describing the features that increase vulnerability, relevant typologies, and how the sectors are regulated in the UAE. On mitigation, it explains applying a risk-based approach, conducting customer and enhanced due diligence, reporting suspicious transactions, and maintaining governance and training. Common requirements sit alongside sector-specific considerations, and annexes provide red flags for spotting illicit value passing through gold traders and property-linked transfers.

CBUAE STR Outreach for Banks and Finance Companies, March 2021

Delivered on 10 March 2021, this Financial Intelligence Unit outreach session briefed banks and finance companies on suspicious transaction reporting, with input from the Ministry of Interior. Although addressed to banks and finance companies, its expectations reach any licensed institution that files through goAML, so an exchange house can read across the same messages: when a report is warranted, the quality the FIU expects, goAML as the sole channel, and the compliance officer’s duties. It reinforces prompt, well-grounded reporting of remittance and currency-exchange suspicions rather than defensive or late filing.

CBUAE Board of Directors Decision No. 59/4/2019 on AML and CFT procedures

Board of Directors Decision No. 59/4/2019, issued on 13 June 2019, is the supervisory bedrock on which every exchange house builds its AML programme. Made under Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019, it cancels the old Circular No. 24/2000 and confirms that a licensed money transfer business, conducting remittance operations for customers, counts as a financial institution bound by the law, its implementing regulation and Central Bank instructions. It empowers the CBUAE to examine the firm’s branches, with or without notice, demand records on cross-border transfers, impose sanctions for breaches, permit appeals and publish penalties against non-compliant houses.

CBUAE Guidance Note on Responsible Use of AI and ML by LFIs

As exchange houses turn to artificial intelligence and machine learning to monitor remittance flows, this CBUAE Guidance Note on the Responsible Use of AI and Machine Learning sets out principles for consumer-focused, ethical adoption, including generative AI. It is non-binding, helping institutions shape internal policies that protect consumers and support good market conduct, and its principles are flexible so they evolve with the technology. The Note covers governance and accountability, placing responsibility for systems and outcomes with senior management and the Board and calling for a documented framework, regular reporting and a model inventory. It addresses fairness, transparency, data quality, privacy, continuous monitoring, human oversight, outsourcing and ethical innovation.

CBUAE List of Administrative and Financial Sanctions

The CBUAE List of Administrative and Financial Sanctions records the penalties the Central Bank can impose, and it applies to all licensed institutions, including exchange houses. It confirms the CBUAE as the supervisory authority for shortcomings in the anti-money laundering and sanctions compliance frameworks of those it licenses. Under Article 14 of Decretal Federal Law No. 20 of 2018, as amended by Federal Decree Law No. 26 of 2021, it can impose administrative penalties from a warning to licence revocation, and financial penalties from fifty thousand to five million dirhams per violation. Under Article 137 of the Central Bank Law, fines reach two hundred million dirhams.

Exchange House Sector-Specific CBUAE Guidance

Alongside its general guidance, the Central Bank issues material aimed specifically at exchange houses and money or value transfer services.

Typologies in the Money or Value Transfer Services (MVTS), June 2022

Typologies in the Money or Value Transfer Services of June 2022 is a joint report by the Supervisory Authorities Sub-Committee, the FIU and the Executive Office, built from a pilot of exchange houses and registered hawala providers. It maps emerging ML, TF and sanctions risks across currency exchange and money remittance during 2021 to 2022, drawn from products, processes and transactional data. The report lists nineteen typologies with red flags relevant to exchange houses: structuring, third-party smurfing, unusually high-value transactions, sudden turnover spikes at one branch, trade-based money laundering, fabricated transaction receipts, cash couriers, WPS salary changes, remittances to varied beneficiaries, high-risk-country corridors, frequent currency conversion and cash-against-credit-card advances.

CBUAE Standards for Exchange Business, Chapter 16 (AML/CFT), November 2021

Chapter 16 is the binding AML/CFT rulebook every licensed exchange house must follow, set within the CBUAE Standards for the Regulation of Exchange Business, Version 1.20 of November 2021, amending Version 1.10 of February 2018. It codifies the full compliance programme for money exchange and remittance: an enterprise-wide ML/FT risk assessment, KYC and customer due diligence for walk-in natural persons, enhanced due diligence, PEP checks, and special wire-transfer rules for ordering, intermediary and beneficiary institutions. It also covers agents and correspondent counterparties, third-party transactions, sanctions screening, transaction monitoring, suspicious transaction reporting, tipping-off prohibitions, know-your-employee vetting, record retention, remittance data uploads and bi-annual compliance reporting.

CBUAE Guidance for Licensed Exchange Houses, November 2021

The CBUAE Guidance for Licensed Exchange Houses of November 2021 explains how exchange houses should meet their statutory AML/CFT obligations, read alongside Chapter 16 of the Standards. It flags why the sector rates highly for risk and materiality in the UAE, driven by cash intensity, speed, worldwide reach and the many occasional, walk-in transactions that limit customer understanding. It sets out ten essential programme components and a six-step risk assessment covering customer, product, delivery channel, new technology, jurisdiction and counterparty risk, plus corridor and agent exposure. It details customer due diligence, transaction monitoring with red flags, sanctions freezing without delay, training, audit, record keeping, employee risk, and FIU reporting.

CBUAE STR Outreach for Exchange Houses, March 2021

The CBUAE STR Outreach for Exchange Houses of March 2021 is a joint awareness session by the Financial Intelligence Unit, CBUAE AML/CFT supervision and the Ministry of Interior, aimed at exchange-house compliance officers. It explains when and what to report under Article 15 of the AML law, using goAML as the only channel for STRs, SARs and related report types. It stresses the source of funds and wealth information for remittance customers, monitoring triggers and alerts, tipping-off and confidentiality rules after filing, and securing funds on flagged accounts. It shares FIU-noted deficiencies in timeliness and accuracy, plus Ministry of Interior red flags such as credit turnover inconsistent with the customer profile.

Core AML Obligations for Exchange Houses at a Glance

Whatever the licence, the AML regulations for exchange houses in the UAE turn on a common set of duties.

  • A business and enterprise-wide risk assessment aligned to the national risk assessments, with corridor and product risk built in.
  • Customer due diligence on customers and originators, with collection and screening of beneficiary information, and enhanced due diligence where the transaction, corridor, customer or counterparty risk is higher, including source of funds for large or unusual transfers.
  • Ongoing transaction monitoring for structuring and unusual patterns, and sanctions screening of customers, originators, beneficiaries, beneficial owners, counterparties and relevant transaction parties, including parties to cross-border payments.
  • Suspicious transaction and activity reporting through goAML, full record keeping, and a qualified compliance officer and MLRO.
  • Identifying the ultimate beneficial owner of corporate remitters.

In practice, supervisors expect an exchange house to be able to evidence controls across the areas below.

Control area  What an exchange house should evidence 
Enterprise-wide and business-wide risk assessment  Corridor, product, customer, delivery channel, branch and counterparty risk 
Customer onboarding  Customer identity, purpose, expected activity and source of funds where relevant 
Remittance controls  Originator and beneficiary information, wire-transfer data quality including incomplete or rejected transfers with escalation and record evidence, and third-party transaction handling 
Bulk cash and banknote handling  Supplier and counterparty due diligence, shipment reconciliation, corridor risk, sanctions screening and source-of-cash checks 
Sanctions screening  UAE Local Terrorist List, UN Consolidated List, customers, beneficiaries, counterparties and ownership or control 
Transaction monitoring  Structuring, smurfing, high-risk corridors, repeated beneficiaries and unusual branch activity 
Agent and partner due diligence  Foreign remittance partner assessment, correspondent risk and ongoing review 
goAML reporting  STR and SAR, confirmed and partial name match reports where relevant, and no tipping-off 
Governance  Compliance officer and MLRO independence, board oversight, training, audit and remediation tracking 

Expert Tip:

For an exchange house, most risk sits in three places: structured cash just under thresholds at the counter, remittances to and from high-risk corridors, and third parties who are not the customer being served. Build monitoring rules around corridor risk and one-off customer behaviour rather than long-term relationships, because that is where the sector’s typologies actually appear.

Conclusion

AML regulations for exchange houses in the UAE come down to a clear chain: exchange houses are Licensed Financial Institutions, the Central Bank supervises them, and the applicable framework includes Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, the targeted financial sanctions rules, and relevant Central Bank general and exchange-house-specific rules, standards and guidance. The sector’s cash intensity and cross-border reach put it at medium-high risk, so the controls that matter most are screening, monitoring, and knowing who is really sending and receiving the money. Use the national risk assessments to calibrate, use this guide as an overview, and read across to our guide to anti-money laundering laws in the UAE and the pillar on AML regulations for banks and financial institutions in the UAE.

Frequently Asked Questions

Which AML rules apply to exchange houses in the UAE?

Exchange houses are Licensed Financial Institutions under Federal Decree-Law No. 10 of 2025 and its Executive Regulations, supervised by the Central Bank of the UAE. They must apply customer due diligence, sanctions screening, transaction monitoring, record keeping, and suspicious transaction reporting through goAML, and they follow both the general LFI guidance and the Central Bank’s exchange-house-specific guidance.

The national risk assessment rates the sector medium-high, driven by cash intensity, banknote shipments, reliance on foreign remittance partners, and third-party transactions. In practice the biggest risks are structured cash at the counter, remittances through high-risk corridors, and senders or beneficiaries who are not the customer being served.

Monitoring should be built around corridor and product risk rather than long-term relationships, watching for structuring below thresholds, sudden spikes in a branch’s turnover, remittances to many unrelated beneficiaries, and transfers to high-risk countries. The Central Bank’s transaction monitoring and sanctions screening guidance and the money or value transfer typologies report set out what to look for.

Both move value across borders, and the Central Bank studies them together in its money or value transfer typologies. The key difference is the licence: exchange houses hold an exchange business licence, while hawala providers hold a separate registration. Registered hawala providers are covered under their own framework, which we address on a dedicated page.

Yes. Money service businesses established in the Abu Dhabi Global Market and the Dubai International Financial Centre are supervised by the FSRA and DFSA under their own AML rulebooks, while still operating within the wider UAE AML/CFT framework. They fall outside this guide, which covers exchange houses licensed by the Central Bank.

The firm should identify and verify the customer, understand who the beneficiary is, screen both against sanctions and terrorist lists, risk-rate the corridor and the transaction, and establish the source of funds for large or unusual transfers, applying enhanced due diligence where the risk is higher before the transfer proceeds.

Common indicators include structured cash just below reporting thresholds, a customer sending to many unrelated beneficiaries, sudden turnover spikes at one branch, fabricated receipts, cash couriers, unexplained changes to Wage Protection System salaries, and frequent currency conversion, all of which feature in the Central Bank’s money or value transfer typologies.

Are exchange houses required to screen every remittance?

Yes. The exchange house should screen the relevant parties to a remittance, including customers, originators, beneficiaries and counterparties, against the applicable sanctions lists and internal risk controls before processing or releasing funds.

Yes. The exchange house should maintain a business-wide or enterprise-wide risk assessment that reflects its products, branches, customers, delivery channels, foreign remittance partners, corridors, sanctions exposure and the findings of the national ML/TF and PF risk assessments.

Need help building or reviewing your exchange house AML programme?

Whether you're building an AML programme from scratch or enhancing an existing one, our experts provide practical, risk-based solutions to help your exchange house stay compliant and confident.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik