AML Regulations for Insurance Companies and Brokers in UAE
Published On: 07/09/2026
Protect your business with reliable and effective AML strategies with AML UAE.
Last Reviewed On: 07/09/2026 | Last Updated On: 07/09/2026
Key Highlights
- Insurance firms carrying on life and investment-linked business are financial institutions under Federal Decree-Law No. 10 of 2025 and its Executive Regulations in Cabinet Resolution No. 134 of 2025.
- The Central Bank of the UAE supervises the mainland insurance sector, while the DFSA and FSRA supervise insurers and intermediaries in the DIFC and ADGM.
- The sector’s residual money laundering and terrorist financing risk is rated medium in the national risk assessment, and maritime insurance carries a medium proliferation financing risk on the mainland.
- Insurers, reinsurers, brokers, and agents carrying on in-scope insurance business must apply customer due diligence, sanctions screening, transaction monitoring, record keeping, and suspicious transaction reporting through goAML, proportionate to their role, products and risk.
- On top of the federal laws, the Central Bank issues both general guidance for all licensed financial institutions and guidance specific to the insurance sector, including a dedicated insurance broker regulation.
- This article catalogues the whole framework and links up to the banks and financial institutions pillar for the wider view.
Insurance is not the first sector people associate with money laundering, but life and investment-linked policies can be used to place, layer, and integrate illicit funds, and that is why the UAE brings insurers and brokers inside its anti-money laundering regime. This guide sets out the AML regulations for insurance companies in the UAE, covering insurers, agents and brokers: who is in scope, who supervises the sector, the full legal framework that applies, and how the national risk assessments rate the sector’s money laundering, terrorist financing, and proliferation financing risk. It is CBUAE-centric, since the Central Bank supervises mainland insurance, with the DIFC and ADGM regulators noted for firms in the financial free zones.
In short: UAE insurers, reinsurers, brokers and agents carrying on life, investment-linked or other relevant insurance business must comply with Federal Decree-Law No. 10 of 2025, its Executive Regulations in Cabinet Resolution No. 134 of 2025, the sanctions rules in Cabinet Resolution No. 74 of 2020, the CBUAE’s insurance-sector and licensed-institution guidance, and the UAE FIU’s goAML reporting duties. The clearest money laundering risks are single-premium policies, third-party premium payments, top-ups, early surrender, beneficiary changes, opaque corporate policyholders and sanctions exposure in marine or cargo cover.
Who counts as operating in the Insurance Sector for AML purposes in UAE?
AML obligations in the UAE insurance sector attach most clearly to the firms and people that write or arrange life and investment-linked business, the lines through which value can be stored, moved or returned, with further exposure in assignable, high-value, marine, cargo and cross-border insurance activity. General insurance and pure protection products usually present lower money laundering and terrorist financing risk, but CBUAE-licensed insurers, reinsurers, agents and brokers should still assess their own obligations against their licence, the applicable CBUAE guidance and the risk profile of their products, customers and claims activity.
Insurance companies
Insurers carrying on life insurance and investment-linked business are financial institutions for AML purposes. These products can hold and transfer value, can, in higher-risk cases, be funded in cash or cash-like means, and can be surrendered or assigned, which is what gives them money laundering relevance. Such insurers must run a full AML programme scaled to their products and customers.
In short, for life and investment-linked insurance, AML risk is highest where policies store value, accept top-ups, permit early surrender, allow assignment, or involve third-party premium funding.
Insurance brokers
Brokers arrange cover between clients and insurers and often handle client information and premium flows, which places them inside the AML perimeter for relevant business. The Central Bank maintains a dedicated regulation for insurance brokers, and brokers must apply customer due diligence, screening, and reporting appropriate to their role.
Insurance agents and intermediaries
Agents and other intermediaries who introduce or service relevant insurance business are also captured where they carry on activities that fall within the financial institution definition. Their obligations follow the nature of the business they handle and the customers they deal with.
AML Supervisory Authority for the Insurance Sector in UAE
Supervision of the insurance sector is shared between the federal regulator and the two financial free zone authorities. Your supervisor determines which rulebook and guidance apply to you.
Central Bank of the UAE (CBUAE)
The Central Bank is the AML supervisor for the mainland insurance sector, having taken on insurance supervision in addition to banking. It issues both general guidance for licensed financial institutions and guidance specific to insurance, inspects firms, and can impose administrative and financial penalties for breaches.
Dubai Financial Services Authority (DFSA)
The DFSA supervises insurers and insurance intermediaries established in the Dubai International Financial Centre, under its own AML rulebook that sits alongside the federal law.
Financial Services Regulatory Authority (FSRA)
The FSRA supervises insurance firms in the Abu Dhabi Global Market, maintaining its own AML rulebook and enforcement within the wider federal framework.
UAE FIU and goAML
In-scope insurers, reinsurers, brokers and agents register on the UAE Financial Intelligence Unit’s goAML platform and report through it. Registration on goAML is a baseline obligation, and suspicious transaction and activity reports, along with related filings, are submitted through it. See our goAML registration guide for the practical steps.
AML Legal Framework Applicable to Insurance Companies in UAE
The framework has five layers: the core federal laws, the guidance that applies to all reporting entities, the national risk assessments, the Central Bank’s general guidance for licensed financial institutions, and the Central Bank’s insurance sector-specific guidance. This section catalogues each layer, grounded in the Insurance CBUAE library.
At a glance, the instruments that make up this framework sit in the following hierarchy:
| Layer | Instrument | Why it matters |
| AML statute | Federal Decree-Law No. 10 of 2025 | Core AML, CFT and CPF offences, the Financial Intelligence Unit, reporting duties and penalties |
| Executive regulation | Cabinet Resolution No. 134 of 2025 | Working duties: risk-based approach, CDD, EDD, beneficial owner, monitoring, STRs and record keeping |
| Central Bank law | Federal Decree by Law No. 6 of 2025 | The Central Bank, licensed financial institutions and insurance business framework |
| Sanctions and TFS | Cabinet Resolution No. 74 of 2020, with EOCN and CBUAE guidance | Screening, freezing without delay, name-match reporting and sanctions duties |
| Insurance conduct | CBUAE Insurance Brokers’ Regulation and insurance-sector rules | Licensing, conduct, governance and broker obligations |
| CBUAE guidance | Insurance-sector guidance and the CDD, monitoring, TFS, PEP, PF and TBML guidance | Supervisory expectations for insurers and intermediaries |
| National risk | UAE ML and TF NRA 2024 and UAE PF NRA 2026 | Baseline for the insurance sector’s risk assessment |
Federal AML Laws and Executive Regulations Applicable to Insurance Companies and Brokers in the UAE
These instruments are the legal foundation for every insurer and broker in scope.
Federal Decree-Law No. 10 of 2025 on AML, CFT and CPF
For an insurer writing life or investment-linked cover, or a broker placing it, Federal Decree-Law No. 10 of 2025 is the statute everything else answers to. It is the principal UAE law on money laundering, terrorist financing and proliferation financing, fixing the definitions that frame your obligations, including predicate offences, targeted financial sanctions and suspicious transactions, and recognising that abuse may run through virtual assets and cryptographic technology. It establishes the Financial Intelligence Unit within the Central Bank as the central agency that receives and analyses suspicious transaction reports, whether the trigger is an odd single-premium payment or an early surrender, and through the Head of the Unit, it may request further information and order the suspension or freezing of suspicious funds within the limits and procedures set by the law and the FIU regulation. It also places insurers under supervisory oversight and exposes them to administrative penalties.
Cabinet Resolution No. 134 of 2025, the Executive Regulations
Cabinet Resolution No. 134 of 2025 issues the Executive Regulations of Decree-Law No. 10 of 2025 and is the working rulebook that a compliance team actually opens. It expressly brings life insurance and other investment-related insurance products within scope, including cover distributed through agents and brokers, and adds concepts such as senior management, beneficial owner and reasonable measures. From these pages flow the daily duties: a risk-based approach, customer due diligence, verifying the beneficial owners behind corporate policyholders, and ongoing monitoring kept current across top-ups, assignments and changes of beneficiary. Insurers and brokers must maintain internal policies and controls approved by senior management and proportionate to their risks.
Cabinet Resolution No. 109 of 2023 on beneficial owner procedures
When a corporate policyholder sits behind a life or investment-linked contract, Cabinet Resolution No. 109 of 2023 shapes what an insurer or broker can learn about who really controls it. It regulates beneficial owner procedures for licensed or registered legal persons, defining the real beneficiary as the natural person who ultimately owns or controls the entity, directly or through a chain of ownership. Each legal person must keep accurate beneficial owner information, identify nominee board members, maintain a real beneficiary register and a shareholders register, and update them within short deadlines, generally fifteen days. These procedures apply to legal persons licensed or registered in the State, including commercial free zones, but exclude the financial free zones, the DIFC and ADGM, which operate their own beneficial ownership regimes.
Cabinet Resolution No. 132 of 2023 on penalties for beneficial owner violations
Cabinet Resolution No. 132 of 2023 puts teeth behind the beneficial ownership duties in Cabinet Resolution No. 109 of 2023 and explains why a corporate policyholder should keep its ownership data current. It empowers the registrar to fine legal persons that fail to maintain accurate registers or supply required data, following an annexed schedule of violations, without prejudice to other AML sanctions. Consequences escalate: on a third violation, the registrar may suspend the commercial licence and close the premises until the fine is paid. For an insurer or broker verifying the people behind a corporate contract, non-compliance carries a cost. These penalties apply to legal persons licensed or registered in the State, including commercial free zones, but not to the financial free zones, the DIFC and ADGM, which follow their own regime.
Cabinet Resolution No. 74 of 2020 on terrorist lists and UNSC resolutions
Sanctions screening for insurers and brokers begins with Cabinet Resolution No. 74 of 2020, which regulates the terrorist lists and gives effect in the UAE to United Nations Security Council resolutions on terrorism, its financing and the proliferation of weapons of mass destruction. It sets up a local Cabinet list alongside the Security Council lists, defines designation, listing and de-listing, and demands freezing measures without delay, within twenty-four hours. In practice an insurer or broker must register on the Executive Office website for notifications and continuously screen policyholders, prospective clients, beneficial owners of corporate policyholders and parties to transactions, whenever a list changes. On a match, freeze without notice and report promptly.
Federal Law No. 7 of 2014 on combating terrorism crimes
Federal Law No. 7 of 2014 on Combating Terrorism Crimes is the criminal statute that tells insurers and brokers what their controls are ultimately built to catch. It defines terrorist crime, terrorist purpose, terrorist organisation and terrorist person, distinguishes conventional from nonconventional weapons including toxins and radioactive materials, and prescribes penalties reaching life imprisonment and, in specified cases, death. It penalises anyone who provides, collects, prepares or maintains funds, or facilitates obtaining them, for a terrorist purpose, and addresses freezing suspect funds held within financial institutions. Because the AML framework defines terrorist acts partly by reference to this law, insurers use it to read the conduct behind a suspicious premium.
AML Guidance Applicable to All Reporting Entities
Beyond the core laws, the Central Bank, the FIU, and the Executive Office issue guidance and typologies that apply to all reporting entities. The instruments below sit in the overarching guidance set for licensed financial institutions.
UAE FIU Regulation No. 1 of 2026 on Suspension and Freezing Powers, April 2026
Dated April 2026, UAE FIU Regulation No. 1 of 2026 governs the postponement or suspension of suspicious transactions and the freezing of funds. Issued under the AML/CFT Decree-Law, it applies to reporting entities, including insurers as financial institutions, and complements existing reporting duties. It introduces the Postponement Suspicious Transaction Report, an urgent filing where funds suspected of crime face imminent transfer, withdrawal or dissipation, and sets a monetary threshold that does not apply to higher threat offences, third party laundering, organised crime or terrorist financing. It defines a Suspension Order of up to ten working days and a Freezing Order of up to thirty days, letting insurers hold at-risk payouts.
UAE FIU Strategic Analysis Report on Human Trafficking, April 2026
Dated April 2026, the UAE FIU Strategic Analysis Report on Human Trafficking analyses money laundering and financial flows tied to trafficking, drawing on suspicious transaction and activity reports filed with the Financial Intelligence Unit. It sets out objectives, methodology and scope, and covers the main forms, including sexual exploitation, forced labour and organ removal. It profiles subjects such as designated traffickers, organised crime groups, foreign politically exposed persons and money mules, assesses vulnerable sectors, then develops indicators grouped around customer profile, behaviour, transactional activity and documentation. For insurers and brokers it is a detection resource, helping firms link trafficking methods to behaviour across policyholders and beneficiaries and improve their reports.
Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs, March 2026
First published in January 2021 and last amended in March 2026, the Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs is issued by the Executive Office for Control and Non-Proliferation. It sets out four core obligations: registering in the Notification Alert System, screening against the UAE Local Terrorist List and the United Nations Consolidated List, freezing assets without delay while not making them available to designated persons, and reporting measures taken. The March 2026 update renames the Funds Freeze Report as the Confirmed Name Match Report. For insurers and brokers, it defines how to screen policyholders, beneficiaries and owners, and freeze payouts where a designation matches.
Joint Guidance on the Compliance Officer and MLRO, 2026
Issued in 2026 by the UAE Supervisory Sub-Committee, this Joint Guidance establishes a unified framework for appointing, empowering and holding to account the Compliance Officer or Money Laundering Reporting Officer across regulated sectors. Building on Federal Decree-Law No. 20 of 2018, Cabinet Decision No. 10 of 2019 and the 2025 legal framework, it treats the role as a cornerstone of an effective AML, CFT and counter-proliferation regime. It sets expectations on appointment and resignation, requiring seniority, experience, operational independence, freedom from conflicts, board access and adequate resources, and addresses the compliance function and outsourcing. For insurers and brokers, it clarifies appointing a fit and proper officer over underwriting and claims.
FIU Strategic Analysis Report on Terrorist Financing, May 2025
Produced by the UAE Financial Intelligence Unit and published in May 2025, this strategic analysis report, subtitled Terrorist Financing Typologies and Facilitators, draws on the Unit’s databases for 2021 to 2024, including suspicious transaction and activity reports. It explains how terrorist financing works and maps typologies for moving and obscuring funds through financial institutions, unlicensed hawala, corporate networks, high-value goods, real estate, virtual assets and crowdfunding. It also profiles facilitators such as money mules, corporate nominees and professional service providers. For insurers and brokers, the developed risk indicators sharpen scrutiny of premium sources, third-party payers, sudden surrenders and changes of beneficiary that could disguise the movement of terrorist funds.
goAML FAQs, April 2024
Version 2.1, dated 18 April 2024, the goAML FAQs is a practical question and answer guide published by the UAE Financial Intelligence Unit to help reporting entities use the goAML system and its registration and access services. It addresses common registration and login problems with step by step remedies, covering expired one-time passwords at first login, pop-up authentication screens needing the system-issued username with a Google Authenticator passcode, the correct login sequence through the services portal, and resetting a forgotten password. For insurers and brokers, timely suspicious transaction and activity reporting depends on reliable goAML access, so this guidance helps compliance teams stay connected and meet reporting duties promptly.
PF Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs, December 2023
Published in December 2023, the Proliferation Financing Institutional Risk Assessment Guidance shows firms how to assess and manage their exposure to proliferation financing. It sets out a methodology built on inherent risks, control effectiveness and residual risk, names the risk categories and factors to score, and describes supporting measures across onboarding, KYC and customer due diligence, enhanced due diligence, sanctions and adverse media screening, ongoing monitoring, suspicious activity reporting and employee training. A customer risk-scoring questionnaire, elevated risk factors and worked case studies illustrate the approach. For insurers and brokers, it offers a repeatable framework to score corporate policyholders and beneficial owners, calibrate controls and document decisions supervisors can review.
Terrorist and Proliferation Financing Red Flags Guidance, December 2023
Updated in December 2023, the Terrorist and Proliferation Financing Red Flags Guidance gives insurers and brokers a consolidated set of indicators for spotting suspicious terrorist and proliferation financing, including evasion of targeted financial sanctions under United Nations Security Council Resolutions or local designations. It explains how sanctioned parties rename themselves and hide behind intermediaries and front companies, then presents terrorist financing red flags followed by proliferation indicators grouped by customer profile, account and transaction activity, maritime sector and trade finance. For life and investment-linked writers and for marine and cargo underwriters, this is a working reference that sharpens detection of evasion and clarifies when a suspicious report should be filed.
Suspicious Activity and Transaction Reporting Thematic Review, January 2023
Issued in January 2023, the Suspicious Activity and Transaction Reporting Thematic Review sets out findings and regulatory expectations from the 2022 AML and CFT examination of licensed financial institutions and designated non-financial businesses and professions. It focuses on the suspicious transaction and activity reporting framework and the transaction monitoring systems feeding it, organised around expectations and acceptable versus deficient practice across governance, policies, risk-based deployment of monitoring, data management, alert review, case investigation, reporting decisions and the post-reporting process. It applies expressly to insurers among other firms. For insurers and brokers, it is a practical benchmark to test monitoring of premiums, surrenders and claims before an inspection finds gaps.
Counter Proliferation Financing Guideline, November 2022
Published in November 2022 by the Executive Office for Control and Non-Proliferation, this guideline supplements the wider Guidance on Targeted Financial Sanctions and helps regulated firms identify, assess and mitigate proliferation financing risk in line with FATF standards. It explains what proliferation financing is, its stages and the UAE framework, then folds that risk into a firm’s own risk assessment. For insurers and brokers the document is directly relevant, because it names insurance products among the areas needing enhanced due diligence, alongside shell and front companies and dual-use goods. It matters especially to marine and cargo underwriters, supplying red flags that signal sanctions evasion tied to weapons of mass destruction.
goAML Web Submission Guide, July 2022
Issued by the UAE Financial Intelligence Unit in July 2022, the goAML Web Submission Guide sets out the steps for submitting a report to the FIU through the goAML platform. It is addressed to the designated Compliance Officer or Money Laundering Reporting Officer of a registered reporting entity, or the deputy when the lead officer is unavailable, guiding them through the submission process. It overviews report types, including the Suspicious Transaction Report and the Suspicious Activity Report, the latter covering suspected activity or an attempted, non-executed transaction, plus Additional Information File and Request for Information reports. For insurers and brokers, it standardises reporting, helping officers file correct reports promptly.
Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers, March 2022
Issued in March 2022 by the UAE Supervisory Authorities, including the Central Bank, the Securities and Commodities Authority and the Virtual Assets Regulatory Authority, this Joint Guidance aligns with FATF’s risk-based approach and warns the public and regulated firms about unlicensed virtual asset service providers. It urges confining virtual asset dealings to licensed entities and expects firms to stay vigilant to fraud, factor emerging risks into assessments, conduct due diligence, spot customers seeking unlicensed providers, and report suspicions. Red flags include no regulatory licence, no physical presence, unrealistic promises and pressure to invest quickly. For insurers and brokers, it helps flag policyholders whose premiums trace to unlicensed virtual asset activity.
IEMS User Guide for Reporting Entities, March 2022
Dated March 2022, the IEMS User Guide for Reporting Entities is a practical manual from the UAE Financial Intelligence Unit for its Integrated Enquiry Management System, which automates information requests, prosecution decisions and other AML and CFT instructions from domestic authorities. It covers registration and login, noting goAML-registered firms reuse those credentials, and walks through the dashboard, request management, and the reply workflow for account and signatory details. It sets out Admin, Maker and Checker roles, due dates, and implementing freeze orders immediately on the amount specified or the whole balance. For insurers and brokers, it shows how to action enquiries and freeze instructions touching policy accounts and payout balances.
goAML Pre-Registration Guide, March 2022
Issued by the UAE Financial Intelligence Unit in March 2022, the goAML Pre-Registration Guide explains how reporting entities gain access to the Services Access Control Manager, or SACM, before reaching the goAML application to register and file suspicious reports. The application is available through a public portal for entities not regulated by the Central Bank, except hawaladars, while entities under various Supervisory Bodies follow the set steps. It describes SACM as the gateway hosting links to the goAML production and testing environments, secured by a Google Authenticator one time password, and covers safeguarding a personal Secret Key that cannot be shared. For insurers and brokers, it precedes secure reporting access.
goAML Registration Guide, March 2022
Issued by the UAE Financial Intelligence Unit in March 2022, the goAML Registration Guide sets out the steps an organisation follows when registering with the FIU on its reporting platform, goAML. It covers registration as a reporting entity, stakeholder or supervisory body, and confirms that all accountable and reporting entities in the United Arab Emirates must register to submit suspicious reports; registration grants the right to file. It explains reaching the portal through the Services Access Control Manager, then covers selecting the registration type, entering organisation and address details, adding the registering person and passport data, uploading attachments and setting access rights. For insurers and brokers, it underpins compliant reporting.
Strategic Review on Targeted Financial Sanctions Case Studies, November 2021
Dated November 2021, the Strategic Review on Targeted Financial Sanctions Case Studies examines sanctions reporting in the United Arab Emirates, sitting within the framework by which the UAE, through Cabinet Resolution No. 74 of 2020, implements United Nations Security Council Resolutions on terrorism, terrorist financing and proliferation, including freezing measures and prohibitions on providing funds and services. It explains its methodology and timeline, then classifies reports by source, suspicion and instrument, drawing out terrorist financing and proliferation financing patterns with red flags, statistics and recommendations. For insurers and brokers, it shows how sanctions suspicions actually arise, helping sharpen screening of policies and payouts.
Typologies on the Circumvention of Targeted Sanctions, November 2021
Amended in November 2021 and issued by the Executive Office, this typologies report compiles cases showing how sanctioned persons, groups and entities try to circumvent targeted sanctions relating to terrorism and the proliferation of weapons of mass destruction. Drawing on public sources, it groups methods by channel: banking, money remitters, exchange houses, hawala, online payments, misuse of non-profit organisations, cash and gold smuggling, trade in dual-use goods and natural resources, legal-entity misuse and virtual assets, with named networks and red flags. For insurers and brokers, especially those underwriting corporate policyholders or marine and cargo risks, it turns evasion tactics into practical learning that strengthens screening, due diligence and monitoring.
Update to the List of High Risk Jurisdictions, November 2021
This November 2021 decision of the National Anti-Money Laundering and Combatting the Financing of Terrorism and Financing of Illegal Organizations Committee updates the list of high risk jurisdictions subject to a call for action, the list under increased monitoring and the counter-measures to apply, revising an earlier March 2021 decision. Addressed to bodies including the supervisory authorities and the Financial Intelligence Unit, it reflects the Committee’s mandate to identify higher-risk countries and set proportionate counter-measures. For insurers and brokers, country risk is a core input to risk-based controls: it signals which jurisdictions warrant enhanced due diligence on policyholders, beneficiaries and corporate owners, obliging firms to keep risk assessments current.
Joint Guidance on Satisfactory and Unsatisfactory Practice, June 2021
Published in June 2021 by the UAE Supervisory Authorities, including the Central Bank, the DFSA, the FSRA, the Securities and Commodities Authority and the Ministries of Justice and Economy, this Joint Guidance distils themes from inspections run between January 2020 and May 2021. It contrasts satisfactory and unsatisfactory practice across the AML framework, targeted financial sanctions and counter proliferation financing, covering governance, the three lines of defence, risk assessment, policies, training and the compliance officer role, plus onboarding, customer risk rating, due diligence, monitoring, screening and reporting. For insurers and brokers, it turns findings into benchmarks, helping firms test controls over policyholder onboarding and payout monitoring before an examiner does.
Typologies on the Circumvention of TFS, PF and WMD, May 2021
Amended in May 2021 and issued by the Executive Office, this typologies report examines how sanctioned persons, groups and entities receive financing in violation of or evasion of United Nations Security Council Resolutions on terrorism and the proliferation of weapons of mass destruction. It notes that targeted financial sanctions cover both asset freezing and bans on making funds available, directly or indirectly, to designated parties. Organised by financing method, it addresses misuse of banking, money remitters, hawala, online payments, non-profit organisations, cash smuggling, trade in goods and legal-entity misuse. For insurers and brokers, it explains how value moves past controls and reinforces the duty to report evasion.
goAML FAQs, September 2020
Issued by the UAE Financial Intelligence Unit in September 2020, the goAML FAQs Guide is a practical question-and-answer reference for reporting entities using goAML, the system through which suspicious reports are filed in the United Arab Emirates. It compiles queries commonly raised once an organisation is registered and active, with step-by-step responses. It explains how to reset a forgotten password, update organisation details such as name, licensed activity, address and contacts, and how the Money Laundering Reporting Officer, as admin user, delegates reporting to a third party subject to Supervisory Body approval. For insurers and brokers, accurate data and managed user access underpin timely reporting.
goAML Registration Guide Stage 2, September 2020
Issued by the UAE Financial Intelligence Unit in September 2020, the goAML Registration Guide Stage 2 outlines the steps an organisation follows when registering with the FIU on its reporting platform, goAML. It applies to registration as a reporting entity, stakeholder or supervisory body, and confirms that all accountable and reporting entities in the United Arab Emirates must register to submit suspicious reports. It notes that, since 27 June 2019, entities must submit reports electronically through goAML. It explains reaching the portal through the Services Access Control Manager and covers registering an organisation, setting access rights and resetting passwords. For insurers and brokers, it enables compliant reporting.
Guideline on Grievance Procedures
Issued by the Executive Office for Control and Non-Proliferation, the Guideline on Grievance Procedures explains how affected parties challenge designations on the UAE Local Terrorist List and the United Nations Consolidated List, together the Sanctions Lists. Under Cabinet Resolution No. 74 of 2020, it recognises three application types: de-listing a designation, lifting freezing measures, and permission to use frozen funds, distinguishing Local List designations by the Cabinet from United Nations designations by the Security Council. Crucially, it applies only to freezes arising from Sanctions List designations, not court orders or investigations. For insurers and brokers, it maps the lawful routes a frozen policyholder or beneficiary may pursue.
Online Grievance System User Guide
The Online Grievance System User Guide, issued by the Executive Office for Control and Non-Proliferation, walks users through the form for challenging designations on the UAE Local Terrorist List and the United Nations Consolidated List, together the Sanctions Lists. The Executive Office launched the online system to streamline three request types: de-listing, cancelling freezing measures, and permission to use frozen funds. The guide covers identifying the aggrieved individual or entity, selecting the relevant list and grievance type, declaring previous requests and appeals, and attaching documents. It clarifies that only Sanctions List freezes are covered. For insurers and brokers, it shows the route by which a frozen policyholder can seek relief.
Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)
This short guide explains how to subscribe to the Notification Alert System on the Executive Office’s website so users receive timely updates to the sanctions lists applied in the United Arab Emirates. It notes that targeted financial sanctions rest on two lists, together the Sanctions Lists: the UAE Local Terrorist List issued by the Cabinet and the United Nations Consolidated List issued by the Security Council, both updated periodically. The guide shows where to access the lists and gives step-by-step subscription instructions. For insurers and brokers, it supports a core control: screening of policyholders and payees only works against current lists, so prompt alerts help firms freeze and report quickly.
Emerging ML, TF and PF Risks and Trends in the Financial Sector
Issued by the Supervisory Subcommittee under Article 16 of Federal Decree-Law No. 10 of 2025, this report gives regulated firms a current view of the money laundering, terrorist financing and proliferation financing threats reshaping the sector as technology, geopolitics and criminal methods evolve. It examines emerging risks such as artificial intelligence exploitation, greenwashing and ESG-related fraud, trade finance abuse, illicit virtual asset flows and sanctions evasion linked to the Commonwealth of Independent States. For insurers and brokers, the value lies in typologies and red flags to fold into risk assessments, particularly where corporate policyholders, opaque free-zone structures or single-premium life products might be exploited to place and layer illicit funds.
Typologies in the Financial Sector
Produced jointly by the Supervisory Authorities Sub-Committee and the Financial Intelligence Unit with a pilot group of institutions, Typologies in the Financial Sector shares money laundering, terrorist financing, sanctions, fraud and bribery typologies seen in the market, several emerging during the COVID-19 pandemic. It describes risks sitting above the National Risk Assessment, including growing use of unlicensed money service operators that balance books over time, and lists indicators that combine to obscure transactions, with links to modern slavery and human trafficking. For insurers and brokers, it works as an early warning tool, helping firms refresh policyholder and beneficiary risk assessments, refine monitoring scenarios and engage authorities when comparable patterns surface.
NRA, SRA, and Other Important Guidelines for the Insurance Sector
The UAE assesses its money laundering, terrorist financing, and proliferation financing risk at the national level, and insurers and brokers must align their own business and enterprise-wide risk assessments with those findings.
UAE PF National Risk Assessment 2026
The UAE Proliferation Financing National Risk Assessment 2026 rates maritime insurance at medium in the mainland and medium-low in the free zones, ratings that speak directly to marine and cargo underwriters. Prepared in response to the Financial Action Task Force’s revised Recommendation 1, it examines the financing of weapons of mass destruction and evasion of targeted financial sanctions relating to the Democratic People’s Republic of Korea and Iran, with overall country risk medium-high. For context, virtual asset service providers are rated high in the mainland; banks, exchange houses and registered hawala medium-high; free zone banks and money service businesses medium; stored value facilities medium-low. It should inform insurers’ sanctions screening.
The table below summarises the residual risk ratings insurers and brokers should reflect in their own risk assessments.
UAE ML and TF National Risk Assessment 2024
The UAE Money Laundering and Terrorist Financing National Risk Assessment 2024 rates the insurance sector at medium residual risk, with inherent risk also medium, a rating insurers and brokers should treat as their baseline. Prepared by the National Committee using the World Bank methodology on data from 2019 to 2023, this second assessment covers financial institutions across the mainland and free zones, with overall national money laundering residual risk medium-high and drug trafficking and fraud among the highest threats. Other sub-sectors are rated for context: banking medium-high, exchange houses medium-high, registered hawala high, finance companies medium, securities medium to medium-high. It should inform each insurer’s risk-based approach and policyholder ratings.
| Insurance segment | ML and TF residual risk | PF residual risk |
| Life and investment-linked insurance | Medium | Comparatively low, non-depository |
| Maritime insurance | Within the medium sector rating | Medium (mainland); medium-low (free zones) |
| General and protection insurance | Limited AML exposure | Low |
CBUAE Guidance Applicable to the Insurance Sector
Older CBUAE guidance, standards and outreach material below should be read together with, and subject to, Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, to the extent they remain in force and are not inconsistent with the current framework.
The Central Bank’s guidance for licensed financial institutions applies to insurers and brokers as it does to other supervised firms. The documents below make up that general guidance set.
CBUAE Best Practices for Licensed FIs on Implementing Role-Based AML/CFT/CPF Training, October 2025
Published in October 2025, the CBUAE Best Practices on Role-Based AML/CFT/CPF Training show insurers and brokers how to shape learning around each job rather than a single generic course. The guidance asks firms to match content, frequency and intensity to the risks a role actually carries, so underwriters, claims handlers and broker-facing staff each learn the red flags that surface in their own work. It sets expectations for the Board, owners, senior management and the three lines of defence, and explains how to document the programme, refresh it, choose delivery methods and keep records. For insurers, well-targeted training sharpens the judgement staff need when assessing life and investment business.
CBUAE Best Practices for Licensed FIs on a Risk-Based Approach and Institutional Risk Assessments, October 2025
Insurers and brokers sit squarely within the scope of the CBUAE Best Practices on the Risk-Based Approach and Institutional Risk Assessments, dated October 2025, which names insurance and reinsurance companies, agents and brokers among the institutions it covers. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it helps firms build an assessment methodology and scale controls to their money laundering, terrorist financing and proliferation risks. It sets out how to weigh inherent risk across customers, products, channels, geographies and operating structure, then evaluate controls to reach residual risk. Life and single-premium investment lines usually warrant deeper scrutiny than pure protection cover, and the assessment should reflect that.
CBUAE Guidance for Licensed FIs on Correspondent Banking, October 2025
Cross-border money movement is a daily reality for insurers settling international premiums, ceding risk to overseas reinsurers and paying claims abroad, and the CBUAE Correspondent Banking Guidance of October 2025 speaks to how those flows are controlled. It explains requirements for institutions that process cross-border funds transfers, and the risk factors attached to a counterparty, including nested relationships, payable-through accounts, geography, ownership structures and customer base. On mitigation, it addresses risk assessment, standard, specific and enhanced due diligence, ongoing monitoring, sanctions screening with confirmed and partial match reporting, governance, audit and training. For insurers, robust checks matter because reinsurance settlement chains expose a firm to parties it never directly onboards.
CBUAE Guidance for Licensed FIs on Customer Due Diligence and Record-Keeping, October 2025
For insurers and brokers, policy onboarding is where financial crime controls begin, and the CBUAE Customer Due Diligence and Record-Keeping Guidance of October 2025 sets the foundation. It describes due diligence as the cornerstone for understanding a customer, including occupation, source of funds, source of wealth and expected activity, which is especially telling for single-premium and investment-linked business. The guidance covers identifying customers, beneficial owners and those acting on a policyholder’s behalf, building a risk profile through segmentation, and applying simplified or enhanced measures by risk. Sections on beneficiaries, name screening, non-face-to-face onboarding, exit and record-keeping, supported by red flag indicators, help firms detect and report suspicious activity.
CBUAE Guidance for Licensed FIs on Risks Related to Proliferation Finance, October 2025
Marine, cargo and reinsurance underwriters have a direct stake in the CBUAE Guidance on Proliferation Finance of October 2025, which expressly names insurance and reinsurance among the channels through which the financing of weapons of mass destruction can flow. Read alongside the Central Bank’s Procedures and Guidelines, it explains what proliferation financing is, then examines the vulnerable structures it exploits, including trade finance, free trade zones and shell and front companies. It addresses United Nations Security Council and FATF obligations, local requirements and a risk-based approach across customer, product, geographic, channel and operational risk. Mitigating controls span due diligence, transaction monitoring, suspicious activity reporting, targeted sanctions, governance, audit and training.
CBUAE Guidance for Licensed FIs on Risks Related to Trade-Based ML and Transhipment, October 2025
Marine and cargo cover follows goods across borders, which places the CBUAE Guidance on trade-based money laundering and Transshipment of October 2025 firmly within an insurer’s field of view. It provides background on the trade system and trade finance, then sets out typologies criminals use, including over- and under-invoicing, over- and under-shipment, multiple invoicing, falsely described goods, shell, front and shelf companies, free trade zones and back-to-back letters of credit. It also covers services-based laundering, vulnerable sectors such as gold and precious metals, and illicit transhipment. On mitigation, it addresses enterprise-wide risk assessment and enhanced due diligence, since trade can disguise the true value or movement of insured goods.
Federal Decree by Law No. 6 of 2025 on the Central Bank and the insurance business
Federal Decree by Law No. 6 of 2025 is not the AML law, but it sits underneath it for insurers. Concerning the Central Bank, the Regulation of Financial Institutions and Activities, and Insurance Business, it treats banks, (re)insurance companies and other financial institutions as licensed financial institutions under Central Bank licensing and supervision, replacing the earlier Central Bank law of 2018. An insurer, broker or agent should read it alongside Federal Decree-Law No. 10 of 2025 when working out its licensing, conduct and supervisory position, because it defines who the Central Bank licenses and oversees in the insurance market.
CBUAE AML and CFT Guidelines for Financial Institutions, July 2023
Dated July 2023, the CBUAE AML/CFT Guidelines for Financial Institutions are the consolidated reference that shapes how insurers and brokers run their compliance programmes. Prepared jointly by the UAE Supervisory Authorities, they state minimum expectations for identifying, assessing and mitigating money laundering, terrorist financing and illegal organisation risks. Crucially, they apply expressly to insurance companies, agencies and brokers, alongside their boards, management and staff. The guidelines outline the legal framework, summarise statutory obligations, and explain money laundering, predicate offences and typologies. A substantial part addresses the risk-based approach, covering business-wide risk assessment and risk factors tied to policyholders, products, channels and geography, guiding due diligence and reporting across your book.
CBUAE Guidance for Licensed FIs on Risks Related to Virtual Assets and VASPs, February 2023
When a policyholder funds a premium from cryptocurrency or is otherwise exposed to digital assets, the CBUAE Guidance on Virtual Assets and Virtual Asset Service Providers of 20 February 2023 becomes relevant to insurers and brokers. It explains the threats and vulnerabilities virtual assets create, the ways firms may become exposed, and the UAE framework spanning the SCA, CBUAE, VARA and FSRA. It sets out the non-objection requirement before opening accounts for such providers and covers the risk-based approach, due diligence and enhanced measures for higher-risk customers and transactions. Because virtual assets move value rapidly and pseudonymously, understanding a crypto-exposed client’s source of funds is central to protecting the firm.
CBUAE Guidance for Licensed FIs on Digital Identification for Customer Due Diligence, October 2022
Issued on 31 October 2022, the CBUAE Guidance on Digital Identification for Customer Due Diligence helps insurers and brokers understand how digital identity systems can verify clients and support ongoing due diligence, particularly valuable when policies are sold non-face-to-face online. It reflects CBUAE’s expectations. The guidance explains digital identity systems and their participants, identity proofing and enrolment, authentication, lifecycle management, and portability and interoperability. It then shows how such systems support identification, verification, ongoing due diligence and third-party reliance. It examines the risks these systems present and how to assess reliability through assurance levels. Reliable digital identification strengthens remote policy onboarding while introducing risks insurers must manage.
CBUAE Guidance for Licensed FIs on Suspicious Transaction Reporting, August 2022
Issued on 3 August 2022, the CBUAE Guidance on Suspicious Transaction Reporting shows insurers and brokers how to identify, investigate and report suspicious activity, whether it surfaces in an inflated premium, an early surrender or a questionable claim. It explains the legal basis for reporting, the protection given to those who disclose, the consequences of failing to report, and the meaning of a suspicious transaction. It details the three lines of defence, the role of the compliance officer or MLRO, transaction monitoring methods, and how to draft, structure, submit and amend a report. Further sections cover alert timing, matters needing immediate attention, and the strict prohibition on tipping off policyholders.
CBUAE Guidance for Licensed FIs on Risks Relating to Payments, August 2022
Dated August 2022, the CBUAE Guidance on the Risks Relating to Payments addresses the laundering and terrorist financing risks moving through the payments sector, relevant to insurers and brokers who collect premiums and disburse claims through varied payment channels. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it states regulator expectations rather than new law. It explains what makes payments vulnerable: the speed of funds, peer-to-peer transfers, cross-border movement, intermediation, nesting, and the use of agents. On mitigation it references risk assessment, customer and enhanced due diligence, ongoing monitoring, wire transfers, sanctions and suspicious transaction reporting, helping insurers calibrate controls to a fast-moving payment environment.
CBUAE Guidance for Licensed FIs on Risks Relating to Politically Exposed Persons, August 2022
Dated August 2022, the CBUAE Guidance on Politically Exposed Persons shows insurers and brokers how to manage the heightened risk carried by prominent clients, a live concern for high-net-worth life and investment policyholders. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it stresses that such clients need not be avoided but do require thorough due diligence before onboarding or continuing. It distinguishes domestic and foreign politically exposed persons and heads of international organisations, extending to family members and close associates. It covers classification, time limits on status, screening, risk rating, enhanced due diligence, transaction monitoring, suspicious transaction reporting, governance and training, with an annex of red flags.
CBUAE Guidance for Licensed FIs on Transaction Monitoring and Sanctions Screening, September 2021
Issued on 8 September 2021, the CBUAE Guidance on Transaction Monitoring and Sanctions Screening explains how insurers and brokers should design, run and maintain the systems that detect suspicious activity and identify sanctioned parties. On monitoring, it covers risk assessment, risk-based deployment, data management, rule definition and testing, alert scoring, outcomes analysis and ongoing tuning. On screening, it addresses name and transaction screening design, list management, testing and validation, essential when checking policyholders, beneficiaries and payees. A governance section covers management reporting, auditing, use of vendors, training and record keeping. Well-calibrated, validated systems help insurers spot suspicious premium or claim flows and avoid dealings with sanctioned persons.
CBUAE Guidance for Licensed FIs to Cash-Intensive Businesses, September 2021
Published in September 2021, the CBUAE Guidance on Cash-Intensive Businesses helps insurers and brokers manage the laundering and terrorist financing risks that surface when policyholders settle premiums in large volumes of cash. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019, it sets regulator expectations rather than new law. It explains why cash is vulnerable, the risks of alternatives such as bearer instruments and prepaid cards, and concerns around cross-border cash movement and couriers. On mitigation, it prescribes an enterprise risk assessment, customer and beneficial owner identification, enhanced due diligence, ongoing and transaction monitoring, suspicious transaction reporting, governance and training, so cash-paying clients face proportionate scrutiny.
CBUAE Guidance for Registered Hawala Providers and LFIs, August 2021
Issued by the CBUAE in August 2021, this combined guidance addresses both registered hawala providers and the licensed financial institutions that serve them, and because insurers rank as LFIs, its expectations for those institutions reach the insurance sector. It explains what hawala is, drawing on the FATF description of hawaladars as money transmitters who arrange transfers and settle through trade, cash and long-term net settlement, often tied to particular regions or communities. It describes the global risks of hawala, its regulation and supervision in the UAE, and permitted and non-permitted services. Further parts cover sanctions and freezing without delay, and an AML/CFT programme spanning customer, enhanced and agent due diligence.
CBUAE Guidance for Licensed FIs on Implementation of Targeted Financial Sanctions, July 2021
Dated 4 July 2021, the CBUAE Guidance on the Implementation of Targeted Financial Sanctions helps insurers and brokers meet their duty to identify, freeze and report assets and transactions linked to designated persons. Read with the CBUAE procedures and Executive Office guidance, it sets out how to build a sanctions compliance programme: senior management commitment, risk assessment and appetite, internal controls, training, independent audit and record keeping. It then addresses screening operations, evasion, the United Nations Consolidated List and Local Terrorist List, verifying false positives, and handling confirmed matches. For insurance, this means screening policyholders, beneficiaries and payees before paying claims or surrenders, and notifying the authorities of any hit. Screening should cover policyholders, beneficiaries, payees, beneficial owners, assignees, reinsurers and relevant counterparties, and any entity owned or controlled by a designated person, not only the named customer.
CBUAE Guidance for Licensed FIs to Legal Persons and Arrangements, June 2021
Dated June 2021, the CBUAE Guidance on Legal Persons and Arrangements helps insurers and brokers manage the risks that arise when a policyholder is a company, other legal person or legal arrangement rather than an individual. It explains how such structures can obscure identity and beneficial ownership, hide the purpose of a policy or transaction, and conceal the source of funds. It then covers mitigating controls: formation requirements, identifying and reporting beneficial owners, record keeping, economic substance, customer risk rating, the institutional risk assessment, and enhanced due diligence. For insurers, piercing corporate policyholders to their true owners is central to preventing misuse of your products.
CBUAE Guidance for Licensed FIs to the Real Estate and Precious Metals and Stones Sectors, June 2021
Issued on 16 June 2021, the CBUAE Guidance on the Real Estate and Precious Metals and Stones Sectors helps insurers and brokers understand the risks that arise when clients are active in these two higher-risk sectors. Read with the CBUAE procedures, it does not replace legal obligations, which prevail in any conflict. Organised around understanding and mitigating risk, it describes risk-raising features, typologies, and how each is regulated in the UAE. On mitigation it explains the risk-based approach, customer and enhanced due diligence, suspicious transaction reporting, governance and training, with annexed red flags. For insurers exposed to property developers or bullion dealers, it frames the expected scrutiny.
CBUAE STR Outreach for Banks and Finance Companies, March 2021
Delivered on 10 March 2021, this Financial Intelligence Unit outreach session briefed banks and finance companies on suspicious transaction reporting, with input from the Ministry of Interior. Its expectations reach every institution that files through goAML, so an insurer or insurance broker can read across the same messages: when a report is warranted, the quality the FIU expects, goAML as the sole channel, and the compliance officer’s role. For life and investment-linked business it reinforces prompt, well-grounded reporting of unusual premium, surrender or beneficiary activity rather than defensive or late filing.
CBUAE Board of Directors Decision No. 59/4/2019 on AML and CFT procedures
Board of Directors Decision No. 59/4/2019, dated 13 June 2019, remains a supervisory and historical source that brought UAE insurers and brokers under CBUAE anti-money laundering supervision. Issued under the Central Bank Law, Federal Decree Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019, it treats any entity conducting financial operations for a customer as a financial institution, capturing life offices and their intermediaries. It obliges them to observe the law, the implementing regulation and CBUAE instructions. For insurers, it means the regulator may examine your files without notice, demand information on policyholders and premiums, and impose sanctions, which it may publish, for compliance failures. It should be read subject to Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, which now set the current framework.
CBUAE Guidance Note on Responsible Use of AI and ML by LFIs
As insurers adopt models to price risk, screen applications and monitor transactions, the CBUAE Guidance Note on the Responsible Use of Artificial Intelligence and Machine Learning offers principles for doing so ethically and with the consumer in mind, including generative AI. It is non-binding and meant to help firms shape their own internal policies, treating its principles as flexible so they evolve with the technology. It places responsibility for AI systems and outcomes with senior management and the Board, and calls for a documented governance framework and an inventory of all models. It addresses fairness, transparency, data quality, privacy, monitoring and meaningful human oversight, so automated decisions affecting policyholders are governed responsibly.
CBUAE List of Administrative and Financial Sanctions
Enforcement reaches every licensed institution, insurers included, and the CBUAE List of Administrative and Financial Sanctions records the penalties the Central Bank can impose for shortcomings in anti-money laundering and sanctions compliance. Under Article 14 of Decretal Federal Law No. 20 of 2018, as amended by Federal Decree Law No. 26 of 2021, the CBUAE can impose administrative penalties from a warning up to licence revocation, and financial penalties of no less than fifty thousand and no more than five million dirham per violation. Under Article 137 of the Central Bank Law, penalties reach a fine of up to two hundred million dirham, with licence withdrawal and striking off.
CBUAE Insurance Sector-Specific Guidance
Alongside its general guidance, the Central Bank issues material aimed specifically at the insurance sector.
CBUAE Insurance Brokers' Regulation, Circular No. 1/2024 (1 April 2024)
The CBUAE Insurance Brokers’ Regulation is the prudential and conduct framework governing the licensing and supervision of insurance brokers in the UAE. It sets out licensing conditions, the rights and obligations of brokers towards insurance companies and clients, prudential requirements addressing financial soundness, risk management, internal controls and disclosure, and the Central Bank’s supervisory powers. It is structured around articles covering definitions, licensing, the fit and proper process, brokerage agreements, premiums and claim settlements, corporate governance, accounting, conduct of business, record-keeping, outsourcing and enforcement. The Central Bank applies proportionality according to the nature, scale and complexity of a broker’s business. It matters because it defines the standards brokers must satisfy. It was issued as Circular No. 1/2024, dated 1 April 2024.
CBUAE Guidance for the Insurance Sector, October 2022
The Guidance for the Insurance Sector, issued by the CBUAE’s AML/CFT Supervision Department in October 2022, helps licensed insurers, agents and brokers understand and manage the money laundering and terrorist financing risks specific to insurance. Issued under Article 44.11 of Cabinet Decision No. 10 of 2019 and read alongside the CBUAE’s Procedures and Guidelines, it sets out expectations firms must demonstrate rather than new legislation. It examines risks in life and investment products across product, distribution channel, customer and geographic factors, then turns to mitigation, covering the risk-based approach, enterprise risk assessment, customer due diligence including simplified and enhanced measures, and suspicious transaction reporting. It helps insurers calibrate controls proportionately.
CBUAE Insurance STR Outreach, March 2021
The CBUAE Insurance STR Outreach, delivered in March 2021, is an awareness session prepared by the Financial Intelligence Unit and the CBUAE to strengthen suspicious transaction reporting across the insurance sector. It covers when to report, grounding the duty in Article 15 of Federal Decree-Law No. 20 of 2018 and Article 17 of Cabinet Decision No. 10 of 2019, and what to report: any suspicion that funds are proceeds of crime or relate to terrorist financing. It sets out insurance-specific red flags, including borrowing against surrender value, single large premiums, bearer policies and unclear beneficial ownership. It confirms goAML is the only channel and helps insurers recognise and report suspicion.
Core AML Obligations for Insurers and Brokers at a Glance
Whatever the licence, the AML regulations for insurance companies and brokers in the UAE turn on a common set of duties.
- A business and enterprise-wide risk assessment aligned to the national risk assessments.
- Customer due diligence and, for higher-risk relationships such as PEPs, enhanced due diligence.
- Verifying the ultimate beneficial owner of corporate policyholders and checking source of funds and source of wealth.
- Ongoing transaction monitoring and sanctions screening.
- Suspicious transaction and activity reporting through goAML, and full record keeping.
The controls a supervisor expects to see evidenced, and the guidance behind them, map onto these areas:
| Law or guidance | Control area | What insurers and brokers should evidence |
| CBUAE RBA and Institutional Risk Assessment guidance; Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025 | Business and enterprise-wide risk assessment | Risk rated by product, customer, channel, geography, premium flow and claims exposure, aligned to the national risk assessments |
| CBUAE Customer Due Diligence and Record-Keeping Guidance, October 2025 | Onboarding | Policyholder and beneficial owner identity, purpose of cover, and source of funds or wealth where the risk is higher |
| CBUAE Guidance for the Insurance Sector, October 2022 | Product risk | Closer scrutiny of life, investment-linked, single-premium and assignable policies |
| CBUAE Transaction Monitoring and Sanctions Screening Guidance, September 2021 | Ongoing monitoring | Top-ups, early surrender, cancellation, beneficiary changes, third-party premium funding and claims payouts |
| CBUAE Implementation of Targeted Financial Sanctions Guidance, July 2021; EOCN Guidance on Targeted Financial Sanctions | Sanctions screening | Policyholders, beneficiaries, payees, beneficial owners and assignees, screened on every list change |
| CBUAE Insurance Brokers’ Regulation, Circular No. 1/2024 | Broker controls | A clear role, client information, premium handling and escalation of suspicion |
| CBUAE Suspicious Transaction Reporting Guidance, August 2022; UAE FIU goAML | goAML reporting | STR and SAR decisions filed through goAML, no tipping-off, with the investigation rationale recorded |
| CBUAE Best Practices on Role-Based Training, October 2025; Cabinet Resolution No. 134 of 2025 | Governance and training | Compliance officer or MLRO independence, senior management and board oversight, training, audit and remediation |
Expert Tip:
For life and investment insurers, the moments that matter most are top-ups, early surrenders, and changes of beneficiary. Build monitoring around those events, because that is where laundering through insurance actually shows up, not in the routine premium.
Conclusion
AML regulations for insurance companies and brokers in the UAE follow the same logic as the wider financial sector: if you carry on life or investment-linked business, you are a financial institution, the Central Bank or your free zone regulator supervises you, and the federal laws, the executive regulations, the sanctions rules, and the Central Bank’s general and insurance-specific guidance all apply. The sector’s risk is rated medium rather than high, but the obligations are real, and supervisors expect a programme that matches the actual product and customer risk. Use the national risk assessments to calibrate, and treat this guide as the map. For the wider view, see our guide to anti-money laundering laws in the UAE and the pillar on AML regulations for banks and financial institutions in the UAE.
Frequently Asked Questions
Are insurance companies subject to AML regulations in the UAE?
Yes. Insurers carrying on life and investment-linked business are financial institutions under Federal Decree-Law No. 10 of 2025, supervised for the mainland by the Central Bank, and must run customer due diligence, screening, monitoring, and reporting. General and protection insurance carries limited AML exposure.
Do insurance brokers need an AML programme in the UAE?
Yes. Brokers that arrange relevant insurance business are inside the AML perimeter, and the Central Bank maintains a dedicated insurance broker regulation. Brokers must apply customer due diligence, sanctions screening, and suspicious transaction reporting appropriate to their role.
What is the AML risk rating of the UAE insurance sector?
The UAE ML and TF National Risk Assessment 2024 rates the insurance sector at medium residual risk, with a medium inherent risk, reflecting the limited ways life and investment products can be abused. Maritime insurance carries a medium proliferation financing risk in the mainland and medium-low in the financial free zones.
Who supervises AML compliance for insurers in the UAE?
The Central Bank of the UAE supervises the mainland insurance sector. Insurers and intermediaries in the DIFC are supervised by the DFSA and those in the ADGM by the FSRA, each under its own AML rulebook alongside the federal law.
Which insurance products carry the most money laundering risk?
Life insurance and investment-linked products carry the most risk, because they can store and transfer value, can, in higher-risk cases, be funded in cash or cash-like means, and can be surrendered or assigned. Monitoring should focus on top-ups, early surrenders, and beneficiary changes.
Do insurers and brokers have to register on goAML?
Yes. Insurers, brokers, and agents in scope must register on the UAE Financial Intelligence Unit’s goAML platform and file suspicious transaction and activity reports, along with related filings, through it.
What guidance does the CBUAE issue specifically for insurance?
The Central Bank issues insurance-specific material including the CBUAE Insurance Brokers’ Regulation, the CBUAE Guidance for the Insurance Sector of October 2022, and insurance STR outreach, in addition to its general guidance for all licensed financial institutions. This CBUAE insurance AML guidance sits on top of the federal AML rules for insurers.
What AML checks are expected during insurance onboarding?
Insurers and brokers must identify and verify the customer and any beneficial owner, screen against sanctions and politically exposed person lists, and risk-rate the relationship before cover incepts. For investment-linked and higher-value life business they should establish the source of funds and, where risk is higher, apply enhanced due diligence. Onboarding checks then feed ongoing monitoring across the life of the policy.
What are common AML red flags in insurance?
Typical indicators include premiums settled in cash or by an unrelated third party, early surrender or cancellation with the refund directed elsewhere, frequent unexplained top-ups, cover that does not fit the customer’s profile or means, and reluctance to provide beneficial owner or source of funds information. These signs, drawn from the sector typologies and red flag guidance, should trigger escalation and, where suspicion remains, a report through goAML.
Are general insurance companies completely outside UAE AML obligations?
No. General insurance usually carries lower money laundering risk than life or investment-linked cover, but a CBUAE-licensed insurer, agent or broker should still assess its own position under the Central Bank’s rules and guidance, its licence, its sanctions duties and the risk profile of its products and customers.
Which insurance transactions should be monitored most closely?
The ones where value can move or change hands: single large premiums, third-party premium payments, frequent top-ups, early surrender or cancellation with a refund sent elsewhere, beneficiary or assignee changes, and any claim or payout involving sanctioned, high-risk or opaque parties.
Need help building or reviewing your insurance AML programme?
Strengthen your AML framework with practical solutions designed to help insurance providers meet regulatory requirements and reduce compliance risks.
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.
Reach Out to Pathik