AML Regulations for Capital Market Firms in UAE
Published On: 07/13/2026
Protect your business with reliable and effective AML strategies with AML UAE.
Last Reviewed On: 07/13/2026 | Last Updated On: 07/13/2026
Key Highlights
- Capital market firms, including broker-dealers, fund and asset managers, investment advisers, and custodians, are financial institutions under Federal Decree-Law No. 10 of 2025 and its Executive Regulations in Cabinet Resolution No. 134 of 2025.
- They are supervised for AML by the Capital Market Authority, established under Federal Decree-Law No. 32 of 2025 as the successor to the Securities and Commodities Authority, not by the Central Bank.
- The national risk assessment rates the securities sector’s money laundering risk in the medium to medium-high range with controls assessed as effective, and its proliferation financing risk as low.
- On top of the federal laws, the Capital Market Authority issues its own AML rulebook chapter, sector guidance, notices, thematic reviews, and reporting standards.
- Virtual asset service providers fall under a separate framework rather than this securities regime: the federal CMA regime applies outside the financial free zones and works alongside local licensing authorities such as Dubai’s Virtual Assets Regulatory Authority. We cover it on a dedicated page rather than here.
- Firms in the DIFC and ADGM answer to the DFSA and FSRA and sit outside this guide.
Capital market firms sit at a different point in the UAE financial system from banks, payment institutions and remittance houses. They deal, manage, advise, and hold securities rather than take deposits or send remittances. They also answer to a different regulator, the Capital Market Authority, rather than the Central Bank. This guide sets out the AML regulations for capital market firms in the UAE: which activities are in scope, who supervises them, the full legal framework that applies, and how the national risk assessments rate the sector’s money laundering, terrorist financing, and proliferation financing risk. It covers securities and commodities firms supervised by the Capital Market Authority, outside the DIFC and ADGM.
In short: CMA-regulated capital market firms in the UAE, including broker-dealers, fund and asset managers, investment advisers and custodians outside the DIFC and ADGM, must comply with Federal Decree-Law No. 10 of 2025, its Executive Regulations in Cabinet Resolution No. 134 of 2025, the targeted financial sanctions framework under Cabinet Resolution No. 74 of 2020, UAE FIU reporting through goAML, and the Capital Market Authority’s own rulebook and reporting standards. Firms in the DIFC and ADGM follow the separate DFSA and FSRA AML regimes.
What activities are covered in the capital market sector?
The capital market sector, for AML purposes, covers firms licensed by the Capital Market Authority to carry on securities and commodities activities. The categories below all sit inside the AML regulations for capital market firms in the UAE. Firms established in the DIFC and ADGM are supervised by the DFSA and FSRA and are not covered here.
Brokerage and dealing in securities
Broker-dealers execute and arrange trades in securities and commodities for clients. Their exposure runs through client onboarding, the source of investment funds, and the risk that trading and settlement are used to move or layer value.
Fund and asset management
Fund and asset managers invest and manage money on behalf of clients and funds. Their controls centre on the investor behind the money, the beneficial owners of corporate and pooled investors, and the source of subscriptions.
Investment advisory
Investment advisers arrange and advise on securities business. Even where they do not hold client assets, they are inside the AML perimeter for the relevant business they introduce and service.
Custody and other market intermediaries
Custodians hold securities, and other market intermediaries support trading and settlement. Their duty is to know the client whose assets they hold and to monitor for activity that does not fit the account.
AML Supervisory Authority for the Capital Market Firms in UAE
For capital market firms outside the Financial Free Zones, the Capital Market Authority is the primary sector supervisor for AML, CFT and CPF compliance. The UAE Financial Intelligence Unit and the Executive Office for Control and Non-Proliferation also play roles in reporting and targeted financial sanctions.
Capital Market Authority (CMA)
The Capital Market Authority, established under Federal Decree-Law No. 32 of 2025 as the successor to the Securities and Commodities Authority, licenses and supervises capital market firms, issues the AML rulebook and guidance they follow, and inspects them through thematic reviews and examinations. It can require reporting, direct remediation, and the imposition of penalties for breaches. Virtual asset activity sits under a separate framework rather than this securities regime: the federal CMA regime applies outside the financial free zones and works alongside local licensing authorities, including Dubai’s Virtual Assets Regulatory Authority. Our dedicated guide to AML for VASPs outside Dubai covers it in full. Firms established in the DIFC and ADGM are supervised instead by the DFSA and FSRA and fall outside this guide.
UAE FIU and goAML
In-scope capital market firms register with the UAE Financial Intelligence Unit on the goAML platform and report through it. Registration on goAML is a baseline obligation, and suspicious transaction reports, suspicious activity reports, and related filings are submitted through it where required. See our goAML registration guide for the practical steps.
AML Legal Framework Applicable to Capital Market Firms in UAE
The framework has four layers: the core federal laws, the guidance that applies to all reporting entities, the national risk assessments, and the Capital Market Authority’s sector-specific material. This section catalogues each layer, grounded in the Capital Market CMA library. Some older SCA, FIU and supervisory materials were issued under the 2018 AML framework; they should be read subject to Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, and only to the extent they remain in force and are not inconsistent with the current framework.
| Layer | Instrument | Why it matters |
| AML statute | Federal Decree-Law No. 10 of 2025 | Core AML, CFT and CPF offences, FIU powers, reporting duties and penalties |
| Executive Regulations | Cabinet Resolution No. 134 of 2025 | Practical obligations: risk-based approach, CDD and EDD, beneficial ownership, monitoring, reporting and record keeping |
| TFS framework | Cabinet Decision No. 74 of 2020 and EOCN guidance | Screening, freezing without delay and reporting of confirmed and partial name matches |
| Capital market laws | Federal Decree-Law No. 32 and No. 33 of 2025 | Establish the Capital Market Authority and govern licensing and supervision of capital market activities |
| CMA and SCA materials | Rulebook Chapter Five, notices, thematic reviews and returns | Sector-specific AML expectations and reporting standards |
| NRA and PF NRA | UAE ML and TF NRA 2024 and UAE PF NRA 2026 | Baseline for the business-wide and enterprise-wide risk assessment and risk calibration |
Federal AML Laws and Executive Regulations Applicable to Capital Market Firms in UAE
These instruments are the legal foundation for every capital market firm in scope.
Federal Decree-Law No. 10 of 2025 on AML, CFT and CPF
For a securities or commodities firm, Federal Decree-Law No. 10 of 2025 is the foundational statute behind every anti-money laundering control a broker-dealer, asset manager, adviser or custodian must run. It defines money laundering, predicate offences, targeted financial sanctions and suspicious transactions, and confirms that offences may be committed through digital systems. It creates the Financial Intelligence Unit within the Central Bank as the national central agency for receiving suspicious transaction reports, empowered to demand further information and, through the Head of the Unit, to issue suspension and freezing measures within the limits and procedures set by the Decree-Law and the UAE FIU regulation on suspension and freezing powers. The Decree-Law places market intermediaries under supervisory oversight, exposes them to administrative penalties, and imposes the duty to detect, report and support enforcement.
Cabinet Resolution No. 134 of 2025, the Executive Regulations
Cabinet Resolution No. 134 of 2025 issues the Executive Regulations of Federal Decree-Law No. 10 of 2025, converting the statute into the operating rulebook that market intermediaries follow day to day. It expands the definitions, adding senior management, beneficial owner, reasonable measures and wire transfers, and confirms that securities activities and funds transfers fall squarely within the scope. For a broker-dealer, fund manager, adviser or custodian, it prescribes the substantive obligations: a risk-based approach, customer due diligence, identification and verification of beneficial owners behind corporate clients, ongoing monitoring of trading and settlement activity, and internal policies approved by senior management. These are the concrete procedures supervisors will test in examinations.
Cabinet Resolution No. 109 of 2023 on beneficial owner procedures
Cabinet Decision No. 109 of 2023 regulates beneficial owner procedures for legal persons in the United Arab Emirates. It defines the real beneficiary as the natural person who ultimately owns or controls a legal person, directly or through a chain of ownership, and requires legal persons to obtain, maintain and disclose accurate beneficial owner information, identify nominee board members, and keep a real beneficiary register updated within fifteen days of any change. For a securities firm, this underpins due diligence, since brokers and custodians rely on trustworthy ownership data to verify corporate clients. These procedures apply to legal persons licensed or registered in the State, including commercial free zones, but exclude the financial free zones, the DIFC and ADGM, which operate their own beneficial ownership regimes.
Cabinet Resolution No. 132 of 2023 on penalties for beneficial owner violations
Cabinet Resolution No. 132 of 2023 sets the administrative penalties for breaches of the beneficial owner procedures under Cabinet Decision No. 109 of 2023. It empowers the registrar to fine legal persons that fail to keep accurate registers or supply required information, following an annexed schedule, without prejudice to other sanctions under the primary anti-money laundering legislation. Consequences escalate: on a third violation, the registrar may suspend the commercial licence and close the premises until the fine is paid and the breach corrected. For a securities or commodities firm, this explains why corporate clients must keep ownership data current. These penalties apply to legal persons licensed or registered in the State, including commercial free zones, but not to the financial free zones, the DIFC and ADGM, which follow their own regime.
Cabinet Resolution No. 74 of 2020 on terrorist lists and UNSC resolutions
Cabinet Resolution No. 74 of 2020 governs how the United Arab Emirates applies the terrorist lists and gives effect to United Nations Security Council sanctions on terrorism, its financing and proliferation. It provides for a local Cabinet list, defines designation, listing and de-listing, and requires freezing measures to be applied without delay, meaning within twenty-four hours. For a securities or commodities firm, this is the backbone of transaction monitoring. Brokers, dealers, managers and custodians must register on the Executive Office website, continuously screen clients, prospective investors, beneficial owners and counterparties against the lists, freeze any matched funds or securities without prior notice, and report promptly to the supervisor.
Federal Law No. 7 of 2014 on combating terrorism crimes
Federal Law No. 7 of 2014 on Combating Terrorism Crimes is the criminal statute defining terrorist offences and their penalties in the United Arab Emirates. It sets out concepts such as terrorist crime, terrorist purpose, terrorist organisation and terrorist person, and prescribes severe penalties up to life imprisonment and, in specified cases, death. Of direct interest to a securities or commodities firm is its treatment of terrorism financing: it penalises providing, collecting or maintaining funds for terrorist ends and addresses freezing suspect funds held in financial institutions. Because the wider framework defines terrorist acts by reference to this law, market intermediaries use it to understand the conduct their controls target.
AML Guidance Applicable to All Reporting Entities
Beyond the core laws, the FIU and the Executive Office issue guidance and typologies that apply to all reporting entities, capital market firms included.
UAE FIU Regulation No. 1 of 2026 on Suspension and Freezing Powers, April 2026
UAE FIU Regulation No. 1 of 2026, dated April 2026, governs the postponement or suspension of suspicious transactions and the freezing of funds. Issued under the AML/CFT Decree-Law and its Executive Regulation, it applies to reporting entities and complements existing reporting duties. It introduces the Postponement Suspicious Transaction Report, an urgent filing where there is a risk of imminent transfer, withdrawal or dissipation of funds suspected of being linked to crime. The Head of the Unit may issue a Suspension Order of up to ten working days and a Freezing Order of up to thirty days. For dealers, managers and custodians, it creates a fast-track mechanism to preserve investor funds.
UAE FIU Strategic Analysis Report on Human Trafficking, April 2026
The UAE FIU Strategic Analysis Report on Human Trafficking, dated April 2026, analyses money laundering and financial flows connected to trafficking, drawing on suspicious transaction and activity reports filed with the Financial Intelligence Unit. It sets out its objectives, methodology and scope and covers the main forms of exploitation. Findings span the laundering of trafficking proceeds and convergence with other criminal enterprises, profiling subjects including organised crime groups, foreign politically exposed persons and money mules. It develops risk indicators around customer profile, behavioural activity, account and transactional activity, and due diligence. For dealers, managers, advisers and custodians, it is a detection resource for refining monitoring and improving report quality.
Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs, March 2026
Issued by the Executive Office for Control and Non-Proliferation, first published in January 2021 and last amended in March 2026, this guidance clarifies the obligations of reporting entities under the UAE’s targeted financial sanctions framework. It sets out four duties: registering in the Executive Office’s Notification Alert System; screening clients against the UAE Local Terrorist List and the United Nations Consolidated List; freezing assets without delay and not making them available to designated persons; and reporting the measures taken. The March 2026 update renames the Funds Freeze Report as the Confirmed Name Match Report and addresses weekend screening. For a securities firm, it defines how screening, freezing and reporting operate.
Joint Guidance on the Compliance Officer and MLRO, 2026
Issued in 2026 by the UAE Supervisory Sub-Committee, this joint guidance sets a unified framework for the appointment, authority and responsibilities of the Compliance Officer or Money Laundering Reporting Officer across regulated sectors. It applies to firms supervised by authorities, including the Securities and Commodities Authority, the Central Bank and the Ministries of Justice, Economy and Tourism, building on Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019. It treats the role as a cornerstone of an effective programme, requiring appropriate seniority, experience, operational independence, board access and adequate resources. For a securities firm, it clarifies how to appoint a fit and proper officer.
FIU Strategic Analysis Report on Terrorist Financing, May 2025
Published in May 2025 by the UAE Financial Intelligence Unit, this strategic analysis on terrorist financing typologies and facilitators draws on data held from 1 January 2021 to 31 December 2024, including suspicious transaction and activity reports and cases disseminated to authorities. It explains how terrorist financing works and sets out typologies such as moving and obscuring funds through financial institutions, corporate networks, trade-based methods, high-value goods and real estate. It also examines facilitators, including designated persons, family members, money mules, corporate nominees and professional service providers, closing with practical indicators. For an investment firm or custodian, these indicators sharpen the detection, tracing and reporting of suspicious securities-account activity.
Federal Decree-Law No. 6 of 2025 on the Central Bank (regulatory background)
Federal Decree-Law No. 6 of 2025 is the Central Bank law governing the licensing and supervision of financial institutions. It is not the AML statute, but it sits in the overarching framework because it underpins the wider UAE financial system that capital market firms interact with, from settlement banks to custodians. For a CMA-regulated brokerage or fund manager, it matters mainly at the perimeter: knowing which counterparties are Central Bank-licensed, and how the two supervisory regimes, the CMA under Federal Decree-Law No. 32 of 2025 and the Central Bank, fit together across the sector.
goAML FAQs, April 2024
The goAML FAQs, version 2.1 dated 18 April 2024, are a practical question-and-answer guide from the UAE Financial Intelligence Unit helping reporting entities use the goAML reporting system and its registration and access services. It addresses common registration and login problems with step-by-step remedies, including expired one-time passwords at first login, pop-up authentication requiring the system-issued username with a Google Authenticator passcode, the correct login sequence, and resetting a forgotten password. It sets out where to enter credentials and who to contact when errors persist. For dealers, managers, advisers and custodians, reliable goAML access underpins timely suspicious reporting, so this guidance keeps compliance teams connected without avoidable delays.
PF Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs, December 2023
Published in December 2023, this guidance sets out how firms should assess and manage their exposure to proliferation financing. It explains a methodology built around inherent risks, control effectiveness and residual risks, and identifies the risk categories and factors institutions consider when scoring their business. It describes supporting measures, covering client onboarding, know your customer and due diligence, enhanced due diligence, screening for sanctions and adverse media, ongoing and transaction monitoring, and suspicious activity reporting. A customer risk scoring questionnaire, elevated risk factors and worked case studies show how scores are applied. For a brokerage or fund manager, it turns proliferation financing obligations into a repeatable framework that supervisors can review.
Terrorist and Proliferation Financing Red Flags Guidance, December 2023
Updated in December 2023, the Terrorist and Proliferation Financing Red Flags Guidance gives a consolidated set of indicators to help firms detect suspicious financing and evasion of targeted financial sanctions imposed under United Nations resolutions or local designations. It explains how sanctioned parties disguise involvement through renaming, intermediaries and front companies, useful when screening the beneficial owners behind corporate brokerage and fund clients. Indicators are grouped by customer profile, account, transaction activity, maritime and trade finance. For dealers, managers, advisers and custodians, it sharpens front-line and compliance awareness, supporting decisions on when securities dealing or account activity should trigger a report to competent authorities.
Suspicious Activity and Transaction Reporting Thematic Review, January 2023
Issued in January 2023, this Suspicious Activity and Transaction Reporting Thematic Review sets out key findings and regulatory expectations from the 2022 AML/CFT examination of licensed financial institutions and designated non-financial businesses and professions. It focuses on the suspicious transaction and activity reporting framework and the transaction monitoring systems that feed it, read alongside existing guidance on reporting and on monitoring and screening. It is organised around expectations with acceptable and deficient practices across governance, policies, risk-based monitoring controls, data management, alert review, case investigation, reporting decisions and the post-reporting process. For a brokerage or fund manager, it is a practical benchmark for testing, monitoring and reporting before inspection.
Counter Proliferation Financing Guideline, November 2022
Published in November 2022 by the Executive Office for Control and Non-Proliferation, this guideline supplements the wider Guidance on Targeted Financial Sanctions and raises awareness of proliferation financing threats among regulated firms. It explains what proliferation financing means, sets out its stages, and describes the UAE counter-proliferation framework, the interagency mechanism and the relevant federal laws. For a securities house, fund manager or custodian, it shows how to fold proliferation financing risk into the firm’s own risk assessment and apply mitigating measures, including enhanced due diligence on clients and transactions, scrutiny of shell and front companies, dual-use trade exposure and staff training. Red flags help detect sanctions evasion.
goAML Web Submission Guide, July 2022
The goAML Web Submission Guide, issued by the UAE Financial Intelligence Unit in July 2022, sets out how to submit a report to the FIU through the goAML platform. It is addressed to the designated Compliance Officer or Money Laundering Reporting Officer of a registered reporting entity, or the deputy where the lead officer is unavailable. It gives an overview of report types, including the Suspicious Transaction Report and the Suspicious Activity Report, the latter covering suspected activity or an attempted, non-executed transaction, alongside the Additional Information File, Request for Information and High Risk Country reports. For dealers, managers, advisers and custodians, it standardises how suspicions are reported promptly.
Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers, March 2022
Issued in March 2022, this joint guidance from the UAE Supervisory Authorities, including the Securities and Commodities Authority and the Central Bank, addresses the risks posed by providers operating outside the licensing regime. It reminds regulated firms of their anti-money laundering obligations and urges the public to deal only with licensed entities. It sets expectations to stay vigilant, factor emerging risks into risk assessments, conduct adequate due diligence, identify clients who seek out unlicensed providers, and report suspicions. Red flags include the absence of a regulatory licence, no physical presence, unrealistic promises or Ponzi schemes, and pressure to invest quickly. For a brokerage, it sharpens the screening of exposed client flows.
IEMS User Guide for Reporting Entities, March 2022
Dated March 2022, the IEMS User Guide for Reporting Entities is a practical manual from the UAE Financial Intelligence Unit for its Integrated Enquiry Management System, which automates information requests, the implementation of public prosecutions’ decisions and other requests from domestic authorities. It explains how firms register and log in, noting that entities already on the goAML system reuse the same credentials. It walks through the dashboard, request management and the reply and attachments workflow, covering account, account holder and signatory details, sets out the Admin, Maker and Checker roles, and stresses meeting due dates and implementing freeze orders immediately. For a securities firm, it shows how enquiries are handled.
goAML Pre-Registration Guide, March 2022
The goAML Pre-Registration Guide, issued by the UAE Financial Intelligence Unit in March 2022, explains how reporting entities secure access to the Services Access Control Manager, or SACM, before reaching the goAML application to register and file suspicious reports. The application is available through a public portal for entities not regulated by the Central Bank, with others following their Supervisory Body’s steps. SACM hosts links to the production and testing environments, controlled by a time-based one-time password from Google Authenticator. It covers pre-registration, confirmation of intent and safeguarding a personal Secret Key. For dealers, managers, advisers and custodians, correct pre-registration is a prerequisite for secure reporting access.
goAML Registration Guide, March 2022
The goAML Registration Guide, issued by the UAE Financial Intelligence Unit in March 2022, sets out the steps an organisation follows when registering with the FIU on its reporting platform. It applies to registration as a reporting entity, stakeholder or supervisory body, confirming that every accountable and reporting entity in the United Arab Emirates, whatever its regulator, must register to submit suspicious reports. It explains reaching the portal through the Services Access Control Manager, then selecting the registration type, entering the organisation and addresses, adding the registering person and setting user access rights. For dealers, managers, advisers and custodians, correct registration is the foundation of compliant, timely reporting.
Strategic Review on Targeted Financial Sanctions Case Studies, November 2021
Dated November 2021, this Strategic Review on Targeted Financial Sanctions Case Studies examines sanctions reporting in the UAE over the period reviewed. It sits within the framework under which the country, through Cabinet Resolution No. 74 of 2020, implements United Nations Security Council Resolutions on terrorism, terrorist financing and the financing of proliferation, including freezing measures and prohibitions on providing funds and services. The review explains its methodology, then classifies sanctions reports by source, by suspicion and by the instruments involved, drawing out patterns that distinguish terrorist financing from proliferation financing and presenting red flags and recommendations. For a brokerage, it shows how sanctions suspicions arise and are reported.
Typologies on the Circumvention of Targeted Sanctions, November 2021
Last amended in November 2021 and issued by the Executive Office, this typologies report compiles cases showing how sanctioned persons and entities attempt to circumvent targeted sanctions relating to terrorism and the proliferation of weapons of mass destruction. Drawing on public sources from the UAE and abroad, it presents methods used to evade United Nations resolutions and the national terrorist list. Typologies are grouped by channel and sector, covering online payment facilities, trade in dual-use goods, elaborate legal entity structures, cyberactivity and economic resources, illustrated with named networks and red flags. For dealers, managers, advisers and custodians, it turns evasion tactics into practical learning for screening, due diligence and monitoring.
Update to the List of High Risk Jurisdictions, November 2021
This November 2021 decision of the National Anti-Money Laundering Committee updates the list of high-risk jurisdictions subject to a call for action, the list of jurisdictions under increased monitoring and the counter-measures to apply, superseding an earlier March 2021 decision. Addressed to the supervisory authorities and the Financial Intelligence Unit, it reflects the Committee’s mandate to identify countries with weak controls, set proportionate counter-measures and direct supervisors to ensure the required due diligence is applied. For dealers, managers, advisers and custodians, country risk is a core input to controls, signalling which jurisdictions warrant enhanced due diligence on investors and securities flows and requiring risk assessments to track the latest listings.
Joint Guidance on Satisfactory and Unsatisfactory Practice, June 2021
Issued in June 2021, this joint guidance from the UAE Supervisory Authorities, including the Securities and Commodities Authority, the Central Bank and the Ministries of Justice and Economy, draws on themes seen during supervisory inspections between January 2020 and May 2021. It contrasts satisfactory and unsatisfactory practices across the anti-money laundering framework, targeted financial sanctions and counter-proliferation financing. For a brokerage or fund manager, it addresses governance and management oversight, risk assessment, three lines of defence, policies, training and the compliance officer role, alongside client onboarding, monitoring, risk rating, due diligence, transaction monitoring, sanctions screening and reporting. It turns inspection findings into concrete examples, helping firms benchmark controls beforehand.
Typologies on the Circumvention of TFS, PF and WMD, May 2021
Last amended in May 2021 and issued by the Executive Office, this typologies report examines how sanctioned persons and entities obtain financing in violation of or evasion of United Nations resolutions on terrorism and the proliferation of weapons of mass destruction. It explains that targeted financial sanctions cover both asset freezing and prohibitions on making funds or assets available, directly or indirectly, to designated parties. Organised by financing method, it addresses trade in goods, economic resources, online payment facilities, cyberactivity against financial institutions and the misuse of legal entities or arrangements, closing with red flags. For dealers, managers, advisers and custodians, it strengthens the screening, monitoring and reporting of attempted circumvention.
goAML FAQs, September 2020
The goAML FAQs Guide, issued by the UAE Financial Intelligence Unit in September 2020, is a practical question-and-answer reference for reporting entities using the goAML platform, through which suspicious reports are filed in the United Arab Emirates. It compiles the queries most commonly raised once an organisation is registered and active, with step-by-step responses. It explains resetting a forgotten password, updating organisation details such as name, licensed activity, address and contacts, and how the Money Laundering Reporting Officer, as admin, delegates reporting to a third party subject to Supervisory Body approval. For dealers, managers, advisers and custodians, accurate registration data and managed access underpin compliant, uninterrupted reporting to the FIU.
goAML Registration Guide Stage 2, September 2020
The goAML Registration Guide Stage 2, issued by the UAE Financial Intelligence Unit in September 2020, outlines the steps an organisation follows when registering with the FIU on its reporting platform. It applies to registration as a reporting entity, stakeholder or supervisory body, confirming that every accountable and reporting entity in the United Arab Emirates must register to submit suspicious reports, and noting that since 27 June 2019 such reports must be filed electronically through goAML. It covers reaching the portal through the Services Access Control Manager, selecting the registration type and registering an organisation. For dealers, managers, advisers and custodians, proper registration is the gateway to lawful electronic reporting.
Guideline on Grievance Procedures
The Guideline on Grievance Procedures comes from the Executive Office for Control and Non-Proliferation, the authority that receives grievance requests linked to the UAE Local Terrorist List and the United Nations Consolidated List, together the Sanctions Lists. Under Cabinet Resolution No. 74 of 2020, three types are handled: de-listing of a designation, cancellation of freezing measures, and permission to use frozen assets, each distinguished by whether the designation sits on the Local or United Nations List. For a brokerage, fund manager or custodian, it maps the lawful routes an affected client may use to challenge a designation or seek access to frozen securities and funds.
Online Grievance System User Guide
The Online Grievance System User Guide comes from the Executive Office for Control and Non-Proliferation, which receives grievance requests tied to the UAE Local Terrorist List and the United Nations Consolidated List, together the Sanctions Lists. Launched to streamline submissions, the system is explained step by step in this manual. It covers three online request types: de-listing, cancellation of freezing measures, and permission to use frozen funds. It walks the user through identifying the aggrieved individual or legal entity, selecting the grievance type, declaring earlier requests and appeals, and attaching documents. For a custodian, it explains how an affected client may challenge a designation or seek access to frozen assets.
Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)
This short guide explains how to subscribe to the Notification Alert System operated through the Executive Office’s website, so users receive timely updates to the sanctions lists applied in the UAE. Targeted financial sanctions rest on designations across two lists, together the Sanctions Lists: the UAE Local Terrorist List issued by the Cabinet and the United Nations Consolidated List issued by the Security Council, each updated periodically. It shows where the lists can be accessed and gives step-by-step subscription instructions, from the webpage to entering details and confirming. For a securities firm, this supports a core control: screening works only against current lists.
Emerging ML, TF and PF Risks and Trends in the Financial Sector
Issued by the Supervisory Subcommittee under Article 16 of Federal Decree-Law No. 10 of 2025, this report gives regulated firms a current view of the money laundering, terrorist financing and proliferation financing threats reshaping the financial sector amid technological change, geopolitical shifts and evolving criminal methods. After setting out the scope and methodology, it examines emerging risks such as artificial intelligence exploitation, greenwashing and ESG-related fraud, trade finance abuse, and sanctions evasion linked to the Commonwealth of Independent States. Case studies cover money mule networks, trade-based laundering, free-zone corporate structures and fraudulent green schemes. Brokers and asset managers should feed these typologies and red flags into risk assessments and detection systems.
Typologies in the Financial Sector
Typologies in the Financial Sector is a joint report by the Supervisory Authorities Sub-Committee and the Financial Intelligence Unit, prepared with the Executive Office and a pilot group of institutions. It shares money laundering, terrorist financing, sanctions, fraud and corruption typologies observed in the market, several arising during the COVID-19 period, to help firms anticipate emerging risks. Sitting above the National Risk Assessment, it describes risk indicators that combine to obscure the true nature of transactions and flags links to modern slavery and human trafficking. For dealers, asset managers, advisers and custodians, it works as an early-warning tool for updating risk assessments, refining monitoring scenarios and engaging authorities.
NRA, SRA, and Other Important Guidelines for the Capital Market Sector in the UAE
The UAE assesses its money laundering, terrorist financing, and proliferation financing risk at the national level, and capital market firms must align their own business and enterprise-wide risk assessments with those findings.
UAE PF National Risk Assessment 2026
The UAE Proliferation Financing National Risk Assessment 2026 examines exposure to the financing of weapons of mass destruction and the evasion of targeted financial sanctions under United Nations resolutions on North Korea and Iran. Prepared in response to the Financial Action Task Force’s revised Recommendation 1, it rates the securities sector low for proliferation financing in both the mainland and the financial free zones. It sets an overall country risk of medium-high. Banks, exchange houses and registered hawala providers are rated medium-high in the mainland, and maritime insurance is rated medium. For dealers, managers, advisers and custodians, it clarifies where risk concentrates and should inform screening and due diligence.
The table below summarises the residual risk ratings that the capital market sector should reflect in its own risk assessment.
UAE ML and TF National Risk Assessment 2024
The UAE Money Laundering and Terrorist Financing National Risk Assessment 2024 is the country’s second such assessment, prepared using the World Bank methodology and drawing on data from 2019 to 2023. It rates the securities sector’s residual money laundering risk in the medium to medium-high range, reflecting its diverse activities, while noting effective AML controls across the sector, and it covers both the mainland and financial free zones. Among other sub-sectors, banking and exchange houses are rated medium-high, registered hawala providers high, and finance companies and insurance medium. Overall, the national money laundering residual risk is medium-high. For dealers, managers, advisers and custodians, it sets the baseline informing their risk-based approach.
| Assessment | Capital market (securities) sector residual risk |
| Money laundering and terrorist financing (NRA 2024) | Medium to medium-high, with the sector’s AML controls assessed as effective |
| Proliferation financing (PF NRA 2026) | Low in both the mainland and the financial free zones |
| Sr | Sub-Sector | Residual ML Risk as per NRA 2024 |
| 1 | Market Institutions and Brokers | Medium-High |
| 2 | Investment Management
| Medium |
| 3 | Forex Companies
| Medium-High |
| 4 | Advisors and Promoters
| Medium |
Alongside the national assessments, sector risk assessments, red flag guidance, and typologies reports give capital market firms the detail they need to keep their enterprise-wide risk assessment current and defensible.
CMA-Regulated Capital Market Sector-Specific Guidance
Beyond the federal framework, the Capital Market Authority issues the rulebook, guidance, notices, and reporting standards that govern AML in the sector. The documents below make up that set.
A note on transition: the Capital Market Authority is the legal successor to the Securities and Commodities Authority under Federal Decree-Law No. 32 of 2025, so references to older SCA decisions, notices and guidance below should be read as references to the CMA where they remain in force, and subject to Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025.
Federal Decree-Law No. 32 of 2025 on the Capital Market Authority
Federal Decree-Law No. 32 of 2025 on the Capital Market Authority establishes the Capital Market Authority, successor to the Securities and Commodities Authority, as the federal regulator of securities, markets, central clearing and central depository institutions across the mainland and free zones, excluding the Financial Free Zones. It defines Licensed Persons, Approved Persons and Self-Regulatory Organisations, and gives the Authority objectives including market integrity and efficiency, investor protection and mitigation of systemic risk. Article 5 grants powers to license, supervise and inspect firms conducting financial activities, issue rules, impose sanctions and cooperate with relevant authorities. For broker-dealers, fund managers, advisers and custodians, it is the constitutional foundation of supervision.
Federal Decree-Law No. 33 of 2025 on the Regulation of the Capital Market
Federal Decree-Law No. 33 of 2025 on the Regulation of the Capital Market is the substantive rulebook governing securities activities under the Capital Market Authority. Article 3 lists the financial activities requiring a licence, spanning market operation, central clearing, central depository and custody services, dealing, asset management, investment funds and advisory work. It prohibits conducting these activities or performing approved functions without authorisation, and defines securities, issuers, foreign issuers, investment funds, insiders and inside information. The law restricts insider dealing and imposes prohibited dealing periods on those listed on the Market, protecting investors from market abuse. It also frames the settlement, restructuring and liquidation of Licensed Persons.
CMA Key AML/CFT/CPF Obligations, Risks and Supervisory Observations, 2025
This 2025 Capital Market Authority letter to Chief Executive Officers sets out Key AML/CFT/CPF Obligations, Emerging Risks and Supervisory Observations for securities firms. During the 2025 supervision cycle, the CMA ran its annual risk assessment across the sector, gauging inherent money-laundering, terrorist-financing and proliferation-financing risk against each firm’s nature, scale, customer base, products, delivery channels and geographic exposure, informed by the FATF Recommendations and the UAE National Risk Assessment. Through onsite inspections, desk-based reviews, MLRO report reviews and thematic work, it identified recurring deficiencies requiring remediation under board governance. It reminds broker-dealers and asset managers to track suspicious-reporting trends, sanctions-screening outcomes and beneficial-ownership data, warning of Article 17 enforcement.
CMA Instructions for the 2024 Annual Return AML/CFT and TFS Risk Assessment
The CMA Instructions for the 2024 Annual Return set out how licensed securities firms complete their AML, CFT and targeted financial sanctions risk assessment return. Broker-dealers, fund and asset managers, custodians and investment advisers report across five tabs: customer risk, products and services risk, distribution channel risk, controls and the quality of risk mitigation, and signatories. The Capital Market Authority requires full completion, monetary values in dirhams, and country breakdowns using standard country names or codes. The return captures inherent risk from investors, securities business, correspondent relationships, payment forms and onboarding channels, alongside controls covering the compliance officer, enhanced due diligence, transaction monitoring, sanctions screening and internal audit.
CBUAE AML and CFT Guidelines for Financial Institutions, July 2023
These CBUAE Anti-Money Laundering and Combating the Financing of Terrorism Guidelines for Financial Institutions, dated July 2023, are general financial-institution guidance that the Capital Market Authority points its firms toward for detailed expectations. Grounded in Federal Decree-Law No. 20 of 2018 and its implementing regulation, they explain the risk-based approach, business-wide risk assessment across customer, geographic, product and delivery-channel factors, and mitigation through internal controls and customer due diligence, including beneficial-owner identification, wire transfers and ongoing monitoring. For broker-dealers, fund managers, custodians and advisers, they translate statutory obligations, typologies and reporting duties into practical benchmarks that reinforce sound onboarding, screening and monitoring of investors and securities accounts.
CMA Minimum Standards for the Semi-Annual AML and CTF Report, 2023
These CMA Minimum Standards, dated 2023, guide the semi-annual Compliance Officer and Money Laundering Reporting Officer reports for securities firms, framed under Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019. Broker-dealers, fund managers and custodians must prepare bi-annual reports for the periods ending 30 June and 31 December, review them at board level, and submit a copy with the Board’s comments to the Capital Market Authority within two months of each period end. The prescribed structure runs from an executive summary through governance, the enterprise-wide risk assessment, policies, customer risk rating and due diligence, a gap analysis, action plan, findings and board approval.
CMA Implementation of Targeted Financial Sanctions, May 2022
CMA Notice 1/2022, dated 19 May 2022, directs all licensed financial institutions to implement Targeted Financial Sanctions under UN Security Council Resolutions 1718 (2006) and 2231 (2015), pursuant to Cabinet Resolution No. 74 of 2020. Broker-dealers, asset managers and custodians must screen every party to a financial transaction, apply enhanced due diligence to dealings linked to relevant countries, and verify cross-border flows suspected of unauthorised trade in dual-use goods. Confirmed matches require a Funds Freeze Report through goAML within five business days, potential matches a Partial Name Match Report, and suspicious activity an STR to the Financial Intelligence Unit. Firms should consult Executive Office guidance and prevent sanctions evasion.
CMA Awareness of Cabinet Resolution No. 111 of 2022 on Virtual Assets and their Service Providers
Cabinet Resolution No. 111 of 2022 regulates virtual assets and virtual asset service providers in the UAE, setting the federal framework that sits alongside the securities regime. For capital market firms, it matters wherever a product, custodian or client touches virtual assets: it defines VASP activities, licensing and the supervisory perimeter, and feeds the enhanced due diligence and reporting a securities or fund business must apply to virtual-asset exposure. It anchors the CMA’s own virtual-asset expectations and the UAE travel rule that follows.
CMA Thematic Review on Reliance on Third Parties, December 2021
This second CMA thematic review, dated December 2021, examined the five firms licensed for custody of securities, all banks or local branches of foreign banks holding Central Bank licences, testing compliance with FATF Recommendation 17 on reliance on third parties. Because custodians safeguard investors’ securities and cash and serve largely institutional and offshore clients, they frequently outsource customer due diligence. A twenty-one-question survey drew a hundred per cent response: four of five engaged third parties, two within their financial group and two external, all regulated or listed entities governed by service level agreements. Reasons cited were cost, specialist skills and technology; ultimate due diligence responsibility remains with the custodian.
CMA Thematic Review of Targeted Financial Sanctions in the Capital Market Sector, November 2021
This CMA thematic review, dated November 2021, assessed how securities brokerage firms understand and comply with Targeted Financial Sanctions, international and domestic, under Cabinet Resolution No. 74 of 2020. Brokers, the gateway for capital market investors and rated medium-high vulnerability in the National Risk Assessment, answered a twenty-nine-question survey with a ninety-six per cent response rate. Findings show sixty-five per cent ran separate sanctions risk assessments, seventy per cent used third-party screening systems, and eighty-one per cent screened daily; one firm found, reported and froze a match in 2021. Good practices cover senior-management approval, verifying vendor coverage of domestic lists, clear reporting responsibilities and Executive Office monitoring.
CMA AML and CFT Guidance for the Capital Market Sector, September 2021
The Capital Market Authority AML/CFT Guidance for the Capital Market Sector, dated September 2021, supplements the main Financial Institutions Guidelines and sets out the Securities and Commodities Authority’s expectations for firms it licenses. It applies to boards, management and employees of institutions carrying out securities activities in the UAE, read with those wider guidelines. Part 1 surveys sector typologies, including trade-based money laundering through mis-invoicing and misrepresentation of price, quantity or quality, and cash-based laundering, with red-flag indicators. Parts 2 and 3 explain the risk-based approach, business-wide risk assessment and the customer, product, delivery-channel and geographical risk factors that brokers, asset managers and advisers must identify, assess and mitigate.
CMA Notice 3/2021 on the Immediate Reporting Mechanism
Notice 3/2021, dated 26 July 2021, addressed all licensed entities and licensed securities and commodities exchanges on the immediate reporting mechanism for financial institutions implementing Cabinet Resolution No. 74 of 2020 on Terrorism Lists Regulation and the implementation of UN Security Council Resolutions on suppression of terrorism, terrorist financing and proliferation of weapons of mass destruction. Referring to Article 21, clause 5, it advised that the goAML system had been upgraded with a new feature so that reports on matched names and actions taken pass directly to the Executive Office for goods subject to import and export control. Broker-dealers, fund managers and custodians must update policies and implement the process.
CMA Notice 4/2021 on Targeted Financial Sanctions Reporting
Notice 4/2021, dated 4 August 2021, addressed all licensed entities and licensed securities and commodities exchanges on Targeted Financial Sanctions reporting, following the earlier 26 July notice. Under Cabinet Resolution No. 74 of 2020, the Central Bank of the UAE, coordinating with the Executive Office of the Committee for goods subject to import and export control, established a unified mechanism using the Financial Intelligence Unit’s goAML platform. It introduced two reports: the Funds Freeze Report for a confirmed match, requiring freezing within two business days, and the Partial Name Match Report for a potential match, requiring suspension. Broker-dealers, fund managers and custodians report simultaneously to the Executive Office and Authority. These notices predate the March 2026 sanctions guidance, so current goAML filings use the renamed Confirmed Name Match Report and the Partial Name Match Report; older notices should be read with that change in mind.
CMA Notice 6/2021 on the Update to High Risk Jurisdictions
CMA Notice 6/2021, dated 22 November 2021, updates the National Committee’s lists of High Risk Jurisdictions subject to a Call for Action and Jurisdictions under Increased Monitoring for all licensed entities and securities and commodities exchanges, superseding Notice 1/2021. Broker-dealers, fund managers, custodians and advisers must apply enhanced due diligence to relationships and transactions touching listed countries, adopt the Recommendation 19 countermeasures for the Black List, and refresh geographic risk scoring for investors. Firms are prohibited from relying on third parties based in Black List jurisdictions, must file High Risk Jurisdiction reports through goAML, and re-evaluate measures where countries are delisted, proportionate to securities-account risk.
SCA Board Chairman's Decision No. 21 of 2019 on AML and CFT Procedures
The SCA Board Chairman’s Decision No. 21/Chairman of 2019, issued on 8 May 2019 and active from 7 May 2019, applied anti-money laundering, counter-terrorism financing and illegal-organisations financing procedures to the capital market. Signed by Sultan bin Saeed Al Mansouri, it required every financial entity licensed or approved by the Securities and Commodities Authority, and its stakeholders, to comply with Federal Decree-Law No. 20 of 2018, its executive regulation under Cabinet Resolution No. 10 of 2019, and the Authority’s instructions, guidelines and circulars. It empowered the Authority to supervise and inspect firms without notice, demand information, and impose administrative sanctions on brokers, fund managers and other market participants.
CMA Guidelines for Combating Money Laundering and Terrorist Financing (Chapter Five)
Chapter Five of the Capital Market Authority rulebook sets out the Guidelines for Combating Money Laundering, Counter-Terrorism Financing and Funding of Illegal Organisations. It provides mandatory standards requiring each supervised firm to build a compliance programme tailored to its activities, risk profiles and controls, read with Federal Decree-Law No. 20 of 2018. The chapter defines suspicious transactions, ultimate beneficial owners and targeted financial sanctions, and directs firms to apply a proportionate risk-based approach to customer due diligence, focusing resources on higher-risk clients. It fixes board and senior-management responsibility, mandates suspicious-activity reporting as a legal duty, and covers screening, record-keeping and training that broker-dealers, fund managers and custodians must embed operationally. To the extent Chapter Five still refers to the 2018 and 2019 framework, those references should now be read in light of Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025.
CMA AML and Financial Crimes Framework and Controls: Good and Weak Practices
Prepared by Mendy Ghaleb of the Capital Market Authority’s AML and Financial Crimes Department, this presentation contrasts good practices and common weaknesses in AML and financial-crime frameworks and controls. It anchors expectations in Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, and the beneficial-owner, terrorism-list and sanctions decisions, alongside Chapter 5 of the CMA Rulebook. Through field inspections and desk-based analysis it flags recurring failings for securities firms, including generic business-wide risk assessments misaligned with activities, template risk-appetite statements without thresholds, and copied policies with limited board oversight. Under Article 17, the CMA may issue warnings, fines to AED 5,000,000, sector bans and licence revocation.
CMA Obligations to Implement the Business-Wide Risk Assessment (BWRA)
This Capital Market Authority material explains a securities firm’s obligation to implement a Business-Wide Risk Assessment, described as a fundamental, strategic discipline for an effective AML and CFT compliance framework. The BWRA requires firms to identify, understand and assess the full spectrum of money-laundering, terrorist-financing, targeted-financial-sanctions and proliferation-financing risks, examining client types, products, delivery channels, geographic locations and new technologies. It runs in three phases: planning and scoping across business units, legal entities, divisions and regions; implementation, assessing inherent risk with empirical data and designing controls; and results, defining residual risk against a risk-appetite statement with action plans. Broker-dealers, fund managers and custodians must keep it dynamic and updated.
CMA Thematic Review of Screening Systems
This CMA Thematic Review of Screening Systems, a market-wide horizontal assessment, examined name and transaction screening across the UAE capital market sector under Federal Decree-Law No. (10) of 2025 and FATF standards. The Capital Market Authority tested forty-six screening systems at twenty-six Licensed Financial Institutions using control, variation and clean datasets covering United Nations and UAE sanctions lists. Systems were widely embedded across broker-dealer, fund and custody onboarding and monitoring and identified clear matches well, but performance varied under complex scenarios such as spelling differences and Arabic-Latin transliteration. Elevated alert volumes signalled tuning opportunities. Supervisory expectations stress calibration, governance, management information, defined metrics like false positive rates, and ongoing optimisation.
CMA Questions and Answers on the National Risk Assessment
These CMA Questions and Answers explain how securities firms should align their Enterprise-Wide Risk Assessment with the 2024 National Risk Assessment. Broker-dealers, fund managers, custodians and advisers must map NRA typologies to their business, such as onboarding offshore special purpose vehicles, layering through securities trading, weak beneficial-owner documentation and misuse of layering and shell companies. Even low-risk firms must review the NRA, document relevance and reassess annually. The Capital Market Authority expects an audit trail: a date-stamped updated assessment, revised onboarding, screening and third-party reliance policies, staff training logs, board minutes and a gap analysis. Firms must reflect changes in the annual AML Return and evidence real implementation.
CMA Circular on the Examination Observations Report
This CMA circular reports examination observations drawn from securities firms’ annual AML/CFT and sanctions risk assessment returns, assessed under a risk-based approach against Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019. The Capital Market Authority found common shortcomings: outdated governance policies, weak testing of sanctions controls, incomprehensive risk assessments, gaps in customer due diligence and beneficial-ownership understanding of investors, incomplete sanctions compliance programmes lacking the eight essential components, and poor suspicious-transaction procedures. Firms should remediate, involve the board and auditors, and maintain adequate oversight. Non-compliance may trigger enforcement, including administrative penalties from AED 50,000 to AED 5,000,000 per violation and licence cancellation.
UAE Virtual Assets Travel Rule
The UAE Virtual Assets Travel Rule applies to virtual asset service providers across the federal, emirate and free-zone space, requiring originator and beneficiary information to travel with virtual-asset transfers. Capital market firms dealing in or advising on virtual-asset products, or holding them in custody, use it to understand the information that must accompany transfers and the risk-based and enhanced due diligence expected. It aligns the UAE with the FATF travel-rule standard and shapes how a securities business documents and screens virtual-asset movements.
CMA Chapter Five Outreach
Chapter Five Outreach explains the CMA’s Chapter Five Regulations for combating money laundering, terrorism financing and the financing of illicit organisations in plain, presentation form. It walks capital market firms through the mandatory standards, their grounding in federal AML law, and how the CMA expects brokerages, custodians and fund managers to apply them day to day. As an outreach companion to the binding Chapter Five guidelines, it is a practical reference for onboarding, monitoring and reporting across the securities sector.
CMA and FIU Joint Awareness Session on Suspicious Reporting Effectiveness
Delivered by the Capital Market Authority’s AML and Financial Crimes Department with the Financial Intelligence Unit, this joint session focuses on the effectiveness of suspicious reporting by capital market firms. It restates the key legislation, the obligations of financial institutions and the internal controls and governance the CMA expects, then presses on report quality: filing complete, timely and well-reasoned suspicious transaction and activity reports through goAML rather than defensive or low-value submissions. For a securities or fund business it sharpens what good reporting looks like.
CMA Examination Observations, Appendix of Detailed Findings
This appendix accompanies the CMA and Securities and Commodities Authority examination observations, collecting the detailed findings behind the headline review. It sets out, area by area, the weak and better practices inspectors saw across capital market firms, from governance and risk assessment to screening and reporting. For a brokerage or fund manager it doubles as a self-assessment checklist: read against your own programme, it flags the specific control gaps the regulator has already penalised in the sector.
Core AML Obligations for Capital Market Firms at a Glance
Whatever the licence, the AML regulations for capital market firms in the UAE turn on a common set of duties.
- A business and enterprise-wide risk assessment aligned to the national risk assessments, submitted through the Capital Market Authority’s annual return.
- Customer due diligence on investors and clients, and, for higher-risk relationships, enhanced due diligence, including source of funds for subscriptions and trades.
- Ongoing monitoring of trading and settlement, and sanctions screening of clients and beneficial owners.
- Suspicious transaction and activity reporting through goAML, an MLRO, and the Authority’s semi-annual and annual AML reporting.
- Identifying the ultimate beneficial owner of corporate and pooled investors.
| Control area | What CMA-regulated firms should evidence |
| Business and enterprise-wide risk assessment | Risk assessed by customer, product, geography, delivery channel and new technology, aligned to the national risk assessments |
| Investor onboarding | Customer identity, beneficial ownership, and source of funds and wealth for subscriptions and trades where relevant |
| Sanctions screening | Screening of clients, prospective investors, beneficial owners and counterparties against the UAE Local Terrorist List and the UN Consolidated List |
| Transaction monitoring | Monitoring of trading, settlement, subscriptions, redemptions and unusual investor activity |
| Third-party reliance | A written reliance framework and audit trail, with final responsibility retained by the firm |
| MLRO and reporting | Semi-annual AML and CTF report, annual AML, CFT and TFS return, and suspicious reporting through goAML |
| Record keeping and governance | Records retained and retrievable for inspection, with board approval, risk appetite and compliance independence |
Practical Compliance Note:
Capital Market Authority supervisory materials and thematic reviews show recurring attention to sanctions-screening effectiveness and reliance on third parties for customer due diligence. Capital market firms should document how their screening system is calibrated and tested, how potential matches are handled, and the point at which reliance on an introducer ends and the firm’s own due diligence resumes.
Conclusion
AML regulations for capital market firms in the UAE run on two tracks: the federal AML law that applies to every financial institution, and the Capital Market Authority’s own rulebook, guidance, and reporting regime on top. Broker-dealers, fund and asset managers, investment advisers, and custodians all sit inside that framework, supervised by the Authority rather than the Central Bank. The sector’s money laundering risk is rated in the medium range with effective controls, and its proliferation financing risk is low, but the reporting and examination expectations are demanding. Use the national risk assessments to calibrate, and read across to our guide to anti-money laundering laws in the UAE and the pillar on AML regulations for banks and financial institutions in the UAE.
Frequently Asked Questions
Which capital market firms are subject to AML rules in the UAE?
Broker-dealers, fund and asset managers, investment advisers, custodians, and other market intermediaries licensed by the Capital Market Authority are financial institutions under Federal Decree-Law No. 10 of 2025 and must run a full AML programme. Firms in the DIFC and ADGM are supervised separately by the DFSA and FSRA.
Which regulator supervises capital market AML compliance outside ADGM and DIFC?
The Capital Market Authority, established under Federal Decree-Law No. 32 of 2025 as the successor to the Securities and Commodities Authority, supervises AML compliance for capital market firms outside the financial free zones. It issues the sector rulebook and guidance and runs examinations and thematic reviews.
What AML controls are expected from securities and commodities firms?
Firms must maintain a business-wide risk assessment, perform customer due diligence and enhanced due diligence on investors and beneficial owners, screen against sanctions lists, monitor trading and settlement, keep records, and report suspicious activity through goAML. The Authority pays particular attention to screening systems and reliance on third parties.
Do capital market firms need MLRO reporting?
Yes. Firms must appoint a money laundering reporting officer, file suspicious transaction and activity reports through goAML, and submit the Capital Market Authority’s semi-annual AML and CTF report and annual AML/CFT and TFS risk assessment return.
How should capital market firms treat exposure to virtual asset service providers?
Virtual asset service providers sit under a separate framework, distinct from the securities regime covered here: the federal CMA regime applies outside the financial free zones and works alongside local licensing authorities, including Dubai’s Virtual Assets Regulatory Authority. Firms with that exposure should refer to our dedicated guide to AML for VASPs outside Dubai, which addresses that demand in full.
Are older SCA AML notices still relevant now that the CMA has replaced the SCA?
Yes, where they remain in force and are not inconsistent with the 2025 framework. The Capital Market Authority is the legal successor to the Securities and Commodities Authority under Federal Decree-Law No. 32 of 2025, so older SCA decisions, notices and guidance are read as CMA materials, subject to Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025.
Do CMA-regulated capital market firms need a business-wide risk assessment?
Yes. The Capital Market Authority requires a business-wide or enterprise-wide risk assessment covering customer, product, delivery-channel, geographic, targeted financial sanctions, proliferation financing and new-technology risks, aligned to the UAE national risk assessments and reflected in the Authority’s annual AML return.
Need help building or reviewing your capital market firm AML programme?
Get expert support to develop a robust AML programme that protects your business, manages risk, and meets regulatory expectations.
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.
Reach Out to Pathik