AML/CFT Supervisory Authorities in UAE
Last Updated: 05/04/2026
Protect your business with reliable and effective AML strategies with AML UAE.
At a Glance: AML Supervisory Authorities in UAE
Legal Basis Federal Decree by Law No. (10) of 2025, Article 1
Definition Federal and local authorities entrusted with supervision of relevant regulated sectors
Banks and many other financial institution Central Bank of UAE (CBUAE)
Mainland DNFBPs (Accountants, TCSPs, DPMS, real estate agents) Ministry of Economy and Tourism (MoET)
Mainland lawyers, notaries, and other legal professionals Ministry of Justice (MoJ)
Commercial gaming sector General Commercial Gaming Regulatory Authority (GCGRA)
VASPs in Dubai outside DIFC Virtual Assets Regulatory Authority (VARA)
VASPs outside Dubai and outside DIFC / ADGM Capital Market Authority (CMA)
DIFC-authorised entities and other persons within DFSA’s regulatory perimeter Dubai Financial Services Authority (DFSA)
ADGM-authorised financial services firms and other persons within FSRA’s financial regulatory perimeter Financial Services Regulatory Authority (FSRA)
ADGM-licensed DNFBPs ADGM Registration Authority monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA
STR reporting channel UAE FIU via goAML portal , all sectors, all supervisory authorities
TFS implementation Executive Office for Control and Non-Proliferation (EOCN)
Scope of This Page :
This page provides the complete authority map showing all AML/CFT supervisory authorities in UAE and what they supervise. It does not detail sector-specific AML obligations, which are covered in dedicated sector articles. For STR guidance, see the FIU page. For individual sector obligations, see the relevant pages linked at the footer of this article.
Who Is My AML Supervisory Authority?
Use this four-step decision path to identify the authority that supervises your AML/CFT compliance:
01 Where are you licensed or operating? , Mainland / commercial free zone, DIFC, ADGM, or Dubai (outside DIFC)?
02 What type of entity are you? , Financial institution, DNFBP, VASP, commercial gaming operator, or legal professional?
03 Are you within the regulatory perimeter of CBUAE, MoET, MoJ, GCGRA, CMA, DFSA, FSRA, VARA, or the ADGM Registration Authority?
04 Regardless of your supervisory authority , all STRs are filed through the UAE FIU’s goAML portal, and all TFS instructions come from EOCN.
What Is a Supervisory Authority Under UAE AML/CFT Law?
What Is a Supervisory Authority?
1. Meaning of Supervisory Authority
The legal definition from Article 1 of the Federal Decree
2. What a Supervisory Authority Does in Practice
Risk assessments, inspections, penalties under Article 16-17
3. Not the Same as the FIU
The FIU receives STRs; supervisory authorities enforce compliance
4. Not the Same as Law Enforcement
Distinct from investigative and prosecutorial bodies
Meaning of Supervisory Authority
“The federal and local authorities entrusted under the legislation with the supervision of the financial institutions, designated non-financial businesses and professions, virtual asset service providers, and non-profit organizations (NPOs); or the competent authorities responsible for granting approval to engage in an activity or profession, where no specific supervisory authority is designated by the legislation.”
Federal Decree by Law No. (10) of 2025, Article 1
UAE AML/CFT supervisory authorities operate at both federal and local levels. The federal framework under Federal Decree by Law No. (10) of 2025 recognises that regulated sectors have distinct characteristics requiring specialist oversight. Accordingly, rather than creating a single monolithic regulator, the UAE assigns supervisory responsibility to the authority best placed to understand each sector’s risks.
The definition is deliberately broad. Where no specific supervisory authority has been designated by legislation, the competent authority responsible for granting approval to practise the relevant activity or profession assumes the supervisory role by default. This prevents regulatory gaps.
The definition also encompasses non-profit organisations (NPOs). Where an NPO falls within the supervised population, the same default rule applies: the competent authority responsible for approving or registering the NPO assumes the supervisory role unless legislation designates a specific authority for that category.
What a Supervisory Authority Does in Practice
Article 16 of Federal Decree by Law No. (10) of 2025 sets out the core competences of every supervisory authority. Within its respective area of competence, each authority must: conduct risk assessments concerning the likelihood of money laundering, terrorist financing, or proliferation financing occurring within the entities it supervises; perform supervisory and inspection operations, whether desk-based or field-based; and maintain statistics on the measures undertaken and the penalties imposed.
Where an entity fails to comply, Article 17 of the Decree empowers any supervisory authority to impose the following administrative penalties: a written warning; an administrative fine of not less than AED 10,000 and not exceeding AED 5,000,000 for each violation; prohibition from operating in the relevant sector for a determined period; restriction of board member or executive powers; suspension or replacement of directors or supervisory personnel; suspension or restriction of the activity or profession; and revocation of the licence. The supervisory authority may also publish penalties through media outlets and impose incremental fines for repeated violations within one year.
Supervisory Authorities Are Not the Same as the FIU
Article 11 of the Federal Decree by Law No. (10) of 2025 establishes an independent Financial Intelligence Unit (FIU) within the Central Bank. All Suspicious Transaction Reports (STRs) from financial institutions, DNFBPs, and VASPs must be submitted exclusively to the FIU through the goAML electronic system. The FIU analyses these reports and either refers them to the Concerned Authorities automatically or upon request.
The distinction matters in practice. A supervisory authority, such as CBUAE or MoET, is responsible for ensuring that entities under its supervision have adequate AML/CFT frameworks in place. The FIU, by contrast, is the national intelligence function: it receives, analyses, and disseminates financial intelligence. Submitting an STR to the FIU does not replace the obligation to comply with your supervisory authority’s requirements, and vice versa.
Supervisory Authorities Are Not the Same as Law Enforcement Agencies
Article 1 of the Federal Decree by Law No. (10) of 2025 defines Law Enforcement Authorities separately: these are “the federal and local authorities entrusted with combating, investigating, detecting, and gathering evidence in respect of the offences, including Money Laundering, Predicate Offences, the Financing of Terrorism, and the Proliferation Financing.” They operate under the Public Prosecution and the competent courts, not as supervisors of regulated sectors.
An inspection visit from a supervisory authority is an administrative compliance exercise. An investigation by a law enforcement authority is a criminal matter. The two processes may run in parallel, but they serve distinct purposes and involve distinct legal powers.
Need help mapping your supervisory authority obligations?
AML UAE advises regulated entities across all sectors on identifying their supervisory authority, understanding inspection expectations, and building compliant AML frameworks.
The Main AML/CFT Supervisory Authorities in the UAE
The Main Supervisory Authorities
1. CBUAE
Banks, insurance, exchange houses, payment services
2. MoET
Real estate, DPMS, TCSPs, accountants , most mainland DNFBPs
3. Ministry of Justice
Lawyers, notaries and other legal professionals
4. GCGRA
All commercial gaming operators, the newest supervisory authority
5. CMA (formerly SCA)
Capital markets, securities, VASPs outside Dubai and outside DIFC / ADGM
6. VARA
Virtual asset service providers in Dubai (excl. DIFC)
7. DFSA
DIFC-authorised entities and persons within DFSA’s regulatory perimeter
8. FSRA
Financial services firms and other persons within FSRA’s financial regulatory perimeter; ADGM-licensed DNFBPs monitored by the ADGM Registration Authority
| Authority | Sector Coverage | Jurisdiction | Website |
|---|---|---|---|
| CBUAE | Banks, exchange houses, insurance, payment services, money transfer | Federal (mainland + commercial FZs) | https://www.centralbank.ae/en/ |
| MoET | Real estate agents, DPMS, TCSPs, and accountants | Mainland UAE | https://www.moet.gov.ae/en/home |
| Ministry of Justice | Lawyers, notaries, and independent legal professionals when carrying out specified DNFBP activities | Mainland UAE | https://www.moj.gov.ae/ |
| GCGRA | All commercial gaming operators (land-based, internet, sports wagering, lottery) | Federal (all UAE) | https://www.gcgra.gov.ae/en/ |
| CMA (formerly SCA) | Capital markets, securities, and VASPs outside Dubai and outside DIFC / ADGM | Federal (all UAE) | https://sca.gov.ae/en/home |
| VARA | Virtual asset service providers in Dubai (excl. DIFC) | Dubai (excl. DIFC) | https://www.vara.ae/en/ |
| DFSA | DIFC-authorised entities and other persons within DFSA’s regulatory perimeter | DIFC financial free zone | https://www.dfsa.ae/ |
| FSRA | Financial services firms and other persons within FSRA’s financial regulatory perimeter | ADGM financial free zone | https://www.adgm.com/financial-services-regulatory-authority |
| ADGM Registration Authority | ADGM-licensed DNFBPs; monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA | ADGM financial free zone | https://www.adgm.com/registration-authority |
The Central Bank of the UAE (CBUAE)
The Central Bank of the UAE (CBUAE) is the primary supervisory authority for financial institutions in the mainland UAE and commercial free zones. It oversees banks, exchange houses, insurance companies, payment service providers, and money or value transfer services. The CBUAE applies a risk-based supervisory framework aligned with FATF Recommendations, combining off-site monitoring with on-site inspections.
The UAE National Risk Assessment 2024 identifies the banking sector as one of the highest-value channels through which ML proceeds may flow, reflecting the CBUAE’s critical gatekeeping role. Financial institutions supervised by CBUAE must comply with its AML/CFT rulebook, guidance, and any circulars issued thereunder, in addition to the obligations under Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025.
The Ministry of Economy and Tourism (MoET)
The Ministry of Economy and Tourism (MoET) is the designated supervisory authority for most designated non-financial businesses and professions (DNFBPs) in the mainland UAE. Its supervisory portfolio includes real estate brokers and agents, dealers in precious metals and stones (DPMS), company and trust service providers (TCSPs), accountants, and other commercial activities for which specific supervisory designations have been made.
The DNFBP sector was identified as carrying significant ML/TF risk in the UAE National Risk Assessment 2024, particularly real estate and DPMS. MoET exercises its supervisory mandate through both desk-based reviews and field inspections, and issues circulars and implementation guides for DNFBPs. MoET’s AML enforcement capability has grown substantially since 2020, with a dedicated supervisory function now established within the ministry.
The Ministry of Justice (MoJ)
The Ministry of Justice (MoJ) is the supervisory authority for lawyers, notaries, and other independent legal professionals in the mainland UAE when they carry out the specified activities that bring them within the DNFBP perimeter. Article 3(4) of Cabinet Resolution No. (134) of 2025 classifies lawyers, notaries, and independent legal professionals as DNFBPs when they prepare, conduct, or execute financial transactions on behalf of clients in relation to specified activities, including buying and selling real estate, managing client funds, organising contributions for company formation, and establishing or managing legal arrangements.
The MoJ supervises compliance with these obligations and coordinates with MoET and other supervisory authorities on cross-sector enforcement.
The General Commercial Gaming Regulatory Authority (GCGRA)
The General Commercial Gaming Regulatory Authority (GCGRA) was established by Federal Law by Decree and publicly launched in September 2023. It is the sole federal body mandated to regulate, license, and supervise all commercial gaming activities in the UAE, including land-based gaming facilities, internet gaming, sports wagering, and lottery operations.
Commercial gaming operators fall within the UAE AML/CFT perimeter under Article 3(1) of Cabinet Resolution No. (134) of 2025 when conducting single or linked financial transactions that equal or exceed AED 11,000. The GCGRA explicitly holds the role of “supervisory authority of AML/CFT for the commercial gaming sector” as confirmed in the Commercial Gaming Policy Paper published jointly by the GCGRA and the General Secretariat of the National AML/CFT Committee (GS-NAMLCFTPC). Within its first year of operation, the GCGRA issued the UAE’s first gaming operator licences, including a Land-Based Gaming Facilities Licence for Wynn Al Marjan in Ras Al Khaimah, and blocked over 6,500 illegal gaming sites.
The Capital Market Authority (CMA)
The Capital Market Authority (CMA), formerly known as the Securities and Commodities Authority (SCA), is the federal regulator for capital markets and securities activities in the mainland UAE and commercial free zones. Following its renaming, the CMA’s AML supervisory mandate extends to securities firms, fund managers, investment advisers, and virtual asset service providers (VASPs) operating outside Dubai and outside the financial free zones of DIFC and ADGM.
The CMA applies the same risk-based supervisory framework to VASPs within its jurisdiction as it does to other regulated financial activities, ensuring that supervisory coverage extends across the emerging virtual asset sector beyond the dedicated VARA, DFSA, and FSRA perimeters.
The Virtual Assets Regulatory Authority (VARA)
The Virtual Assets Regulatory Authority (VARA) was established in Dubai to regulate virtual asset service providers operating within Dubai, except for entities located within the DIFC financial free zone. VARA issues licences to VASPs and functions as their primary AML/CFT supervisory authority within its jurisdiction, applying obligations derived from Federal Decree-Law No. (10) of 2025 alongside its own VARA Virtual Asset and Related Activities Regulations.
VASPs in Dubai must obtain a VARA licence before commencing operations. The VARA framework requires licensed VASPs to implement comprehensive AML/CFT programmes, submit STRs to the UAE FIU via goAML, and comply with targeted financial sanctions obligations issued by the EOCN. VARA’s rulebook system distinguishes between different categories of virtual asset activity, each with tailored supervisory expectations.
The Dubai Financial Services Authority (DFSA)
The Dubai Financial Services Authority (DFSA) is the independent financial regulator of the Dubai International Financial Centre (DIFC), a financial free zone established by federal legislation and operating under its own legal framework. All entities authorised to conduct financial services within the DIFC, including banks, asset managers, brokers, and VASPs, are supervised by the DFSA for AML/CFT purposes.
The DFSA operates its own AML rulebook and supervisory regime, which is aligned with FATF Recommendations and recognised internationally. The CBUAE framework applies to mainland entities; within the DIFC, the DFSA is the relevant supervisory authority for AML/CFT purposes. This distinction has direct implications for which regulations, guidance notes, and inspection processes apply.
The Financial Services Regulatory Authority (FSRA)
The Financial Services Regulatory Authority (FSRA) is the independent financial regulator of Abu Dhabi Global Market (ADGM), the financial free zone located on Al Maryah Island in Abu Dhabi. The FSRA supervises firms and persons within its financial regulatory perimeter in ADGM, including banks, fund managers, insurance companies, and VASPs, for AML/CFT compliance under the FSRA’s Anti-Money Laundering and Sanctions Rules and Guidance (AML Rulebook).
It is important to note that FSRA’s supervisory authority does not extend to all entities in ADGM. For ADGM-licensed DNFBPs and non-financial entities, the ADGM Registration Authority holds the commercial regulatory mandate. It monitors AML compliance for ADGM-licensed DNFBPs under an agreement with the FSRA.
Like the DFSA, the FSRA’s financial supervisory authority is ring-fenced to its jurisdiction: the ADGM. The CBUAE or CMA does not supervise financial institutions in ADGM for AML purposes. The FSRA applies a risk-based supervisory approach, conducts periodic thematic reviews, and maintains an active enforcement function.
Unsure which supervisory authority applies to your business?
AML UAE provides sector-specific guidance on supervisory authority identification, registration requirements, and compliance obligations for all regulated sectors in the UAE.
How Supervisory Responsibilities Are Divided Across the UAE
How Responsibilities Are Divided
1. Mainland UAE
CBUAE, MoET, MoJ, GCGRA, and CMA cover different sectors
2. Commercial Free Zones
FIs supervised by CBUAE; DNFBPs by MoET/GCGRA depending on sector
3. Financial Free Zones
DIFC under DFSA; ADGM financial services under FSRA, with ADGM DNFBP AML monitoring by the Registration Authority
4. Dubai VASPs
VARA holds exclusive jurisdiction outside DIFC
5. VASPs Outside Dubai
CMA supervises VASPs in other emirates and commercial free zones
Mainland UAE
In the mainland UAE, supervisory responsibility is divided by sector. The CBUAE supervises financial institutions. MoET supervises the majority of DNFBP sectors. The Ministry of Justice supervises lawyers, notaries, and other legal professionals. The GCGRA supervises commercial gaming operators. The CMA supervises capital markets firms and VASPs that fall outside the perimeters of the VARA, DFSA, and FSRA. This means that a single business area may contain entities supervised by three or four different authorities, each with its own inspection calendar, guidance library, and enforcement approach.
Commercial Free Zones
Commercial free zones, such as DMCC and JAFZA, are not financial free zones. Entities in these zones are generally subject to UAE federal AML law and supervised by the same authorities as their mainland counterparts, unless a specific legal arrangement provides otherwise. CBUAE generally supervises a financial institution in a commercial free zone. MoET generally supervises a real estate broker or TCSP in a commercial free zone. The free zone authority itself does not function as an AML supervisory authority unless specifically designated under the relevant legislation.
Financial Free Zones
The UAE has two financial free zones: the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM). These are constitutionally recognised free zones with their own civil and commercial laws, courts, and financial regulators. Entities operating within them are subject to the AML/CFT requirements of the applicable financial free zone regulator rather than the federal supervisory bodies, though federal criminal law, including the money laundering offence under Federal Decree-Law No. (10) of 2025, continues to apply throughout the UAE.
DIFC, supervised by DFSA
All entities authorised to conduct financial services or related activities within the DIFC are supervised by the Dubai Financial Services Authority (DFSA) for AML/CFT purposes. The DFSA’s AML Module (AML) within its Rulebook sets out the detailed obligations. DIFC entities submit STRs to the UAE FIU via goAML in the same way as all other regulated entities, but their primary supervisory relationship and inspection regime is governed by the DFSA.
ADGM, financial services supervised by FSRA; DNFBPs monitored by ADGM Registration Authority
In ADGM, supervisory responsibility is not exercised solely by the FSRA. FSRA-authorised firms, including banks, fund managers, and VASPs, are supervised for AML/CFT compliance by the FSRA under its AML Rulebook, which incorporates FATF Recommendations and international standards. For ADGM-licensed DNFBPs, however, the ADGM Registration Authority is responsible for monitoring AML compliance under an agreement with the FSRA.
Dubai Virtual Asset Service Providers
VARA holds exclusive supervisory jurisdiction over VASPs operating within Dubai, with the single exception of entities within the DIFC (which are supervised by the DFSA). VASPs wishing to operate in Dubai must obtain a VARA licence and comply with VARA’s Virtual Assets and Related Activities Regulations (VARA Regulations). Operating as a VASP in Dubai without a VARA licence is illegal.
Virtual Asset Service Providers in the UAE Outside Dubai
VASPs operating in emirates other than Dubai, or in commercial free zones outside DIFC and ADGM, are regulated by the Capital Market Authority (CMA). The CMA issues licences for VASP activities in Abu Dhabi, Sharjah, and other mainland or commercial free zone locations, and supervises those entities for AML/CFT compliance. VASPs in ADGM are supervised by the FSRA rather than the CMA.
Common Areas of Confusion
Who Supervises DNFBPs in Mainland UAE?
MoET supervises the majority of DNFBP sectors in the mainland UAE, including real estate agents, dealers in precious metals and precious stones, company and trust service providers, and accountants. Lawyers, notaries and other legal professionals are supervised by the Ministry of Justice. Commercial gaming operators, Internet Gaming Operators, Land-Based Gaming Facilities Operators, Sports Wagering Operators, and Lottery Operators are supervised by the GCGRA. Article 3 of Cabinet Resolution No. (134) of 2025 sets out the full list of DNFBP categories.
Who Supervises Lawyers and Legal Consultants?
In the mainland UAE, the Ministry of Justice (MoJ) supervises lawyers, notaries, and other independent legal professionals for AML/CFT compliance when they are carrying out the specified activities that bring them within the DNFBP perimeter, such as managing client funds, preparing or executing real estate transactions, or forming or managing legal arrangements. A lawyer or legal consultant practising within the DIFC is subject to DFSA oversight. One practising within ADGM falls under the applicable ADGM framework, which distinguishes between firms within FSRA’s financial regulatory perimeter and non-financial activities within the Registration Authority’s commercial regulatory remit. The applicable supervisory authority depends on where the legal professional is licensed and practises, not on the nationality of their clients or the location of the underlying transaction.
Who Supervises Virtual Asset Businesses in Dubai?
VARA supervises all VASPs in Dubai, excluding those in the DIFC. The Dubai government granted VARA exclusive licensing authority. A VASP entity established in a commercial free zone within Dubai (such as DMCC) still requires a VARA licence and is subject to VARA’s AML supervision. Only if the VASP is authorised within the DIFC does the DFSA assume supervisory authority. There is no overlap: if you are in Dubai outside the DIFC, your supervisor is VARA.
Does DIFC Follow DFSA Rules or Federal AML Law?
Both, in different respects. For AML/CFT compliance purposes, DIFC-authorised entities and other persons within DFSA’s regulatory perimeter are governed by the DFSA’s AML Module and subject to DFSA inspections. For AML/CFT compliance purposes, DIFC and ADGM-authorised firms follow their respective applicable free-zone regulatory rulebooks, while federal criminal law and national reporting and sanctions mechanisms continue to apply across the UAE. A DIFC entity that commits money laundering can be prosecuted under federal law, even though its day-to-day AML/CFT compliance obligations are supervised by the DFSA.
Does ADGM Follow FSRA Rules, ADGM Registration Authority Requirements, or Federal AML Law?
FSRA-authorised firms and other persons within FSRA’s financial regulatory perimeter comply with the FSRA’s AML Rulebook and are supervised by the FSRA. For ADGM-licensed DNFBPs, the ADGM Registration Authority monitors AML compliance under an agreement with FSRA, so the FSRA is not the supervisory authority for all ADGM entities. The ADGM operates its own legal system for civil and commercial matters, including financial regulation. Federal criminal law, including the money laundering offence, continues to apply in ADGM, as it does across all of the UAE territory. All ADGM entities submit STRs to the UAE FIU via the goAML portal, which is the single national channel for STR submission regardless of supervisory authority.
Is the FIU Also a Supervisory Authority?
No. Article 11 of the Federal Decree by Law No. (10) of 2025 establishes the FIU as an independent financial intelligence function within the Central Bank. Its role is to receive all Suspicious Transaction Reports, study and analyse them, and refer findings to the Concerned Authorities. The FIU does not conduct compliance inspections of regulated entities, does not issue AML guidance to regulated sectors, and does not impose administrative penalties. Those functions belong to the relevant supervisory authority for each sector. The FIU and supervisory authorities serve complementary but distinct functions.
What Is EOCN and What Does It Do?
The Executive Office for Control and Non-Proliferation (EOCN) is defined in Article 1 of Federal Decree by Law No. (10) of 2025 as the body “concerned with the implementation of targeted financial sanctions within the State.” EOCN administers the UAE’s domestic terrorist and sanctions lists and ensures that instructions on Targeted Financial Sanctions (TFS) are disseminated to all regulated entities. All financial institutions, DNFBPs, and VASPs must comply immediately with TFS instructions issued by EOCN. The EOCN is not a supervisory authority for AML compliance; it is the national body responsible for implementing targeted financial sanctions. Supervisory authorities ensure that entities under their oversight have effective sanctions compliance systems, but the TFS instructions themselves originate from EOCN.
Receive practical AML/CFT compliance guidance
AML UAE publishes sector-specific blogs and regulatory updates for all supervised sectors in the UAE.
Why Understanding the Right Supervisory Authority Matters
1. Correct Registration and Reporting Channels
Register with the right authority; use the correct reporting platform
2. Proper Engagement During Inspections
Different authorities run inspections differently , preparation varies
3. Correct Application of Sector-Specific Guidance
Each supervisory authority issues its own circulars and guidance
4. Avoiding Regulatory Breaches from Confusion
Jurisdictional errors are treated as compliance failures
Correct Registration and Reporting Channels
Regulated entities must register with, or obtain a licence from, the correct supervisory authority for their sector and location. Operating without the correct authorisation, or registering with the wrong authority, is a regulatory breach in its own right. All regulated entities across all supervisory authorities submit STRs through the single national channel: the UAE FIU’s goAML portal. However, sector-specific compliance registers, inspection schedules, and guidance libraries are maintained separately by each supervisory authority.
Proper Engagement During Inspections
Supervisory inspections vary significantly between authorities. CBUAE bank examinations follow a structured prudential and AML framework. MoET inspections of DNFBPs may focus on registration, customer due diligence documentation, and beneficial ownership records. DFSA and FSRA inspections draw on their detailed rulebook requirements and international supervisory methodologies. GCGRA inspections are still developing their framework. Knowing your supervisory authority enables you to prepare for inspections correctly, including understanding what documentation to have ready, which guidance applies, and who your regulatory contact point is.
UAE AML/CFT Regulatory Source Hierarchy
Federal AML law (Federal Decree by Law No. (10) of 2025) , the overarching criminal and regulatory framework
Executive regulations (Cabinet Resolution No. (134) of 2025) , detailed implementing obligations, sector definitions, and thresholds
Sector rulebooks and regulator instruments , issued by CBUAE, MoET, DFSA, FSRA, VARA, CMA, MoJ, GCGRA for their respective sectors
Circulars, guidance notes, and policy papers , supplementary implementation guidance from each supervisory authority
Correct Application of Sector-Specific Guidance
Each supervisory authority publishes its own guidance, circulars, and implementation notes. A circular issued by MoET to DNFBPs does not apply to entities supervised by the CBUAE, and vice versa. Applying the wrong guidance or overlooking guidance from your own supervisory authority can leave compliance gaps that expose an entity to enforcement action. Following guidance from the correct supervisory authority is a prerequisite for demonstrable compliance.
Avoiding Regulatory Breaches Caused by Confusion over Jurisdiction
Jurisdictional confusion has practical consequences. An entity that believes it is supervised by CBUAE when it should be supervised by MoET may fail to register correctly, miss MoET inspection cycles, or apply CBUAE guidance that does not cover its sector’s specific risk profile. Article 17 of Federal Decree by Law No. (10) of 2025 empowers supervisory authorities to impose fines of up to AED 5,000,000 per violation, suspend activities, and revoke licences. Jurisdictional error does not constitute a defence to regulatory non-compliance.
Conclusion
The UAE operates a multi-authority AML/CFT supervisory architecture in which multiple federal, local, free-zone, and sector-specific authorities exercise jurisdiction over distinct sectors and geographic zones. Federal Decree by Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025 provides the overarching framework, while specific authority mandates are established by sector-specific legislation and regulatory instruments.
CBUAE supervises many financial institutions. MoET supervises most mainland DNFBPs, subject to sector-specific carve-outs for lawyers and gaming. The Ministry of Justice supervises lawyers and notaries engaged in specified DNFBP activities. The GCGRA supervises the commercial gaming sector. The CMA supervises capital markets and VASPs outside Dubai and outside DIFC and ADGM. VARA supervises VASPs within Dubai outside the DIFC. The DFSA supervises entities and persons within its regulatory perimeter in DIFC. In ADGM, the FSRA supervises firms within its financial regulatory perimeter, while the ADGM Registration Authority monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA. All STRs flow to the UAE FIU via goAML, and targeted financial sanctions instructions are issued by the EOCN.
For regulated entities, identifying the correct supervisory authority is the foundational compliance question. Everything else, which guidance applies, which inspection regime to prepare for, which reporting channel to use, and which penalties may be imposed, flows from that answer.
Frequently Asked Questions
Who supervises AML compliance for banks in the UAE?
The Central Bank of the UAE (CBUAE) is the AML supervisory authority for banks and other financial institutions in the mainland UAE and in commercial free zones. The DFSA supervises banks in the DIFC; those in ADGM are supervised by the FSRA. All banks submit STRs to the UAE FIU via the goAML portal, regardless of their supervisory authority.
Who supervises DNFBP AML compliance in the UAE?
The Ministry of Economy and Tourism (MoET) supervises most DNFBP sectors in the mainland UAE, including real estate agents, dealers in precious metals and precious stones, company and trust service providers, and accountants. The Ministry of Justice supervises lawyers and notaries. The GCGRA supervises commercial gaming operators. Article 3 of Cabinet Resolution No. (134) of 2025 defines the full DNFBP categories.
What is the role of the UAE FIU?
The UAE Financial Intelligence Unit (FIU) is an independent unit within the Central Bank, established under Article 11 of Federal Decree-Law No. (10) of 2025. It receives all Suspicious Transaction Reports (STRs) from financial institutions, DNFBPs, and VASPs exclusively through the goAML portal. The FIU studies and analyses these reports and refers findings to the Concerned Authorities. The FIU is not an AML supervisory authority and does not conduct compliance inspections.
Who enforces targeted financial sanctions in the UAE?
The Executive Office for Control and Non-Proliferation (EOCN) is responsible for implementing targeted financial sanctions in the UAE, as defined in Article 1 of Federal Decree-Law No. (10) of 2025. EOCN administers the domestic terrorist and sanctions lists and issues TFS instructions to all regulated entities. Supervisory authorities ensure that entities under their supervision have effective sanctions-compliance frameworks, but the TFS instructions themselves originate from EOCN.
Is there one AML regulator for the entire UAE?
No. The UAE uses a multi-authority model where supervisory responsibility is assigned by sector and geographic zone. Depending on the activity and jurisdiction, the relevant authority may include CBUAE, MoET, Ministry of Justice, GCGRA, CMA, VARA, DFSA, FSRA, or, for ADGM-licensed DNFBPs, the ADGM Registration Authority. The NAMLCFTC coordinates the national AML/CFT strategy across all supervisory authorities, and the UAE FIU serves as the single national financial intelligence function.
Who supervises DNFBPs in ADGM?
The ADGM Registration Authority monitors AML compliance for ADGM-licensed DNFBPs under an agreement with the FSRA. The FSRA is ADGM’s financial regulator and supervises firms within its financial regulatory perimeter. Still, it is not accurate to describe ADGM-licensed DNFBPs as supervised by FSRA in the same way as ADGM financial services firms. Entities in ADGM should identify whether they fall within the FSRA’s financial regulatory perimeter or within the Registration Authority’s commercial regulatory remit.
Does FSRA supervise all ADGM entities?
No. The FSRA is ADGM’s financial regulator for firms and persons within its regulatory perimeter, including banks, fund managers, and VASPs. The ADGM Registration Authority holds the commercial regulatory mandate and monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA. An ADGM entity that is not within the FSRA’s financial regulatory perimeter should look to the ADGM Registration Authority as the relevant AML monitoring body.
Found This Guide Helpful?
If this guide to who supervises AML compliance in UAE has helped clarify your compliance obligations, we would appreciate a Google review. Your feedback helps other compliance professionals find reliable guidance.
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.
Reach Out to Pathik