From Name to Risk Profile: Collecting the Right Information for Individual KYC

Good compliance starts with good processes, and individual KYC onboarding is one of the most important places to get it right.

To support the UAE AML compliance community, AMLUAE and NIYEAHMA are introducing a free, web-based Individual KYC Compliance Tool.

This webinar walks you through everything it does step by step, with a live demonstration.

The tool is built in line with the UAE’s current KYC and CDD requirements and designed to make individual onboarding structured and audit-ready.

What We Will Cover

Common pain points in individual onboarding and why they persist
The regulatory framework behind the tool: Federal Decree Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, and the MoET CDD Implementation Guide
The 5-Step Wizard: Personal Identity, Identity Documents, Address and Employment, Business Relationship, and Summary and Risk Rating
How the tool separates data collection from risk assessment
Live demonstration of the tool
Practical use cases: inspection preparation, staff training, process benchmarking, and active onboarding

About the Tool

Free and web-based, no sign-in required
Built in line with applicable UAE AML/CFT regulations
Provides step-by-step guidance with built-in compliance reasoning and red flag indicators
Applicable across DNFBPs and regulated entities operating in the UAE

Come as you are, whether you’re new to KYC or reviewing your current process. Registration is free, and the session is open to all.

📅 Date: 19th May, 2026
⏰ Time: 11:00 AM (GST)
🔗 Registration Link: https://events.teams.microsoft.com/event/142a52f3-c1ac-4510-b302-03378c51a973@9111ea08-5731-461f-bdce-1de7f7d1d9d0/registration

Effective AML consulting services

make your business dealings brighter, smoother, and better

Share via :

AML Regulations for Commercial Gaming Operators in UAE

Last Updated: 05/05/2026

Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Key Highlights

In-scope status: Commercial gaming operators brought into the AML perimeter as a DNFBP activity under Cabinet Resolution No. (134) of 2025, Article (3) Item 1.

Activity trigger: Single or linked financial transactions equal to or above AED 11,000. Pure gaming chips or gaming instruments do not count as a financial transaction.

Supervisory authority: General Commercial Gaming Regulatory Authority (GCGRA), the sole AML/CFT supervisor for the sector.

Primary federal law: Federal Decree-Law No. (10) of 2025 on Combating Money Laundering, Terrorist Financing and Proliferation Financing.

Cross-sector baseline: Beneficial owner regime under Cabinet Decision No. (109) of 2023 and terrorist/PF sanctions regime under Cabinet Decision No. (74) of 2020.

Administrative penalties: AED 10,000 to AED 5,000,000 per violation under Federal Decree-Law No. (10) of 2025, Article (17), plus warning, suspension, prohibition and licence revocation.

Record-keeping period: At least five years for transactions, identification documents, correspondence and analyses under Cabinet Resolution No. (134) of 2025, Article (25).

Sector policy reference: Policy Paper on Commercial Gaming (2025) issued by the General Secretariat of the National AML/CFT Policies Committee.

Regulatory posture: Emerging niche sector; UAE ML/TF National Risk Assessment 2024 notes it was not separately evaluated as no entities were licensed at the time of assessment.

Definition

A commercial gaming operator in the UAE is a licensee of the General Commercial Gaming Regulatory Authority authorised to offer commercial games for value, and is subject to AML obligations once a single transaction, or linked transactions, equal or exceed AED 11,000.

Scope Note

This page is a forward-looking, sector-specific guide to AML regulations for commercial gaming operators in UAE. It focuses on how the federal AML framework, the overarching sanctions and proliferation financing guidance, the National Risk Assessment and the 2025 Commercial Gaming Policy Paper combine to shape compliance expectations for licensees of the General Commercial Gaming Regulatory Authority.

The AML regulations for commercial gaming operators in UAE sit at the intersection of a well-established federal AML framework and a brand-new sector. Cabinet Resolution No. (134) of 2025 expanded the list of Designated Non-Financial Businesses and Professions (DNFBPs) to explicitly include commercial gaming operators, and the General Commercial Gaming Regulatory Authority (GCGRA) has been set up as the sole sector supervisor for AML and counter-financing of terrorism purposes. Licensees therefore have to implement the full suite of DNFBP obligations from day one, even though the sector has no operational history to draw on within the UAE.

This guide explains how AML regulations for commercial gaming operators in UAE are structured, who the supervisory authority is, and which federal laws, cross-sector guidance documents, risk assessments and sector-specific policy papers apply. It is the commercial gaming spoke of our DNFBPs pillar and sits within the broader AML Laws in UAE hub. Read it alongside our Federal AML laws and executive regulations page for the baseline legal text.

Who Counts as a Commercial Gaming Operator for AML Purposes in UAE?

AML regulations for commercial gaming operators in UAE apply to any operator of commercial games whose activity crosses the AED 11,000 trigger set out in Cabinet Resolution No. (134) of 2025. Article (3) Item (1) of the Executive Regulations lists, among the categories of DNFBPs, “Commercial Gaming Operators, including Commercial Gaming conducted on board vessels or marine craft, when conducting a single financial transaction or several transactions that appear to be linked and whose value equals or exceeds eleven thousand dirhams (AED 11,000). A financial transaction shall not include a transaction that solely involves gaming chips or gaming instruments”.

Three features of this definition matter for the AML perimeter. First, it is activity-based; the obligation is triggered by transaction value. Second, it covers on-board operations on vessels or marine craft, keeping offshore setups inside the DNFBP perimeter. Third, it carves out pure chip or gaming-instrument transactions; those are treated as internal gaming mechanics rather than financial transactions for AML purposes. Every AED 11,000 equivalent cash-in, cash-out, wire transfer, e-wallet load or redemption does trigger customer due diligence, record-keeping and reporting obligations.

Who is in scope

Four tests every commercial gaming operator in the UAE has to apply before onboarding a patron.

1. Activity test: operator of commercial games

2. Location test: mainland UAE or UAE-flagged vessel

3. Threshold test: single or linked transactions at or above AED 11,000

4. Carve-out: pure chip or gaming instrument movements

1. Licensed commercial gaming operators

Entities licensed by the General Commercial Gaming Regulatory Authority to conduct commercial games in mainland UAE. Article (3) Item (1) of Cabinet Resolution No. (134) of 2025 places them squarely within the DNFBP perimeter.

2. On-board commercial gaming on vessels and marine craft

The DNFBP definition specifically extends to commercial gaming conducted on board vessels or marine craft. Operators cannot avoid AML obligations by moving activity offshore while remaining within UAE jurisdiction.

3. Activity that hits AED 11,000 single or linked transactions

The AED 11,000 trigger is applied on a single transaction, or several transactions that appear to be linked. Operators must have rules to aggregate same-patron activity across sessions, accounts, payment methods and time windows.

4. Transactions outside the AML perimeter

Transactions that solely involve gaming chips or gaming instruments are not financial transactions for AML purposes under Article (3) Item (1). Internal chip movements remain a risk indicator but do not by themselves trigger CDD.

Key legal hook

The DNFBP definition in Cabinet Resolution No. (134) of 2025 is the single legal hook that makes AML regulations for commercial gaming operators in UAE mandatory. Every downstream control, from CDD to reporting, flows from that designation.

Need a DNFBP gap assessment built for commercial gaming?

AML UAE supports GCGRA licensees with DNFBP scope reviews, enterprise risk assessments and AML programme design tailored to commercial gaming models.

Explore our DNFBP AML compliance services →

AML Supervisory Authority for Commercial Gaming Operators in UAE

The AML supervisory authority for commercial gaming operators in UAE is the General Commercial Gaming Regulatory Authority. Paragraph 234 of the UAE ML/TF National Risk Assessment 2024 records that the authority was established in September 2023, and paragraph 241 treats its creation as a prudent step in anticipating commercial gaming activity. Because there were no licensed entities at the time of the National Risk Assessment, paragraph 234 also notes that the sector was not separately evaluated. GCGRA is therefore the first and only AML/CFT supervisor for commercial gaming in the UAE, with no overlap with the Ministry of Economy DNFBP supervision covered elsewhere in the DNFBPs cluster.

GCGRA’s role in AML supervision draws on the general competencies of a Supervisory Authority set out in Federal Decree-Law No. (10) of 2025. Article (16) of the Decree-Law requires each Supervisory Authority to assess ML/TF risks in its sector, supervise financial institutions and DNFBPs under its jurisdiction, provide guidance, impose administrative penalties and maintain statistics. For commercial gaming the authority has expressed those competencies through the 2025 Commercial Gaming Policy Paper and ongoing licensing conditions.

What GCGRA does as AML/CFT supervisor

The General Commercial Gaming Regulatory Authority exercises the standard Supervisory Authority powers under Federal Decree-Law No. (10) of 2025, applied to a sector-specific risk profile.

1. Sector risk assessment

2. Licensing and fit-and-proper controls

3. AML/CFT supervision and inspection

4. Policy, guidance and typologies

5. Administrative penalties

6. Coordination with FIU and EOCN

1. Sole AML supervisor for commercial gaming

GCGRA is the only federal body designated to supervise commercial gaming operators for AML/CFT in the UAE. This avoids the overlap seen in other DNFBP sectors where Ministry of Economy supervision runs alongside free zone regulators.

2. Supervisory competencies under Federal Decree-Law No. (10) of 2025

Article (16) of Federal Decree-Law No. (10) of 2025 sets out the competencies of a Supervisory Authority, including assessing ML/TF risks, conducting AML/CFT supervision, issuing guidance, imposing administrative penalties and maintaining statistics. GCGRA exercises these powers for commercial gaming.

3. Coordination with the FIU

The Financial Intelligence Unit within the Central Bank, established under Article (11) of Federal Decree-Law No. (10) of 2025, remains the sole recipient of suspicious transaction reports via the goAML system. GCGRA supervises the reporting culture; it does not receive STRs directly.

4. Coordination with EOCN on sanctions

The Executive Office for Control and Non-Proliferation issues and updates the Targeted Financial Sanctions regime. GCGRA expects commercial gaming operators to screen against the UAE Local Terrorist List and UN Security Council Consolidated List in accordance with Cabinet Decision No. (74) of 2020.

Supervisory context

Because commercial gaming has no UAE operating history and no licensed population at the time of the 2024 National Risk Assessment, GCGRA’s early supervisory approach relies heavily on the 2025 Commercial Gaming Policy Paper and cross-sector overarching guidance rather than sector-specific typologies.

Planning your GCGRA AML programme?

Our team helps commercial gaming licensees stand up AML governance, ERA, CDD workflows, sanctions screening and MLRO frameworks that map to GCGRA expectations.

Talk to AML UAE about commercial gaming compliance →

AML Regulations Applicable to Commercial Gaming Operators in UAE

AML regulations for commercial gaming operators in UAE combine four layers of source material. Federal laws and executive regulations form the mandatory baseline; overarching sanctions, proliferation financing and typology guidance add cross-sector expectations; the UAE National Risk Assessment sets country-level context; and the 2025 Commercial Gaming Policy Paper provides sector-specific direction. This page captures all four layers so that GCGRA licensees can see the full compliance perimeter in one place.

The four layers of AML rules that apply to commercial gaming

Read them as a stack: federal laws create the obligation, overarching guidance fills in the sanctions and proliferation financing detail, and sector documents translate them into gaming-specific controls.

1. Federal AML laws and executive regulations

2. Overarching AML, TFS and PF guidance

3. National Risk Assessment 2024

4. Sector-specific Commercial Gaming Policy Paper 2025

Federal AML Laws and Executive Regulations Applicable to Commercial Gaming Operators

Federal laws and executive regulations are the mandatory AML baseline for commercial gaming operators in the UAE. The Decree-Law and its Executive Regulations establish obligations on customer due diligence, beneficial owner identification, suspicious transaction reporting, record-keeping, sanctions compliance and administrative penalties. The terrorism, beneficial owner and penalty frameworks complete the picture.

Federal AML laws and executive regulations at a glance

Seven mandatory federal instruments underpin AML regulations for commercial gaming operators in UAE.

01 Federal Decree-Law No. (10) of 2025

02 Federal Law No. (7) of 2014

03 Cabinet Resolution No. (134) of 2025

04 Cabinet Decision No. (74) of 2020

05 Cabinet Decision No. (109) of 2023

06 Cabinet Resolution No. (132) of 2023

Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing

2025
Federal Decree-Law No. (10) of 2025 on Combating Money Laundering, Terrorist Financing and Proliferation Financing
Issued by: UAE Federal Government

The primary federal AML law. It defines the money laundering, terrorist financing and proliferation financing offences; establishes the Financial Intelligence Unit at the Central Bank under Article (11); sets out Supervisory Authority competencies under Article (16); requires reporting of suspicious transactions under Article (18); and imposes criminal and administrative penalties, with administrative fines ranging from AED 10,000 to AED 5,000,000 per violation under Article (17).

Key citation: Articles (11), (16), (17), (18) and (28) to (35).

Federal Law No. (7) of 2014 Combating Terrorism Crimes

2014
Federal Law No. (7) of 2014 Combating Terrorism Crimes
Issued by: UAE Federal Government

Sets the substantive terrorism offences that sit behind the terrorist financing offence in Federal Decree-Law No. (10) of 2025. For gaming operators it matters because CDD, sanctions screening and STR obligations all anchor in whether a patron or counterparty is connected to terrorism offences defined in this law.

Key citation: Definitions of terrorist act, terrorist offence and terrorist organisation.

Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025

2025
Cabinet Resolution No. (134) of 2025 (Executive Regulations of the AML Decree-Law)
Issued by: UAE Cabinet

The operational rulebook for the AML Decree-Law. It lists the DNFBPs (including commercial gaming operators with the AED 11,000 trigger) under Article (3); sets the risk assessment obligation in Article (5); details CDD and beneficial owner identification in Articles (6) to (10); requires PEP handling in Article (16); mandates STR reporting and non-disclosure in Articles (17) to (19); governs third-party reliance in Article (20); demands internal policies and training in Article (21); requires appointment of a Compliance Officer in Article (22); addresses high-risk countries in Article (23); covers new technologies in Article (24); and sets the minimum five-year record-keeping period in Article (25).

Key citation: Article (3) Item (1) is the DNFBP entry for commercial gaming; AED 11,000 threshold and chip carve-out.

Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorist Financing, Countering the Proliferation of Weapons of Mass Destruction and related resolutions

2020
Cabinet Decision No. (74) of 2020 on Terrorism Lists and UN Sanctions
Issued by: UAE Cabinet

The core targeted financial sanctions instrument. It governs the UAE Local Terrorist List and the implementation of UN Security Council Consolidated Lists on terrorism, terrorist financing and proliferation financing. Commercial gaming operators must screen patrons and counterparties against these lists, freeze assets without delay and report matches to the Executive Office for Control and Non-Proliferation.

Key citation: Freezing without delay, reporting to the Executive Office, and implementation of UN resolutions.

Cabinet Decision No. (109) of 2023 on Regulating the Beneficial Owner Procedures

2023
Cabinet Decision No. (109) of 2023 on Regulating the Beneficial Owner Procedures
Issued by: UAE Cabinet

The beneficial owner regime applicable to legal persons in the UAE. Commercial gaming operators that are legal persons must maintain and file beneficial owner and real beneficiary registers in line with this decision, update them on change, and provide the data to the Registrar and competent authorities as required.

Key citation: Obligation to maintain and disclose Real Beneficiary and Shareholder registers; 25 per cent ownership/control test.

Cabinet Resolution No. (132) of 2023 Concerning Administrative Penalties for Violations of Cabinet Resolution No. (109) of 2023 on the Regulation of Beneficial Owner Procedures

2023
Cabinet Resolution No. (132) of 2023 on Administrative Penalties for Beneficial Owner Violations
Issued by: UAE Cabinet

Sets graduated administrative penalties for failures to maintain and disclose beneficial owner information under Cabinet Decision No. (109) of 2023. Commercial gaming operators should treat beneficial owner breaches as material, not procedural, given the penalty structure.

Key citation: Written warning, financial penalty and suspension of activities for repeated or serious breaches.

Decoding the federal AML stack for your gaming licence?

We translate Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025 into practical policies, risk matrices and monitoring rules calibrated to commercial gaming.

See our AML compliance services →

Overarching AML Guidance Applicable to Commercial Gaming Operators in the UAE

Overarching guidance extends the federal baseline with cross-sector expectations on targeted financial sanctions, proliferation financing, terrorist financing red flags, virtual asset provider risks and practical supervisory conduct. Each document is valid until specifically repealed; where it was issued under the prior AML law, it continues to apply to the extent consistent with Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025.

Overarching AML guidance at a glance

Thirteen cross-sector guidance documents that commercial gaming operators must read into their own AML programme.

01 EOCN TFS Guidance (2026)

02 FIU TF Strategic Analysis (2025)

03 TFS Case Studies Review (2024)

04 PF Institutional Risk Assessment Guidance (2023)

05 Terrorist and PF Red Flags (2023)

06 Unlicensed VASP Joint Guidance (2023)

07 Counter Proliferation Financing Guidance (2022)

08 Satisfactory and Unsatisfactory Practice (2021)

09 TFS Typology Paper (2021)

10 Guideline on Grievance Procedures

11 Online Grievance System User Guide

12 Combating PF and Sanctions Evasion

13 NAS Subscription Simple Guide

Guidance on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs – March 2026

March 2026
Guidance on Targeted Financial Sanctions for FIs, DNFBPs and VASPs
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

The consolidated EOCN guidance on implementing targeted financial sanctions. It explains freezing without delay, rejection and reporting obligations, the role of the UAE Local Terrorist List and UN Consolidated List, registration for the Notification Alert System, and expectations on screening, governance and testing. Commercial gaming operators must build their sanctions programme to this document.

Key citation: Freezing without delay; NAS registration; screening at onboarding and on list updates.

FIU’s Strategic Analysis Report on Terrorist Financing – May 2025

May 2025
FIU Strategic Analysis Report on Terrorist Financing
Issued by: UAE Financial Intelligence Unit

Sets out the FIU’s strategic view of terrorist financing typologies, red flags and reporting patterns in the UAE. Gaming operators should feed this into transaction monitoring rules, EDD triggers and training, particularly for high-risk jurisdiction patronage and cash-heavy activity.

Key citation: Strategic TF typologies and red flags relevant to patron profiling.

Strategic Review on Targeted Financial Sanctions Case Studies – April 2024

April 2024 (IEC-SR.01.22 series)
Strategic Review on Targeted Financial Sanctions Case Studies
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Case-study based review of TFS implementation practice, covering asset-freezing failures, partial matches, false positives and typologies of evasion. Useful for gaming operators when calibrating screening thresholds and name-matching logic.

Key citation: Sanctions evasion typologies and screening quality expectations.

Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs – December 2023

December 2023
Proliferation Finance Institutional Risk Assessment Guidance
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Walks firms through conducting a proliferation financing institutional risk assessment. Commercial gaming operators should use it to build their own PF IRA, covering country, customer, product, channel and transaction risks, and linking conclusions to controls.

Key citation: Five-factor PF IRA framework and control linkage.

Terrorist and Proliferation Financing Red Flags Guidance – December 2023

December 2023
Terrorist and Proliferation Financing Red Flags Guidance
Issued by: Supervisory Authority Sub-Committee

A practical catalogue of red flag indicators for terrorist financing and proliferation financing, covering customer behaviour, transaction patterns, geographies and document anomalies. Directly usable as monitoring rule inputs for commercial gaming.

Key citation: Red flag catalogue for TF and PF.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE – November 2023

March 2022, updated 2023
Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers
Issued by: Joint issuance by UAE supervisory authorities

Warns supervised firms against dealing with or enabling unlicensed virtual asset service providers. Relevant for gaming operators that consider VA payment rails, token integrations or patrons whose source of funds includes virtual assets.

Key citation: No dealings with unlicensed VASPs; risk-based screening of VA payment flows.

Guidance on Counter Proliferation Financing for FIs, DNFBPs and VASPs – November 2022

March 2022
Guidance on Counter Proliferation Financing
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Core PF typology and controls guidance, covering dual-use goods, front companies, trade-based PF and sanctions evasion. Commercial gaming operators use it primarily for PF EDD scenarios and to support their PF IRA.

Key citation: PF typologies and control expectations for DNFBPs.

Joint Guidance – Satisfactory/Unsatisfactory Practice – June 2021

June 2021
Joint Guidance on Satisfactory and Unsatisfactory Practice
Issued by: Joint issuance by UAE supervisory authorities

Contrasts satisfactory versus unsatisfactory AML practice across governance, CDD, EDD, monitoring, reporting, sanctions and training. Provides a useful supervisory lens for gaming operators benchmarking their controls during mobilisation.

Key citation: Satisfactory vs unsatisfactory AML practice examples.

Typologies on the Circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction – March 2021

March 2021
TFS Typology Paper
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Typology paper on how designated persons and entities attempt to circumvent targeted financial sanctions. Gaming operators use it to shape red flag scenarios, EDD questionnaires and internal training.

Key citation: Sanctions evasion typologies.

Guideline on Grievance Procedures

Updated periodically
Guideline on Grievance Procedures
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Explains the delisting and grievance process for persons subject to targeted financial sanctions. Relevant when a patron contests a listing or a freeze; operators must route such grievances through the prescribed procedure rather than adjusting controls unilaterally.

Key citation: Formal grievance and delisting workflow.

Online Grievance System User Guide

Updated periodically
Online Grievance System User Guide
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Practical user guide to the EOCN online grievance platform. Supports the formal delisting procedure with step-by-step instructions that compliance teams can reference when handling patron grievances.

Key citation: Online grievance submission flow.

Combating Proliferation Financing and Sanctions Evasion

Updated periodically
Combating Proliferation Financing and Sanctions Evasion
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Companion document to the PF guidance that deepens the discussion of sanctions evasion tactics and the regulatory expectation that DNFBPs integrate PF controls into their AML programmes.

Key citation: Sanctions evasion detection and PF programme integration.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

Updated periodically
NAS Subscription Simple Guide
Issued by: Executive Office for Control and Non-Proliferation (EOCN)

Step-by-step guide for DNFBPs to register for the EOCN Notification Alert System so that they receive list updates without delay. Subscription to NAS is the operational foundation of freezing without delay under Cabinet Decision No. (74) of 2020.

Key citation: NAS registration underpins the freezing without delay obligation.

Bring the overarching guidance into your sanctions and PF playbooks

We turn EOCN TFS, PF and typology guidance into concrete screening rules, PF IRAs and freezing playbooks that survive supervisory inspection.

Contact us now →

NRA, SRA and Other Important Guidelines Applicable to Commercial Gaming Operators

The UAE’s National Risk Assessment is the country-level evidence base that supervisors, DNFBPs and financial institutions draw on for their enterprise risk assessments. For commercial gaming operators, it is also the document that explicitly acknowledges that their sector had no licensed population at the point of assessment, and that GCGRA was only recently formed.

UAE ML/TF National Risk Assessment – 2024

2024
UAE ML/TF National Risk Assessment
Issued by: Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism

Country-level assessment of money laundering and terrorist financing risks, threats, vulnerabilities and controls across sectors. Paragraph 234 records that GCGRA was introduced in September 2023 and that the commercial gaming sector was not evaluated because there were no licensed entities at the time. Paragraph 235 flags the need to develop a robust regulatory and supervisory framework aligned with FATF expectations. Paragraph 241 treats GCGRA’s establishment as a prudent step.

Key citation: Paragraphs 234, 235 and 241 on commercial gaming and GCGRA.

Sector-Specific Guidelines Applicable to Commercial Gaming Operators in UAE

The sector-specific guidance for commercial gaming operators in UAE is the 2025 Commercial Gaming Policy Paper. It sits below the federal law and the overarching guidance, and translates them into controls that match the ML/TF risk profile of commercial gaming.

Policy Paper – Commercial Gaming Policy (2025)

2025
Policy Paper on Commercial Gaming
Issued by: General Secretariat of the National AML/CFT Policies Committee (GSNAMLCFTPC)

The founding sector paper for commercial gaming AML/CFT in the UAE. It identifies the key ML/TF risks for the sector (anonymous transactions, exploitation of player accounts, use of third-party payments, foreign jurisdiction patronage, multiple payment methods, casino value instruments, VIP programmes, employee complicity and cash usage); designates GCGRA as the sole AML/CFT supervisor; and sets out a requirements table covering governance, institutional risk assessment, patron risk classification, PDD at the AED 11,000 threshold, EDD for high-risk categories, record-keeping of at least five years, MLRO appointment, suspicious activity reporting, sanctions screening and technical controls including ISO 27001 alignment and vulnerability assessment and penetration testing.

Key citation: Nine ML/TF sector risks; AML requirements table across governance, CDD, EDD, reporting and technical controls.

Operationalise the 2025 Commercial Gaming Policy Paper

AML UAE helps GCGRA licensees convert the sector paper into a documented AML programme, sanctions framework, PDD/EDD workflows and technical control baseline.

Speak to our commercial gaming compliance team →

Conclusion

The AML regulations for commercial gaming operators in UAE are mature on paper and new in practice. The perimeter is set by Cabinet Resolution No. (134) of 2025, the controls are anchored in Federal Decree-Law No. (10) of 2025, the sanctions and proliferation financing backbone is provided by Cabinet Decision No. (74) of 2020 and the EOCN guidance suite, and the sector-specific translation is delivered by the 2025 Commercial Gaming Policy Paper. GCGRA is the sole AML/CFT supervisor for the sector and is expected to adopt a risk-based supervisory approach as licensees go live.

For the first wave of GCGRA licensees, the practical compliance priorities are clear: build an enterprise risk assessment that takes the nine sector risks in the 2025 Policy Paper; stand up a DNFBP-grade CDD programme keyed to the AED 11,000 trigger; hard-wire sanctions screening and freezing without delay using NAS; integrate PF controls from the outset; appoint a Compliance Officer and MLRO under Article (22) of Cabinet Resolution No. (134) of 2025; and maintain records for at least five years under Article (25). Getting these right from day one will matter more than any retrospective remediation once supervision intensifies.

FAQs on AML Regulations for Commercial Gaming Operators in UAE

Are commercial gaming operators covered by UAE AML law?

Yes. Commercial gaming operators are covered under UAE AML law. Cabinet Resolution No. (134) of 2025, Article (3) Item (1) places them within the DNFBP perimeter once a single transaction or linked transactions reach AED 11,000. Transactions that involve only gaming chips or gaming instruments are not treated as financial transactions for this purpose.

Licensed commercial gaming operators must comply with the full DNFBP obligation set under Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025, including CDD, EDD, sanctions screening, STR reporting and five-year record-keeping.

Which regulator is relevant for commercial gaming and AML in the UAE?

The General Commercial Gaming Regulatory Authority (GCGRA) is the sole AML/CFT supervisor for commercial gaming operators in the UAE. The UAE ML/TF National Risk Assessment 2024 (paragraph 234) confirms that the authority was established in September 2023.

GCGRA exercises the Supervisory Authority competencies set out in Article 16 of Federal Decree-Law No. (10) of 2025, coordinates with the FIU at the Central Bank for STRs and with the Executive Office for Control and Non-Proliferation on targeted financial sanctions.

What AML controls should a gaming operator build first?

A commercial gaming operator should start with six controls, all traceable to Cabinet Resolution No. (134) of 2025 and the 2025 Commercial Gaming Policy Paper: an enterprise risk assessment under Article (5); CDD and beneficial owner identification under Articles (6) to (10); PEP handling under Article (16); sanctions screening under Cabinet Decision No. (74) of 2020; STR filing via goAML under Articles (17) to (19); and record-keeping under Article (25).

These should be supported by the appointment of a Compliance Officer under Article (22), written internal policies under Article (21), training, and technical controls aligned with the 2025 Commercial Gaming Policy Paper’s ISO 27001 and VAPT expectations.

How should gaming firms approach source of funds checks?

Source of funds and source of wealth checks flow from Articles (6) to (10) and Article (16) of Cabinet Resolution No. (134) of 2025, supported by the 2025 Commercial Gaming Policy Paper’s treatment of patron risk and EDD. At onboarding, the operator collects and verifies funding information proportionate to patron risk; for higher-risk patrons, PEPs or those from higher-risk jurisdictions, enhanced evidence is required.

Ongoing source of funds review should be triggered by threshold breaches, unusual patterns, matches against EOCN and UN lists, and red flags drawn from the Terrorist and PF Red Flags Guidance of December 2023 and the FIU’s May 2025 Strategic Analysis Report on Terrorist Financing.

Was this guide useful?

If this article helped you map AML expectations for commercial gaming in the UAE, a short Google review means a great deal.

Leave a review for AML UAE.

Share via :

AML/CFT Supervisory Authorities in UAE

Pathik Shah

Last Updated: 05/04/2026

Protect your business with reliable and effective AML strategies with AML UAE.

At a Glance: AML Supervisory Authorities in UAE

Legal Basis Federal Decree by Law No. (10) of 2025, Article 1

Definition Federal and local authorities entrusted with supervision of relevant regulated sectors

Banks and many other financial institution Central Bank of UAE (CBUAE)

Mainland DNFBPs (Accountants, TCSPs, DPMS, real estate agents) Ministry of Economy and Tourism (MoET)

Mainland lawyers, notaries, and other legal professionals Ministry of Justice (MoJ)

Commercial gaming sector General Commercial Gaming Regulatory Authority (GCGRA)

VASPs in Dubai outside DIFC Virtual Assets Regulatory Authority (VARA)

VASPs outside Dubai and outside DIFC / ADGM Capital Market Authority (CMA)

DIFC-authorised entities and other persons within DFSA’s regulatory perimeter Dubai Financial Services Authority (DFSA)

ADGM-authorised financial services firms and other persons within FSRA’s financial regulatory perimeter Financial Services Regulatory Authority (FSRA)

ADGM-licensed DNFBPs ADGM Registration Authority monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA

STR reporting channel UAE FIU via goAML portal , all sectors, all supervisory authorities

TFS implementation Executive Office for Control and Non-Proliferation (EOCN)

Scope of This Page :

This page provides the complete authority map showing all AML/CFT supervisory authorities in UAE and what they supervise. It does not detail sector-specific AML obligations, which are covered in dedicated sector articles. For STR guidance, see the FIU page. For individual sector obligations, see the relevant pages linked at the footer of this article.

Who Is My AML Supervisory Authority?

Use this four-step decision path to identify the authority that supervises your AML/CFT compliance:

01 Where are you licensed or operating? , Mainland / commercial free zone, DIFC, ADGM, or Dubai (outside DIFC)?

02 What type of entity are you? , Financial institution, DNFBP, VASP, commercial gaming operator, or legal professional?

03 Are you within the regulatory perimeter of CBUAE, MoET, MoJ, GCGRA, CMA, DFSA, FSRA, VARA, or the ADGM Registration Authority?

04 Regardless of your supervisory authority , all STRs are filed through the UAE FIU’s goAML portal, and all TFS instructions come from EOCN.

What Is a Supervisory Authority Under UAE AML/CFT Law?

What Is a Supervisory Authority?

1. Meaning of Supervisory Authority

The legal definition from Article 1 of the Federal Decree

2. What a Supervisory Authority Does in Practice

Risk assessments, inspections, penalties under Article 16-17

3. Not the Same as the FIU

The FIU receives STRs; supervisory authorities enforce compliance

4. Not the Same as Law Enforcement

Distinct from investigative and prosecutorial bodies

Meaning of Supervisory Authority

“The federal and local authorities entrusted under the legislation with the supervision of the financial institutions, designated non-financial businesses and professions, virtual asset service providers, and non-profit organizations (NPOs); or the competent authorities responsible for granting approval to engage in an activity or profession, where no specific supervisory authority is designated by the legislation.”

Federal Decree by Law No. (10) of 2025, Article 1

UAE AML/CFT supervisory authorities operate at both federal and local levels. The federal framework under Federal Decree by Law No. (10) of 2025 recognises that regulated sectors have distinct characteristics requiring specialist oversight. Accordingly, rather than creating a single monolithic regulator, the UAE assigns supervisory responsibility to the authority best placed to understand each sector’s risks.

The definition is deliberately broad. Where no specific supervisory authority has been designated by legislation, the competent authority responsible for granting approval to practise the relevant activity or profession assumes the supervisory role by default. This prevents regulatory gaps.

The definition also encompasses non-profit organisations (NPOs). Where an NPO falls within the supervised population, the same default rule applies: the competent authority responsible for approving or registering the NPO assumes the supervisory role unless legislation designates a specific authority for that category.

What a Supervisory Authority Does in Practice

Article 16 of Federal Decree by Law No. (10) of 2025 sets out the core competences of every supervisory authority. Within its respective area of competence, each authority must: conduct risk assessments concerning the likelihood of money laundering, terrorist financing, or proliferation financing occurring within the entities it supervises; perform supervisory and inspection operations, whether desk-based or field-based; and maintain statistics on the measures undertaken and the penalties imposed.

Where an entity fails to comply, Article 17 of the Decree empowers any supervisory authority to impose the following administrative penalties: a written warning; an administrative fine of not less than AED 10,000 and not exceeding AED 5,000,000 for each violation; prohibition from operating in the relevant sector for a determined period; restriction of board member or executive powers; suspension or replacement of directors or supervisory personnel; suspension or restriction of the activity or profession; and revocation of the licence. The supervisory authority may also publish penalties through media outlets and impose incremental fines for repeated violations within one year.

Supervisory Authorities Are Not the Same as the FIU

Article 11 of the Federal Decree by Law No. (10) of 2025 establishes an independent Financial Intelligence Unit (FIU) within the Central Bank. All Suspicious Transaction Reports (STRs) from financial institutions, DNFBPs, and VASPs must be submitted exclusively to the FIU through the goAML electronic system. The FIU analyses these reports and either refers them to the Concerned Authorities automatically or upon request.

The distinction matters in practice. A supervisory authority, such as CBUAE or MoET, is responsible for ensuring that entities under its supervision have adequate AML/CFT frameworks in place. The FIU, by contrast, is the national intelligence function: it receives, analyses, and disseminates financial intelligence. Submitting an STR to the FIU does not replace the obligation to comply with your supervisory authority’s requirements, and vice versa.

Supervisory Authorities Are Not the Same as Law Enforcement Agencies

Article 1 of the Federal Decree by Law No. (10) of 2025 defines Law Enforcement Authorities separately: these are “the federal and local authorities entrusted with combating, investigating, detecting, and gathering evidence in respect of the offences, including Money Laundering, Predicate Offences, the Financing of Terrorism, and the Proliferation Financing.” They operate under the Public Prosecution and the competent courts, not as supervisors of regulated sectors.

An inspection visit from a supervisory authority is an administrative compliance exercise. An investigation by a law enforcement authority is a criminal matter. The two processes may run in parallel, but they serve distinct purposes and involve distinct legal powers.

Need help mapping your supervisory authority obligations?

AML UAE advises regulated entities across all sectors on identifying their supervisory authority, understanding inspection expectations, and building compliant AML frameworks.

The Main AML/CFT Supervisory Authorities in the UAE

The Main Supervisory Authorities

1. CBUAE

Banks, insurance, exchange houses, payment services

2. MoET

Real estate, DPMS, TCSPs, accountants , most mainland DNFBPs

3. Ministry of Justice

Lawyers, notaries and other legal professionals

4. GCGRA

All commercial gaming operators, the newest supervisory authority

5. CMA (formerly SCA)

Capital markets, securities, VASPs outside Dubai and outside DIFC / ADGM

6. VARA

Virtual asset service providers in Dubai (excl. DIFC)

7. DFSA

DIFC-authorised entities and persons within DFSA’s regulatory perimeter

8. FSRA

Financial services firms and other persons within FSRA’s financial regulatory perimeter; ADGM-licensed DNFBPs monitored by the ADGM Registration Authority

Authority	Sector Coverage	Jurisdiction	Website
CBUAE	Banks, exchange houses, insurance, payment services, money transfer	Federal (mainland + commercial FZs)	https://www.centralbank.ae/en/
MoET	Real estate agents, DPMS, TCSPs, and accountants	Mainland UAE	https://www.moet.gov.ae/en/home
Ministry of Justice	Lawyers, notaries, and independent legal professionals when carrying out specified DNFBP activities	Mainland UAE	https://www.moj.gov.ae/
GCGRA	All commercial gaming operators (land-based, internet, sports wagering, lottery)	Federal (all UAE)	https://www.gcgra.gov.ae/en/
CMA (formerly SCA)	Capital markets, securities, and VASPs outside Dubai and outside DIFC / ADGM	Federal (all UAE)	https://sca.gov.ae/en/home
VARA	Virtual asset service providers in Dubai (excl. DIFC)	Dubai (excl. DIFC)	https://www.vara.ae/en/
DFSA	DIFC-authorised entities and other persons within DFSA’s regulatory perimeter	DIFC financial free zone	https://www.dfsa.ae/
FSRA	Financial services firms and other persons within FSRA’s financial regulatory perimeter	ADGM financial free zone	https://www.adgm.com/financial-services-regulatory-authority
ADGM Registration Authority	ADGM-licensed DNFBPs; monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA	ADGM financial free zone	https://www.adgm.com/registration-authority

The Central Bank of the UAE (CBUAE)

The Central Bank of the UAE (CBUAE) is the primary supervisory authority for financial institutions in the mainland UAE and commercial free zones. It oversees banks, exchange houses, insurance companies, payment service providers, and money or value transfer services. The CBUAE applies a risk-based supervisory framework aligned with FATF Recommendations, combining off-site monitoring with on-site inspections.

The UAE National Risk Assessment 2024 identifies the banking sector as one of the highest-value channels through which ML proceeds may flow, reflecting the CBUAE’s critical gatekeeping role. Financial institutions supervised by CBUAE must comply with its AML/CFT rulebook, guidance, and any circulars issued thereunder, in addition to the obligations under Federal Decree-Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025.

The Ministry of Economy and Tourism (MoET)

The Ministry of Economy and Tourism (MoET) is the designated supervisory authority for most designated non-financial businesses and professions (DNFBPs) in the mainland UAE. Its supervisory portfolio includes real estate brokers and agents, dealers in precious metals and stones (DPMS), company and trust service providers (TCSPs), accountants, and other commercial activities for which specific supervisory designations have been made.

The DNFBP sector was identified as carrying significant ML/TF risk in the UAE National Risk Assessment 2024, particularly real estate and DPMS. MoET exercises its supervisory mandate through both desk-based reviews and field inspections, and issues circulars and implementation guides for DNFBPs. MoET’s AML enforcement capability has grown substantially since 2020, with a dedicated supervisory function now established within the ministry.

The Ministry of Justice (MoJ)

The Ministry of Justice (MoJ) is the supervisory authority for lawyers, notaries, and other independent legal professionals in the mainland UAE when they carry out the specified activities that bring them within the DNFBP perimeter. Article 3(4) of Cabinet Resolution No. (134) of 2025 classifies lawyers, notaries, and independent legal professionals as DNFBPs when they prepare, conduct, or execute financial transactions on behalf of clients in relation to specified activities, including buying and selling real estate, managing client funds, organising contributions for company formation, and establishing or managing legal arrangements.

The MoJ supervises compliance with these obligations and coordinates with MoET and other supervisory authorities on cross-sector enforcement.

The General Commercial Gaming Regulatory Authority (GCGRA)

The General Commercial Gaming Regulatory Authority (GCGRA) was established by Federal Law by Decree and publicly launched in September 2023. It is the sole federal body mandated to regulate, license, and supervise all commercial gaming activities in the UAE, including land-based gaming facilities, internet gaming, sports wagering, and lottery operations.

Commercial gaming operators fall within the UAE AML/CFT perimeter under Article 3(1) of Cabinet Resolution No. (134) of 2025 when conducting single or linked financial transactions that equal or exceed AED 11,000. The GCGRA explicitly holds the role of “supervisory authority of AML/CFT for the commercial gaming sector” as confirmed in the Commercial Gaming Policy Paper published jointly by the GCGRA and the General Secretariat of the National AML/CFT Committee (GS-NAMLCFTPC). Within its first year of operation, the GCGRA issued the UAE’s first gaming operator licences, including a Land-Based Gaming Facilities Licence for Wynn Al Marjan in Ras Al Khaimah, and blocked over 6,500 illegal gaming sites.

The Capital Market Authority (CMA)

The Capital Market Authority (CMA), formerly known as the Securities and Commodities Authority (SCA), is the federal regulator for capital markets and securities activities in the mainland UAE and commercial free zones. Following its renaming, the CMA’s AML supervisory mandate extends to securities firms, fund managers, investment advisers, and virtual asset service providers (VASPs) operating outside Dubai and outside the financial free zones of DIFC and ADGM.

The CMA applies the same risk-based supervisory framework to VASPs within its jurisdiction as it does to other regulated financial activities, ensuring that supervisory coverage extends across the emerging virtual asset sector beyond the dedicated VARA, DFSA, and FSRA perimeters.

The Virtual Assets Regulatory Authority (VARA)

The Virtual Assets Regulatory Authority (VARA) was established in Dubai to regulate virtual asset service providers operating within Dubai, except for entities located within the DIFC financial free zone. VARA issues licences to VASPs and functions as their primary AML/CFT supervisory authority within its jurisdiction, applying obligations derived from Federal Decree-Law No. (10) of 2025 alongside its own VARA Virtual Asset and Related Activities Regulations.

VASPs in Dubai must obtain a VARA licence before commencing operations. The VARA framework requires licensed VASPs to implement comprehensive AML/CFT programmes, submit STRs to the UAE FIU via goAML, and comply with targeted financial sanctions obligations issued by the EOCN. VARA’s rulebook system distinguishes between different categories of virtual asset activity, each with tailored supervisory expectations.

The Dubai Financial Services Authority (DFSA)

The Dubai Financial Services Authority (DFSA) is the independent financial regulator of the Dubai International Financial Centre (DIFC), a financial free zone established by federal legislation and operating under its own legal framework. All entities authorised to conduct financial services within the DIFC, including banks, asset managers, brokers, and VASPs, are supervised by the DFSA for AML/CFT purposes.

The DFSA operates its own AML rulebook and supervisory regime, which is aligned with FATF Recommendations and recognised internationally. The CBUAE framework applies to mainland entities; within the DIFC, the DFSA is the relevant supervisory authority for AML/CFT purposes. This distinction has direct implications for which regulations, guidance notes, and inspection processes apply.

The Financial Services Regulatory Authority (FSRA)

The Financial Services Regulatory Authority (FSRA) is the independent financial regulator of Abu Dhabi Global Market (ADGM), the financial free zone located on Al Maryah Island in Abu Dhabi. The FSRA supervises firms and persons within its financial regulatory perimeter in ADGM, including banks, fund managers, insurance companies, and VASPs, for AML/CFT compliance under the FSRA’s Anti-Money Laundering and Sanctions Rules and Guidance (AML Rulebook).

It is important to note that FSRA’s supervisory authority does not extend to all entities in ADGM. For ADGM-licensed DNFBPs and non-financial entities, the ADGM Registration Authority holds the commercial regulatory mandate. It monitors AML compliance for ADGM-licensed DNFBPs under an agreement with the FSRA.

Like the DFSA, the FSRA’s financial supervisory authority is ring-fenced to its jurisdiction: the ADGM. The CBUAE or CMA does not supervise financial institutions in ADGM for AML purposes. The FSRA applies a risk-based supervisory approach, conducts periodic thematic reviews, and maintains an active enforcement function.

Unsure which supervisory authority applies to your business?

AML UAE provides sector-specific guidance on supervisory authority identification, registration requirements, and compliance obligations for all regulated sectors in the UAE.

How Supervisory Responsibilities Are Divided Across the UAE

How Responsibilities Are Divided

1. Mainland UAE

CBUAE, MoET, MoJ, GCGRA, and CMA cover different sectors

2. Commercial Free Zones

FIs supervised by CBUAE; DNFBPs by MoET/GCGRA depending on sector

3. Financial Free Zones

DIFC under DFSA; ADGM financial services under FSRA, with ADGM DNFBP AML monitoring by the Registration Authority

4. Dubai VASPs

VARA holds exclusive jurisdiction outside DIFC

5. VASPs Outside Dubai

CMA supervises VASPs in other emirates and commercial free zones

Mainland UAE

In the mainland UAE, supervisory responsibility is divided by sector. The CBUAE supervises financial institutions. MoET supervises the majority of DNFBP sectors. The Ministry of Justice supervises lawyers, notaries, and other legal professionals. The GCGRA supervises commercial gaming operators. The CMA supervises capital markets firms and VASPs that fall outside the perimeters of the VARA, DFSA, and FSRA. This means that a single business area may contain entities supervised by three or four different authorities, each with its own inspection calendar, guidance library, and enforcement approach.

Commercial Free Zones

Commercial free zones, such as DMCC and JAFZA, are not financial free zones. Entities in these zones are generally subject to UAE federal AML law and supervised by the same authorities as their mainland counterparts, unless a specific legal arrangement provides otherwise. CBUAE generally supervises a financial institution in a commercial free zone. MoET generally supervises a real estate broker or TCSP in a commercial free zone. The free zone authority itself does not function as an AML supervisory authority unless specifically designated under the relevant legislation.

Financial Free Zones

The UAE has two financial free zones: the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM). These are constitutionally recognised free zones with their own civil and commercial laws, courts, and financial regulators. Entities operating within them are subject to the AML/CFT requirements of the applicable financial free zone regulator rather than the federal supervisory bodies, though federal criminal law, including the money laundering offence under Federal Decree-Law No. (10) of 2025, continues to apply throughout the UAE.

DIFC, supervised by DFSA

All entities authorised to conduct financial services or related activities within the DIFC are supervised by the Dubai Financial Services Authority (DFSA) for AML/CFT purposes. The DFSA’s AML Module (AML) within its Rulebook sets out the detailed obligations. DIFC entities submit STRs to the UAE FIU via goAML in the same way as all other regulated entities, but their primary supervisory relationship and inspection regime is governed by the DFSA.

ADGM, financial services supervised by FSRA; DNFBPs monitored by ADGM Registration Authority

In ADGM, supervisory responsibility is not exercised solely by the FSRA. FSRA-authorised firms, including banks, fund managers, and VASPs, are supervised for AML/CFT compliance by the FSRA under its AML Rulebook, which incorporates FATF Recommendations and international standards. For ADGM-licensed DNFBPs, however, the ADGM Registration Authority is responsible for monitoring AML compliance under an agreement with the FSRA.

Dubai Virtual Asset Service Providers

VARA holds exclusive supervisory jurisdiction over VASPs operating within Dubai, with the single exception of entities within the DIFC (which are supervised by the DFSA). VASPs wishing to operate in Dubai must obtain a VARA licence and comply with VARA’s Virtual Assets and Related Activities Regulations (VARA Regulations). Operating as a VASP in Dubai without a VARA licence is illegal.

Virtual Asset Service Providers in the UAE Outside Dubai

VASPs operating in emirates other than Dubai, or in commercial free zones outside DIFC and ADGM, are regulated by the Capital Market Authority (CMA). The CMA issues licences for VASP activities in Abu Dhabi, Sharjah, and other mainland or commercial free zone locations, and supervises those entities for AML/CFT compliance. VASPs in ADGM are supervised by the FSRA rather than the CMA.

Common Areas of Confusion

Who Supervises DNFBPs in Mainland UAE?

MoET supervises the majority of DNFBP sectors in the mainland UAE, including real estate agents, dealers in precious metals and precious stones, company and trust service providers, and accountants. Lawyers, notaries and other legal professionals are supervised by the Ministry of Justice. Commercial gaming operators, Internet Gaming Operators, Land-Based Gaming Facilities Operators, Sports Wagering Operators, and Lottery Operators are supervised by the GCGRA. Article 3 of Cabinet Resolution No. (134) of 2025 sets out the full list of DNFBP categories.

Who Supervises Lawyers and Legal Consultants?

In the mainland UAE, the Ministry of Justice (MoJ) supervises lawyers, notaries, and other independent legal professionals for AML/CFT compliance when they are carrying out the specified activities that bring them within the DNFBP perimeter, such as managing client funds, preparing or executing real estate transactions, or forming or managing legal arrangements. A lawyer or legal consultant practising within the DIFC is subject to DFSA oversight. One practising within ADGM falls under the applicable ADGM framework, which distinguishes between firms within FSRA’s financial regulatory perimeter and non-financial activities within the Registration Authority’s commercial regulatory remit. The applicable supervisory authority depends on where the legal professional is licensed and practises, not on the nationality of their clients or the location of the underlying transaction.

Who Supervises Virtual Asset Businesses in Dubai?

VARA supervises all VASPs in Dubai, excluding those in the DIFC. The Dubai government granted VARA exclusive licensing authority. A VASP entity established in a commercial free zone within Dubai (such as DMCC) still requires a VARA licence and is subject to VARA’s AML supervision. Only if the VASP is authorised within the DIFC does the DFSA assume supervisory authority. There is no overlap: if you are in Dubai outside the DIFC, your supervisor is VARA.

Does DIFC Follow DFSA Rules or Federal AML Law?

Both, in different respects. For AML/CFT compliance purposes, DIFC-authorised entities and other persons within DFSA’s regulatory perimeter are governed by the DFSA’s AML Module and subject to DFSA inspections. For AML/CFT compliance purposes, DIFC and ADGM-authorised firms follow their respective applicable free-zone regulatory rulebooks, while federal criminal law and national reporting and sanctions mechanisms continue to apply across the UAE. A DIFC entity that commits money laundering can be prosecuted under federal law, even though its day-to-day AML/CFT compliance obligations are supervised by the DFSA.

Does ADGM Follow FSRA Rules, ADGM Registration Authority Requirements, or Federal AML Law?

FSRA-authorised firms and other persons within FSRA’s financial regulatory perimeter comply with the FSRA’s AML Rulebook and are supervised by the FSRA. For ADGM-licensed DNFBPs, the ADGM Registration Authority monitors AML compliance under an agreement with FSRA, so the FSRA is not the supervisory authority for all ADGM entities. The ADGM operates its own legal system for civil and commercial matters, including financial regulation. Federal criminal law, including the money laundering offence, continues to apply in ADGM, as it does across all of the UAE territory. All ADGM entities submit STRs to the UAE FIU via the goAML portal, which is the single national channel for STR submission regardless of supervisory authority.

Is the FIU Also a Supervisory Authority?

No. Article 11 of the Federal Decree by Law No. (10) of 2025 establishes the FIU as an independent financial intelligence function within the Central Bank. Its role is to receive all Suspicious Transaction Reports, study and analyse them, and refer findings to the Concerned Authorities. The FIU does not conduct compliance inspections of regulated entities, does not issue AML guidance to regulated sectors, and does not impose administrative penalties. Those functions belong to the relevant supervisory authority for each sector. The FIU and supervisory authorities serve complementary but distinct functions.

What Is EOCN and What Does It Do?

The Executive Office for Control and Non-Proliferation (EOCN) is defined in Article 1 of Federal Decree by Law No. (10) of 2025 as the body “concerned with the implementation of targeted financial sanctions within the State.” EOCN administers the UAE’s domestic terrorist and sanctions lists and ensures that instructions on Targeted Financial Sanctions (TFS) are disseminated to all regulated entities. All financial institutions, DNFBPs, and VASPs must comply immediately with TFS instructions issued by EOCN. The EOCN is not a supervisory authority for AML compliance; it is the national body responsible for implementing targeted financial sanctions. Supervisory authorities ensure that entities under their oversight have effective sanctions compliance systems, but the TFS instructions themselves originate from EOCN.

Receive practical AML/CFT compliance guidance

AML UAE publishes sector-specific blogs and regulatory updates for all supervised sectors in the UAE.

Why Understanding the Right Supervisory Authority Matters

1. Correct Registration and Reporting Channels

Register with the right authority; use the correct reporting platform

2. Proper Engagement During Inspections

Different authorities run inspections differently , preparation varies

3. Correct Application of Sector-Specific Guidance

Each supervisory authority issues its own circulars and guidance

4. Avoiding Regulatory Breaches from Confusion

Jurisdictional errors are treated as compliance failures

Correct Registration and Reporting Channels

Regulated entities must register with, or obtain a licence from, the correct supervisory authority for their sector and location. Operating without the correct authorisation, or registering with the wrong authority, is a regulatory breach in its own right. All regulated entities across all supervisory authorities submit STRs through the single national channel: the UAE FIU’s goAML portal. However, sector-specific compliance registers, inspection schedules, and guidance libraries are maintained separately by each supervisory authority.

Proper Engagement During Inspections

Supervisory inspections vary significantly between authorities. CBUAE bank examinations follow a structured prudential and AML framework. MoET inspections of DNFBPs may focus on registration, customer due diligence documentation, and beneficial ownership records. DFSA and FSRA inspections draw on their detailed rulebook requirements and international supervisory methodologies. GCGRA inspections are still developing their framework. Knowing your supervisory authority enables you to prepare for inspections correctly, including understanding what documentation to have ready, which guidance applies, and who your regulatory contact point is.

UAE AML/CFT Regulatory Source Hierarchy

Federal AML law (Federal Decree by Law No. (10) of 2025) , the overarching criminal and regulatory framework

Executive regulations (Cabinet Resolution No. (134) of 2025) , detailed implementing obligations, sector definitions, and thresholds

Sector rulebooks and regulator instruments , issued by CBUAE, MoET, DFSA, FSRA, VARA, CMA, MoJ, GCGRA for their respective sectors

Circulars, guidance notes, and policy papers , supplementary implementation guidance from each supervisory authority

Correct Application of Sector-Specific Guidance

Each supervisory authority publishes its own guidance, circulars, and implementation notes. A circular issued by MoET to DNFBPs does not apply to entities supervised by the CBUAE, and vice versa. Applying the wrong guidance or overlooking guidance from your own supervisory authority can leave compliance gaps that expose an entity to enforcement action. Following guidance from the correct supervisory authority is a prerequisite for demonstrable compliance.

Avoiding Regulatory Breaches Caused by Confusion over Jurisdiction

Jurisdictional confusion has practical consequences. An entity that believes it is supervised by CBUAE when it should be supervised by MoET may fail to register correctly, miss MoET inspection cycles, or apply CBUAE guidance that does not cover its sector’s specific risk profile. Article 17 of Federal Decree by Law No. (10) of 2025 empowers supervisory authorities to impose fines of up to AED 5,000,000 per violation, suspend activities, and revoke licences. Jurisdictional error does not constitute a defence to regulatory non-compliance.

Conclusion

The UAE operates a multi-authority AML/CFT supervisory architecture in which multiple federal, local, free-zone, and sector-specific authorities exercise jurisdiction over distinct sectors and geographic zones. Federal Decree by Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025 provides the overarching framework, while specific authority mandates are established by sector-specific legislation and regulatory instruments.

CBUAE supervises many financial institutions. MoET supervises most mainland DNFBPs, subject to sector-specific carve-outs for lawyers and gaming. The Ministry of Justice supervises lawyers and notaries engaged in specified DNFBP activities. The GCGRA supervises the commercial gaming sector. The CMA supervises capital markets and VASPs outside Dubai and outside DIFC and ADGM. VARA supervises VASPs within Dubai outside the DIFC. The DFSA supervises entities and persons within its regulatory perimeter in DIFC. In ADGM, the FSRA supervises firms within its financial regulatory perimeter, while the ADGM Registration Authority monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA. All STRs flow to the UAE FIU via goAML, and targeted financial sanctions instructions are issued by the EOCN.

For regulated entities, identifying the correct supervisory authority is the foundational compliance question. Everything else, which guidance applies, which inspection regime to prepare for, which reporting channel to use, and which penalties may be imposed, flows from that answer.

Frequently Asked Questions

The Central Bank of the UAE (CBUAE) is the AML supervisory authority for banks and other financial institutions in the mainland UAE and in commercial free zones. The DFSA supervises banks in the DIFC; those in ADGM are supervised by the FSRA. All banks submit STRs to the UAE FIU via the goAML portal, regardless of their supervisory authority.

The Ministry of Economy and Tourism (MoET) supervises most DNFBP sectors in the mainland UAE, including real estate agents, dealers in precious metals and precious stones, company and trust service providers, and accountants. The Ministry of Justice supervises lawyers and notaries. The GCGRA supervises commercial gaming operators. Article 3 of Cabinet Resolution No. (134) of 2025 defines the full DNFBP categories.

The UAE Financial Intelligence Unit (FIU) is an independent unit within the Central Bank, established under Article 11 of Federal Decree-Law No. (10) of 2025. It receives all Suspicious Transaction Reports (STRs) from financial institutions, DNFBPs, and VASPs exclusively through the goAML portal. The FIU studies and analyses these reports and refers findings to the Concerned Authorities. The FIU is not an AML supervisory authority and does not conduct compliance inspections.

The Executive Office for Control and Non-Proliferation (EOCN) is responsible for implementing targeted financial sanctions in the UAE, as defined in Article 1 of Federal Decree-Law No. (10) of 2025. EOCN administers the domestic terrorist and sanctions lists and issues TFS instructions to all regulated entities. Supervisory authorities ensure that entities under their supervision have effective sanctions-compliance frameworks, but the TFS instructions themselves originate from EOCN.

No. The UAE uses a multi-authority model where supervisory responsibility is assigned by sector and geographic zone. Depending on the activity and jurisdiction, the relevant authority may include CBUAE, MoET, Ministry of Justice, GCGRA, CMA, VARA, DFSA, FSRA, or, for ADGM-licensed DNFBPs, the ADGM Registration Authority. The NAMLCFTC coordinates the national AML/CFT strategy across all supervisory authorities, and the UAE FIU serves as the single national financial intelligence function.

The ADGM Registration Authority monitors AML compliance for ADGM-licensed DNFBPs under an agreement with the FSRA. The FSRA is ADGM’s financial regulator and supervises firms within its financial regulatory perimeter. Still, it is not accurate to describe ADGM-licensed DNFBPs as supervised by FSRA in the same way as ADGM financial services firms. Entities in ADGM should identify whether they fall within the FSRA’s financial regulatory perimeter or within the Registration Authority’s commercial regulatory remit.

No. The FSRA is ADGM’s financial regulator for firms and persons within its regulatory perimeter, including banks, fund managers, and VASPs. The ADGM Registration Authority holds the commercial regulatory mandate and monitors AML compliance for ADGM-licensed DNFBPs under an agreement with FSRA. An ADGM entity that is not within the FSRA’s financial regulatory perimeter should look to the ADGM Registration Authority as the relevant AML monitoring body.

Found This Guide Helpful?

If this guide to who supervises AML compliance in UAE has helped clarify your compliance obligations, we would appreciate a Google review. Your feedback helps other compliance professionals find reliable guidance.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

AML Regulations for Lawyers, Notaries, and Other Legal Professionals in UAE

How the Ministry of Justice supervises the sector

Pathik Shah

Last Updated: 04/29/2026

Protect your business with reliable and effective AML strategies with AML UAE.

AML Regulations for Lawyers, Notaries, and Other Legal Professionals in UAE: At a Glance

Covered activities: Five activities under Article 3(4) of Cabinet Resolution 134/2025 bring a lawyer, notary, or legal consultant inside the AML regime.

Supervisory authority: The Ministry of Justice (MoJ) supervises law firms, legal consultancy offices, and notaries public under Ministerial Resolution 248 of 2025.

Primary legislation: Federal Decree-Law 10 of 2025 and Cabinet Resolution 134 of 2025 replace Federal Decree-Law 20 of 2018; all unrepealed circulars remain valid.

Administrative penalties: Forty-one violation categories under Cabinet Resolution 71 of 2024 carry fines ranging from AED 50,000 to AED 1,000,000, doubled on repetition.

Legal privilege: Article 18(2) of both Federal Decree Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025 protects defence, representation, arbitration, mediation, and legal opinion activities from the STR duty.

Reporting channel: Suspicious transactions go to the Financial Intelligence Unit through the goAML platform.

Record retention: Five years for customer records and all AML documentation, starting from the end of the business relationship or the completion of the transaction.

Free-zone carve-out: Firms licensed in ADGM and DIFC sit under ADGM (RA) and DFSA respectively; MoJ supervision does not apply to them.

AML Regulations for Lawyers, Notaries, and Other Legal Professionals in UAE

AML regulations for lawyers in UAE place five defined activities inside the anti-money-laundering perimeter and require lawyers, legal consultants, and notaries public under the supervisory remit of the Ministry of Justice. The current framework is anchored in Federal Decree-Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing and its Executive Regulations in Cabinet Resolution No. (134) of 2025, both of which repealed Federal Decree-Law No. (20) of 2018 and its earlier Executive Regulations, while preserving every circular and notification that has not been specifically revoked.

This spoke article sits inside the DNFBPs regulatory cluster on AML UAE and focuses only on legal professionals supervised by the Ministry of Justice. Firms licensed in Abu Dhabi Global Market or the Dubai International Financial Centre sit under the ADGM Registration Authority (RA) and the DFSA, respectively, so this guide addresses their position only in the carve-out note at the end of the supervisor section. Every specific article number, penalty figure, timeline, and threshold below is traceable to a named instrument published on uaelegislation.gov.ae or to a named Ministry of Justice publication on moj.gov.ae. For the federal law in its own right, see the guide to anti-money laundering laws in UAE.

Scope of this page:

This page covers lawyers, notaries, and legal consultants performing the five covered activities under Article 3(4) of Cabinet Resolution 134/2025, supervised by the Ministry of Justice. Accountants, auditors, and trust and company service providers are addressed on their own sibling pages in the DNFBPs cluster. Where cross-sector rules are common to every DNFBP (for example beneficial owner disclosure, targeted financial sanctions, and administrative penalties), this page states what they require of legal professionals specifically and links to the pillar page for the wider framing.

Who Counts as a Lawyer, Notary, or Legal Professional for AML Purposes in UAE?

A lawyer, legal consultant, or notary public is inside the UAE AML regime when they prepare, carry out, or assist a client with any of the five activities listed in Article 3, Clause 4 of Cabinet Resolution 134 of 2025.

The Five Covered Activities Under Article 3(4) of Cabinet Resolution 134 of 2025

The Executive Regulations list the activities that bring an independent legal professional inside the AML perimeter. Each is a transactional or representational act carried out for or on behalf of a client; performing any one of them triggers customer due diligence, record keeping, suspicious transaction reporting, and the wider obligations set out in Federal Decree-Law 10 of 2025.

1. Real estate transactions

Buying or selling real estate, whether the professional acts for the buyer, the seller, or holds client funds in the course of the transaction.

2. Managing client money

Managing customer funds, securities, or other assets held in a professional or fiduciary capacity.

3. Account management

Managing bank accounts, savings accounts, or securities accounts for a client.

4. Account management

Organising contributions for establishing, operating, or managing companies.

5. Legal persons and arrangements

Establishing, operating, or managing legal persons or legal arrangements, or performing any trading or buying and selling of commercial entities.

Source: Article 3, Clause 4, Cabinet Resolution No. 134 of 2025. The same five activities appear in the definition of designated non-financial businesses and professions in Article 1 of Federal Decree-Law No. 10 of 2025, read with Article 3, Clause 2 of the Executive Regulations.

Notaries Public

A notary public is a public officer who authenticates signatures, declarations, powers of attorney, contracts, and other legal documents. Notaries working in the private sector, private notaries, and the notarial sections of law firms are brought within the AML, in line with Article 3(4) of Cabinet Resolution 134 of 2025. Ministerial Resolution 248 of 2025 explicitly extends the Ministry of Justice supervisory framework to notaries public alongside law firms and legal consultancy offices.

Work Outside the AML Perimeter

From a professional secrecy perspective, Article 18, Clause 2 of Federal Decree-Law 10 of 2025 and Article 18, Clause 2 of Cabinet Resolution 134 of 2025 both carve out work involving assessing the client’s legal position, defending the client, or representing the client in judicial, administrative, arbitral, or mediation proceedings. Firms must still apply AML controls to the transactional elements of a matter even if the advocacy elements fall within privilege.

AML Supervisory Authority for Lawyers, Notaries, and Other Legal Professionals in UAE

The Ministry of Justice is the supervisory authority for law firms, legal consultancy offices, and notaries public in the Mainland. This was confirmed when Cabinet Decision No. (1/3 W) of 2019 designated the Ministry of Justice as the authority responsible for supervising lawyers and legal firms for AML/CFT purposes. Ministerial Resolution No. (248) of 2025, issued on 29 April 2025, replaces Ministerial Resolutions 532 and 533 of 2019 and sets out the supervisory procedures and controls in their current form.

UAE AML Framework Layers That Apply to Legal Professionals

FEDERAL	FDL 10/2025 and CR 134/2025 (Executive Regulations); FL 7/2014 Combating Terrorism Crimes; FDL 34/2022 Legal Profession; CR 8/2025 Executive Regulations of FDL 34/2022.
CROSS-SECTOR	CR 74/2020 TFS and UN sanctions; CR 109/2023 Beneficial Owner procedures; CR 132/2023 BO penalties; CR 71/2024 administrative penalties for MoJ and MoE supervisees; EOCN TFS Guideline and CPF Guidance.
SECTOR-SPECIFIC	MR 248/2025 supervisory controls for law firms, legal consultancies, and notaries public; MoJ Guidebook (November 2025); MoJ circulars from 2020 to 2026.

How the Ministry of Justice supervises the sector

Three operational building blocks explain how MoJ plans, conducts, and concludes supervisory action over legal professionals.

AML/CTF Department

The dedicated AML/CTF Department inside MoJ is the operational face of supervision, assigning inspectors and issuing guidance.

Risk-based inspections

Inspections follow a risk-based methodology that weights firm size, client profile, and the five covered activities.

Administrative sanctions

Breaches are dealt with under Cabinet Resolution 71 of 2024 and Article 6 of Ministerial Resolution 248 of 2025.

The MoJ AML/CTF Department and Its Fifteen Functions

The Guidebook for Law Firms and Legal Consultancy Offices on Combating Money Laundering, Countering the Financing of Terrorism and Countering Proliferation Financing, Second Edition, published by the Ministry of Justice in November, sets out fifteen functions for the Department. These include, among others, supervising law firms, legal consultancy offices, and notaries public for AML/CFT/CPF compliance; carrying out risk-based on-site and off-site inspections; imposing administrative sanctions and escalating suspected criminal conduct to prosecutors; cooperating with the Financial Intelligence Unit, the Executive Office for Control and Non-Proliferation, and other domestic and foreign counterparts; maintaining typologies; issuing sector guidance; and running awareness programmes.

Risk-Based Supervision and Inspection Readiness

Ministerial Resolution 248 of 2025 requires MoJ to adopt a risk-based approach when planning and conducting inspections and when deciding the scope and depth of each visit. Practically, this means firms are rated using factors such as client geographies, types of covered activities, complexity of legal persons being established or managed, cash handling, and past supervisory history.

A firm that is well prepared keeps a complete documentation pack at all times, including its firm-wide risk assessment, client risk assessments, sanctions screening logs, transaction risk assessments, STR-decision logs, training records, and a corrective action register showing how any previous findings have been closed out.

Inspection readiness is a continuous state, not a reaction

MoJ inspectors are entitled to request any AML document, client file, or system log at short notice. Firms that treat inspection readiness as a perpetual discipline, rather than a pre-visit scramble, consistently score better against the Guidebook’s controls.

Administrative Sanctions and Appeals

Article 6 of Ministerial Resolution 248 of 2025 provides that the AML Department may impose any of the administrative penalties set out in Cabinet Resolution 71 of 2024 on a law firm, legal consultancy office, or notary public that breaches the AML rules. The Guidebook identifies seven types of sanctions, which can include warnings, fines, restrictions on activity, suspension of managers or compliance officers, and suspension or cancellation of the licence.

A grievance may be filed with the Minister of Justice within twenty working days from the date of notification under Article 7 of MR 248 of 2025, with the Ministry responding within thirty working days under Article 8, failing which silence amounts to rejection per the general forty-day rule in Cabinet Resolution 71 of 2024.

Financial Free-Zone Carve-Out

Firms licensed in Abu Dhabi Global Market are supervised by the Registration Authority, and firms licensed in the Dubai International Financial Centre are supervised by the Dubai Financial Services Authority under the DIFC regulatory regime. MoJ supervision does not apply to them. A dual-licensed group of companies can adopt a group-wide AML programme while retaining separate records and applying the rulebook of the authority that licenses each leg of the business.

Dimension	Mainland	ADGM	DIFC
Supervisory authority	Ministry of Justice	Registration Authority (RA)	Dubai Financial Services Authority (DFSA)
Licensing authority	Ministry of Justice; Executive Council decisions for notaries	Registration Authority of ADGM	DIFC Authority
Core AML rulebook	FDL 10/2025, CR 134/2025, CR 71/2024, MR 248/2025	FSRA AML Rulebook under ADGM Financial Services and Markets Regulations	DFSA AML Module under the DIFC Regulatory Law
Sector guidance	MoJ Guidebook for Law Firms and Legal Consultancy Offices (November 2025)	FSRA-issued AML guidance for DNFBPs in ADGM	DFSA-issued AML guidance for DNFBPs in DIFC

Preparing for a MoJ inspection?

AML UAE runs pre-inspection readiness reviews against the MoJ Guidebook's ten obligations and Cabinet Resolution 71 of 2024 violations, with a prioritised remediation plan.

AML Regulations Applicable to Lawyers, Notaries, and Other Legal Professionals in UAE

The AML rulebook for legal professionals in the UAE is a stack. At the base sit the federal law and its Executive Regulations, followed by cross-sector resolutions on sanctions, beneficial ownership, and penalties. Sector-specific layers come next: Ministerial Resolution 248 of 2025 for supervision, the MoJ Guidebook for substantive controls, and a sequence of MoJ circulars that operationalise particular obligations. Overarching guidance from the Executive Office for Control and Non-Proliferation, the Financial Intelligence Unit, and the National Anti-Money Laundering and Combating the Financing of Terrorism Committee completes the picture.

Four groups of instruments every law firm must follow

Each group sits on a distinct tier of the framework; together, they form the complete AML rulebook for MoJ-supervised legal professionals.

1. Federal AML laws

Federal Decree-Law 10 of 2025 and Executive Regulations 134 of 2025, plus terrorism, beneficial owner, sanctions, and penalty resolutions.

2. Overarching guidance

EOCN TFS and CPF guidance, FIU strategic analysis, red flag typologies, and joint guidance on satisfactory practice.

3. NRA and SRA

UAE ML/TF National Risk Assessment 2024 and sectoral risk assessments feeding into MoJ’s supervisory priorities.

4. Sector instruments

MoJ Guidebook (November 2025) and circulars from 2020 to 2026 on CDD, TFS, REAR, high-risk jurisdictions, and policy updates.

Federal AML Laws and Executive Regulations Applicable to Lawyers, Notaries, and Legal Professionals

Eleven federal instruments form the statutory base for AML compliance by lawyers, notaries, and legal consultants in UAE. They range from the primary AML decree law and its Executive Regulations through to sector-neutral resolutions on sanctions, beneficial ownership, and penalties, and two instruments specific to the profession itself.

Ten federal instruments in this section

Each item below is a separate subsection summarising its scope, the articles most relevant to legal professionals, and the key thresholds or penalties.

01 FDL 10/2025

AML/CFT/CPF Federal Decree-Law

02 CR 134/2025

Executive Regulations

03 CR 8/2025

Executive Regulations of Legal Profession Law

04 MR 248/2025

MoJ supervisory procedures

05 CR 71/2024

Administrative penalties for MoJ/MoE supervisees

06 FDL 34/2022

Legal Profession Law

07 CR 74/2020

Terrorist lists and UNSC resolutions

08 FL 7/2014

Combating Terrorism Crimes

09 CR 109/2023

Beneficial owner procedures

10 CR 132/2023

BO administrative penalties

Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing

Federal Decree-Law No. (10) of 2025, issued on 30 September 2025, is the primary AML statute for the UAE. Article 41 repealed Federal Decree-Law No. (20) of 2018 and superseded its Executive Regulations, subject to any instruments issued under the old law remaining in force until amended, unless inconsistent with the new decree.

For lawyers, notaries, and legal consultants the most important provisions are Articles 2 and 3 which criminalise money laundering, financing of terrorism, and the financing of the proliferation of weapons of mass destruction; Article 18 which imposes the suspicious transaction reporting duty on DNFBPs subject to the privilege carve-out in clause 2; Article 19 on the prohibition on tipping off; Article 26 setting imprisonment from one to ten years and fines from AED 100,000 to AED 5,000,000 for laundering; Article 27 setting legal-person fines of AED 5,000,000 to AED 100,000,000; Article 28 imposing AED 100,000 to AED 1,000,000 for breaches of Article 18; Article 29 setting fines from AED 50,000 for tipping off; and Article 33 setting fines from AED 20,000 for breaches of targeted financial sanctions.

Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025

Cabinet Resolution No. (134) of 2025 is the operational manual for the federal decree law. Article 3, Clause 4 lists the five covered activities that bring lawyers, notaries, and independent legal professionals inside the AML regime.

Article 18, Clause 2 preserves legal professional privilege over assessment of the client’s legal position, defence, representation, arbitration, mediation, and the issuing of a legal opinion.

Article 19, Clause 2 makes clear that dissuading a client from engaging in an unlawful act is not tipping off.

Cabinet Resolution No. (8) of 2025 Regarding the Executive Regulations of Federal Decree-Law No. (34) of 2022 Regulating the Legal Profession and Legal Consultation Profession

Cabinet Resolution No. (8) of 2025 is the Executive Regulations of the Legal Profession Law. While its scope is the profession generally rather than AML specifically, it governs licensing, categories of registration, conduct rules, disciplinary committees, and registers maintained by the Ministry of Justice, and it therefore sets the institutional foundation against which AML sanctions, such as suspension or cancellation of a licence, actually operate. Compliance officers should read it alongside Federal Decree-Law No. (34) of 2022 when assessing the consequences of supervisory action.

Ministerial Resolution No. (248) of 2025 on Supervising Law Firms, Legal Consultancy Offices, and Notaries Public

Ministerial Resolution No. (248) of 2025, issued on 29 April 2025, regulates the procedures and controls for supervising and monitoring law firms, legal consultancy offices, and notaries public in the field of combating money laundering and terrorism. It establishes the AML/CTF Department as the competent body; sets out inspection methodology; confirms application of Cabinet Resolution 71 of 2024 penalties through Article 6; provides a twenty-working-day grievance window in Article 7; mandates a thirty-working-day response window in Article 8; and repeals Ministerial Resolutions 532 and 533 of 2019.

Cabinet Resolution No. (71) of 2024 Regulating Violations and Administrative Penalties Imposed on Violators of AML/CFT Measures Under the Supervision of MoJ and MoE

Cabinet Resolution No. (71) of 2024, issued on 8 July 2024, is the administrative penalties grid for DNFBPs supervised by MoJ and by the Ministry of Economy. It repeals Cabinet Resolution No. (16) of 2021 and sets out forty-one categories of violation with fines ranging from AED 50,000 to AED 1,000,000. Article 4 provides a twenty-working-day notification window, a thirty-working-day grievance window, and a forty-day deemed-rejection rule where the grievance is not filed. Article 5 allows fines to be doubled on repetition within a set period. A selection of the schedule is reproduced below for orientation; firms should consult the full text for the complete list.

Art	Violation summary	Fine (AED)
1.	Failure to apply customer due diligence measures to new or existing clients.	50,000 – 200,000
2.	Failure to identify the beneficial owner or to take reasonable steps to verify beneficial ownership information.	50,000 – 200,000
3.	Failure to conduct ongoing monitoring of the business relationship and to scrutinise transactions.	50,000 – 500,000
4.	Failure to conduct ongoing monitoring of the business relationship and to scrutinise transactions.	100,000 – 500,000

Federal Decree-Law No. (34) of 2022 Regulating the Legal Profession and Legal Consultation Profession

Federal Decree-Law No. (34) of 2022 is the governing law of the legal profession. It sets out licensing conditions, categories of lawyers, conduct duties, disciplinary committees, and the powers of the Ministry of Justice and the Executive Council. For AML purposes, it is the upstream instrument that defines who is a lawyer or legal consultant and whose license may be suspended or cancelled when penalties under Cabinet Resolution 71 of 2024 are imposed.

Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists and Implementation of UN Security Council Resolutions

Cabinet Decision No. (74) of 2020 regulates the UAE’s domestic terrorism lists and the implementation of United Nations Security Council resolutions on the suppression and combating of terrorism, terrorist financing, countering the proliferation of weapons of mass destruction, and related resolutions. It creates the obligation on every DNFBP, including law firms and notaries, to screen customers, transactions, and related parties against the UN Consolidated List and the UAE Local List; to apply without delay freezing measures on any confirmed match; and to report Confirmed Name Match Reports and Partial Name Match Reports to the FIU.

Federal Law No. (7) of 2014 on Combating Terrorism Crimes

Federal Law No. (7) of 2014 on Combating Terrorism Crimes is the criminal statute on terrorism offences, including financing. It defines terrorist acts, terrorist organisations, and the financing of terrorism, and it underpins the obligation in Federal Decree-Law 10 of 2025 to report suspicions of terrorism-related activity. Legal professionals should read it alongside Cabinet Decision 74 of 2020 when drafting STR scripts and training modules.

Cabinet Decision No. (109) of 2023 on Regulating the Beneficial Owner Procedures

Cabinet Decision No. (109) of 2023 governs beneficial owner disclosure for legal persons in the UAE. For legal professionals, the instrument is particularly relevant when they establish or manage companies for clients: they must help the entity meet the requirements to maintain a beneficial owner register, a nominee director register where applicable, and a partners or shareholders register; keep the information accurate and current; and file prescribed beneficial owner information with the registrar. The 25 per cent ownership threshold referenced in Cabinet Resolution 134 of 2025 mirrors the BO identification trigger used across the UAE framework.

Cabinet Resolution No. (132) of 2023 Concerning Administrative Penalties for Violations of Cabinet Decision No. (109) of 2023

Cabinet Resolution No. (132) of 2023 is the administrative penalties grid for beneficial owner breaches. Law firms that provide company formation and ongoing management services should understand these penalties because, although the penalty is imposed on the legal person, the firm’s role in maintaining the register and filing the data can attract parallel administrative liability under Cabinet Resolution 71 of 2024 as part of its AML obligations.

Quick Reference Timeline of Federal AML Instruments Affecting Legal Professionals

2014 CRIMINAL LAW

Federal Law No. (7) of 2014 on Combating Terrorism Crimes

Defines terrorism offences including financing and underpins STR scripts.

2020 CROSS-SECTOR

Cabinet Decision No. (74) of 2020 on terrorism lists and UNSC resolutions

Creates screening, freezing, and EOCN reporting duties for every DNFBP.

2022 PROFESSION

Federal Decree-Law No. (34) of 2022 Regulating the Legal Profession

Governs licensing, categories of lawyer, and disciplinary framework.

2023 CROSS-SECTOR

Cabinet Decision No. (109) of 2023 on Beneficial Owner Procedures

Registers, filings, and 25 per cent identification threshold for legal persons.

2023 CROSS-SECTOR

Cabinet Resolution No. (132) of 2023 on BO Administrative Penalties

Penalty grid for beneficial owner non-compliance.

2024 CROSS-SECTOR

Cabinet Resolution No. (71) of 2024 on AML/CFT Administrative Penalties

Forty-one violations; fines AED 50,000 to AED 1,000,000; doubling on repetition.

2025 PROFESSION

Cabinet Resolution No. (8) of 2025 Executive Regulations of FDL 34/2022

Operational rules for licensing, registers, and disciplinary action.

2025 SECTOR

Ministerial Resolution No. (248) of 2025 on supervision of law firms and notaries

Establishes MoJ AML/CTF Department, inspection methodology, and grievance windows.

2025 FEDERAL

Federal Decree-Law No. (10) of 2025 on AML/CFT/CPF

Primary AML statute; repeals FDL 20/2018; imprisonment and fine bands.

2025 FEDERAL

Cabinet Resolution No. (134) of 2025 Executive Regulations of FDL 10/2025

Five covered activities; privilege carve-out; thresholds; BO rule.

Need to map these laws to your firm's existing AML manual?

AML UAE performs gap-analysis mapping each article in FDL 10/2025, CR 134/2025, and CR 71/2024 to your current policies and procedures.

Overarching AML Guidance Applicable to Lawyers, Notaries, and Legal Professionals

Beyond federal statutes, legal professionals must follow a library of cross-sector guidance issued by the Executive Office for Control and Non-Proliferation, the Financial Intelligence Unit, and the National AML/CFT Committee. These documents are not stand-alone rulebooks, but failure to act on them is regularly cited as a contributing factor when administrative penalties are imposed under Cabinet Resolution 71 of 2024.

Thirteen cross-sector documents in this section

Dates, issuers, and scope; each gets its own reference card below.

01 TFS Guidance (EOCN)

AML/CFT/CPF Federal DecCore guidance on targeted financial sanctions for FIs, DNFBPs, and VASPs. ree-Law

02 FIU Strategic Analysis

Terrorist financing typologies and facilitators, May 2025

03 Strategic Review

TFS case studies covering 2019 to 2021.

04 PF Institutional RA

Proliferation finance institutional risk assessment guidance.

05 TF and PF Red Flags

Red flag indicators on terrorist and proliferation financing.

06 Unlicensed VA Providers

Joint guidance on combating unlicensed virtual asset providers.

07 CPF Guidance

Counter proliferation financing guidance for FIs, DNFBPs, and VASPs.

08 Satisfactory Practice

Joint guidance on satisfactory and unsatisfactory practice.

09 TFS Typologies

EOCN typologies on circumvention of targeted sanctions.

10 Grievance Guideline

Framework for challenging supervisory decisions.

11 Online Grievance Guide

Step-by-step user guide for the MoJ online grievance system.

12 Combating PF & Sanctions Evasion

Cross-agency publication on PF and sanctions evasion.

13 NAS Simple Guide

How to subscribe to the EOCN Notification Alert System.

Guidance on Targeted Financial Sanctions for FIs, DNFBPs and VASPs (EOCN)

Issued January 2021; Last amended March 2026

Guidance on Targeted Financial Sanctions for Financial Institutions, Designated Non-Financial Businesses and Professions, and Virtual Asset Service Providers

Central EOCN guidance explaining the legal framework for TFS, scope of application, freezing without delay, reporting of Confirmed Name Match Reports and Partial Name Match Reports, use of the goAML and EOCN Notification Alert System, and expectations on sanctions screening, governance, and training. Published on eocn.gov.ae.

FIU Strategic Analysis Report on Terrorist Financing (May 2025)

May 2025

Terrorist Financing Typologies and Facilitators – A Strategic Analysis Report

UAEFIU public version strategic analysis setting out TF typologies and facilitator profiles observed in UAE STR data; complements sector red-flag catalogues and informs MoJ risk-based inspection priorities.

Strategic Review on Targeted Financial Sanctions Case Studies (April 2024)

April 2024 (content: November 2021, IEC-SR.01.22)

Strategic Review on Targeted Financial Sanctions Case Studies 2019-2021

EOCN review of case studies drawn from UAE TFS implementation, highlighting common failings such as delayed screening, weak governance, and unreported partial matches. Useful for law firms drafting sanctions-screening logs.

Proliferation Finance Institutional Risk Assessment Guidance (December 2023)

Published December 2023

Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs

Methodology for conducting a firm-level PF risk assessment, including jurisdiction, customer, product, and delivery-channel risk. Expected input into a law firm’s enterprise-wide risk assessment.

Terrorist and Proliferation Financing Red Flags Guidance (December 2023)

Published September 2023; updated December 2023

Terrorist and Proliferation Financing Red Flags Guidance

Concise catalogue of TF and PF red flags designed to be embedded in STR decision trees. Firms should map each indicator to their goAML reporting workflow.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers (November 2023)

Issued March 2022 (Supervisory Authority Sub-Committee)

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the United Arab Emirates

Expectations on DNFBPs, including law firms handling digital-asset company formations, to screen for unlicensed virtual asset activity and reject onboarding where red flags are present

Guidance on Counter Proliferation Financing for FIs, DNFBPs, and VASPs (November 2022)

Published 01 November 2022 – EOCN-PF.01.23

Counter Proliferation Financing Guideline

Authoritative EOCN guidance on CPF obligations, including understanding dual-use goods typologies, sanctions evasion tactics, and the expected governance response.

Joint Guidance on Satisfactory and Unsatisfactory Practice (June 2021)

June 2021

Anti-Money Laundering and Countering Terrorist Financing Guidelines – Satisfactory and Unsatisfactory Practice

Supervisory Authority Sub-Committee guidance contrasting practices that are considered satisfactory with those that are unsatisfactory. A reliable benchmark for internal audits.

Typologies on the Circumvention of Targeted Sanctions (March 2021)

Issued 20 March 2021; last amended 11 May 2021

Typologies on the Circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction (United Arab Emirates)

EOCN typology paper focusing on evasion techniques including shell companies, trade-based methods, and misuse of legal persons. Particularly relevant to law firms establishing and managing entities.

Guideline on Grievance Procedures

Undated (EOCN publication)

Guideline on Grievance Procedures

Framework guidance on filing grievances against supervisory decisions across federal authorities. Read alongside Articles 7 and 8 of MR 248 of 2025 for timelines.

Online Grievance System User Guide

Undated

Online Grievance System – User Guide

Step-by-step walkthrough of the online grievance platform, including registration, grievance submission, and status tracking

Combating Proliferation Financing and Sanctions Evasion

EOCN publication

Combating Proliferation Financing & Sanctions Evasion

Reference text on PF typologies and evasion techniques; integrates with the CPF Guidance and the Typology Paper.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

EOCN publication

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

Short operational guide to subscribing to the NAS, which delivers near real-time notifications of UN and UAE list updates and is a standard control for every law firm’s sanctions programme.

Turning guidance into workable controls

AML UAE converts cross-sector guidance into operational checklists, screening-log templates, and STR decision trees tailored to your firm's covered activities.

NRA, SRA, and Other Important Guidelines Applicable to Lawyers and Legal Professionals

The UAE Money Laundering and Terrorist Financing Risk Assessment Report is the single most important cross-cutting risk document for every DNFBP, including law firms and notaries. Published by the National Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations Committee, it sets the macro picture against which sectoral risk assessments and firm-level risk assessments are calibrated.

UAE Money Laundering and Terrorist Financing Risk Assessment Report – 2024

National AML/CFT Committee

UAE Money Laundering and Terrorist Financing National Risk Assessment Report

The NRA assesses ML and TF threats and vulnerabilities across the UAE financial, VASP, and DNFBP sectors. In the UAE, the Law Firms and Legal Consultations Sector is classified as Medium-Low risk for ML since there are no evidence showing that the sector has been abused for ML, or any predicate offences

to ML. For legal professionals it highlights risks associated with the establishment and management of legal persons and arrangements, real estate transactions, and complex cross-border structures, feeding into the MoJ’s sector supervision plan. Circular No. (2) of 2025 of the Ministry of Justice directly instructs law firms to reflect NRA findings in their firm-wide risk assessments.

Does your firm's risk assessment reflect the NRA?

AML UAE helps law firms translate NRA findings into firm-specific risk factors and weight them appropriately in the customer risk methodology.

Sector-Specific Guidelines Applicable to Lawyers, Notaries, and Legal Professionals

Sector-specific instruments are issued by the Ministry of Justice. They fall into two groups: the central Guidebook that explains what satisfactory compliance looks like, and a sequence of circulars that direct firms to act on discrete obligations (policy updates, high-risk country lists, TFS implementation, and the real-estate activities report). All circulars listed below are officially published by the Ministry of Justice; the 2023, 2024, 2025, and 2026 policy update circulars are available on the MoJ website, while the earlier circulars are published in Arabic on the MoJ portal.

Twelve sector instruments in this section

The Guidebook plus eleven circulars spanning 2020 to 2026. Each card below states what the instrument requires of a law firm or notary.

01 Circular 1/2026

Updating AML policies, procedures, and controls.

02 MoJ Guidebook (Nov 2025)

Substantive sector reference.

03 Circular 3/2025

Updated list of high-risk jurisdictions.

04 Circular 2/2025

Acting on the UAE National Risk Assessment.

05 Circular 1/2025

Institutional assessment process controls.

06 Circular 1/2024

Simplified due diligence procedures.

07 Circular 2/2023

Obligations concerning high-risk jurisdictions.

08 Circular 1/2023

Commitment to institutional assessment controls.

09 Circular 14/2022

REAR – Real Estate Activities Report.

10 Circular 9/2022

Implementation of TFS under UN resolutions.

11 Circular 11/2021

Lawyers’ obligations on high-risk country lists.

12 Circular 18 + Circular 36/2020

Sanctions-list reporting and UN list implementation.

Circular No. (1) of 2026 Concerning the Obligation of Law Firms and Legal Consultancy Offices to Update Policies, Procedures, and Controls Related to AML/CFT/CPF (Arabic only)

Issued 2026

Circular No. 1 of 2026 – Updated AML/CFT/CPF policies, procedures, and controls

Directs law firms and legal consultancy offices to refresh their internal AML/CFT/CPF policies, procedures, and controls to reflect Federal Decree-Law 10 of 2025 and Cabinet Resolution 134 of 2025, and to update documentation accordingly. Published by the Ministry of Justice; currently available in Arabic only.

Guidebook for Law Firms and Legal Consultancy Offices on AML/CFT/CPF (November 2025)

Second Edition, published 25 November 2025

Guidebook for Law Firms and Legal Consultancy Offices on Combating Money Laundering, Countering the Financing of Terrorism and Countering Proliferation Financing

The principal sector reference issued by the Director of the AML/CTF Department at the Ministry of Justice. It covers relevant legislation, supervisory structure, AML Department functions, key obligations, compliance-officer requirements, STR reporting via goAML, five-year record retention, TFS 24-hour freeze and one-business-day EOCN notification, administrative sanctions, appeal procedures, and sources of assistance including amlctf@moj.gov.ae and the EOCN address iec@uaeiec.gov.ae

Circular No. (3) of 2025 Regarding the Update of the List of High-Risk Countries and Countries Subject to Enhanced Monitoring (Arabic only)

Issued 2025

Circular No. 3 of 2025 – Updated list of high-risk countries

Directs lawyers and law firms to apply enhanced due diligence to clients from the updated FATF high-risk jurisdictions and jurisdictions subject to increased monitoring. Currently available in Arabic only on the Ministry of Justice website.

Circular No. (2) of 2025 Regarding the National Risk Assessment (Arabic only)

Issued 2025

Circular No. 2 of 2025 – National Risk Assessment

Requires law firms to align their firm-wide risk assessments, client risk methodologies, and control environments with findings in the UAE National Risk Assessment. Currently available in Arabic only.

Circular No. (1) of 2025 Regarding Commitment of Law Firms to the Controls of Institutional Assessment Processes (Arabic only)

Issued 2025

Circular No. 1 of 2025 – Institutional assessment process controls

Sets expectations on the institutional assessment process that law firms must follow, including documentation, sign-off, and periodic review. Currently available in Arabic only.

Circular No. (1) of 2024 Regarding Simplified Due Diligence Procedures (Arabic only)

Issued 2024

Circular No. 1 of 2024 – Simplified due diligence procedures

Clarifies the circumstances in which simplified due diligence is permitted, aligning with Cabinet Resolution 134 of 2025 on low-risk scenarios. Currently available in Arabic only

Circular No. (2) of 2023 Regarding Obligations of Lawyers Concerning the Updated List of High-Risk Countries (Arabic only)

Circular No. 2 of 2023 concerns lawyers’ obligations concerning the updated list of high-risk countries. A copy of this circular was not available to us in PDF form at the time of writing; the text is referenced in the Ministry of Justice archive, but firms should obtain the current version directly from the Ministry before applying it.

Circular No. (1) of 2023 Regarding Commitment of Law Firms to the Controls of Institutional Assessment Processes (Arabic only)

Issued 2023

Circular No. 1 of 2023 – Institutional assessment controls

Earlier MoJ circular requiring law firms to commit to the controls of institutional AML assessment processes; superseded in substance by Circular No. 1 of 2025 on the same subject.

Circular No. (14) of 2022 Regarding the REAR Real Estate Activities Report (Arabic only)

Issued 2022

Circular No. 14 of 2022 – REAR (Real Estate Activity Report)

Instructs law firms involved in real estate transactions to file the Real Estate Activity Report on relevant transactions, consistent with the requirements that apply across DNFBPs handling real estate.

Circular No. (9) of 2022 on Implementation by Lawyers of Targeted Financial Sanctions Under UN Security Council Resolutions (Arabic only)

Issued 2022

Circular No. 9 of 2022 – Implementation by lawyers of targeted financial sanctions

Reaffirms that lawyers must implement targeted financial sanctions stipulated by UN Security Council resolutions and the UAE cabinet, with without-delay freezing and reporting via EOCN.

Circular No. (11) of 2021 Regarding Lawyers' Obligations on Updated List of High-Risk Countries (Arabic only)

Issued 2021

Circular No. 11 of 2021 – Lawyers’ obligations on high-risk countries

Requires lawyers to apply enhanced due diligence to clients from high-risk jurisdictions; predecessor to Circular 3 of 2025 on the same subject.

Circular No. (18) Regarding Lawyers' Implementation of Obligations to Report Clients on Sanctions Lists (Arabic only)

Issued 2020

Circular No. 18 – Reporting of clients on international or local sanctions lists

Directs law firms to report clients appearing on international or local sanctions lists in accordance with federal and EOCN procedures.

Circular No. (36) of 2020 Regarding the International and Local Sanctions Lists (Arabic only)

Issued 2020

Circular No. 36 of 2020 – International and local sanctions lists

Implements UN Security Council and cabinet sanctions lists at the level of lawyers and law firms, including obligations to screen clients and report matches.

Conclusion

AML regulations for lawyers in UAE are neither a single rulebook nor a single set of penalties. They are a federated framework anchored in Federal Decree-Law No. (10) of 2025 and its Executive Regulations, built up through Cabinet Resolution No. (74) of 2020 on sanctions, Cabinet Decision No. (109) of 2023 on beneficial ownership, Cabinet Resolution No. (132) of 2023 on BO penalties, and Cabinet Resolution No. (71) of 2024 on administrative penalties, and made operational for the legal sector through Ministerial Resolution No. (248) of 2025, the Ministry of Justice Guidebook of November 2025, and a sequence of MoJ circulars from 2020 to 2026.

What this means in practice for law firms, legal consultancy offices, and notaries public is that compliance is continuous rather than episodic. A satisfactory firm will maintain an enterprise-wide risk assessment that reflects the UAE National Risk Assessment; a client-onboarding process that systematically tests whether a matter falls within one of the five covered activities; sanctions-screening logs and Confirmed Name Match Report workflows that support the 24-hour freeze and one-business-day EOCN reporting; STR decision trees that operate through goAML and respect the privilege carve-out in Article 18, Clause 2 of FDL 10 of 2025 and CR 134 of 2025; a five-year records retention architecture; policies and procedures that are refreshed whenever a new MoJ circular is issued; and a training programme that keeps partners, lawyers, paralegals, and notaries public current on the framework.

Firms licensed in ADGM or DIFC operate inside their respective free-zone regimes and should look to FSRA and DFSA rulebooks rather than MoJ instruments. For every other MoJ-supervised legal professional, the rulebook above is the benchmark the AML/CTF Department will use on an inspection.

Found this guide useful?

If this article helped you clarify your firm's AML obligations, a short Google review helps other legal professionals find clear, sourced UAE guidance.

Frequently Asked Questions

A lawyer, legal consultant, or notary public falls under UAE AML law when they prepare or carry out any of the five covered activities under Article 3, Clause 4 of Cabinet Resolution 134 of 2025: buying or selling real estate; managing client money, securities, or assets; managing bank, savings, or securities accounts; organising contributions for a company; or establishing, operating, or managing legal persons or arrangements. Pure litigation, arbitration, mediation, and legal opinion work is protected by the privilege carve-out in Article 18, Clause 2 of Federal Decree-Law 10 of 2025.

The Ministry of Justice supervises law firms, legal consultancy offices, and notaries public through its AML/CTF Department, following Cabinet Decision No. (1/3 W) of 2019 and Cabinet Decision 65 of 2024, which upgraded the AML section into a full department. Ministerial Resolution No. (248) of 2025 sets out the current supervisory procedures and controls. Firms licensed in ADGM are supervised by FSRA; firms licensed in DIFC are supervised by DFSA.

A law firm should maintain its firm-wide risk assessment; each client risk assessment; CDD and enhanced due diligence files; beneficial ownership information; transaction records and transaction risk assessments for covered activities; sanctions-screening logs, including CNMR and PNMR records and EOCN correspondence; STR decision records and goAML submission receipts; training and attendance records; and a corrective action register. Retention is for five years from the end of the business relationship or completion of the transaction, per the MoJ Guidebook of November 2025 and Cabinet Resolution 134 of 2025.

Ministerial Resolution No. (248) of 2025, issued on 29 April 2025, replaces Ministerial Resolutions 532 and 533 of 2019. It confirms the MoJ AML/CTF Department as the competent supervisory body for law firms, legal consultancy offices, and notaries public; applies the Cabinet Resolution 71 of 2024 penalty schedule through Article 6; provides a 20-working-day grievance window in Article 7; and requires a 30-working-day response in Article 8. Firms should refresh their sanctions, STR, and governance policies to align with the new instrument.

Yes. Law firms licensed in Abu Dhabi Global Market are supervised by the Registration Authority and follow the ADGM Financial Services and Markets Regulations together with the FSRA AML Rulebook. Law firms licensed in the Dubai International Financial Centre are supervised by the Dubai Financial Services Authority and follow the DIFC Regulatory Law and DFSA AML Module. These free-zone regimes are distinct from the Mainland MoJ regime described above and are covered on the ADGM and DIFC pages in this cluster.

Talk to AML UAE about your firm's compliance programme

Whether you are setting up a new law firm, responding to a MoJ inspection, or refreshing policies following Circular 1 of 2026, AML UAE helps legal professionals implement the full framework.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

AML Regulations for Dealers in Precious Metals and Stones (DPMS) in UAE

Pathik Shah

Last Updated: 04/27/2026

Protect your business with reliable and effective AML strategies with AML UAE.

Key Highlights

• DPMS are brought into the AML/CFT perimeter at an AED 55,000 transaction threshold defined in Article 3(3) of Cabinet Resolution 134 of 2025.

• The Anti-Money Laundering Department of the Ministry of Economy and Tourism supervises DPMS operating in the mainland and commercial free zones.

• Every threshold-crossing transaction must be captured in a Dealers in Precious Metals and Stones Report (DPMSR) filed on goAML (MoE Circular 08/AML/2021).

• Gold refiners and supply-chain participants are subject to an additional 5-step responsible sourcing framework under Ministerial Decree 68 of 2024.

• Administrative fines for AML/CFT violations range from AED 50,000 to AED 1,000,000 per violation under Cabinet Resolution 71 of 2024.

• The UAE’s 2024 National Risk Assessment rates the sector’s inherent ML/TF risk as medium-to-high.

AML Regulations for Dealers in Precious Metals and Stones (DPMS) in UAE

The AML Regulations for DPMS in UAE sit inside the wider Designated Non-Financial Businesses and Professions (DNFBP) framework explained in our parent guide, AML Regulations for DNFBPs in UAE. Precious metals and stones markets combine high intrinsic value, cross-border mobility and deep cash reliance, which is why Federal Decree Law 10 of 2025, Cabinet Resolution 134 of 2025 and a dedicated set of Ministry of Economy and Tourism (MoET) circulars bring dealers in precious metals and stones inside the UAE’s AML/CFT/CPF perimeter.

This page explains the legal framework, the supervisory architecture, the 5-step gold sourcing overlay and the obligations that every DPMS must meet when it crosses the AED 55,000 threshold set out in Article 3(3) of the Executive Regulations.

At a Glance

Perimeter: Any dealer in precious metals or precious stones carrying out a single cash transaction, or linked cash transactions, equal to or above AED 55,000 (Cabinet Resolution 134/2025, Article 3(3)).

Primary supervisor: Ministry of Economy and Tourism (MoET) for mainland and commercial free zone DPMS.

Governing law: Federal Decree Law 10 of 2025 (AML/CFT/CPF); Cabinet Resolution 134 of 2025 (Executive Regulations).

Reporting trigger: DPMSR filed on goAML for each cash or wire transaction at or above AED 55,000 (MoE Circular 08/AML/2021).

Gold sourcing overlay: Gold refineries and supply chain entities must apply the 5-step Due Diligence Regulations for Responsible Sourcing of Gold (Ministerial Decree 68/2024; Circular 2/2024).

Penalty range: AED 50,000 to AED 1,000,000 per violation (Cabinet Resolution 71 of 2024).

Sector risk rating: Medium-to-high ML/TF risk (UAE National Risk Assessment 2024).

Population on goAML: 8,191 DPMS registered as of 30 June 2025; 1,448,825 DPMSRs filed Jul 2021 – Jun 2025 (UAEFIU Strategic Analysis Report on DPMS, Sept 2025).

Scope note

This page explains AML regulations applicable to dealers in precious metals and stones (DPMS) in the UAE, with specific coverage of gold sourcing and the AED 55,000 reporting threshold. Broader AML obligations that apply across all DNFBPs are explained in AML Regulations for DNFBPs in UAE.

What this DPMS guide covers

Three substantive sections walk you through perimeter, supervisor and the layered AML regulations for DPMS in UAE.

1. Who Counts as a DPMS in the UAE

2. AML Supervisory Authority for DPMS

3. AML Regulations Applicable to DPMS

Who Counts as a Dealer in Precious Metals and Stones (DPMS) in the UAE?

A dealer in precious metals and stones (DPMS) is any natural or legal person who, in the course of business, trades in precious metals or precious stones and who carries out a single cash transaction, or several linked cash transactions, at or above AED 55,000. This perimeter is set in Article 3(3) of Cabinet Resolution No. 134 of 2025 concerning the Executive Regulations of Federal Decree Law No. 10 of 2025.

The term covers gold retailers, jewellers, refineries, bullion wholesalers, diamond and coloured-stone traders, pearl traders and recycling operations within the Ministry of Economy and Tourism’s supervisory remit. The trigger is the AED 55,000 cash value; the rule applies equally to a single retail sale and to a string of related transactions that together cross the threshold. Transactions below AED 55,000 remain inside the AML system for record-keeping and suspicious transaction reporting, but they do not by themselves create DPMSR reporting exposure. The DPMSR reporting obligation and the applicability of the AML/CFT federal law are two different things. One should not confuse the applicability of the law with the DPMSR submission obligations.

Legal test

“Dealers in valuable metals and precious stones, when carrying out any single cash transaction or several transactions that appear to be linked and whose value equals or exceeds fifty-five thousand dirhams (AED 55,000).” — Article 3(3), Cabinet Resolution No. 134 of 2025.

Dealers established in the Abu Dhabi Global Market (ADGM) and the Dubai International Financial Centre (DIFC) are supervised by their own regulators (the ADGM RA and the DFSA, respectively) under rulebooks that mirror the federal AML/CFT regime; the substantive obligations and threshold logic track federal law, but the primary touchpoint is the financial free zone regulator rather than MoET.

AML Supervisory Authority for DPMS in the UAE

The Anti-Money Laundering Department within the Ministry of Economy and Tourism (MoET) is the federal supervisor for DPMS operating in the mainland and commercial free zones. This mandate is grounded in Cabinet decisions that assign DNFBP supervision to MoET and is reaffirmed in the DNFBP Guidelines issued by the Ministry in September 2025, which list DPMS among the four supervised categories alongside real estate agents and brokers, independent accountants and auditors, and trust and corporate service providers.

MoET enforces the AML/CFT obligations through on-site inspections, thematic reviews, administrative penalties imposed under Cabinet Resolution No. 71 of 2024, and circular-based guidance. It coordinates closely with the UAE Financial Intelligence Unit (UAEFIU), which operates the goAML reporting platform, and with the Executive Office for Control and Non-Proliferation (EOCN), which administers targeted financial sanctions. DPMS in ADGM and DIFC report to the ADGM RA and DFSA, respectively; DPMS in financial free zones follow the free zone’s AML framework, which cross-references to federal law.

1. Federal Supervisor

MoET is the primary AML/CFT supervisor for DPMS in mainland UAE and commercial free zones.

2. Financial Intelligence Unit

UAEFIU receives all Suspicious Transaction Reports, Confirmed Name Match Reports (CNMRs), PNMRs and DPMSRs through the goAML system.

3. Sanctions Authority

The Executive Office for Control and Non-Proliferation (EOCN) administers targeted financial sanctions and the Notification Alert System (NAS).

4. Financial Free Zone Regulators

ADGM RA and DIFC DFSA supervise DPMS authorised inside their respective jurisdictions under rulebooks aligned with federal AML law.

AML Regulations Applicable to DPMS in the UAE

The AML regulations for DPMS in UAE are organised in five concentric layers: the federal AML statute and its executive and penalty regulations; cross-sector overarching guidance from the National Committee, the EOCN, the UAEFIU and other federal bodies; the National Risk Assessment; DNFBP sector-specific guidance and circulars issued by MoET; and sector-specific DPMS guidance addressing gold sourcing, goAML reporting and precious-metals typologies. The subsections below walk through each layer and cite the applicable instruments.

What this DPMS guide covers

Three substantive sections walk you through perimeter, supervisor and the layered AML regulations for DPMS in UAE.

1. Federal AML Laws and Executive Regulations

2. Overarching AML Guidance

3. NRA, SRA, and Other Important Guidelines

4. DNFBP Sector-Specific Guidance

5. Sector-Specific DPMS Guidelines

Federal AML Laws and Executive Regulations Applicable to Dealers in Precious Metals and Stones

Federal primary and secondary legislation sets the baseline AML/CFT/CPF obligations that every DPMS must meet, regardless of whether it trades in gold bars, loose diamonds or polished jewellery. The federal layer is reinforced by two dedicated penalty resolutions and a beneficial-owner framework that every DPMS legal entity has to implement independently of its AML obligations.

Federal AML laws and executive regulations at a glance

Seven primary and secondary instruments that set the baseline AML/CFT/CPF obligations for every DPMS.

1. Federal Decree Law No. 10 of 2025

2. Federal Law No. 7 of 2014

3. Cabinet Resolution No. 134 of 2025

4. Cabinet Decision No. 74 of 2020

5. Cabinet Resolution No. 71 of 2024

6. Cabinet Decision No. 109 of 2023

7. Cabinet Resolution No. 132 of 2023

Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing

Federal Decree Law No. 10 of 2025 is the current primary AML/CFT/CPF statute in the UAE. It defines Designated Non-Financial Businesses and Professions as persons engaged in commercial or professional activities specified in the Executive Regulations, and makes those persons subject to the full suite of preventive obligations, including customer due diligence, record-keeping, suspicious transaction reporting, internal controls, training and cooperation with supervisory authorities.

Article 10 of the Decree Law (Chapter Four — Disclosure) confirms that every person entering or leaving the State must disclose the carriage of currencies, bearer negotiable instruments, precious metals or valuable stones in accordance with the disclosure system issued by the Federal Authority for Identity, Citizenship, Customs and Port Security in coordination with the Central Bank, which directly supports the precious-metals control environment within which DPMS operate.

The Decree Law establishes the UAEFIU, sets out criminal offences and sanctions, and empowers supervisory authorities to impose administrative penalties alongside judicial consequences. For the details of what each obligation means in practice, DPMS must read the Decree Law together with its Executive Regulations (Cabinet Resolution 134 of 2025) and the MoET DNFBP Guidelines.

Federal Law No. (7) of 2014 Combating Terrorism Crimes

Federal Law No. 7 of 2014 defines terrorism offences, terrorist organisations and the financing of terrorism. It is the criminal-law backbone behind the AML/CFT regime: when a DPMS identifies suspected terrorism-financing activity, the predicate offence is located in this Law and the related UNSC-implementing Cabinet Resolution 74 of 2020. Article 1 of Decree Law 10 of 2025 expressly refers to Federal Law 7 of 2014 in defining terrorist acts, thereby anchoring the AML statute within the criminal framework.

Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree Law No. (10) of 2025

Cabinet Resolution 134 of 2025 is the executive regulation for Decree Law 10 of 2025 and contains the operational details that DPMS apply daily. Article 3(3) brings DPMS inside the perimeter at the AED 55,000 cash-transaction threshold. Article 7 sets out the triggers for customer due diligence, commencement of a business relationship, suspicion of a crime, doubts about previously obtained data, and occasional transactions at or above the thresholds. Article 8 requires ongoing monitoring, and subsequent articles set out enhanced due diligence, PEP handling, reliance on third parties, record-keeping and reporting obligations.

Where previous guidance, circulars or notifications refer to Federal Decree Law 20 of 2018 or Cabinet Resolution 10 of 2019, they continue to apply to the extent they are not repealed or inconsistent with Decree Law 10 of 2025 and Cabinet Resolution 134 of 2025. DPMS should therefore read every circular issued prior to 2025 through the lens of the new federal law.

Cabinet Decision No. 74 of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions

Cabinet Decision No. 74 of 2020 regulates the UAE Local Terrorist List and the UAE’s implementation of United Nations Security Council resolutions on the suppression of terrorism, terrorism financing and the proliferation of weapons of mass destruction. It creates the legal basis on which DPMS must screen customers, beneficial owners and transaction counterparties against the UAE Local Terrorist List and the UN Consolidated List, apply freezing measures without delay, and report confirmed and partial name matches to the EOCN. The Cabinet Decision is enforced alongside circulars issued by MoET and EOCN that translate the obligations into reporting timelines.

Cabinet Resolution No. (71) of 2024 Regulating Violations and Administrative Penalties for DNFBPs Under the Ministry of Justice and the Ministry of Economy

Cabinet Resolution No. 71 of 2024 replaced Cabinet Resolution 16 of 2021 and sets out the unified list of AML/CFT violations and administrative fines for DNFBPs supervised by the Ministry of Economy (now MoET) and the Ministry of Justice (MoJ). Article 3 authorises the Ministry to impose one of the administrative penalties in Article 14 of the Decree Law, or the administrative fines in the annexed schedule, or both.

The annexed schedule covers more than forty categories of violations. Failure to adopt internal policies and controls is fined between AED 100,000 and AED 200,000. Failure to identify, assess and update crime risks is fined between AED 50,000 and AED 500,000. Failure to apply customer due diligence before or during a transaction at or above AED 55,000 is fined between AED 50,000 and AED 200,000. Failure to promptly file suspicious-transaction reports with the UAEFIU is fined between AED 100,000 and AED 500,000. Failure to implement UN Security Council sanctions decisions, directly relevant to DPMS given typology exposure, is fined between AED 100,000 and AED 1,000,000. Article 4 gives the violator thirty working days to grieve the penalty, and Article 5 permits the Ministry to amend, uphold or cancel the fine on review.

Cabinet Decision No. (109) of 2023 on Regulating the Beneficial Owner Procedures

Cabinet Decision No. 109 of 2023 regulates the identification, verification and continuous maintenance of the real (ultimate) beneficial owners of companies established in the UAE. A DPMS operating as a corporate licensee must maintain a register of beneficial owners, notify the licensing authority of changes within fifteen days and keep information current. Customer due diligence on corporate clients under Article 9 of the AML Executive Regulations draws on the same beneficial-owner concept, so the two frameworks operate in parallel: Decision 109 governs the DPMS’s own legal-person transparency, and the AML rules govern beneficial-owner identification of the DPMS’s customers.

Cabinet Resolution No. (132) of 2023 on Administrative Penalties for Beneficial Owner Violations

Cabinet Resolution No. 132 of 2023 sets out the administrative penalties for breaches of Cabinet Decision 109 of 2023. A DPMS that fails to disclose, update or maintain accurate beneficial-ownership data is exposed to written warnings to the legal person and financial penalties that escalate with repetition of the violation. Under Article 3(2) of Cabinet Resolution 132 of 2023, for violations committed for the third time, the Registrar has the right to suspend the commercial licence and close the commercial store of the violating legal person until the fine is paid and the breach is rectified. The penalty schedule is enforced by the Ministry of Economy and Tourism as the beneficial-owner registrar for most DPMS legal persons.

DPMS policy templates aligned to Decree Law 10/2025 and Cabinet 134/2025

AML UAE maintains up-to-date internal policies, customer due diligence procedures, DPMSR workflows and beneficial-owner registers engineered for the precious metals and stones sector.

Overarching AML Guidance Applicable to DPMS in the UAE

Alongside the federal statute, a catalogue of cross-sector guidance binds DPMS into the national AML/CFT/CPF architecture. These instruments explain how to implement targeted financial sanctions, counter proliferation finance, file reports on goAML and grieve sanctions-related decisions. Where a circular or guideline refers to the old Federal Decree Law 20 of 2018 and its executive regulation, it remains valid to the extent consistent with Decree Law 10 of 2025 and Cabinet Resolution 134 of 2025.

Overarching AML guidance at a glance

Thirteen cross-sector instruments from the EOCN, UAEFIU and National Committee that frame DPMS sanctions, CPF and reporting obligations.

1. EOCN TFS Guideline (Jan 2021, last amended Jul 2025)

2. UAEFIU TF Strategic Analysis (May 2025)

3. TFS Strategic Review (Nov 2021)

4. PF Institutional Risk Assessment Guidance (Dec 2023)

5. TF and PF Red Flags Guidance (updated Dec 2023)

6. Unlicensed VASP Joint Guidance (2022)

7. Counter Proliferation Financing Guidance (Nov 2022)

8. Satisfactory/Unsatisfactory Practice Joint Guidance (Jun 2021)

9. Sanctions Circumvention Typologies (Mar 2021)

10. EOCN Grievance Procedures Guideline

11. Online Grievance System User Guide

12. Combating PF and Sanctions Evasion

13. EOCN NAS Subscription Simple Guide

Guideline on Targeted Financial Sanctions for Financial Institutions, DNFBPs and VASPs — Executive Office for Control and Non-Proliferation (EOCN), issued January 2021, last amended July 2025

The EOCN TFS Guideline is the authoritative reference for how DPMS implement UN-led and UAE-local sanctions obligations. It explains the scope of TFS measures, the concept of ‘funds or other assets’, the screening expectations on customers, beneficial owners and counterparties, and the freezing obligation that must be executed without delay. The Guideline also sets the five-business-day reporting window for Confirmed Name Match Reports (CNMRs) and Partial Name Match Reports (PNMRs) on goAML, and DPMS rely on it to calibrate screening frequency, to interpret partial-match handling and to build CNMR and PNMR workflows.

UAEFIU’s Strategic Analysis Report on Terrorist Financing Typologies and Facilitators — May 2025

This UAEFIU strategic analysis sets out the dominant terrorist-financing typologies observed in the UAE and the facilitators most frequently exploited. For DPMS, the relevance lies in the report’s analysis of how precious metals and cash movements intersect with TF networks, and in the red-flag indicators that should feed into the DPMS’s transaction-monitoring rules and staff training.

Strategic Review on Targeted Financial Sanctions Case Studies 2019-2021 (IEC-SR.01.22) — Executive Office, November 2021

The Strategic Review compiles sanitised case studies from 2019 to 2021 where UAE private-sector obligations to apply TFS were tested. DPMS use these case studies to benchmark their own sanctions screening, to understand which typologies should trigger enhanced due diligence and to test the strength of their freezing and reporting playbooks.

Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs — December 2023

This Guidance explains how an institutional proliferation-finance risk assessment should be structured. DPMS, because of their exposure to dual-use goods pathways and to jurisdictions subject to UNSC proliferation-related sanctions, must run a specific proliferation-finance assessment as part of their wider business-wide risk assessment, separate from the ML and TF analyses.

Terrorist and Proliferation Financing Red Flags Guidance — December 2023

This cross-sector red-flag bulletin lists concrete indicators that front-line DPMS staff should watch for in transactions involving gold, bullion, high-value stones and jewellery. Where one or more red flags are present, the DPMS must escalate and, if suspicion persists, file an STR with the UAEFIU without delay.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Service Providers in the UAE — Central Bank, SCA, VARA, DFSA, FSRA and Ministries of Justice and Economy (2022)

DPMS frequently encounter customers who wish to settle precious metals purchases through virtual assets. This Joint Guidance from the Central Bank, CMA, VARA and ADGM/DIFC regulators sets out the obligations to deal only with licensed VASPs, and the red flags that indicate a counterparty is operating without a UAE VASP licence. DPMS integrating virtual-asset settlement must apply these expectations alongside their own AML controls.

Guidance on Counter Proliferation Financing for FIs, DNFBPs and VASPs — November 2022

This is the authoritative cross-sector CPF guidance. It explains the definition of proliferation financing in UAE law, the institutional risk assessment framework, the specific red flags linked to dual-use goods and the interaction with UNSC resolutions 1718 (DPRK) and 1737/2231 (Iran). DPMS sourcing or selling bullion and stones in trade-finance-heavy structures use this Guidance to build their CPF controls.

Joint Guidance on Satisfactory and Unsatisfactory Practice — June 2021

This joint supervisors’ Guidance contrasts observed satisfactory practice against unsatisfactory practice across governance, risk assessment, CDD, record-keeping and reporting. It is the single most practical benchmarking document for DPMS that want to self-assess the maturity of their AML programme before an inspection.

Typologies on the Circumvention of Targeted Sanctions — March 2021

This typology paper walks through common techniques used to circumvent sanctions, including the use of front companies, intermediaries in jurisdictions with lighter controls, and trade-based disguise of value. DPMS face each of these typologies in their own market; the paper informs its enhanced due diligence expectations for trades involving high-risk jurisdictions.

Guideline on Grievance Procedures

This EOCN Guideline explains how a DPMS, a customer or a designated person requests de-listing, removal of a freezing measure or permission to use frozen funds. It sets out the information to include, the review process and the timelines. DPMS need it when handling a CNMR or PNMR that is subsequently contested.

Online Grievance System User Guide

The Online Grievance System is the digital channel for submitting grievances to the EOCN. The User Guide walks through account creation, grievance submission, document uploads and status checks. DPMS with dedicated compliance functions should register up-front so they are not delayed if a grievance becomes necessary.

Combating Proliferation Financing and Sanctions Evasion

This EOCN awareness document synthesises the CPF and sanctions-evasion obligations into a practitioner-oriented narrative. DPMS training curricula should map each module of this document to one or more of their internal controls, so staff can explain the underlying risk in the context of real-world gold and stone transactions.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

The NAS is the EOCN’s subscription channel for updates to the UAE Local Terrorist List, the UN Consolidated List and related designations. The Simple Guide explains the step-by-step subscription process. DPMS compliance officers must subscribe to the NAS so that screening lists are refreshed as soon as designations change.

NRA, SRA, and Other Important Guidelines Applicable to DPMS in the UAE

The UAE’s risk-based approach begins with the National Risk Assessment. For DPMS, the NRA sets the baseline expectation on how seriously to treat sector-inherent risks.

UAE ML/TF National Risk Assessment — 2024

The UAE Money Laundering and Terrorist Financing Risk Assessment 2024 rates the inherent risk of the DPMS sector at medium-to-high, highlighting the combination of trade scale, cash intensity, international exposure and the persistent risk of conflict-affected or high-risk gold entering the supply chain. The NRA instructs DPMS to use these findings as a floor for their own business-wide risk assessment, and to apply enhanced due diligence where sectoral risk factors are present. The Practical Guide for DNFBPs, published alongside the NRA, translates the findings into operational actions for DPMS compliance officers.

Align your business-wide risk assessment with the UAE NRA 2024

AML UAE runs NRA-aligned business-wide risk assessments for DPMS, covering customer, geography, product, channel and delivery dimensions.

DNFBP Sector-Specific Guidance Applicable to DPMS in the UAE

MoET issues dedicated circulars and guidance for all DNFBPs under its supervision. These instruments are the everyday operating manual for DPMS compliance officers and are usually addressed to real estate brokers and agents, DPMS, auditors and accountants, and corporate service providers in parallel.

DNFBP sector-specific guidance at a glance

Ten MoET circulars and implementation guides that govern DPMS screening, CDD, risk-based approach and sanctions obligations

1. Circular No. 1 of 2026 — High-Risk Country Lists

2. AML/CFT DNFBP Guidelines (Sep 2025)

3. Circular No. 3 of 2025 — Sanctions and Terrorist List Screening

4. Circular No. 4 of 2025 — Understanding the NRA 2024

5. Circular No. 6 of 2025 — Risk-Based CDD

6. Circular No. 7 of 2025 — Re-Imposition of UN Sanctions on Iran

7. Circular No. 8 of 2025 — High-Risk Country Update

8. CRA Implementation Guide (Nov 2024)

9. CDD Implementation Guide (Nov 2024)

10. Circular No. 2 of 2022 — UNSCRs 1718 and 2231

Circular No. (1) of 2026 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

Issued on 11 March 2026 as MOET/AML/001/2026, this Circular transposes National Committee Resolution No. 15 of 2025 into DNFBP practice. It reminds DPMS that the Resolution reaffirms existing obligations, updates country listings, and requires alignment of screening, enhanced due diligence and risk-based measures with the revised lists. The Circular cites Federal Decree Law 10 of 2025, Cabinet Resolution 134 of 2025 and Cabinet Decision 74 of 2020 as its legal basis.

AML/CFT Guidelines for Designated Non-Financial Businesses and Professions — September 2025

The Revised DNFBP Guidelines are the consolidated MoET rulebook for DNFBPs. Part I sets out the legal framework; Part II covers compliance administration; Part III sets out the identification and assessment of ML/TF/PF risks; Parts IV and V address mitigation controls, customer due diligence, reporting and record-keeping. The Guidelines name DPMS among the four supervised categories and incorporate the CNMR (Confirmed Name Match Report), PNMR, and DPMSR reporting typologies into the compliance officer’s remit.

Circular No. (3) of 2025 on Emphasising the Importance of Screening Sanctions and Terrorist Lists

Issued on 19 March 2025 as MOEC/AML/003/2025, this Circular is the clearest recent statement that DPMS must screen every customer, beneficial owner and transaction counterparty against sanctions and terrorist lists, irrespective of transaction value, payment method or whether the transaction crosses the AED 55,000 reporting threshold. Screening is not optional below the threshold; only the DPMSR reporting trigger is threshold-based.

Circular No. (4) of 2025 on the Importance of Understanding the UAE 2024 National Risk Assessment

This Circular directs DPMS to read the National Risk Assessment 2024 and to map its findings into their own business-wide risk assessment, customer risk matrix and transaction-monitoring rules. Where the NRA identifies a sectoral threat or typology, conflict-affected gold, trade-based money laundering, or shell companies, the DPMS is expected to demonstrate that the threat has been analysed and that mitigating controls are in place.

Circular No. (6) of 2025 on Emphasising the Implementation of Risk-Based Customer Due Diligence Measures

Issued on 5 August 2025 as MOET/AML/6/2025, this Circular reinforces the risk-based approach and clarifies the appropriate use of simplified due diligence (SDD). DPMS must apply enhanced due diligence to high-risk customers, standard CDD to medium-risk customers where no suspicion exists, and may apply SDD only to low-risk customers where no suspicion of ML, TF or PF exists. The Circular cross-references to the Customer Risk Assessment and CDD implementation guides issued by the Ministry.

Circular No. (7) of 2025 Regarding the Re-Imposition of United Nations Sanctions Related to Iran

Issued on 19 December 2025 as MOET/AML/007/2025, this Circular flags the re-imposition of UN sanctions under Security Council Resolution 1737 (2006) and subsequent resolutions. DPMS must update screening systems to the latest UN Consolidated List, re-screen existing customers and counterparties, apply freezing measures without delay, and report confirmed name matches (CNMR) and partial name matches (PNMR) to the EOCN via goAML in accordance with the procedures in the EOCN TFS Guideline (which sets a five-business-day reporting window from the freeze or suspension measure).

Circular No. (8) of 2025 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

Issued on 25 December 2025 as MOET/AML/008/2025, this Circular (later superseded by Circular 1 of 2026) updates the high-risk country lists in line with National Committee Resolution 15 of 2025 and the FATF country review. DPMS must monitor the FATF lists, align customer risk categorisation and transaction monitoring, and apply the measures required by the Ministry when a customer, beneficial owner or counterparty is connected to a listed jurisdiction.

Implementation Guide for DNFBPs on Customer Risk Assessment (CRA) — November 2024

The CRA Implementation Guide walks DPMS through the construction of a customer risk matrix, identifying customer, product, service, geography, channel and delivery risk factors; weighting them; and assigning a final risk rating that drives the intensity of CDD, monitoring and review frequency. DPMS use the guide to design their client-onboarding questionnaires and periodic-review templates.

Implementation Guide for DNFBPs on Customer Due Diligence (CDD) — November 2024

The CDD Implementation Guide is the operational companion to the CRA guide. It explains how to identify and verify customers and beneficial owners, when to apply simplified, standard or enhanced due diligence, how to approach politically exposed persons, and how to document decisions. DPMS staff handling threshold transactions reference this Guide when collecting identification under MoE Circular 08/AML/2021.

Circular No. (2) of 2022 on Implementation of Targeted Financial Sanctions under UNSCRs 1718 (2006) and 2231 (2015)

Issued on 31 March 2022, this Circular covers the implementation of TFS related to the Democratic People’s Republic of Korea (DPRK) and Iran. It requires DPMS to screen every transaction party against the DPRK and Iran sanctions regimes, to apply enhanced due diligence to transactions linked to those jurisdictions, to verify cross-border transactions suspected of involving dual-use goods, and to file confirmed and partial name matches via goAML. The Circular has been superseded in part by later EOCN guidance, but its operational obligations continue to apply.

Build DPMS-ready screening and goAML reporting workflows

AML UAE designs sanctions-screening, PEP-screening and goAML-filing workflows engineered to the MoET circular stack and the CNMR/PNMR reporting timelines.

Sector-Specific Guidelines Applicable to DPMS in the UAE

A final layer of guidance targets DPMS directly. These documents address gold sourcing, DPMSR reporting, compliance officer appointment and DPMS typologies. They sit on top of the federal and DNFBP layers and are the instruments regulators cite most often in DPMS inspections.

DPMS sector-specific guidelines at a glance

Eight directly applicable instruments covering gold sourcing, DPMSR reporting, compliance-officer appointment and precious-metals typologies.

1. UAEFIU Strategic Analysis Report on DPMS (Sep 2025)

2. Ministerial Decree No. 68 of 2024 — Gold Refineries

3. MoE Circular No. 2 of 2024 — Responsible Sourcing of Gold

4. Due Diligence Regulation for Responsible Sourcing of Gold

5. MoE Circular No. 2 of 2023 — DPMS Data Disclosure Notice

6. MoE Circular No. 08/AML/2021 — DPMSR Reporting

7. MoET Circular No. 2 of 2021 — DNFBP Obligations

8. Supplemental Guidance for DPMS (May 2019)

UAEFIU’s Strategic Analysis Report on Misuse of Precious Metals and Stones in Financial Crime — September 2025

This is the most recent UAEFIU strategic analysis covering the DPMS sector. It notes that UAE foreign trade in precious stones, metals and their articles grew from AED 497 billion in 2021 to more than AED 959 billion in 2024, and that 8,191 DPMS were registered on goAML as of 30 June 2025, an 81 per cent increase over June 2022. The report analyses 1,448,825 DPMSRs filed between July 2021 and June 2025, as well as around 700 STRs and SARs related to the sector. It identifies five dominant typologies: conflict-affected and high-risk gold; gold smuggling; use of front and shell entities; trade-based money laundering; and the use of precious metals and stones in terrorist financing. It concludes with thirty-two DPMS-specific red-flag indicators covering customer due diligence, trade activities and behavioural triggers.

Ministerial Decree No. (68) of 2024 Regarding Gold Refineries’ Adherence to the Policy of Due Diligence Regulations for Responsible Sourcing of Gold

Ministerial Decree 68 of 2024 was issued on 29 March 2024 by the Minister of Economy. Article One requires every entity engaged in refining gold or recycling its products, and every supply-chain stakeholder operating in the UAE (including commercial free zones under MoE supervision), to adhere to the attached Due Diligence Policy for Responsible Sourcing of Gold. Supply-chain participants and precious-metals dealers must establish strong management systems, assess gold-supply-chain risks and implement a management strategy to respond to identified risks. Refineries (and recyclers) must additionally appoint an independent third-party auditor and submit a due diligence report on the gold supply chain. Article Three confirms that administrative penalties apply to violations of the Decree and the attached Policy.

Circular No. (2) of 2024 regarding Due Diligence Regulation for Responsible Sourcing of Gold

MoE Circular No. 2 of 2024, dated 29 March 2024, directs every regulated entity with gold refineries as an activity in its licence operating in the UAE to undertake the 5-step framework of the Due Diligence Regulation for Responsible Sourcing of Gold. The Circular confirms that from 1 January 2023, gold refineries must conduct an independent third-party audit of their due diligence measures, with audits expected to be completed within 90 days of the effective date (that is, 90 days from 31 December 2023). The Ministry has a dedicated inbox at ResponsibleSourcing@economy.ae. Entities that fail to comply are subject to administrative actions under the AML/CFT framework.

The Due Diligence Regulation for Responsible Sourcing of Gold

The Due Diligence Regulation for Responsible Sourcing of Gold is the policy instrument annexed to the Ministerial Decree and referenced in Circular 2 of 2024. It is built around five steps: (1) establishing an effective governance framework, including a board-approved sourcing policy, management structures and a confidential grievance mechanism; (2) identification and assessment of supply-chain risk, including the use of red flags and enhanced due diligence for conflict-affected and high-risk areas (CAHRAs); (3) management of supply-chain risk through a risk-control plan, continuous monitoring and senior-management reporting; (4) an independent third-party audit of the due-diligence measures; and (5) annual reporting on management systems, risk assessment and risk management. The Regulation is the detailed implementation manual behind Ministerial Decree 68 of 2024.

Circular No. (2) of 2023 — Data Disclosure Notice for Dealers in Precious Metals and Stones

MoE Circular No. (2) of 2023 instructed DPMS to display prominently in customer-facing premises a notice informing customers that the dealer will collect identification documents, and they should disclose their data.

Ministry of Economy Circular No. (08/AML/2021) on the Dealers in Precious Metals and Stones Report

MoE Circular 08/AML/2021, dated 2 June 2021, is the DPMSR reporting foundation. Effective 12 June 2021, it requires DPMS to: (1) obtain Emirates ID or passport for resident individuals and ID or passport for non-resident individuals on any cash transaction at or above AED 55,000, and register the information in the UAEFIU’s goAML platform using the DPMSR form; (2) obtain trade licence and ID for corporate counterparties on transactions at or above AED 55,000 in cash or by wire transfer, and register the information in goAML as a DPMSR; and (3) keep records of every document and piece of information relating to the above transactions for a minimum of five years. The Circular refers queries to AML@economy.ae and continues in force under the new federal law.

MoET Circular No. (2) of 2021 on AML/CFT Obligations for DNFBPs

MoE Circular 2 of 2021, dated 4 February 2021, is the baseline DNFBP implementation circular. It confirms that MoE supervises real estate brokers and agents, dealers in precious metals and stones, account auditors and company services providers. It requires each supervised entity to appoint a compliance officer in accordance with Article 21 of the Executive Regulations, adopt internal policies, deliver staff training, register on goAML and cooperate with supervisory inspections. DPMS compliance officers cite this Circular when explaining the governance perimeter of their role.

Supplemental Guidance for Dealers in Precious Metals and Stones — May 2019

The 2019 Supplemental Guidance is the most detailed sector-specific narrative issued for DPMS. It explains why precious metals and stones are inherently vulnerable to ML/TF: high intrinsic value in a compact form, ability to maintain or increase in value, ease of physical transport, cash-based and decentralised markets, difficulty in tracing specific items and low compliance-awareness among smaller participants. It walks through the AED 55,000 ‘covered transactions’ concept, introduces sector-specific red flags and sets out expectations for customer due diligence, record-keeping and reporting. It continues to serve as a training reference for DPMS compliance teams.

Conclusion

The AML regulations for DPMS in UAE are dense but internally coherent. Federal Decree Law 10 of 2025 and Cabinet Resolution 134 of 2025 set the primary obligations; Cabinet Resolutions 71 of 2024, 109 of 2023 and 132 of 2023 govern penalties and beneficial ownership; a stack of EOCN and UAEFIU guidance operationalises targeted financial sanctions, proliferation-finance controls and reporting; the 2024 NRA sets the risk baseline; and a layer of MoET DNFBP and DPMS-specific circulars translates the regime into daily practice. On top of that, Ministerial Decree 68 of 2024 and Circular 2 of 2024 impose a 5-step responsible sourcing overlay on gold refiners and supply-chain participants.

A DPMS that wants to remain compliant must: submit DPMSR wherever applicable; screen every customer, beneficial owner and counterparty against the local terrorist list and the UN Consolidated List, regardless of transaction size; run a proliferation-finance assessment alongside the ML and TF assessments; integrate the five-step gold sourcing framework where applicable; and make sure that every circular, whether issued under the old Decree Law 20 of 2018 or the new Decree Law 10 of 2025, is understood through the lens of the current federal law.

Talk to AML UAE about your DPMS compliance programme

We design, test and audit AML programmes for gold retailers, refineries, jewellers and diamond traders across the UAE. From business-wide risk assessment to goAML DPMSR workflows and health check, we have you covered.

FAQs

Under Article 3(3) of Cabinet Resolution 134 of 2025, a dealer in precious metals and stones is any person, natural or legal, trading in precious metals or precious stones in the course of business who carries out a single cash transaction, or several linked cash transactions, equal to or above AED 55,000. The definition covers gold retailers, jewellers, refineries, bullion wholesalers, diamond and coloured-stone traders and recyclers. Below AED 55,000, AML obligations still apply for screening, record-keeping and suspicion-based reporting, but no DPMSR is triggered.

MoE Circular 08/AML/2021 requires DPMS to file a Dealers in Precious Metals and Stones Report (DPMSR) on the UAEFIU’s goAML platform for every cash transaction at or above AED 55,000 with a resident or non-resident individual, and for every transaction at or above AED 55,000 with a legal entity, whether paid in cash or by wire transfer. Separately, any suspicion of ML, TF or proliferation financing, regardless of amount, must be filed as a Suspicious Transaction Report via goAML, and confirmed and partial name matches against sanctions lists must be filed as CNMR or PNMR within five business days of the freeze or suspension.

Yes. Under Ministerial Decree 68 of 2024 and MoET Circular 2 of 2024, entities that engage in refining or recycling gold must adhere to the 5-step Due Diligence Regulations for Responsible Sourcing of Gold and, additionally, appoint an independent third-party auditor and submit an annual due diligence report on the gold supply chain. The audit obligation has applied since 1 January 2023. Refineries remain subject to all the generic DPMS obligations under Decree Law 10 of 2025 and Cabinet Resolution 134 of 2025 in parallel.

The UAEFIU Strategic Analysis Report on DPMS (September 2025) lists thirty-two sector-specific indicators. The most common include: refusal to provide identification; inability to demonstrate funding sources; forged certificates of origin, refinery stamps or fake invoices; supply chains transiting conflict-affected or high-risk jurisdictions; large or frequent cash transactions inconsistent with the customer’s profile; structuring through multiple visits or split invoices just below AED 55,000; payments via multiple third parties or offshore entities without clear commercial link; and repeated requests for duplicate invoices or refunds after cash purchases.

DPMS established in ADGM and DIFC are supervised by the AFDGM Registration Authority (RA) and the Dubai Financial Services Authority (DFSA), respectively. Their rulebooks implement UAE federal AML/CFT law and the UAE’s international AML/CFT commitments, so the substantive obligations and the AED 55,000 threshold logic track federal law. The procedural touchpoints licensing, inspections, filings and enforcement are, however, with the financial free-zone regulator rather than MoET. DPMS in commercial free zones outside ADGM and DIFC remain under MoET supervision.

Was this guide useful?

If this DPMS guide helped your compliance team, a short Google review genuinely helps other jewellers, refineries and dealers find the same answers quickly.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

AML Regulations for DNFBPs in UAE

Pathik Shah

Last Updated: 04/24/2026

Protect your business with reliable and effective AML strategies with AML UAE.

AT A GLANCE

What a DNFBP is: A non-financial business or profession listed in Article 3 of Cabinet Resolution 134 of 2025, the Executive Regulations of Federal Decree Law No. 10 of 2025.

Six DNFBP categories: Commercial gaming operators, real estate brokers and agents, dealers in precious metals and stones, lawyers/notaries/legal professionals, independent accountants and auditors, company and trust service providers, and any other businesses added by Supervisory Authority resolution.

Federal AML statute: Federal Decree-Law No. 10 of 2025 (replacing FDL 20 of 2018) and Cabinet Resolution 134 of 2025.

DPMS cash threshold: AED 55,000 threshold for single or linked cash transactions per Article 3(3) of CR 134/2025.

Commercial gaming threshold: AED 11,000 single or linked financial transactions per Article 3(1) of CR 134/2025; gaming chips alone do not count.

Supervisors: MoET for accountants, auditors, TCSPs, DPMS and real estate; MoJ for lawyers and notaries; GCGRA for commercial gaming; DFSA in DIFC; RA in ADGM.

STR channel: All DNFBPs must report suspicious transactions immediately via the goAML portal of the UAE Financial Intelligence Unit per Article 18 of FDL 10/2025.

Maximum administrative fine: AED 5,000,000 per violation under Article 17(1)(b) of FDL 10/2025; criminal penalties on top.

AML Regulations for DNFBPs in UAE

Quick Overview

AML regulations for DNFBPs in UAE are anchored in Federal Decree-Law No. (10) of 2025 on Anti-Money Laundering, Combating the Financing of Terrorism and Proliferation Financing and its Executive Regulations in Cabinet Resolution No. (134) of 2025. Article 3 of CR 134/2025 designates six categories of Designated Non-Financial Businesses and Professions (DNFBPs): commercial gaming operators, real estate brokers and agents, dealers in valuable metals and precious stones, lawyers/notaries/other legal professionals and independent accountants, company and trust service providers, and any other category added by Supervisory Authority resolution. DNFBP-wide guidance issued by the Ministry of Economy and Tourism applies alongside sector-specific instruments, while the Ministry of Justice supervises lawyers and the General Commercial Gaming Regulatory Authority (GCGRA) supervises licensed gaming activity.

This guide explains who qualifies as a DNFBP, the supervisory map across MoET, MoJ and GCGRA, the federal AML legal framework, the cross-sector guidance issued by the Executive Office for Control and Non-Proliferation (EOCN) and the UAE Financial Intelligence Unit (FIU), and the dedicated guides for each DNFBP sector. Common AML obligations are summarised next, with sector-specific depth in the linked child pages.

DEFINITION

A DNFBP is any business or profession listed in Article 3 of Cabinet Resolution 134 of 2025 that, although not a financial institution, is exposed to money-laundering, terrorist-financing or proliferation-financing risk and must therefore meet the same federal AML statute, customer due diligence rules, beneficial-owner reporting and goAML suspicious-transaction reporting obligations as financial institutions.

What Is a DNFBP Under UAE AML Law?

A DNFBP is a non-financial business or profession that, by reason of the activities it carries out, is brought within the federal AML/CFT/CPF perimeter. Article 1 of Federal Decree-Law No. (10) of 2025 defines DNFBPs by reference to Article 3 of its Executive Regulations. Article 3 of Cabinet Resolution No. (134) of 2025 sets out six categories that qualify as DNFBPs in the UAE.

DNFBP categories under UAE federal AML law

The six categories in Article 3 of Cabinet Resolution 134 of 2025.

1. Trust and company service providers (TCSPs)

2. Real estate brokers and agents (purchase or sale of real estate)

3. Dealers in valuable metals and precious stones (AED 55,000 cash threshold)

4. Lawyers, notaries, other legal professionals and independent accountants

5. Commercial gaming operators (AED 11,000 single or linked threshold)

6. Other businesses or professions added by Supervisory Authority resolution

Company and trust service providers (TCSPs)

Per Article 3(5) of CR 134/2025, TCSPs are DNFBPs when, on behalf of customers, they: act as agent in the incorporation of legal persons; act as a director or secretary, partner or in a similar position; provide a registered office or correspondence address; act as trustee of an express trust or in an equivalent function for another legal arrangement; or act as a nominee shareholder.

Real estate brokers and agents

Per Article 3(2) of CR 134/2025, real estate brokers and agents are DNFBPs when concluding transactions or settlements on behalf of customers in relation to the purchase or sale of real estate. The UAE National Risk Assessment 2024 rates the sector as having a high residual ML risk, given high-value cash dealings and the use of third parties.

Dealers in valuable metals and precious stones (DPMS)

Per Article 3(3) of CR 134/2025, DPMS are DNFBPs when carrying out any single cash transaction or linked transactions equal to or exceeding AED 55,000. The NRA 2024 rates the sector Medium-High residual ML risk on the mainland and in commercial free zones, citing cash intensity and de-risking by some financial institutions.

Lawyers, notaries, other legal professionals and independent accountants

Per Article 3(4) of CR 134/2025, lawyers, notaries, other independent legal professionals and independent accountants are DNFBPs when they prepare, conduct or execute financial transactions on behalf of customers in relation to: (a) buying and selling real estate; (b) managing customer funds; (c) managing bank, savings or securities accounts; (d) organising contributions for the establishment, operation or management of companies; or (e) establishing, operating or managing legal persons or legal arrangements, or selling or purchasing commercial entities.

Commercial gaming operators

Per Article 3(1) of CR 134/2025, commercial gaming operators are DNFBPs when they conduct a single financial transaction or several linked transactions equal to or exceeding AED 11,000, including gaming on board vessels, halls and internet gaming licensed by the General Commercial Gaming Regulatory Authority. A transaction limited to gaming chips or instruments is not a financial transaction for this purpose.

Catch-all category

Per Article 3(6) of CR 134/2025, any other businesses or professions may be brought within the DNFBP perimeter by a resolution issued by the Supervisory Authority in coordination with the National Committee.

Who supervises each DNFBP sector?

Supervisory responsibility is split across three federal authorities and two financial-free-zone authorities:

DNFBP sector	Mainland & commercial FZ	ADGM	DIFC
Real estate brokers and agents	MoET	RA	DFSA
Dealers in precious metals and stones (DPMS)	MoET	RA	DFSA
Company and trust service providers (TCSPs)	MoET	RA	DFSA
Independent accountants and auditors	MoET	RA	DFSA
Lawyers, notaries and legal professionals	MoJ	RA	DFSA
Commercial gaming operators	GCGRA	NA	NA
Federal AML law applies	Yes (FDL 10/2025)	Yes (FDL 10/2025)	Yes (FDL 10/2025)

ADGM AND DIFC READERS

Federal Decree-Law 10 of 2025 applies across the entire UAE, including the Abu Dhabi Global Market and the Dubai International Financial Centre. The difference is operational supervision: DNFBPs in DIFC follow DFSA rules and DNFBPs in ADGM follow FSRA rules. For ADGM-specific or DIFC-specific guidance see our jurisdiction pages.

Need help confirming whether your business is a DNFBP?

AML UAE assists professional firms across real estate, gold and jewellery, accountancy, legal practice and trust services to confirm scope and build a compliant AML programme.

Core AML obligations for DNFBPs

Every DNFBP, regardless of sector, must implement the same core obligations set by Articles 18 to 20 of Federal Decree-Law No. (10) of 2025, as expanded by Cabinet Resolution No. (134) of 2025, Cabinet Resolution No. (109) of 2023 on Beneficial Owner Procedures, and the September 2025 AML/CFT Guidelines for DNFBPs. These obligations apply alongside any sector-specific rules and are summarised below.

Eight core AML obligations every DNFBP must implement

Cross-cutting duties under FDL 10/2025, CR 134/2025 and CR 109/2023.

1. Business-wide ML/TF/PF risk assessment and risk-based approach

2. Customer due diligence (CDD), simplified due diligence (SDD), and enhanced due diligence (EDD)

3. Beneficial owner identification, register and ongoing updates

4. Targeted financial sanctions screening against EOCN lists

5. Suspicious transaction reporting via the FIU goAML portal

6. Internal AML policies, controls, and senior-management approval

7. Compliance officer appointment, staff training and independent audit

8. Record-keeping for at least five years and licence-or-registration discipline

Risk-based approach and business-wide risk assessment

Article 19(1)(a) of FDL 10/2025 requires DNFBPs to identify, understand, manage, assess, document and continuously update ML/TF/PF risks in their business, in line with the National Risk Assessment. Article 5 of CR 134/2025 obliges entities to keep this assessment current and to make it available to the Supervisory Authority on request. The Ministry of Economy and Tourism’s Implementation Guide for DNFBPs on Customer Risk-Assessment (CRA), November 2024, sets out the methodology in detail.

Customer due diligence (CDD), SDD and EDD

Article 19(1)(b) of FDL 10/2025 requires DNFBPs to apply CDD measures and continuous monitoring, with scope set by the multiple risk dimensions and the NRA outcomes. Articles 6 to 17 of CR 134/2025 expand the rules: identification and verification of the customer, beneficial owner identification, ongoing monitoring, EDD for high-risk situations including PEPs, and SDD only where the documented risk is genuinely low. The Implementation Guide for DNFBPs on Customer Due Diligence (CDD), November 2024 and Circular No. (6) of 2025 on Risk-Based CDD with a Focus on Simplified Due Diligence guide application across DNFBP sectors.

Beneficial owner identification and reporting

Articles 4 to 8 of Cabinet Resolution No. (109) of 2023 requires legal persons licensed or registered in the UAE (excluding wholly Government-owned companies and entities in financial free zones) to disclose their real beneficiary information to the Registrar, maintain a Real Beneficiary Register and a Partners or Shareholders Register, and notify changes within 15 days. Failures attract administrative fines under Cabinet Resolution No. (132) of 2023, with a three-strike escalation that can include suspension of the commercial licence and closure of the commercial store.

Targeted financial sanctions (TFS) screening

Article 19(1)(e) of FDL 10/2025 requires DNFBPs to implement, without delay, the instructions of the Executive Office for Control and Non-Proliferation (EOCN) and other competent authorities on TFS. Cabinet Decision No. (74) of 2020 governs the UAE Local Terrorist List and the implementation of UN Security Council resolutions on terrorism and the proliferation of weapons of mass destruction. DNFBPs must subscribe to the EOCN’s Notification Alert System (NAS) and the Automatic Reporting System (ARS), screen customers and counterparties pre-transaction and on an ongoing basis, and freeze and report matches without delay. The duty to screen and act applies before any transaction is executed.

Suspicious transaction reporting via goAML

Article 19(1)(d) of FDL 10/2025 requires DNFBPs to establish internal policies, controls and procedures approved by senior management, applied to all branches and majority-owned subsidiaries, and reviewed continuously. Section 7 of the September 2025 AML/CFT Guidelines for DNFBPs prescribes a designated Compliance Officer, staff training and screening, group oversight, an independent audit function and senior-management responsibility, with proportionality for resource-limited DNFBPs.

Internal policies, governance and training

Article 18(1) of FDL 10/2025 requires DNFBPs that suspect, or have reasonable grounds to suspect, that a transaction or funds are linked to ML/TF/PF to notify the FIU without delay through the goAML portal with all available data. Article 18(2) carves out a narrow professional-secrecy exception for lawyers, notaries, other legal professionals and independent legal auditors where the information was obtained under circumstances of professional secrecy. Tipping off the customer or third parties is prohibited under Article 24 and carries criminal penalties under Article 29 (imprisonment and a minimum AED 50,000 fine).

Record-keeping and licensing

Article 19(1)(f) of FDL 10/2025 obliges DNFBPs to retain transaction records, CDD documentation and supporting data and ensure their immediate availability to competent authorities. Section 11 of the September 2025 DNFBP Guidelines confirms a minimum five-year retention period. Article 20 of FDL 10/2025 prohibits any natural or legal person from carrying on DNFBP activities without a licence, registration or enrolment from the competent authority or relevant Supervisory Authority; breach is a criminal offence under Article 32, punishable by imprisonment and a fine of AED 200,000 to AED 10,000,000.

Penalties for non-compliance

Article 17 of FDL 10/2025 empowers Supervisory Authorities to impose administrative penalties on DNFBPs ranging from a written warning to a fine of AED 10,000 to AED 5,000,000 per violation, restriction of board powers, suspension of personnel, suspension or restriction of activity and revocation of licence. Recurrence within one year may attract incremental fines, and penalties may be published. The Unified List of Violations and Administrative Fines under Cabinet Resolution No. (71) of 2024 sets the violation-by-violation tariff for DNFBPs supervised by MoET and MoJ. Criminal penalties under Articles 26, 28, 29, 32, 33 and 35 of FDL 10/2025 apply on top, with imprisonment and fines from AED 10,000 up to AED 100,000,000 for legal persons convicted of ML, TF or PF.

Build a defensible AML programme that meets all eight core obligations

Our team designs and operates end-to-end AML programmes for UAE DNFBPs, from CDD and goAML setup to staff training, risk assessment and supervisory inspection readiness.

AML Legal Framework Applicable to DNFBPs in UAE

The legal and regulatory framework that governs DNFBPs in the UAE has four layers: (1) the federal AML statute and its executive regulations; (2) overarching guidance issued by the Executive Office for Control and Non-Proliferation (EOCN), the FIU and the Anti-Money Laundering Department of the Ministry of Foreign Affairs and International Cooperation; (3) the National Risk Assessment and supervisory risk reports; and (4) DNFBP-wide guidance and circulars issued by the Ministry of Economy and Tourism (MoET).

How the framework is layered for DNFBPs

Four layers, working from federal statute down to DNFBP-wide guidance.

1. Federal AML laws and Executive Regulations applicable to DNFBPs in UAE

2. Overarching AML guidance applicable to all reporting entities

3. National Risk Assessment, SRA and other important guidelines for DNFBPs

4. DNFBP-wide guidance applicable across all DNFBP sectors

Federal AML Laws and Executive Regulations Applicable to DNFBPs in UAE

The federal layer sets the binding legal duties for every DNFBP. There are seven federal instruments to know.

Seven federal instruments that bind DNFBPs

The statutes and cabinet resolutions every DNFBP compliance officer should keep at hand.

1. FDL 10/2025 — federal AML/CFT/CPF statute (replacing FDL 20/2018)

2. FL 7/2014 — Combating Terrorism Crimes

3. CR 134/2025 — Executive Regulations of FDL 10/2025

4. CR 134/2025 — Executive Regulations of FDL 10/2025

5. CR 71/2024 — Unified Violations List for MoJ/MoE-supervised DNFBPs

6. CR 109/2023 — Beneficial Owner Procedures

7. CR 132/2023 — Administrative Penalties under CR 109/2023

Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing

FDL 10/2025 is the supreme AML statute in the UAE. It defines DNFBPs (Article 1 read with Article 3 of CR 134/2025), prescribes core obligations (Articles 18 to 20), grants Supervisory Authorities supervisory and inspection powers (Article 16), sets administrative penalties up to AED 5,000,000 per violation (Article 17), and prescribes criminal penalties for ML, TF and PF (Articles 26 to 35). Article 41 expressly repeals Federal Decree-Law No. (20) of 2018; existing executive regulations, resolutions and circulars issued under FDL 20/2018 remain effective only insofar as they do not conflict with FDL 10/2025, until superseded.

Federal Law No. (7) of 2014 Combating Terrorism Crimes

FL 7/2014 defines terrorist acts, terrorist purposes, terrorist organisations and terrorist offences, and is the predicate criminal regime cross-referenced by FDL 10/2025 for the financing of terrorism. DNFBPs encountering customers, transactions or counterparties on UAE Local Terrorist Lists must apply CD 74/2020 measures and report immediately to the FIU.

Cabinet Resolution No. (134) of 2025 Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025

CR 134/2025 is the operative rulebook. Article 3 designates the six DNFBP categories and the gaming-AED 11,000 and DPMS-AED 55,000 thresholds. Articles 5 to 17 set the rules for risk assessment, CDD, beneficial owner identification, EDD, PEPs, ongoing monitoring, reliance on third parties, and the conditions for SDD. Articles 18 to 32 cover STR procedures, group-wide AML programmes, training, audit, record-keeping and the conditions on TFS implementation.

Cabinet Decision No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions

CD 74/2020 governs the UAE Local Terrorist List and the operational implementation of UNSCR 1267 / 1989, 1988, 1718 (DPRK) and other targeted sanctions resolutions. DNFBPs must screen against the consolidated lists communicated by the EOCN, freeze without delay any matched funds, and report matches to the EOCN and the FIU.

Cabinet Resolution No. (71) of 2024 Regulating Violations and Administrative Penalties for DNFBPs Subject to MoJ and MoE Supervision

CR 71/2024 is the Unified List of Violations and Administrative Fines for DNFBPs supervised by the Ministry of Justice and the Ministry of Economy. It replaces Cabinet Resolution No. (16) of 2021. The schedule sets specific fine ranges for failures of internal policies, CDD, beneficial owner procedures, sanctions screening, STR filing and record-keeping, with the right to double a fine on repeat violation (Article 5(2)).

Cabinet Resolution No. (109) of 2023 On Regulating the Beneficial Owner Procedures

CR 109/2023 sets the federal beneficial owner regime that applies to legal persons licensed or registered in the UAE (excluding wholly Government-owned companies and entities in financial free zones). Article 5 sets the test for who is a real beneficiary (25 percent ownership or ultimate effective control) and Articles 6 to 8 prescribe the Real Beneficiary Register, the Partners or Shareholders Register and the obligation to notify changes within 15 days.

Cabinet Resolution No. (132) of 2023 Concerning Administrative Penalties under CR 109/2023

CR 132/2023 attaches a tariff of administrative fines to violations of CR 109/2023, with an annexed schedule of fine amounts and a three-strike escalation that empowers the Registrar to suspend the commercial licence and close the commercial store of a violating legal person until the violation is corrected and the fine paid (Article 3).

AML Guidance Applicable to All Reporting Entities

These EOCN, FIU and AMLD publications are written for all reporting entities (FIs, DNFBPs and VASPs) and bind DNFBPs as a matter of supervisory expectation. There are 13 documents to be aware of.

Thirteen overarching guidance publications

Cross-sector EOCN, FIU and AMLD instruments that DNFBPs must apply.

1. EOCN TFS Guidance for FIs, DNFBPs, VASPs (March 2026)

2. FIU Strategic Analysis Report on Terrorist Financing (May 2025)

3. Strategic Review on TFS Case Studies (April 2024)

4. Strategic Review on TFS Case Studies (April 2024)

5. Terrorist and Proliferation Financing Red Flags Guidance (December 2023)

6. Terrorist and Proliferation Financing Red Flags Guidance (December 2023)

7. Counter Proliferation Financing Guidance for FIs/DNFBPs/VASPs (November 2022)

8. Joint Guidance on Satisfactory and Unsatisfactory Practice (June 2021)

9. Typologies on TFS Circumvention (March 2021)

10. Guideline on Grievance Procedures

11. Guideline on Grievance Procedures

12. Combating Proliferation Financing and Sanctions Evasion

13. Simple Guide to Subscribe to the EOCN NAS

Guidance on Targeted Financial Sanctions for FIs, DNFBPs and VASPs (EOCN, last amended March 2026)

The EOCN’s TFS Guidance is the principal operational manual for sanctions compliance. It prescribes the duty to subscribe to the NAS, the workflow for screening and freezing, the immediate reporting obligation to the EOCN and the FIU, treatment of partial matches and false positives, communication with customers under the no-tipping-off rule, and unfreezing on de-listing. DNFBPs must align internal policies, screening tools and CDD records to this guidance

FIU Strategic Analysis Report on Terrorist Financing — May 2025

The UAEFIU’s Strategic Analysis Report on terrorist financing typologies and facilitators sets out current TF typologies, indicator clusters and case observations relevant to UAE DNFBPs. It informs DNFBP risk-assessment scenarios and STR-quality expectations.

Strategic Review on Targeted Financial Sanctions Case Studies (EOCN, April 2024)

The Strategic Review for the private sector (IEC-SR 01 22v2) presents anonymised TFS case studies covering 2019 to 2021, drawing common breakdown points and supervisory expectations. DNFBPs should benchmark internal screening practice against the case studies and self-assess against satisfactory and unsatisfactory practice indicators.

Proliferation Finance Institutional Risk Assessment Guidance for FIs, DNFBPs and VASPs (EOCN, December 2023)

This guidance walks DNFBPs through the steps of an institutional PF risk assessment: identifying inherent PF risk (customer, geography, product, channel), assessing residual risk after mitigation, documenting controls and reporting findings. It supports the obligations under FDL 10/2025 Article 19(1)(a) and CR 134/2025 Article 5.

Terrorist and Proliferation Financing Red Flags Guidance (EOCN, updated December 2023)

This document lists indicators for TF and PF specific to the UAE economy, including red flags relevant to DNFBP touchpoints such as cash-intensive trade, shell companies, dual-use goods and high-risk geographies. It is the reference list for tagging customer behaviours during CDD and ongoing monitoring.

Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE (CBUAE/EOCN/FIU, November 2023)

Although directed at FIs and VASPs, this guidance binds DNFBPs that interact with virtual-asset payments. It explains how to detect interactions with unlicensed VA providers, the duty to refuse such transactions, and the STR-filing expectations.

Guidance on Counter Proliferation Financing for FIs, DNFBPs and VASPs (EOCN, November 2022)

The original CPF Guidance (PF.01.22) sets the foundational definitions of WMD, PF and dual-use goods and prescribes minimum CPF measures, including BO transparency, sanctions screening and trade-financing red flags.

Joint Guidance on Satisfactory and Unsatisfactory Practice (June 2021)

Issued jointly by the AML/CFT Supervisory Authorities, this guidance illustrates supervisory expectations through paired examples of satisfactory and unsatisfactory practice across CDD, screening, STR filing, governance and training. DNFBPs benefit by mapping internal procedures against the satisfactory column.

Typologies on the Circumvention of Targeted Sanctions against Terrorism and the Proliferation of Weapons of Mass Destruction (March 2021)

The TFS Typology Paper documents common circumvention techniques, including the use of front companies, nominee shareholders and trade-based laundering. DNFBPs use it to design typology-based monitoring rules and EDD checklists.

Guideline on Grievance Procedures (EOCN)

The Guideline on Grievance Procedures sets out the channel and timing for designated persons or third parties to challenge a TFS designation or sanctions match. DNFBPs should be ready to assist customers procedurally without breaching the no-tipping-off rules.

Online Grievance System User Guide (EOCN)

The User Guide is the operational manual for filing a TFS grievance through the EOCN’s online portal. DNFBPs should retain the link in their compliance manuals for customers who wish to challenge a designation.

Combating Proliferation Financing and Sanctions Evasion (EOCN)

This awareness publication summarises WMD definitions, PF mechanics and sanctions-evasion techniques. It is widely used in DNFBP staff training programmes.

Simple Guide to Subscribe to the EOCN Notification Alert System (NAS)

The Simple Guide explains how to register for the EOCN NAS to receive UN and Local list updates via email. NAS registration is the front-line operational requirement for sanctions compliance and is the practical means of complying with the immediacy duty under FDL 10/2025 Article 19(1)(e).

NRA, SRA, and Other Important Guidelines Applicable to DNFBPs Sector

This layer is the national risk evidence base. DNFBPs must align their business-wide risk assessments with NRA findings.

UAE ML/TF National Risk Assessment — 2024

The UAE National ML/TF Risk Assessment 2024 (issued by the National Anti-Money Laundering and Combatting Financing of Terrorism Committee) sets the benchmark for residual ML/TF/PF risk by sector. For DNFBPs, the NRA assesses real estate as High residual ML risk, DPMS as Medium-High, TCSPs as Medium, accounting and audit as Medium-Low, and the legal-professionals sector as Medium-Low. It also notes the establishment of the General Commercial Gaming Regulatory Authority (GCGRA) in September 2023. Every DNFBP must read the NRA findings into its own business-wide risk assessment, as required by Circular No. (4) of 2025 and the November 2024 Implementation Guide on CRA.

DNFBP Sector-Specific Guidance Applicable Across All DNFBP Sectors

These ten MoET publications form the DNFBP-wide baseline that every DNFBP, regardless of sector, must observe alongside any sector-specific instruments.

Ten DNFBP-wide MoET publications

MoET circulars and implementation guides that supplement the federal statute.

1. Circular No. (1) of 2026 — High-Risk Country List update

2. AML/CFT Guidelines for DNFBPs (September 2025)

3. Circular No. (3) of 2025 — Sanctions and terrorist list screening

4. Circular No. (3) of 2025 — Sanctions and terrorist list screening )

5. Circular No. (3) of 2025 — Sanctions and terrorist list screening

6. Circular No. (7) of 2025 — Re-imposition of UN Iran sanctions (UNSCR 1737)

7. Circular No. (8) of 2025 — High-Risk Country List update

8. Implementation Guide on CRA (November 2024)

9. Implementation Guide on CDD (November 2024)

10. Circular No. (2) of 2022 — TFS under UNSCRs 1718 and 2231

Circular No. (1) of 2026 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

Issued 11 March 2026 (MOET/AML/001/2026), this circular updates the High-Risk Country and Increased-Monitoring lists used by DNFBPs in CDD and EDD decision-making, and prescribes the related counter-measures. DNFBPs must update screening rules and country-risk matrices accordingly.

AML/CFT Guidelines for Designated Non-Financial Businesses and Professions — September 2025

The September 2025 DNFBP Guidelines (76 pages) are the consolidated MoET handbook for DNFBPs. They cover the legislative and regulatory framework, statutory obligations, governance, risk-based approach, business-wide risk assessment, CDD/SDD/EDD, ongoing monitoring, STR procedures, record-keeping and the supervisory map (MoET, MoJ, DFSA, FSRA). The Guidelines apply alongside any sector-specific MoET supplemental guidance.

Circular No. (3) of 2025 on Emphasising the Importance of Sanctions and Terrorist List Screening

Issued 19 March 2025 (MOEC/AML/003/2025), this circular re-emphasises the duty to screen all customers and counterparties against UN, UAE and other applicable sanctions lists in real time, with documented evidence of screening at onboarding and on an ongoing basis.

Circular No. (4) of 2025 on Understanding the Importance of the UAE 2024 National Risk Assessment

Issued 9 June 2025 (MOEC/AML/004/2025), this circular tells DNFBPs how to align internal business-wide risk assessments with the 2024 NRA findings. It is supplemented by the MoE’s NRA 2024 Practical Guide for DNFBPs.

Circular No. (6) of 2025 on Emphasising the Implementation of Risk-Based Customer Due Diligence Measures (with a Focus on Simplified Due Diligence)

Issued 5 August 2025 (MOET/AML/6/2025), this circular reinforces the conditions on SDD: SDD is permitted only where the documented risk is genuinely low and may not be applied where TFS, sanctions or higher-risk indicators are present. It also reaffirms that EDD is mandatory for high-risk customers, PEPs and high-risk jurisdictions.

Circular No. (7) of 2025 Regarding the Re-Imposition of United Nations Sanctions Related to Iran Pursuant to UNSCR 1737 (2006) and Subsequent Resolutions

Issued 19 December 2025 (MOET/AML/007/2025), this circular communicates the re-imposition of UN sanctions related to Iran, with operational guidance on screening, freezing and reporting. DNFBPs must reassess Iran-linked customers, beneficial owners and counterparties immediately.

Circular No. (8) of 2025 on Updating the Lists of High-Risk Countries, Countries Subject to Increased Monitoring, and Related Measures

Issued 25 December 2025 (MOET/AML/008/2025), this circular updates the high-risk country list and the increased-monitoring list communicated to DNFBPs, and prescribes the related counter-measures to be applied in CDD and EDD.

Implementation Guide for DNFBPs on Customer Risk Assessment (CRA) — November 2024

This MoE Implementation Guide on CRA (Version 0.3.1.1) sets the methodology for assessing client, geographic, product, channel and transaction risk. It is the practical companion to FDL 10/2025 Article 19(1)(a) and CR 134/2025 Article 5, and must be read with the September 2025 DNFBP Guidelines.

Implementation Guide for DNFBPs on Customer Due Diligence (CDD) — November 2024

This MoE Implementation Guide on CDD (Version 0.3.2.1) explains how DNFBPs apply CDD, SDD and EDD measures, including the KYC stage, identification and verification of natural and legal persons, identification of beneficial owners and ongoing monitoring. It supports CR 134/2025 Articles 6 to 17.

Circular No. (2) of 2022 regarding Implementation of Targeted Financial Sanctions (TFS) on UNSCRs 1718 (2006) and 2231 (2015)

Issued 31 March 2022, this circular sets the TFS implementation rules for the UNSCR 1718 (DPRK) and UNSCR 2231 (Iran nuclear) regimes. Although issued under FDL 20/2018, it remains in force pursuant to the saving in Article 41(3) of FDL 10/2025 insofar as it does not conflict with FDL 10/2025.

Map your DNFBP obligations to the right circular and guideline

AML UAE maintains a current matrix of every DNFBP obligation against its source instrument and its supervisor. We translate this into your firm's policies, procedures and inspection-readiness pack.

DNFBP Sector Guides

Each DNFBP sector has its own dedicated guide on amluae.com. The cards below summarise the scope and supervisor; click through for the full sector article.

Six DNFBP sector guides

One card per DNFBP sector, with the supervising authority noted.

1. TCSPs — supervised by MoET

2. Accountants and auditors — supervised by MoET

3. Lawyers, notaries and legal professionals — supervised by MoJ

4. Lawyers, notaries and legal professionals — supervised by MoJ

5. Dealers in precious metals and stones — supervised by MoET

6. Commercial gaming operators — supervised by GCGRA

MoET Circular No. (4) of 2021

Supervisor: Ministry of Economy and Tourism (MoET). Company and trust service providers fall within DNFBPs under Article 3(5) of CR 134/2025 when they incorporate legal persons, act as directors or secretaries, provide a registered office, act as trustees of an express trust or act as nominee shareholders for customers. Read the full guide: AML regulations for TCSPs in UAE.

AML Regulations for Accountants and Auditors in UAE

Supervisor: Ministry of Economy and Tourism (MoET). Independent accountants and auditors are DNFBPs under Article 3(4) of CR 134/2025 when they prepare, conduct or execute financial transactions for a customer in relation to real estate, fund management, account management, company contributions or the establishment, operation or sale of legal persons. Read the full guide: AML regulations for accountants and auditors in UAE.

AML Regulations for Lawyers, Notaries, and Other Legal Professionals in UAE

Supervisor: Ministry of Justice (MoJ). Lawyers, notaries and other independent legal professionals are DNFBPs under Article 3(4) of CR 134/2025 for the same five trigger activities, with a narrow professional-secrecy carve-out from STR filing under Article 18(2) of FDL 10/2025; MoJ supervises this sector on the mainland. Read the full guide: AML regulations for lawyers, notaries and legal professionals in UAE.

AML Regulations for Real Estate Agents and Brokers in UAE

Supervisor: Ministry of Economy and Tourism (MoET). Real estate brokers and agents are DNFBPs under Article 3(2) of CR 134/2025 when they conclude transactions or settlements for a customer in relation to the purchase or sale of real estate; the NRA 2024 rates this sector High residual ML risk on the mainland and in commercial free zones. Read the full guide: AML regulations for real estate agents in UAE.

AML Regulations for Dealers in Precious Metals and Stones (DPMS) in UAE

Supervisor: Ministry of Economy and Tourism (MoET). Dealers in valuable metals and precious stones are DNFBPs under Article 3(3) of CR 134/2025 when carrying out single or linked cash transactions equal to or exceeding AED 55,000; the NRA 2024 rates the sector Medium-High residual ML risk. Read the full guide: AML regulations for DPMS in UAE.

AML Regulations for Commercial Gaming Operators in UAE

Supervisor: General Commercial Gaming Regulatory Authority (GCGRA). Commercial gaming operators are DNFBPs under Article 3(1) of CR 134/2025 for single or linked financial transactions equal to or exceeding AED 11,000 (gaming chips alone do not count); GCGRA was established in September 2023 and licenses, regulates and supervises commercial gaming activity in the UAE. Read the full guide: AML regulations for commercial gaming operators in UAE.

Conclusion

AML regulations for DNFBPs in UAE are anchored in a single federal statute, FDL 10/2025, supplemented by Cabinet Resolution 134/2025 and a layered set of overarching guidance, the National Risk Assessment, and DNFBP-wide MoET circulars and implementation guides. Six DNFBP categories are in scope, supervised by MoET (real estate, DPMS, TCSPs, accountants and auditors), MoJ (lawyers, notaries and other legal professionals) or GCGRA (commercial gaming operators). The core AML obligations, business-wide risk assessment, CDD/SDD/EDD, beneficial owner identification, sanctions screening, goAML reporting, governance, training and record-keeping, are the same across sectors; the sector guides linked below detail how each obligation translates into sector practice.

THE SINGLE LEGAL TEST FOR DNFBP SCOPE

If your business carries out one or more activities listed in Article 3 of Cabinet Resolution 134 of 2025, you are a DNFBP and the full federal AML framework applies. Free-zone status does not exclude you, although DIFC and ADGM businesses are operationally supervised by DFSA and ADGM RA respectively.

FAQs

A DNFBP is a Designated Non-Financial Business or Profession listed in Article 3 of Cabinet Resolution No. (134) of 2025 (the Executive Regulations of FDL 10/2025). Six categories qualify: commercial gaming operators (AED 11,000 threshold); real estate brokers and agents; dealers in valuable metals and precious stones (AED 55,000 cash threshold); lawyers, notaries, other independent legal professionals and independent accountants when carrying out specified financial transactions; company and trust service providers (TCSPs); and any other category added by Supervisory Authority resolution.

Three federal authorities supervise DNFBPs on the mainland and in commercial free zones: the Ministry of Economy and Tourism (MoET) supervises accountants, auditors, TCSPs, dealers in precious metals and stones and real estate brokers and agents; the Ministry of Justice (MoJ) supervises lawyers, notaries and other legal professionals; and the General Commercial Gaming Regulatory Authority (GCGRA) supervises commercial gaming operators. The Dubai Financial Services Authority (DFSA) and the Registration Authority (RA) supervise DNFBPs operating in the DIFC and ADGM, respectively.

Yes for the federal layer. Every DNFBP is bound by FDL 10/2025, CR 134/2025 and the same DNFBP-wide MoET guidance and circulars. The core obligations, business-wide risk assessment, CDD, beneficial owner identification, sanctions screening, goAML reporting, internal policies, training and record-keeping, are the same. Sector-specific MoET supplemental guidance and the September 2025 DNFBP Guidelines layer on top, calibrated to each sector’s typical customer types and risk drivers.

All six DNFBP categories warrant a dedicated guide because their CDD trigger activities, customer types and risk profiles diverge. amluae.com publishes individual sector guides for TCSPs, accountants and auditors, lawyers/notaries/legal professionals, real estate agents and brokers, dealers in precious metals and stones, and commercial gaming operators. Each guide explains the sector-specific MoET or MoJ supplemental guidance, registration, goAML enrolment and the typical inspection focus.

Federal Decree-Law No. (10) of 2025 applies across the entire UAE, including the Dubai International Financial Centre and the Abu Dhabi Global Market. The federal AML statute therefore binds DNFBPs in DIFC and ADGM. The difference is operational: in DIFC, the Dubai Financial Services Authority (DFSA) supervises and applies its own AML Module; in ADGM, the Regulatory Authority (RA) supervises and applies its AML and Sanctions Rulebook. For full operational guidance, see our dedicated ADGM and DIFC pages.

Under Article 17(1)(b) of Federal Decree-Law No. (10) of 2025, a Supervisory Authority can impose an administrative fine of not less than AED 10,000 and not exceeding AED 5,000,000 for each violation, alongside warnings, restriction of board powers, suspension of personnel, suspension of activity and revocation of licence. Repeat violations within one year may attract incremental fines. The Unified List under Cabinet Resolution No. (71) of 2024 sets the violation-by-violation tariff for MoJ- and MoE-supervised DNFBPs, and Cabinet Resolution No. (132) of 2023 sets the BO-specific tariff with a three-strike escalation that can include suspension of the commercial licence.

Talk to AML UAE about your DNFBP obligations

Whether you are a real estate broker, gold dealer, accounting firm, law firm, TCSP or licensed gaming operator, we will help you build, run and defend a compliant AML programme.

Legal disclaimer: This guide is for general information only and reflects publicly available UAE law and guidance current as of 18 April 2026. It is not legal advice. AML/CFT/CPF obligations depend on specific facts and the supervisory authority for your business. Consult AML UAE for tailored advice.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Local Terrorist List

Pathik Shah

Last Updated: 04/22/2026

Protect your business with reliable and effective AML strategies with AML UAE.

Local Terrorist List: Compliance Guide for FIs, DNFBPs and VASPs

Quick Overview

The UAE Local Terrorist List is the national list of designated terrorist individuals, entities and groups issued by the UAE Cabinet on the proposal of the Supreme Council for National Security, in accordance with UNSCR 1373 (2001), Federal Law No. 7 of 2014 and Cabinet Decision No. 74 of 2020. Financial institutions, DNFBPs and VASPs in the UAE must screen customers, potential customers, beneficial owners and transactions against the UAE Local Terrorist List on an ongoing and risk-based basis, freeze any funds and prohibit services without delay (within 24 hours of designation), notify the Supervisory Authority and the Executive Office within two business days, and file a Confirmed Name Match Report (CNMR) or Partial Name Match Report (PNMR) through goAML within five business days.

Sources : This article draws on the UAE Executive Office for Control and Non-Proliferation (EOCN) ‘UN page’ and TFS Guidance, Cabinet Decision No. 74 of 2020, Federal Law No. 7 of 2014 (as amended by Federal Law No. 4 of 2024), Federal Decree-Law No. 10 of 2025, and Cabinet Resolution No. 134 of 2025.

Key Takeaways for UAE Regulated Entities

The UAE Local Terrorist List is the UAE’s domestic terrorist list, distinct from the UN Consolidated List, but both are part of the UAE TFS framework that Reporting Entities must screen and implement.
It is issued by the UAE Cabinet on the proposal of the Supreme Council for National Security (SCNS), in accordance with UNSCR 1373 (2001) and Article 63(1) of Federal Law No. 7 of 2014.
The operational TFS framework is set by Cabinet Decision No. 74 of 2020, which treats the UAE Local Terrorist List and the UN Consolidated List together as the ‘Sanctions Lists’ that Reporting Entities must screen against.
Reporting Entities must register with the Executive Office and goAML, screen on an ongoing basis, freeze within 24 hours of designation, and report through CNMR, PNMR and STR/SAR workflows.
Non-compliance can attract criminal penalties under Article 33 of Federal Decree-Law No. 10 of 2025 (imprisonment and a fine of not less than AED 20,000, or either penalty), administrative fines of AED 10,000 to AED 5 million per violation under Article 17, and corporate fines of up to AED 100 million for core offences.

What Is the UAE Local Terrorist List?

The UAE Local Terrorist List is the national sanctions list of individuals, entities and groups designated by the UAE Cabinet as terrorists, terrorist organisations or groups. It sits alongside the UN Consolidated List, and both are part of the UAE TFS framework that Reporting Entities must screen and implement under Cabinet Decision No. 74 of 2020.

The Local List is the UAE’s implementation of UNSCR 1373 (2001), which calls on every UN member state to identify and designate individuals, entities and groups suspected of, attempting to or committing terrorist acts, and to apply freezing measures to them. Unlike the UN Consolidated List, which is compiled by UNSC Sanctions Committees, the UAE Local Terrorist List is a purely domestic instrument.

UAE Local Terrorist List vs UN Consolidated List

Feature	UAE Local Terrorist List	UN Consolidated List
Legal Basis	UNSCR 1373 (2001); Federal Law No. 7 of 2014 (Article 63(1)); Cabinet Decision No. 74 of 2020.	UNSCRs adopted under Chapter VII of the UN Charter (for example, 1267/1989/2253, 1988, 1718).
Designating Authority	UAE Cabinet, on the proposal of the Supreme Council for National Security (SCNS).	UNSC and its Sanctions Committees.
Scope	Domestic: individuals, entities and groups meeting the UNSCR 1373 designation criteria.	International: persons and entities linked to specified UN sanctions regimes.
Where Published	EOCN website (PDF and Excel) and the UAE Official Gazette.	Official UNSC website; circulated by the EOCN in the UAE.
UAE TFS Obligation	Yes, under Cabinet Decision No. 74 of 2020.	Yes, under Cabinet Decision No. 74 of 2020.

Legal Framework Behind the UAE Local Terrorist List

The Local Terrorist List operates within a layered legal framework combining counter-terrorism law, AML/CFT/CPF law and sanctions-implementation regulations.

UNSCR 1373 (2001) is the international anchor, obliging every UN member state to prevent and suppress the financing of terrorist acts, criminalise terrorist financing and apply freezing measures to designated persons.
Federal Law No. 7 of 2014 on Combating Terrorism Offences (as amended by Federal Law No. 4 of 2024) is the UAE’s core counter-terrorism law. Article 63(1) empowers the Cabinet to issue and maintain the Local Terrorist List.
Cabinet Decision No. 74 of 2020 on the Terrorism Lists Regulation and the Implementation of UN Security Council Resolutions sets out how TFS must be applied to persons designated on the Local Terrorist List and the UN Consolidated List.
Federal Decree-Law No. 10 of 2025 on Combating Money Laundering, the Financing of Terrorism and the Financing of Proliferation (effective 14 October 2025) provides the broader AML/CFT/CPF legal framework, including expanded offences, stricter supervisory powers and enhanced penalties.
Cabinet Resolution No. 134 of 2025 provides the Executive Regulations to the 2025 AML Law and replaced Cabinet Decision No. 10 of 2019 with effect from 14 December 2025.
EOCN Guidance on Targeted Financial Sanctions (updated July 2025) sets the operational expectations for screening, freezing and goAML reporting by Reporting Entities.

Accessing the UAE Local Terrorist List

Reporting Entities should treat the EOCN as the single authoritative source for the current UAE Local Terrorist List. Reliance on third-party or vendor screening lists alone is not sufficient.

Where the List Is Published

The current UAE Local Terrorist List is published on the EOCN website (www.uaeiec.gov.ae), in PDF and Excel formats, and is accessible from the Sanctions Implementation webpage.
The UN Consolidated List is published on the official UNSC website and is circulated in the UAE by the EOCN alongside Local List updates.
Listing and de-listing decisions for the Local Terrorist List are also published through the UAE Official Gazette.

Subscribing to Updates via the EOCN Notification Alert System

Reporting Entities are required, under Article 21 of Cabinet Decision No. 74 of 2020, to register on the EOCN Notification Alert System (NAS) to receive automated email notifications of new listings, re-listings, updates and de-listings for the Local Terrorist List and the UN Consolidated List. This registration is separate from goAML registration and is essential to enable immediate re-screening when the lists change.

Vendor Screening Tools Are Not a Substitute

Many Reporting Entities rely on third-party vendor lists for sanctions screening. CBUAE guidance is clear that such external services are useful but should not be viewed as an absolute guarantee of compliance. It is the Reporting Entity’s responsibility to undertake due diligence on vendors and to ensure that vendor lists fully reflect the current UAE Local Terrorist List and UN Consolidated List as published by the EOCN and the UNSC. Where there is any discrepancy, the official EOCN and UNSC sources take precedence.

How Designations Are Made on the UAE Local Terrorist List

The Local Terrorist List is maintained through a defined proposal-and-approval process described in Cabinet Decision No. 74 of 2020 and the EOCN ‘UN page’. The Supreme Council for National Security acts as the national designating authority at the proposal stage, and the UAE Cabinet acts as the approving authority.

Step-by-Step Designation Process

Step	Actor	Action
1	Supreme Council for National Security (SCNS)	The SCNS collects information on a proposed designee from law enforcement authorities and other competent agencies, and assesses whether the person or organisation meets the designation criteria under UNSCR 1373 (2001).
2	SCNS	If the SCNS is satisfied that there are reasonable grounds to believe the designation criteria are met, it proposes the designation, with or without prior notice, and irrespective of whether criminal proceedings exist.
3	UAE Cabinet	The Cabinet considers the proposal and, if approved, issues a resolution designating the individual, entity or group on the Local Terrorist List.
4	Executive Office (EOCN)	The Executive Office publishes the updated Local Terrorist List on the EOCN website, circulates the update via the Notification Alert System, and coordinates implementation with Supervisory Authorities.
5	Reporting Entities	FIs, DNFBPs and VASPs immediately screen customers, beneficial owners and transactions against the update, freeze any match within 24 hours, notify the Supervisory Authority and the Executive Office within two business days, and file the relevant CNMR or PNMR through goAML within five business days.

Foreign-Origin and Outgoing Requests

Foreign-originating requests: A foreign country may request the SCNS to include an individual, entity or group on the Local Terrorist List where the proposed designee meets the UNSCR 1373 designation criteria. The SCNS assesses the request and, if satisfied, presents it to the UAE Cabinet for consideration.

Outgoing requests: The SCNS may unilaterally request another state to designate or apply freezing measures to an individual or entity that meets the UNSCR 1373 designation criteria, communicating through diplomatic or approved security channels. It may also propose designations to the UN Sanctions Committees under UNSCRs 1267, 1988, 1989, 2253 and others.

Supporting Information in a Listing Proposal

A Local List designation proposal typically includes:

Specific information that establishes links between the proposed designee and terrorist individuals, entities, groups or activities, or otherwise establishes that the proposed designee meets the UNSCR 1373 designation criteria.
Evidence or documents supporting the proposal, such as reports of law enforcement authorities, intelligence agencies, the judiciary or other competent bodies.
Personal and identifying information sufficient to enable accurate identification of the proposed designee.
Data on assets, activities, affiliations and other factors relevant to determining the scope of TFS measures to be applied.

Periodic Review and De-Listing of the UAE Local Terrorist List

The SCNS conducts periodic reviews of the Local Terrorist List in coordination with the Ministry of Justice and based on information from law enforcement authorities and other relevant UAE agencies. If the SCNS considers that there are no longer reasonable grounds to believe that a listed individual, entity or group meets the designation criteria, it proposes de-listing.

De-listing takes effect only after the UAE Cabinet approves the SCNS proposal. Once de-listing is announced, the obligation to freeze funds and prohibit services in relation to that person ceases, and Reporting Entities may lift freezing measures only once they have verified the de-listing through the EOCN’s official channels.

Grievances Against Listing

Cabinet Decision No. 74 of 2020 provides mechanisms for listed persons and affected third parties to seek redress.

Grievance against a Local List designation: A listed individual or entity, their legal representative, or any stakeholder may submit a written application for grievance to the Executive Office, accompanied by supporting documents. The Executive Office refers the application to the SCNS, which considers it in line with the relevant procedures.
Request by similarly-named persons: Any individual or entity with a name identical or similar to a listed name, and any person adversely affected by a freezing measure, may submit a written application to the Executive Office for de-freezing or cancellation of the measure. The Supreme Council is required to issue its decision within 30 days of receipt.
Use of frozen funds: Listed persons or their legal representatives may apply through the Executive Office for permission to use part of the frozen funds for necessary or basic expenses (for example, food, rent, mortgage, medicine, education or legal fees), subject to Ministry of Justice approval and Supreme Council coordination.

TFS Obligations for FIs, DNFBPs and VASPs

Article 21 of Cabinet Decision No. 74 of 2020 imposes four core TFS obligations on Reporting Entities. These apply to the UAE Local Terrorist List and the UN Consolidated List equally.

Obligation	Requirement
1. Register	Register on the EOCN Notification Alert System (NAS) to receive automated email notifications of listing, re-listing, updating and de-listing decisions on the Local Terrorist List and the UN Consolidated List. Register separately on goAML to file TFS reports.
2. Screen	Screen customers, potential customers, beneficial owners and transactions against the UAE Local Terrorist List and the UN Consolidated List on an ongoing and risk-based basis. This includes daily list checks, onboarding screening, transaction screening, periodic KYC review and immediate re-screening on any list update. Screening procedures must remain active on weekends and public holidays where business activity or access to funds is possible.
3. Freeze without delay	On a confirmed match, freeze all funds and assets owned or controlled, directly or indirectly, by the designated person, and prohibit the provision of funds or services. ‘Without delay’ is defined in Article 1 of Cabinet Decision 74 of 2020 as immediately, or in any case within 24 hours of the listing decision being issued. Institutions should preserve the freeze rather than closing the account, which would not comply with Cabinet Decision No. 74 of 2020.
4. Notify and Report	Notify the relevant Supervisory Authority and the Executive Office within two business days of taking any freezing measure or identifying an attempted transaction. File a Confirmed Name Match Report (CNMR) or Partial Name Match Report (PNMR) through goAML within five business days, as applicable, with all supporting documents.

Reporting Entities must also maintain written policies, procedures and internal controls tailored to their risk profile, deliver staff training to prevent tipping-off, and cooperate with the Executive Office and Supervisory Authorities.

UAE Local Terrorist List Screening Requirements

The EOCN’s TFS Guidance makes clear that screening is an ongoing and risk-based exercise, not a periodic tick-box check. In practice, Reporting Entities should embed Local Terrorist List screening into the following moments.

When to Screen

At onboarding: Screen every prospective customer, including connected parties such as directors, authorised signatories and ultimate beneficial owners, against the Local Terrorist List before establishing the business relationship.

Before processing transactions, Screen relevant transaction parties and counterparties (originators, beneficiaries, intermediaries) against the Local Terrorist List before executing the transaction.

On each list update: Immediately re-screen the full customer base and active transactions upon receiving any EOCN notification of a listing, re-listing, update or de-listing decision.

At periodic KYC review: Re-screen at each risk-based periodic review cycle, and upon any material change in customer profile, ownership, control or beneficial ownership.

On weekends and public holidays: Maintain procedures so that screening obligations and freezing measures continue even when normal business activity is reduced, but access to funds remains possible.

What to Screen

Customer databases, including dormant and closed accounts within any applicable retention period.
Potential customers undergoing due diligence.
Beneficial owners at each level of the ownership chain.
Directors, officers, authorised signatories, agents and other connected parties.
Transaction originators, beneficiaries, intermediaries and counterparties.
Virtual asset wallet addresses for VASP obligations.

Current or Former Customer Matches

The EOCN explicitly addresses what happens when a current or former customer is identified as a match. Where a confirmed match is found on an existing customer, the Reporting Entity must freeze all funds and stop providing financial or other services to the customer, and notify the relevant Supervisory Authority and the Executive Office.

Where a former customer or any past transaction is identified as involving a designated person, the Reporting Entity should apply the CNMR workflow in respect of any funds or obligations still under its control, document the historical relationship, and report through goAML as required.

CNMRs can also cover previous business relationships, transactions and accounts held prior to the designation, typically across a five-year timeframe.

Permitted Credits to Frozen Accounts

The EOCN explicitly confirms that frozen accounts may still receive certain credits without breaching the freezing obligation, provided the additions are themselves immediately frozen. These include:

Interest, profits or other earnings due on the account.
Payments due under contracts, agreements or obligations concluded or arising before the date on which the individual or legal entity was designated.

Where such credits occur, the Reporting Entity must immediately freeze the additions and notify the relevant Supervisory Authority and the Executive Office. This operational nuance allows institutions to comply with the freezing regime without breaching pre-existing contractual obligations to third parties.

Ownership, Control and Acting on Behalf of a Designated Person

Freezing obligations extend beyond directly listed persons. The EOCN’s ‘UN page’ makes clear that freezing measures apply to any entity directly or indirectly owned or controlled, wholly or jointly, by a designated individual, entity or group, and to any individual or entity acting on behalf of or at the direction of a designated person.

The EOCN’s published position on minority interests is explicit: Reporting Entities should apply freezing measures in cases where a designated person holds a minority interest, if there is evidence that the designated person exerts control over the legal entity despite owning a minority interest. A simple percentage threshold is therefore not a safe test on its own.

In practice, Reporting Entities should assess ownership, control and acting on behalf of together. The EOCN TFS Guidance sets out three tests to apply in combination:

Majority ownership: an entity is treated as owned where a designated person holds more than 50 per cent of the proprietary rights of the legal entity, directly or indirectly, or has a controlling interest in it.
Control (including where ownership is below 50 per cent): freezing measures also apply where a designated person exercises control through appointment or removal rights over the management body, majority voting rights under a shareholder agreement, a power of attorney, or other arrangements giving effective direction over the entity.
Acting on behalf of or at the direction of a designated person: includes authorised signatories, power-of-attorney holders, and representatives acting for a designated person.

In all cases, Reporting Entities should document their ownership and control analysis to demonstrate a defensible position to the Supervisory Authority.

Handling Matches: CNMR, PNMR and STR/SAR

The July 2025 EOCN Guidance distinguishes three reporting workflows that Reporting Entities must operate in parallel when handling Local Terrorist List matches.

Scenario	Required Action
Confirmed Name Match (CNMR)	A match with the UAE Local Terrorist List is confirmed after reviewing ID and supporting documents. Freeze without delay, reject or terminate any new or attempted relationship, preserve the freeze rather than closing the account (which would not comply with Cabinet Decision No. 74 of 2020), and submit a CNMR through goAML within five business days with all supporting documents.
Partial Name Match (PNMR)	A potential match with the Local Terrorist List cannot be conclusively confirmed or dismissed. The response depends on the scenario: existing customer, potential customer, or transaction in progress. For existing customers, suspend transactions and seek to resolve the match through ID and CDD documentation. For potential customers, reject the relationship if ID cannot confirm or dismiss the match within 10 business days. For transactions in progress, suspend and seek to resolve. In each scenario, submit a PNMR through goAML within five business days of the applicable trigger and follow the current EOCN PNMR workflow.
False Positive	On examination, the alert is determined not to be a match. No CNMR or PNMR is required. Reporting Entities should document the screening alert, the analysis performed and the rationale for discounting the match, for audit and supervisory review.
STR / SAR	A match with any unilateral or multilateral sanctions list outside the scope of Cabinet Decision No. 74 of 2020 (for example OFAC, UKHMT or EU), or suspicious activity that does not trigger a CNMR or PNMR. Consult the Supervisory Authority and file an STR or SAR with the UAE FIU through goAML.

Reporting Entities must not disclose to the customer or any third party (whether directly or indirectly) that a freezing measure has been applied or that a report has been filed. Tipping-off is a criminal offence under the UAE AML/CFT framework.

Common Mistakes in UAE Local Terrorist List Compliance

Supervisory Authorities and EOCN outreach have highlighted recurring failings in Reporting Entities’ handling of the Local Terrorist List.

Relying solely on third-party vendor lists without verifying that the vendor list fully reflects the current UAE Local Terrorist List.
Screening only the customer name and missing connected parties, such as directors, authorised signatories and ultimate beneficial owners.
Failing to re-screen the entire customer base immediately on receipt of an EOCN list update.
Closing the account of a designated customer instead of freezing it, which itself breaches Cabinet Decision No. 74 of 2020.
Tipping off the customer by returning funds, issuing closure notices or notifying them of the freeze.
Applying only a percentage-based ownership test, missing minority-interest control and ‘acting on behalf of’ triggers.
Late or inconsistent filing of CNMRs and PNMRs on goAML, including missing or incomplete supporting documents.
Inadequate weekend and public holiday procedures create gaps where access to funds continues, but screening does not.

Penalties for UAE Local Terrorist List Non-Compliance

Non-compliance with TFS obligations in relation to the UAE Local Terrorist List can attract criminal, administrative and civil consequences. Following the entry into force of Federal Decree-Law No. 10 of 2025 on 14 October 2025, the primary penalty framework for TFS violations now sits within the 2025 AML Law (which repealed Federal Decree-Law No. 20 of 2018 but left Cabinet Decision No. 74 of 2020 in force as the operational TFS instrument).

It is useful to distinguish two tiers of exposure. Tier 1 covers direct penalties for failure to implement TFS obligations. Tier 2 covers wider AML/CFT/CPF exposure that arises where the same facts also amount to terrorist financing, proliferation financing, tipping-off or other criminal offences.

Tier 1: Direct Penalties for Failing to Implement TFS Obligations

Criminal penalty for TFS violations — Article 33 of Federal Decree-Law No. 10 of 2025 provides that any person who violates the instructions issued by the Executive Office or any other Competent Authority related to Targeted Financial Sanctions shall be punished with imprisonment and a fine of not less than AED 20,000, or by either of these two penalties.

Administrative penalties — Article 17 of Federal Decree-Law No. 10 of 2025 empowers Supervisory Authorities to impose a range of administrative penalties on FIs, DNFBPs, VASPs and NPOs for any violation of the Decree-Law, its Executive Regulations or related decisions. The available sanctions are:

Warning.
Administrative fine of not less than AED 10,000 and not exceeding AED 5 million per violation.
Prohibition from engaging in the relevant sector for a period determined by the Supervisory Authority.
Restriction of the powers of board members, executives, supervisors, managers or owners proven responsible for the violation, including the appointment of a temporary supervisor.
Suspension, restriction, revocation or cancellation of the business licence.
Publication of the penalty.

Tier 2: Wider AML/CFT/CPF Exposure

Where the same conduct or surrounding facts also amount to a core criminal offence, significantly higher penalties may apply under the 2025 AML Law or other legislation. These are not automatic consequences of every TFS failure, but they may arise where a Reporting Entity’s conduct crosses into substantive criminality.

Corporate liability for core offences: Legal persons convicted of money laundering, terrorist financing or proliferation financing face fines of not less than AED 5 million and up to AED 100 million, or an amount equivalent to the value of the criminal property, whichever is greater. Lesser specified offences attract fines of AED 200,000 to AED 10 million.
Tipping-off: Article 29 of Federal Decree-Law No. 10 of 2025 covers both intentional and grossly negligent acts and introduces aggravated penalties where loss or destruction of criminal proceeds results.
Underlying terrorist offences: Federal Law No. 7 of 2014 on Combating Terrorism Offences (as amended by Federal Law No. 4 of 2024) imposes substantial penalties, including long-term and life imprisonment, for terrorist offences and the promotion of terrorism.
No statute of limitations: Article 37 of Federal Decree-Law No. 10 of 2025 removes the limitation period for money laundering, terrorist financing and proliferation financing offences.

Good Faith Protection

The UAE TFS framework protects Reporting Entities that act diligently and in good faith. Any person who, in good faith, freezes funds or other assets, or refuses to provide financial services to designated individuals, entities or groups in compliance with Cabinet Decision No. 74 of 2020, is exempt from damages or claims, including criminal, civil and administrative liability. This applies even where the freezing measure later turns out to have involved a false positive. The protection is important because it removes the legal risk that might otherwise discourage institutions from acting quickly and decisively on Local Terrorist List matches.

Wider Commercial Consequences

Loss of correspondent banking relationships, especially for financial institutions, can impede cross-border transactions.
Reputational damage that can outlast any regulatory penalty and affect customer acquisition, funding and counterparty relationships.
Enhanced regulatory scrutiny and follow-up inspections by the Supervisory Authority and the EOCN.

How AML UAE Helps with Local Terrorist List Compliance

AML UAE helps financial institutions, DNFBPs and VASPs build a sanctions compliance programme that treats the UAE Local Terrorist List as a primary screening priority, alongside the UN Consolidated List. Our support covers:

Sanctions screening framework: Designing and tuning name-screening and transaction-screening controls for the Local Terrorist List and other applicable lists, including ownership, control and ‘acting on behalf of’ analysis.
EOCN and goAML registration: Supporting registration with the Notification Alert System and goAML, and configuring internal alerting workflows.
Policies and playbooks: Drafting TFS policies, procedures and match-handling playbooks aligned with Cabinet Decision No. 74 of 2020, the 2025 AML/CFT framework and the July 2025 EOCN Guidance.
Staff training: Delivering role-based training on Local Terrorist List screening, match handling, tipping-off avoidance, and CNMR, PNMR and STR/SAR workflows.
Independent reviews and audit readiness: Reviewing the effectiveness of existing sanctions programmes, preparing documentation for supervisory inspection, and advising on remediation of control gaps.

FAQs on the UAE Local Terrorist List

The UAE Local Terrorist List is the national list of designated terrorist individuals, entities and groups, issued by the UAE Cabinet on the proposal of the Supreme Council for National Security under UNSCR 1373 (2001), Federal Law No. 7 of 2014 and Cabinet Decision No. 74 of 2020. It is distinct from the UN Consolidated List, but both are part of the UAE TFS framework and must be implemented by Reporting Entities.

The UAE Cabinet issues the Local Terrorist List on the proposal of the Supreme Council for National Security. The Executive Office for Control and Non-Proliferation (EOCN) publishes the list on its website and circulates updates through its Notification Alert System.

The current Local Terrorist List is available on the EOCN website (in PDF and Excel formats) and via the Notification Alert System. Reporting Entities must register with the NAS to receive automated email updates whenever the list changes.

The UN Consolidated List is compiled by UNSC Sanctions Committees under Chapter VII UNSCRs (such as 1267, 1988 and 1718) and applies globally. The UAE Local Terrorist List is a domestic list issued by the UAE Cabinet under UNSCR 1373 and applies within the UAE framework. Reporting Entities must screen against both.

Screening must be ongoing and risk-based. This includes daily list checks, onboarding screening, transaction screening, periodic KYC review, and immediate re-screening whenever the list is updated. Screening procedures must continue on weekends and public holidays where access to funds remains possible.

On a confirmed match, the Reporting Entity must freeze funds and prohibit the provision of services without delay (within 24 hours of designation), preserve the freeze rather than closing the account, notify the Supervisory Authority and the Executive Office within two business days, and file a CNMR through goAML within five business days. For a partial match, the response depends on whether it concerns an existing customer, potential customer or transaction in progress; in each case, the Reporting Entity should follow the current EOCN PNMR workflow and submit a PNMR through goAML within five business days of the relevant suspension or rejection event.

Yes. The Supreme Council for National Security conducts periodic reviews of the Local Terrorist List and, if it considers that the designation criteria are no longer met, proposes de-listing. De-listing takes effect only once the UAE Cabinet approves the proposal. Listed persons and affected third parties may also submit grievances to the Executive Office.

A listed person or their legal representative may submit a written application to the Executive Office for permission to use part of the frozen funds for necessary or basic expenses (food, rent, mortgage, medicine, medical treatment, insurance, education, legal and judicial fees, and public utility fees), subject to Ministry of Justice approval and Supreme Council coordination.

Yes. Virtual Asset Service Providers are Reporting Entities under Cabinet Decision No. 74 of 2020 and the 2025 AML/CFT framework, and must screen against the UAE Local Terrorist List and the UN Consolidated List, freeze without delay and file CNMRs or PNMRs through goAML.

Under Article 33 of Federal Decree-Law No. 10 of 2025, any person who violates the instructions of the Executive Office or other Competent Authority on Targeted Financial Sanctions is liable to imprisonment and a fine of not less than AED 20,000, or either penalty. Article 17 of the same Decree-Law empowers Supervisory Authorities to impose administrative penalties ranging from warnings to fines of AED 10,000 to AED 5 million per violation, prohibition from the sector, restriction of powers of responsible persons, and cancellation of the business licence. Legal persons convicted of core AML/CFT/CPF offences face fines of up to AED 100 million or the value of the criminal property, whichever is greater. Federal Law No. 7 of 2014 (as amended by Federal Law No. 4 of 2024) applies separately to underlying terrorist offences.

Yes. The UAE TFS framework expressly protects persons who act in good faith. Any person who, in good faith, freezes funds or refuses to provide financial services to designated individuals, entities or groups in compliance with Cabinet Decision No. 74 of 2020 is exempt from damages or claims, including criminal, civil and administrative liability. This protection applies even where the freezing measure later turns out to have involved a false positive. Where a similarly-named person is adversely affected, that person may apply to the Executive Office for de-freezing.

Yes, in limited circumstances. The EOCN confirms that frozen accounts may be credited with interest, profits or other earnings due on the account, and with payments due under contracts, agreements or obligations concluded or arising before the date on which the individual or legal entity was designated. Any such additions must themselves be immediately frozen, and the relevant Supervisory Authority and the Executive Office must be notified. This allows institutions to comply with the freezing regime without breaching pre-existing contractual obligations to third parties.

No. CBUAE guidance is clear that external screening tools are useful but should not be viewed as an absolute guarantee of compliance. Reporting Entities must undertake due diligence on vendors and ensure that vendor lists fully reflect the current UAE Local Terrorist List and UN Consolidated List as published by the EOCN and the UNSC. Registration on the EOCN Notification Alert System (NAS) is required to receive timely updates directly from the source, and the official EOCN and UNSC publications take precedence over any vendor list in the event of a discrepancy.

Strengthen Your UAE Local Terrorist List Compliance with AML UAE

Local Terrorist List compliance is not an occasional check. It requires continuous screening, disciplined match handling, timely reporting through goAML and clear governance from the board down. AML UAE partners with financial institutions, DNFBPs and VASPs to build sanctions programmes that are defensible before supervisors and resilient in daily operations.

To discuss your UAE Local Terrorist List screening and TFS arrangements, contact AML UAE at info@amluae.com.

Disclaimer : This article provides general information on the UAE Local Terrorist List and the related AML/CFT framework. It does not constitute legal advice. Regulated entities should consult their Supervisory Authority and qualified advisers in relation to their specific obligations under Cabinet Decision No. 74 of 2020, Federal Law No. 7 of 2014 (as amended), Federal Decree-Law No. 10 of 2025, Cabinet Resolution No. 134 of 2025, and the current EOCN Guidance on Targeted Financial Sanctions.

Build a Robust AML Compliance Program

We provide customised AML/CFT Policies and Procedures that are compliant with UAE Laws

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

UNSC Sanctions

Pathik Shah

Last Updated: 04/21/2026

Protect your business with reliable and effective AML strategies with AML UAE.

United Nations Security Council Overview

The United Nations Security Council (UNSC) adopts legally binding resolutions, including targeted financial sanctions, to maintain international peace and security.
In the UAE, UNSC sanctions are operationalised primarily through Cabinet Decision No. 74 of 2020, which remains the core TFS instrument.
The wider AML/CFT/CPF framework is set by Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025.
Financial institutions, DNFBPs and VASPs (Reporting Entities) must register with the Executive Office, screen continuously, freeze without delay, and report matches through goAML.
Non-compliance can lead to fines of up to AED 5 million under Cabinet Decision No. 74 of 2020, imprisonment, and heightened penalties under the 2025 AML/CFT Law.

What are UNSC Sanctions?

The United Nations Security Council is one of the six principal organs of the United Nations, established under the UN Charter of 1945. It holds primary responsibility for the maintenance of international peace and security, and is the only UN body with the authority to issue resolutions that are legally binding on all UN member states.

The UNSC is composed of fifteen members: five permanent members with veto power and ten non-permanent members elected by the General Assembly for staggered two-year terms. Under Chapter VII of the UN Charter, the Council may impose sanctions, including asset freezes, travel bans, arms embargoes and sectoral restrictions, to respond to threats to international peace.

The Five Permanent Members (P5)

Permanent Member	Note
China	The People’s Republic of China replaced the Republic of China (Taiwan) in the UNSC seat in 1971.
France	Founding permanent member since 1945.
Russian Federation	Succeeded the Soviet Union in the UNSC seat in 1991 following the dissolution of the USSR.
United Kingdom	Founding permanent member since 1945.
United States	Founding permanent member since 1945.

How UNSC Sanctions Apply in the UAE

UNSC sanctions regimes target specific individuals, entities and jurisdictions identified as threats to international peace. The principal measures include:

Asset freezes: Prevent access to, transfer or use of funds, economic resources or other assets owned or controlled by designated persons or entities.
Travel bans: Restrict the movement of designated individuals across the territory of member states.
Arms embargoes: Prohibit the sale, supply, transfer or provision of weapons, related goods and associated training or services.
Sectoral restrictions: Include bans on trade in specific commodities or sectors, used for example against the DPRK.

As a UN member state, the UAE implements UNSC sanctions in full. In practice, sanctions compliance is operationalised through daily screening, freezing and reporting duties imposed on regulated entities.

Major UNSC Sanctions Regimes Producing the UN Consolidated List

UNSCR	Regime	Focus
1267 / 1989 / 2253	ISIL (Da’esh) and Al-Qaida Sanctions Committee	Counter-terrorism: asset freezes, travel bans and arms embargoes against listed persons and entities.
1988 (2011)	Taliban Sanctions Committee	Asset freezes, travel bans and arms embargoes linked to the security and stability of Afghanistan.
1718 (2006)	DPRK Sanctions Committee	Targeted financial sanctions, arms embargo and sectoral restrictions on the Democratic People’s Republic of Korea.

Other active UNSC sanctions committees (for example, committees on Libya, Somalia and Al-Shabaab, Sudan, South Sudan, Yemen, Haiti, the Democratic Republic of the Congo, Guinea-Bissau, and Iraq) also contribute designations to the UN Consolidated List. The list of active committees evolves, so Reporting Entities should rely on the UNSC’s official Consolidated List as the authoritative source.

Related UNSC Measures (Not Designation Regimes)

UNSCR 1373 (2001) is not a UNSC designation regime. It requires each UN member state to criminalise terrorist financing and to develop procedures to identify and designate individuals and entities suspected of terrorist acts domestically. In the UAE, UNSCR 1373 underpins the UAE Local Terrorist List prepared by the Supreme Council for National Security and approved by the UAE Cabinet.

UNSCR 1540 (2004) is a non-proliferation resolution that obliges states to prevent non-state actors from acquiring weapons of mass destruction. The 1540 Committee is not a sanctions committee and does not designate individuals. 1540 compliance is relevant to the UAE’s broader counter-proliferation financing (CPF) framework.

UAE Legal Framework for Targeted Financial Sanctions

The UAE gives effect to UNSC sanctions obligations through a layered legal framework.

Federal Decree-Law No. 10 of 2025 on Combating Money Laundering, the Financing of Terrorism and the Financing of Proliferation, effective 14 October 2025, repealed and replaced Federal Decree-Law No. 20 of 2018 and introduced proliferation financing as a standalone offence.
Cabinet Resolution No. 134 of 2025 provides the Executive Regulations to Federal Decree-Law No. 10 of 2025, effective 14 December 2025. It replaced Cabinet Decision No. 10 of 2019.
Cabinet Decision No. 74 of 2020 on the Terrorism Lists Regulation and the Implementation of UN Security Council Resolutions remains the core UAE TFS implementation instrument, covering the UN Consolidated List and the UAE Local Terrorist List.
Guidance on Targeted Financial Sanctions, issued by the Executive Office for Control and Non-Proliferation (EOCN), was updated in July 2025. It sets out the operational expectations for screening, freezing and reporting by Reporting Entities.

The scope of Cabinet Decision No. 74 of 2020 covers the UN Consolidated List and the UAE Local Terrorist List. Other unilateral and multilateral sanctions lists (for example, OFAC, UKHMT or EU lists) fall outside the scope of this Decision but may still create risk requiring escalation through suspicious transaction or activity reporting.

UNSC Sanctions UAE Requirements at a Glance

In practical terms, UNSC sanctions UAE requirements translate into five operational duties for Reporting Entities:

Register with the EOCN Notification Alert System and on the goAML portal.
Screen customers, potential customers, beneficial owners and transactions against the UN Consolidated List and the UAE Local Terrorist List on an ongoing and risk-based basis.
Freeze funds and prohibit the provision of funds or services without delay (within 24 hours of designation) on any confirmed match.
Notify the relevant Supervisory Authority and the Executive Office within two business days of any freezing measure or attempted transaction.
File a CNMR or PNMR through goAML within five business days, and consider an STR or SAR where suspicion exists outside the scope of Cabinet Decision 74 of 2020.

UNSC Consolidated List vs UAE Local Terrorist List vs Other Sanctions Lists

UAE Reporting Entities must understand the three categories of sanctions exposure they may encounter.

Feature	UNSC Consolidated List	UAE Local Terrorist List	Other Sanctions Lists
Issuing Authority	UNSC and its Sanctions Committees	UAE Cabinet (on proposal of the Supreme Council for National Security)	Foreign or regional authorities (e.g. OFAC, UKHMT, EU)
Legal Basis	UNSCRs adopted under Chapter VII, UN Charter	UNSCR 1373 (2001) and UAE federal law	Domestic laws of the issuing jurisdiction
UAE TFS Obligation	Yes, under Cabinet Decision 74 of 2020	Yes, under Cabinet Decision 74 of 2020	Outside scope of Cabinet Decision 74 of 2020
Reporting Mechanism	CNMR or PNMR via goAML	CNMR or PNMR via goAML	Consult Supervisory Authority; consider STR/SAR if suspicion exists

Key TFS Obligations for FIs, DNFBPs and VASPs

Cabinet Decision No. 74 of 2020 imposes the underlying TFS obligation on all natural and legal persons in the UAE. Article 21 of the Decision sets out the operational obligations that apply specifically to Reporting Entities (FIs, DNFBPs and VASPs).

Obligation	Requirement
1. Register	Register on the Executive Office website (Notification Alert System) and on goAML to receive automated email notifications of listing, re-listing, updating and de-listing decisions by the UNSC, the relevant Sanctions Committee or the UAE Cabinet, and to enable submission of TFS reports.
2. Screen	Screen customers, potential customers, beneficial owners and transactions against the UN Consolidated List and the UAE Local Terrorist List on an ongoing and risk-based basis. This includes daily list checks, onboarding screening, transaction screening, periodic KYC review, and immediate re-screening upon any update to the lists. Screening procedures must remain active on weekends and public holidays where business activity or access to funds is possible.
3. Freeze without delay	On a confirmed match, freeze all funds and assets owned or controlled, directly or indirectly, by the designated person, and prohibit the provision of funds or services. ‘Without delay’ is defined in Article 1 of Cabinet Decision 74 of 2020 as immediately or in any case within 24 hours of the listing decision being issued.
4. Notify and Report	Reporting Entities must notify the relevant Supervisory Authority and the Executive Office within two business days of taking any freezing measure or identifying an attempted transaction. In addition, Reporting Entities must file a Confirmed Name Match Report (CNMR) or Partial Name Match Report (PNMR) through goAML within five business days, as applicable, and maintain supporting documentation. Reporting Entities should follow the latest EOCN guidance on CNMR, PNMR and STR/SAR workflows, together with any sector-specific directions issued by the Supervisory Authority.

Reporting Entities must also establish written policies, procedures and internal controls, deliver staff training to prevent tipping-off, and maintain records for inspection by the Supervisory Authority.

Confirmed Match vs Partial Match vs Suspicious Transaction

The July 2025 EOCN Guidance distinguishes three reporting workflows that Reporting Entities must operate in parallel.

Scenario	Required Action
Confirmed Name Match (CNMR)	Match with the UN Consolidated List or UAE Local Terrorist List is confirmed after reviewing identification documents. Freeze without delay, refrain from providing funds, other assets or services, and submit a CNMR through goAML within five business days from identifying the Confirmed Name Match.
Partial Name Match (PNMR)	If a Partial Name Match is identified for an existing customer, suspend without delay any transaction, refrain from offering funds, other assets or services, and submit a PNMR through goAML within five business days from the suspension measures. If it is a potential customer or counterparty, seek identification documents first. If they cannot be obtained within a reasonable time of 10 business days, reject the transaction or service and submit a PNMR through goAML within five business days from rejection.
STR / SAR	If the match is with a unilateral or multilateral sanctions list, or another suspicious sanctions-evasion related concern outside the UAE Local Terrorist List and UN Consolidated List, do not use CNMR or PNMR. Consult the relevant Supervisory Authority and consider submitting an STR/SAR to the FIU through goAML.

Ownership, Control and Acting on Behalf of a Designated Person

Freezing obligations extend beyond directly listed persons. The EOCN’s ‘UN page’ makes clear that freezing measures apply to any entity directly or indirectly owned or controlled, wholly or jointly, by a designated individual, entity or group, as well as to any individual or entity acting on behalf of or at the direction of a designated person.

To operationalise this principle, the EOCN TFS Guidance sets out three distinct tests. Reporting Entities should assess all three together rather than relying on a single ownership percentage.

1. Majority Ownership

An entity is treated as owned by a designated person where the designated person holds more than 50 per cent of the proprietary rights of the legal entity, directly or indirectly.

2. Control (including where ownership is below 50 per cent)

Freezing measures also apply where the designated person exercises control, even with a minority shareholding. Indicators of control include the right to appoint or remove a majority of the administrative or management body, controlling the majority of voting rights under a shareholder agreement, control through a power of attorney, or other arrangements giving effective direction over the entity.

3. Acting on Behalf of or at the Direction of a Designated Person

Reporting Entities must apply TFS measures to individuals or entities acting on behalf of, or at the direction of, a designated person. This includes authorised signatories, power-of-attorney holders and representatives acting for a designated person.

A simple percentage threshold is not sufficient on its own. Reporting Entities should assess ownership, control and acting-on-behalf-of indicators together in line with the latest EOCN guidance, and document their analysis to demonstrate a defensible position to supervisors.

Common Sanctions Screening Mistakes

Supervisory Authorities and EOCN outreach have highlighted recurring compliance failures, including:

Inadequate understanding of business-wide sanctions risk exposure.
Reliance on outdated or poorly configured screening software, including vendor lists that do not fully reflect the UN Consolidated List or the UAE Local Terrorist List.
Failure to re-screen existing customers and transactions when sanctions lists are updated.
Weak oversight of beneficial ownership and control indicators.
Lack of procedures to ensure screening and freezing continue on weekends and public holidays.
Confusion between CNMR, PNMR and STR/SAR workflows, leading to late or misdirected reporting.
Insufficient staff training on the ‘freeze without delay, do not tip off, then report’ protocol.

Penalties for Sanctions Breaches in the UAE

Non-compliance with UNSC sanctions obligations in the UAE can attract administrative, civil and criminal consequences.

Under Cabinet Decision No. 74 of 2020, non-compliance may result in imprisonment and fines ranging from AED 50,000 to AED 5 million for specified violations.
Supervisory Authorities may impose additional administrative sanctions, including warnings, restrictions on activities and cancellation of licences.
Under Federal Decree-Law No. 10 of 2025, legal persons face fines ranging from AED 5 million to AED 100 million for core offences, and regulators may suspend or remove board members and senior executives whose failures contributed to violations.
Loss of correspondent banking relationships can impede cross-border transactions, especially for financial institutions.
Reputational damage and reduced access to international markets can outlast any regulatory penalty.

How AML UAE Supports UNSC Sanctions Compliance

AML UAE helps financial institutions, DNFBPs and VASPs design, implement and refine a sanctions compliance programme that is proportionate to their risk profile and aligned with UAE regulatory expectations. Our support covers:

Sanctions screening framework: Designing name screening, transaction screening and re-screening processes covering the UN Consolidated List, the UAE Local Terrorist List and other applicable lists.
Customer due diligence integration: Embedding sanctions screening into onboarding, periodic review and event-driven review, including beneficial ownership and control assessment.
Policies, procedures and playbooks: Drafting TFS policies, internal controls, escalation protocols and CNMR or PNMR filing playbooks aligned with Cabinet Decision No. 74 of 2020 and the July 2025 EOCN Guidance.
Staff training: Delivering role-based training on sanctions screening, match handling, tipping-off avoidance and goAML reporting obligations.
AML software selection: Advising on the selection and configuration of real-time screening solutions, supporting documentation and audit readiness.

FAQs on UNSC Sanctions and UAE AML Compliance

The UNSC holds primary responsibility under the UN Charter for the maintenance of international peace and security. It adopts legally binding resolutions, including those that impose targeted financial sanctions used by regulated entities globally to detect and prevent financial crime.

The five permanent members (P5) of the UNSC are China, France, the Russian Federation, the United Kingdom and the United States. Each holds veto power over substantive Council resolutions.

The UNSC imposes sanctions through binding resolutions adopted under Chapter VII of the UN Charter. Measures typically include asset freezes, travel bans, arms embargoes and sectoral restrictions, administered by subsidiary Sanctions Committees.

The UN Consolidated List comprises all individuals and entities designated by the UNSC or its Sanctions Committees. The UAE Local Terrorist List is issued by the UAE Cabinet (on a proposal of the Supreme Council for National Security) under UNSCR 1373 (2001) and contains domestically designated terrorists, terrorist organisations and groups. UAE Reporting Entities must screen against both lists.

Under Article 1 of Cabinet Decision No. 74 of 2020, ‘without delay’ means applying freezing measures immediately, or in any case within 24 hours of the listing decision being issued by the UNSC, the relevant Sanctions Committee or the UAE Cabinet. Freezing must occur without prior notice to the designated person.

A Confirmed Name Match Report (CNMR) is the goAML report filed when a confirmed match with the UN Consolidated List or the UAE Local Terrorist List is identified. Reporting Entities must freeze without delay, reject or terminate the relationship, and submit the CNMR through goAML within five business days, enclosing the required supporting documents.

A PNMR applies where a potential match cannot be conclusively confirmed or dismissed. For an existing customer, the Reporting Entity should suspend the transaction and file the PNMR within the applicable timeline. For a potential customer or counterparty, identification documents should first be sought, and if they cannot be obtained within a reasonable time of 10 business days, the transaction or service should be rejected, and the PNMR filed accordingly.

Yes. Virtual Asset Service Providers (VASPs) are expressly covered by Cabinet Decision No. 74 of 2020 and by the expanded scope of Federal Decree-Law No. 10 of 2025. They must register with the Executive Office and on goAML, screen against applicable sanctions lists, freeze matches without delay and file CNMRs or PNMRs as applicable.

Screening must be conducted on an ongoing basis, including at onboarding, before processing relevant transactions, at periodic review and immediately upon notification of any listing, re-listing, update or de-listing. Reporting Entities must also maintain procedures to ensure compliance on weekends and public holidays where access to funds or business activity is possible.

Penalties under Cabinet Decision No. 74 of 2020 include imprisonment and fines ranging from AED 50,000 to AED 5 million. Federal Decree-Law No. 10 of 2025 also imposes substantial penalties on legal persons (up to AED 100 million for core offences), along with personal liability and potential removal of board members and senior executives.

Strengthen Your UNSC Sanctions Compliance with AML UAE

Effective sanctions compliance is not a one-off exercise. It requires ongoing screening, properly calibrated systems, well-trained staff and clear governance. AML UAE partners with financial institutions, DNFBPs and VASPs to build sanctions programmes that are defensible before supervisors and resilient in daily operations.

To discuss your UNSC sanctions compliance arrangements, contact AML UAE at info@amluae.com.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Risk-Based Customer Profiling and Segmentation

Pathik Shah

Last Updated: 04/21/2026

Protect your business with reliable and effective AML strategies with AML UAE.

Risk-Based Customer Profiling and Segmentation- Brief Overview

Risk-based customer profiling and segmentation is a process of assessing customer risk and grouping them into categories based on risk level.
Key risk factors used in customer profiling and segmentation include customer type, geographic risk, products, services, delivery channels and transaction behaviour.
AML UAE services support risk-based customer profiling and segmentation, design customer risk assessment frameworks, help review and validate risk models, draft policies, and provide staff training.

What Is Risk-Based Customer Profiling and Segmentation?

Risk-based customer profiling and segmentation is the process of collecting and analysing customer information to assess their risk level and segment them into categories based on similar risk levels, such as high, medium, and low.

Customer profiling helps assess each individual’s risk level, while segmentation groups customers with similar risk levels for more efficient monitoring and control.

The main difference between static profiling and dynamic risk assessment is that static profiling involves assigning a fixed risk at the time of onboarding, which remains unchanged unless updated. In contrast, dynamic risk assessment continuously updates risk scores as new information becomes available.

The customer risk rating plays a crucial role in supporting the AML framework as it enables institutions to prioritise high-risk areas, increase monitoring accordingly, and apply enhanced due diligence, ensuring resources are allocated more effectively, while improving the detection and prevention of suspicious activity.

The UAE has adopted the international AML standards and requires financial institutions to conduct CDD, ongoing monitoring, and report suspicious transactions to mitigate ML/TF risks.

Why Risk-Based Customer Profiling and Segmentation Matter in AML

Risk-based customer profiling and segmentation matter in AML because they allow financial institutions to apply controls based on risk level rather than treating all risks the same.

Implementing risk-based approaches in AML/CFT improves compliance efficiency by focusing resources on high-risk customers.

Understanding customer risk exposure helps institutions detect suspicious activity more efficiently and reduce ML/TF risk exposure.

UAE regulators expect institutions to apply AML controls in proportion to customers’ risk level, with stricter measures for high-risk customers.

Why Risk-Based Customer Profiling and Segmentation Are Regulatory Expectations in the UAE

UAE regulators require a risk-based AML approach and expect financial institutions to apply stricter controls to high-risk customers.

This is driven by the UAE’s National Risk Assessment (NRA), which highlights the key ML/TF risks and requires financial institutions and DNFBPs to apply proper risk-based mitigation measures through effective customer profiling and segmentation.

Regulators expect ongoing monitoring and the implementation of enhanced due diligence where required. Inadequacy in customer risk differentiation may lead to severe consequences, including fines, penalties, and reputational damage.

Key Risk Factors Used in Customer Profiling and Segmentation

The key risk factors used in customer profiling and segmentation are as follows:

Different customer types pose different risks, such as corporates, trusts, and legal arrangements, which are more complex and can be used to hide the ownership, making them higher risk than individual customers.
Customers linked to high-risk jurisdictions where laws are weaker, and transactions involving cross-border exposure are more exposed to ML/TF risks.
Risk also differs from products, services, and delivery channels; certain services, such as cash-intensive business and delivery channels, such as non-face-to-face onboarding, increase the ML/TF risks because of a lack of transparency.
Transactional behaviour includes unusual customer transactions inconsistent with known profiles or business income, which may indicate suspicion.
Complex or hidden ownership, such as concealing the real owner through shell companies or third parties, poses elevated money laundering risks, making it easier to conceal illegal activities.

Customer Risk Segmentation Models and Methodologies

Customers are classified into low, medium, and high-risk segmentation based on their profile and behaviour, allowing institutions to apply stricter controls to high-risk customers.
Customer risk segmentation can be based on quantitative vs qualitative risk scoring models, as quantitative models use numerical scores and are used to assess the likelihood and impact of risks associated with different customer segments, whereas qualitative models rely on expert judgments and descriptive assessments.
Use of automated tools and rule-based approaches that assign risk scores and monitor customers through predefined rules improves compliance efficiency and consistency.
The model governance and documentation are equally important as they ensure that models are accurate, updated, and compliant with regulations, and clear documentation enables transparency and supports regulatory review.

How AML UAE Services Support Risk-Based Customer Profiling and Segmentation

AML UAE Services support risk-based customer profiling and segmentation by designing customer risk assessment frameworks, ensuring accurate profiling and effective segmentation aligned with regulatory expectations.

AML UAE services help review and validate risk models to ensure they are well-documented and support regulatory compliance and audits.

AML UAE helps with drafting AML policies and provides staff training to ensure that they correctly apply risk-based profiling and segmentation in practice.

Additionally, AML UAE provides support during audits, inspections, and regulatory remediation, enabling institutions to identify the gaps effectively and ensure regulatory compliance.

FAQs- Risk-Based Customer Profiling and Segmentation

Risk-based customer profiling in AML assesses customer risks and classifies them into high, medium, and low for appropriate controls.

Customer segmentation is important for AML compliance as it enables prioritising high-risk customers and improving detection efficiency.

UAE regulators expect customer risk to be assessed using a risk-based approach, applying key risk indicators, and ongoing monitoring.

The factors used in AML customer risk scoring typically include customer type, geographic risk, transaction patterns, products and services, and delivery channels.

Some of the common mistakes in customer risk segmentation are static profiling, inadequate monitoring, and a lack of updates.

Unsure if your watchlist screening meets UAE AML requirements?

Partner with us to strengthen your sanctions and watchlist compliance framework.

Explore Our Services:

AML/CFT Policy Drafting

AML Training

AML Software Selection

Regulatory Reporting

Managed KYC and CDD

AML/CFT Health Check

Risk Assessment Report

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Bribery

Pathik Shah

Last Updated: 04/20/2026

Protect your business with reliable and effective AML strategies with AML UAE.

Bribery as a Predicate Offence: UAE AML Risks, Laws and DNFBP Obligations

Federal Decree-Law No. 10 of 2025 | Federal Decree-Law No. 31 of 2021 | Cabinet Resolution No. 134 of 2025 | FATF Recommendation 3 | UNCAC (Federal Decree No. 8 of 2006)

KEY TAKEAWAYS

Bribery is a FATF-designated predicate offence under the category of “corruption and bribery”, meaning proceeds derived from it fall within the scope of money laundering prosecution under UAE Federal Decree-Law No. 10 of 2025.
Under Federal Decree-Law No. 31 of 2021 (Articles 275 to 287), bribery is criminalised across the public sector, foreign officials, employees of international organisations, and the private sector. Private sector bribery under Articles 278 and 279 carries imprisonment for up to five years.
DNFBPs must file a Suspicious Transaction Report (STR) via the goAML portal whenever bribery-related activity is suspected, with no minimum transaction threshold, subject to the confidentiality and no-disclosure rules under Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025.
The Ministry of Economy and Tourism (MoET) is the principal AML/CFT supervisor for DNFBPs at state level and in commercial free zones, while the Ministry of Justice (MoJ) supervises lawyers and notaries. The Central Bank of the UAE (CBUAE) supervises licensed financial institutions.
Foreign PEPs must be subject to Enhanced Due Diligence (EDD), source of funds and wealth measures, senior management approval, and enhanced ongoing monitoring.
Domestic PEPs and persons entrusted with a prominent function in an international organisation require these enhanced measures where a high-risk business relationship exists.

Introduction to Bribery as a Financial Crime Risk

Bribery is the offering, giving, receiving, or soliciting of anything of value to influence the actions of an official or decision-maker, whether in the public or private sector. It is one of the oldest and most corrosive financial crimes. Within the AML/CFT framework, bribery is important not only as a crime in its own right but because it generates illicit proceeds that must be laundered before they can be used. That laundering process is exactly what UAE AML/CFT legislation is designed to detect and disrupt.

Bribery sits within the broader category of corruption. Not all corruption involves bribery, but all bribery is a form of corruption. Kickbacks are a specific subset: a bribe paid upfront secures a favour before a decision, while a kickback is a payment made after the transaction and is typically structured as a return of a portion of a contract value to the person who arranged or approved the deal. Both generate criminal proceeds that trigger money laundering liability under UAE law.

For UAE Regulated Entities, bribery risk is especially relevant because of three structural features of the UAE economy: a high concentration of cross-border transactions, a large foreign official and PEP population among residents and clients, and significant activity in sectors that are natural vehicles for integrating bribery proceeds, such as real estate, precious metals, and corporate structuring services.

How Bribery Proceeds Are Laundered

Proceeds generated from bribery are typically laundered through the three-stage process recognised by FATF and adopted in the UAE AML doctrine. Understanding how bribe proceeds move through each stage helps DNFBPs identify and disrupt the money laundering cycle at its most exposed points.

Stage 1 | Placement

Bribe proceeds enter the financial system through cash deposits, structuring (smurfing) across multiple accounts, or the purchase of high-value goods such as luxury vehicles, watches, gold, and jewellery. These are all sectors encountered by UAE DNFBPs, especially dealers in precious metals and stones (DPMS) and real estate agents and brokers.

Stage 2 | Layering

Funds are moved through shell companies, nominee directors, offshore trusts, and back-to-back corporate structures to obscure the audit trail. Free zone entities and trust-and-company-service-provider (TCSP) arrangements are historically exploited at this stage, which is why TCSPs and corporate service providers face heightened bribery-proceeds exposure.

Stage 3 | Integration

Clean-looking funds re-enter the economy via real estate acquisitions, equity investments, art and luxury purchases, or invoiced professional services. All of these sectors sit within the DNFBP perimeter under Cabinet Resolution No. 134 of 2025 and therefore carry mandatory AML/CFT obligations

Because DNFBPs are frequently exposed to high-value assets, complex ownership structures, and transactions that raise questions about the legitimacy of underlying funds, they occupy a particularly sensitive position in the laundering cycle. Federal Decree-Law No. 10 of 2025 (Article 16 and related provisions) requires Regulated Entities (REs), including DNFBPs, to report any transaction suspected to be associated with a predicate crime through a Suspicious Transaction Report (STR) filed on the goAML portal, operated by the UAE Financial Intelligence Unit (FIU).

UAE Legal and Regulatory Framework Addressing Bribery

The UAE maintains a comprehensive legal architecture addressing bribery, corruption, and their intersection with money laundering. Understanding how these instruments interact is essential for any DNFBP conducting a risk assessment or designing compliance controls.

Federal Decree-Law No. 31 of 2021 | Crimes and Penalties Law

Federal Decree-Law No. 31 of 2021 (the Crimes and Penalties Law, commonly called the UAE Penal Code) is the primary instrument criminalising bribery in the UAE. It covers public sector bribery, foreign public official bribery, bribery of employees of international organisations, private sector bribery, and intermediary liability across Articles 275 to 287.

Articles 275 and 276 | Bribery of foreign public officials and employees of international organisations, including cases where the foreign official mistakenly assumed the act fell within their duties.
Articles 278 and 279 | Private sector bribery. Article 278 criminalises the demand or acceptance of an undue gift, benefit, or grant by a manager of a private company in return for an act or omission connected to their duties. Article 279 criminalises the offering or granting of a bribe to such a private sector manager. The penalty for both offences is imprisonment for up to five years.
Articles 280 and 281 | Domestic public official bribery, including facilitation payments, which are not permitted under UAE law and are prosecuted as bribery.
Articles 282 and 283 | Intermediary liability, applying to any person acting as a go-between in demanding, offering, receiving, or promising a bribe.
Articles 284 to 287 | Ancillary provisions including aggravating circumstances, confiscation of the bribe amount, and related penalties.

A note on terminology: “temporary imprisonment” under the UAE Penal Code is a custodial sentence of between three and fifteen years, as distinguished from life imprisonment or short-term detention. Where Articles 278 and 279 cap private sector bribery at five years, this is a specific deviation from the general temporary imprisonment range for bribery offences.

Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025

Federal Decree-Law No. 10 of 2025 (the AML/CFT/CPF Law) and Cabinet Resolution No. 134 of 2025 (its Executive Regulations) work together as the core operational framework for combating money laundering in the UAE. The 2025 Law replaced Federal Decree-Law No. 20 of 2018 and came into force on 14 October 2025. Cabinet Resolution No. 134 of 2025 replaces Cabinet Decision No. 10 of 2019.

A predicate offence is defined under Article 1 of the 2025 Law as any crime whose proceeds may be subject to a money laundering offence, whether committed inside or outside the UAE, provided the conduct is punishable in both jurisdictions. Bribery falls squarely within this definition. Any profit derived from bribery that is subsequently concealed, converted, transferred, acquired, possessed, or used triggers a separate money laundering offence, in addition to the underlying bribery charge.

The 2025 Law introduces several important changes that are directly relevant to bribery-related compliance:

Lowered evidentiary threshold (Article 2). A person commits money laundering if they know, or have sufficient or circumstantial evidence supporting knowledge, that funds derive from a predicate crime. Actual knowledge is no longer required; inference from objective circumstances is enough. This is critical for bribery cases where direct evidence is rare.
Autonomy of the ML offence. A conviction for the underlying bribery is no longer required to prosecute money laundering of bribery proceeds. The two offences stand independently and may be prosecuted cumulatively.
Confidentiality and no-disclosure (Article 24 and Article 29). Article 24 of the 2025 Law and Article 19 of Cabinet Resolution No. 134 of 2025 prohibit DNFBPs, their directors, officers, and employees from disclosing to a customer or any third party that an STR has been filed, or that related information has been shared with the FIU, or that an investigation is underway. Article 29 sets out the criminal penalties for breach, which apply to both intentional and grossly negligent disclosures. This applies directly to bribery STRs involving PEPs or intermediaries.
Higher penalties. Corporate fines of up to AED 100 million and individual custodial sentences of up to 10 years for principal ML offences, with removal of limitation periods for ML, TF, and PF offences.

FATF Recommendation 3 and the Predicate Offence Framework

FATF Recommendation 3 requires countries to criminalise money laundering on the basis of all serious offences, with a view to including the widest possible range of predicate offences. The FATF Glossary sets out a list of “designated categories of offences” that must be captured, and “corruption and bribery” is one of those categories. The UAE has adopted this framework through Federal Decree-Law No. 10 of 2025 and the UAE National AML/CFT/CPF Strategy, and is aligned with the national risk assessment (NRA) and the sectoral risk assessments (SRAs) issued by competent authorities.

At the international level, the UAE is a signatory to the United Nations Convention Against Corruption (UNCAC), ratified domestically through Federal Decree No. 8 of 2006. UNCAC provides the legal foundation for cross-border anti-bribery cooperation, asset recovery, and mutual legal assistance. The UAE is also a signatory to the Arab Anti-Corruption Convention.

Supervisory Authority Framework for DNFBPs

Supervisory responsibility for DNFBPs in the UAE is divided across multiple authorities according to sector:

Ministry of Economy and Tourism (MoET). The primary AML/CFT supervisory authority for DNFBPs in the UAE mainland and commercial free zones. MoET supervises real estate agents and brokers, dealers in precious metals and stones (DPMS), independent accountants and auditors, and corporate service providers. MoET issues AML/CFT guidance, conducts onsite and offsite inspections, and imposes administrative penalties under Cabinet Resolution No. 16 of 2021, which sets out the unified list of violations and fines ranging from AED 50,000 to AED 1,000,000 per violation.
Ministry of Justice (MoJ). Supervises lawyers and notaries, who are DNFBP sub-categories carved out of MoET’s jurisdiction. Legal professionals carry heightened bribery exposure because of their involvement in corporate structuring, trust arrangements, and real estate conveyancing.
Central Bank of the UAE (CBUAE). Supervises licensed financial institutions, including banks, exchange houses, insurance intermediaries, and payment service providers. The CBUAE requires licensed FIs to embed anti-bribery considerations within their Enterprise-Wide Risk Assessment (EWRA) and to apply EDD to PEPs and high-risk relationships.
DFSA (DIFC) and FSRA (ADGM). Supervise entities operating in the financial free zones under their own AML rules, read alongside federal AML legislation.
UAE Financial Intelligence Unit (FIU). Operates the goAML portal and receives all STRs and SARs. Under the 2025 Law, the FIU has expanded powers to freeze suspected funds for up to 30 days (extendable by the Public Prosecutor) and enhanced coordination authority with domestic and foreign counterparts.

Common Bribery Typologies Relevant to UAE DNFBPs

Criminals exploit a range of methodologies when committing bribery and laundering the resulting proceeds. The following typologies are particularly relevant to UAE-based Regulated Entities and their client profiles, and should be explicitly addressed in the EWRA and transaction monitoring calibration.

Agent and Intermediary Abuse

Criminals frequently use intermediaries, consultants, agents, and sales representatives to conceal bribes and create plausible commercial cover for illicit payments. Payments routed through third parties without a clear commercial justification are the primary indicator of this typology. Common red flags include agents based in jurisdictions unrelated to the commercial activity, commission rates materially above market norms, and invoices for services that cannot be independently verified.

Procurement Fraud and Kickback Schemes

Kickback schemes enable suppliers, procurement staff, or intermediaries to secure tenders and contracts in exchange for a share of the contract value. Related conduct includes inflated invoicing, bid rigging, sham subcontracts, fake commissions, and the misclassification of bribe payments as legitimate marketing, consultancy, or entertainment expenses. DNFBPs operating in procurement-heavy sectors, or providing services to clients in such sectors, should monitor for these patterns.

Real Estate Sector Exposure

Transactions in the UAE real estate sector, including the sale and purchase of off-plan and completed properties, are particularly susceptible to misuse. The high value, relative opacity of beneficial ownership in layered structures, prevalence of cash components, and common use of intermediaries make real estate a preferred vehicle for integrating bribery proceeds. UAE-licensed real estate agents and brokers must remain alert to this exposure, and MoET has issued sector-specific red flag guidance for real estate professionals.

PEP Exploitation and Cross-Border Risks

Bribery disproportionately targets individuals in positions of authority, including foreign officials and those classified as Politically Exposed Persons (PEPs) under the FATF definition. PEPs may be foreign, domestic, or persons entrusted with a prominent function in an international organisation, and their family members and close associates are treated as PEPs for EDD purposes.

Under Cabinet Resolution No. 134 of 2025, foreign PEPs are subject to EDD, source of funds and wealth measures, senior management approval, and enhanced ongoing monitoring as standing requirements.

Domestic PEPs and persons entrusted with a prominent function in an international organisation require these enhanced measures where a high-risk business relationship exists.

Cross-border transactions heighten the risk of ML, illicit fund movement, tax evasion, and terrorism financing. PEP-related bribery risk also intersects with Targeted Financial Sanctions (TFS) obligations under Cabinet Decision No. 74 of 2020.

Red Flags for Identifying Bribery-Related Suspicious Activity

The following indicators require prompt escalation to the compliance function and, where the suspicion threshold is met, submission of an STR via goAML. Priority is indicated on a two-tier basis: High priority indicators typically warrant immediate MLRO escalation, while Medium priority indicators warrant enhanced monitoring and may rise to High when compounded by other factors.

Red Flag Indicator	Category	Priority
Payments to or from agents or consultants with no clear commercial rationale, or commission rates materially above market norms	Transaction / Relationship	High
Cash-intensive transactions without a verifiable source of funds, especially in real estate or DPMS contexts	Transaction	High
Inflated invoices, sham contracts, or unexplained commission payments structured as marketing or consultancy fees	Transaction	High
Use of complex corporate structures, nominee arrangements, or back-to-back entities obscuring the Ultimate Beneficial Owner (UBO)	Structural	High
Foreign PEP involvement in a business relationship without clear commercial justification	Customer / Relationship	High
Transactions routed through high-risk jurisdictions, FATF-listed jurisdictions, or offshore secrecy jurisdictions	Jurisdictional	High
Domestic PEP or PEP family member onboarding without jurisdictional or transactional risk compounding factors	Customer / Relationship	Medium
Frequent round-sum transactions or structured cash deposits below reporting thresholds	Transaction	Medium
Rapid movement of funds across multiple accounts or jurisdictions with no discernible business logic	Transaction	Medium
Customer reluctance to provide source of wealth or UBO information in line with MoET CDD expectations	Behavioural	Medium

DNFBPs should integrate name-screening, transaction-monitoring, and adverse-media-screening tooling into their compliance systems to detect these indicators at scale, rather than relying on manual detection alone.

Best Practices for Preventing and Detecting Bribery

Regulated Entities must adopt a proactive approach to both preventing and detecting bribery. The following practices represent the standard expected by MoET, CBUAE, and other supervisors, and align with Cabinet Resolution No. 134 of 2025 and the UAE National AML/CFT/CPF Strategy.

Incorporate bribery and corruption as standalone risk categories within the Enterprise-Wide Risk Assessment (EWRA), rather than treating them as generic predicate offences. The NRA and SRAs should be explicitly referenced.
Conduct comprehensive due diligence on all customers, including third parties, intermediaries, agents, and business partners. This includes Know Your Business (KYB) checks, UBO identification and verification, and source of wealth and source of funds verification for high-risk relationships.
Apply Enhanced Due Diligence (EDD) to foreign PEPs as a standing requirement, and to domestic PEPs and persons entrusted with a prominent function in an international organisation where a high-risk business relationship exists. EDD extends to their family members and close associates, and to customers with connections to high-risk or offshore jurisdictions.
Calibrate transaction monitoring systems to detect bribery-related patterns such as inflated invoices, unexplained agent commissions, structured cash transactions, and round-sum transfers to jurisdictions inconsistent with the customer profile.
Monitor procurement and contract management processes for both the entity itself and its clients, since these stages present the greatest kickback exposure.
Establish a whistle-blower policy and confidential internal reporting channels that protect staff who report suspected bribery, consistent with UAE regulatory expectations and the confidentiality and no-disclosure rules in Article 24 of Federal Decree-Law No. 10 of 2025 and Article 19 of Cabinet Resolution No. 134 of 2025.
Deliver comprehensive annual AML/CFT training for all staff, with bribery typologies, red flags, and STR reporting obligations explicitly covered. Senior management and board members should receive tailored briefings.
Conduct periodic reviews of correspondent and third-party relationships to identify the accumulation of bribery risk indicators over time, rather than evaluating each transaction in isolation.
Document MLRO deliberations and decisions, including cases where an STR was considered but not filed, so that supervisory reviews can trace the reasoning.

Anti-Bribery Compliance Checklist for UAE DNFBPs

EWRA includes bribery and corruption as standalone risk categories, anchored to the NRA and relevant SRAs
PEP screening applied at onboarding and continuously for all customers, UBOs, and related parties
EDD triggered for customers with PEP connections, high-risk sector activity, or high-risk jurisdictional exposure
Source of wealth and source of funds verified for all high-risk and PEP relationships
UBO identified and verified for all corporate and complex structure clients, with refresh at defined intervals
Procurement, contract management, and commission payment processes reviewed for kickback exposure
Transaction monitoring rules calibrated for inflated invoices, unexplained commissions, and structured cash
Whistle-blower policy in place with protected, confidential reporting channels aligned to Article 24 confidentiality rules
STR filed via goAML where bribery is suspected, regardless of transaction value or customer status
Annual staff training covers bribery typologies, red flags, STR filing, and confidentiality / no-disclosure obligations
MLRO decision log maintained, including no-file decisions with documented reasoning
Independent AML audit or health check conducted at least annually against Cabinet Resolution No. 134 of 2025

DNFBP Reporting Obligations: STRs and goAML

DNFBPs in the UAE are required to report bribery-related suspicious activity to the UAE Financial Intelligence Unit (FIU) through the goAML portal. This obligation applies immediately upon forming a suspicion. There is no minimum transaction threshold and no requirement that the suspicion be confirmed or the underlying bribery proven.

Failure to file an STR where bribery-related suspicious activity is identified is a breach of AML/CFT obligations under Federal Decree-Law No. 10 of 2025 and the Executive Regulations. Consequences may include administrative penalties under Cabinet Resolution No. 16 of 2021 (AED 50,000 to AED 1,000,000 per violation), supervisory action by MoET or the relevant authority, reputational damage, and potential criminal exposure for the MLRO and senior management.

The MLRO bears primary responsibility for STR decisions, including decisions not to file where the suspicion threshold is not met. Internal escalation protocols, documented consideration of available information, and a formal MLRO decision log are recommended practices, particularly for bribery-related matters involving PEPs or complex structures.

Once an STR has been filed, confidentiality and no-disclosure rules apply under Article 24 of Federal Decree-Law No. 10 of 2025 and Article 19 of Cabinet Resolution No. 134 of 2025. Disclosing to the customer or any third party that an STR has been filed, that related information has been shared with the FIU, or that an investigation is underway is prohibited, with penalties set out in Article 29 of the 2025 Law covering both intentional and grossly negligent disclosures. The MLRO and any other staff aware of the filing must handle subsequent customer interactions with particular care.

Strengthening AML Controls to Combat Bribery in the UAE

The UAE’s commitment to combating bribery and corruption is demonstrated through its comprehensive legislative framework, active FATF engagement, the supervisory mandate of MoET over DNFBPs, and the expanded enforcement powers of the FIU under the 2025 Law. There is an increasing regulatory expectation for Regulated Entities to integrate anti-bribery concepts explicitly within their AML/CFT frameworks, not as a generic predicate-offence footnote but as a core component of the EWRA, CDD, transaction monitoring, and training programme.

Entities that embed robust anti-bribery controls will not only fulfil their regulatory obligations but also build the institutional resilience needed to support sustainable growth in the UAE’s evolving compliance environment. The post-FATF grey list supervisory posture is materially more assertive than in earlier periods, and the margin for error under the 2025 Law is smaller.

Frequently Asked Questions

Bribery is the offering, giving, receiving, or soliciting of anything of value to influence the actions of an official or decision-maker, whether in the public or private sector. It is a FATF-designated predicate offence within the category of “corruption and bribery”. Any profit derived from bribery that is subsequently concealed, converted, transferred, acquired, possessed, or used triggers a separate money laundering offence under Federal Decree-Law No. 10 of 2025. Effective AML compliance requires incorporating anti-bribery controls across the EWRA, CDD, transaction monitoring, and training programme.

Corruption is the broader category encompassing abuse of entrusted power for private gain. Bribery is one specific form: the offering, giving, receiving, or soliciting of anything of value to influence a decision. A kickback is a further subset: a payment made after the transaction to the person who arranged or approved the deal, typically structured as a return of a portion of the contract value. All bribery constitutes corruption, but not all corruption involves bribery.

Bribery proceeds typically move through three stages. Placement involves introducing the funds into the financial system via cash deposits, structuring, or high-value asset purchases. Layering involves moving the funds through shell companies, offshore trusts, and complex ownership structures to obscure origin. Integration involves re-entering the legitimate economy through real estate acquisitions, corporate investments, or professional services. All three stages have significant DNFBP exposure in the UAE.

The primary instruments are Federal Decree-Law No. 31 of 2021 (the UAE Penal Code, Articles 275 to 287 covering public sector, foreign official, and private sector bribery); Federal Decree-Law No. 10 of 2025 (the AML/CFT/CPF Law); and Cabinet Resolution No. 134 of 2025 (the Executive Regulations). The UAE is also a signatory to UNCAC, ratified through Federal Decree No. 8 of 2006, and to the Arab Anti-Corruption Convention. Administrative AML penalties are governed by Cabinet Resolution No. 16 of 2021.

Private sector bribery under Articles 278 and 279 of the UAE Penal Code is punishable by imprisonment for up to five years, plus a fine equivalent to the value of the bribe and confiscation of the bribe itself. Public sector and foreign official bribery under Articles 275, 276, 280, and 281 carry temporary imprisonment, which under UAE penal law is a custodial sentence of between three and fifteen years. Intermediaries under Articles 282 and 283 face imprisonment for up to five years. Deportation may also be ordered.

Key red flags include: unexplained payments to agents and consultants; cash-intensive transactions without a verifiable source of funds; foreign PEP involvement without clear commercial justification; transactions routed through high-risk or offshore jurisdictions; inflated invoices, sham contracts, or unexplained commissions; complex structures obscuring the UBO; and customer reluctance to provide source of wealth or UBO information. These indicators should be calibrated in transaction monitoring and assessed cumulatively.

Yes, in substance. Under Cabinet Resolution No. 134 of 2025, DNFBPs must maintain AML/CFT/CPF policies and procedures addressing all relevant predicate offences, which include bribery. Supervisory expectation from MoET is increasingly that anti-bribery provisions are explicit rather than subsumed into a generic predicate-offence policy. A standalone anti-bribery and corruption (ABC) policy, or a clearly demarcated section within the AML/CFT policy, is considered best practice.

Yes. DNFBPs must report bribery-related suspicious activity immediately via the goAML portal, operated by the UAE FIU. There is no minimum transaction value. Failure to file constitutes a breach under Federal Decree-Law No. 10 of 2025, and may result in administrative penalties of AED 50,000 to AED 1,000,000 per violation under Cabinet Resolution No. 16 of 2021, plus potential criminal exposure for the MLRO and senior management. Once an STR is filed, the confidentiality and no-disclosure rules under Article 24 of the 2025 Law and Article 19 of Cabinet Resolution No. 134 of 2025 apply, with penalties set out in Article 29.

The Ministry of Economy and Tourism (MoET) supervises most DNFBP sub-sectors, including real estate agents and brokers, dealers in precious metals and stones, independent accountants and auditors, and corporate service providers. The Ministry of Justice (MoJ) supervises lawyers and notaries. Licensed financial institutions are supervised by the Central Bank of the UAE (CBUAE), and financial free zone entities are supervised by the DFSA (DIFC) or the FSRA (ADGM).

A predicate offence is the underlying crime whose proceeds may be laundered. Under Article 1 of Federal Decree-Law No. 10 of 2025, bribery is a predicate offence whether committed inside or outside the UAE, provided the conduct is punishable in both jurisdictions. This means that in addition to criminal liability for the bribery itself, any subsequent handling of bribery proceeds (concealment, conversion, transfer, acquisition, possession, or use) constitutes a separate money laundering offence. Under the 2025 Law, a conviction for the predicate offence is no longer required to prosecute the money laundering offence.

How AMLUAE Supports UAE DNFBPs with Bribery Risk Management

Many Regulated Entities fail to tailor their risk assessment and documentation to address bribery and corruption as standalone risk categories. Effective compliance depends on robust KYC and EDD processes that uncover true beneficial owners and intermediary risks, combined with transaction monitoring and training calibrated to UAE-specific bribery typologies.

AMLUAE provides end-to-end compliance support across the full AML/CFT/CPF lifecycle for UAE DNFBPs and financial institutions, including:

EWRA development and refresh, with bribery and corruption built in as standalone risk categories anchored to the NRA and SRAs
AML/CFT/CPF health checks and gap analysis against Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025
Policy, procedure, and work instruction drafting, including standalone anti-bribery and whistle-blower policies
Regulatory reporting support, including goAML STR preparation, filing, and supporting documentation
KYC, CDD, and EDD process review and enhancement for DNFBP and FI contexts
AML/CFT training programmes covering bribery typologies, red flags, STR filing, and the Article 24 confidentiality and no-disclosure obligations
MLRO advisory and outsourced MLRO support for regulated entities without an in-house function

Visit amluae.com or contact the AMLUAE team at amluae.com/contact-aml-uae/ to discuss your compliance support requirements. For training-specific enquiries, visit proamltraining.com.