Differences in AML requirements under UAE Federal Law, DIFC and ADGM Rulebooks

Differences in AML requirements under UAE Federal Law, DIFC and ADGM Rulebooks

UAE’s battle against money laundering and other financial crimes is becoming stronger daily.  

Several robust federal and free zone regulations. Effective reporting of suspicious activities. Investigations. Prosecutions. Fines and penalties.  

The country has committed to implementing strategies and policies to reduce financial crimes. It also supports global efforts of FATF and other bodies for combatting money laundering and terrorism financing.  

Regarding this, the UAE has introduced regulations at a Federal AML regulation, and it’s implementing guidelines, laying down the measures regulated entities must take to combat money laundering and terrorism financing. Since Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) are financial-free zones, they have different regulations for entities operating in these areas. But still, the basis of these regulations remains the two principal Federal AML regulations of the UAE: 

DIFC and ADGM apply the federal law as it is. Additionally, they have implemented AML-specific rules and guidance for the entities established in their respective free zones. A few differences exist between the AML compliance requirements as applicable to units in DIFC and ADGM vis-à-vis units operating in mainland UAE.  

Let’s have a look at each of the AML provisions and highlight the differences: 

Regulatory authority

Federal AML Regulations

Various Supervisory Authorities have been identified to regulate mainland UAE entities’ AML/CFT compliance.  


Units operating in Mainland UAE 


Supervisory Authority 


Financial Institutions (including insurance companies)  


Central Bank of UAE 


Lawyers & Legal Consultants 


Ministry of Justice 


Virtual Asset Service Providers (VASPs) in Dubai 


Virtual Assets Regulatory Authority of Dubai 


Capital Market & VASP (other than Dubai) 


Securities & Commodities Authority 


Other Designated Non-Financial Businesses and Professions (DNFBPs) 


Ministry of Economy 


The Dubai Financial Services Authority (DFSA) regulates, controls, and administers AML requirements in DIFC. 


The Financial Services Regulatory Authority (FSRA) enforces the rules and requirements of AML and CFT in ADGM.  

Definition of DNFBP

Federal UAE

The definition of DNFBP in UAE includes the following: 


In the case of DIFC, the definition changes a bit. Besides the above, it includes:  

  • A real estate developer 
  • Insolvency firm 
  • A person who issues or provides services related to Non-Fungible Tokens (NFTs) or Utility Tokens.

A Registered Auditor is not a DNFBP but is subject to AML Regulations in DIFC. 


In the case of ADGM, the definition of DNFBP includes a dealer trading any saleable item where the transaction amount equals or exceeds US$ 15,000 in cash through a single transaction or series of connected transactions. Further, it also includes taxation consulting firms explicitly.  

Risk-based approach & AML Enterprise-Wide Risk Assessment

Entities must assess the several risks their business is exposed to. These risks may relate to the following: 

  • Nature of the business 
  • Products and services 
  • Customers the entities deal with 
  • Delivery-channels 
  • Transactions 

Based on the risk levels, entities must implement measures to tackle those risks. Also, you must keep reviewing the risk assessment to update it with changes at regular intervals. You must also document the findings and results for future reference.  

The provisions for a risk-based approach are standard in all three – Federal AML regulations, DIFC, and ADGM, except that the DIFC units are also required to consider the tax-crime risks.  

Basis the overall AML risk assessment of its business, regulated entities must develop their AML controls, procedures, policies, and systems to mitigate or manage the AML risks.

How to conduct AML Business Risk Assessment Priv

Circumstances warranting performance of Customer Due Diligence

Entities must undertake customer due diligence: 

  • When it enters into a business relationship with the customer 
  • When it carries out an occasional transaction valuing more than a defined number with a customer 
  • When it suspects a customer or transaction of money laundering 
  • When it has doubts about the validity or adequacy of information or documents provided by the customer  

There are minor differences in the circumstances when CDD is to be performed under three regulations. 

Federal AML regulations

As per the UAE Federal AML Law, the threshold prescribed for conducting CDD in case of the occasional transaction is equal to or exceeding AED 55,000. This transaction can be a single transaction or several interlinked transactions.  

Understand the types of CDD measures to effectively mitigate the ML-FT risks 


In the case of DIFC, there is no limit on the transaction amount with the customer to carry out CDD.  

Further, the entities in DIFC can delay the identity verification of customers and their beneficial owners if: 

  • The AML risk is low 
  • Carrying out verification interrupts or delays the normal course of business 

But verification must be completed within 30 business days of effecting the transaction.  


In the case of ADGM, the defined number is USD 15,000.  

Also, entities can delay the identity verification of customers and their beneficial owners if: 

  • The AML risk is low 
  • Carrying out verification interrupts or delays the ordinary course of business 

But the entities must complete this verification within 20 business days of effecting the transaction.

Money laundering reporting officer

DIFC and ADGM entities must appoint a Compliance Officer or Money Laundering Reporting Officer who is a resident of the UAE. No such residency-related specific condition is mentioned under the UAE Federal AML Law.

Role of AML Compliance Officer in UAE Preview

Record keeping 

DIFC and ADGM entities must maintain the AML/CFT-related records for a minimum of six (6) years. At the same time, the minimum data retention period prescribed under the UAE Federal AML Law is five (5) years. 

Record Keeping Requirement in UAE

AML Annual Return

Units in DIFC and ADGM are required to furnish an AML Annual Return to the respective supervisory authorities.  

The entities in DIFC must submit the AML Annual Return to the DFSA by the end of September every year. It covers the reporting year from August 1 of the previous year to July 31 of the reporting year.  

While the ADGM units are required to furnish an AML Annual Return to FSRA by the end of April every year, covering the AML/CFT records and data about the previous year from January 1 to December 31.  


This blog clarifies the differences between AML requirements under the Federal AML regulations, DFSA Rulebook and the ADGM AML Rulebook. Generally, the provisions of the Federal AML regulations apply, with specific clauses of the AML and Sanctions Rulebooks issued by the regulatory authorities of the financial free zones – DIFC and ADGM. If you still have doubts, AML UAE will always help you. 

AML UAE is one of the leading AML consultancy service providers in the UAE. We ensure 100% AML compliance by our clients in the UAE by offering AML support related to the following: 

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Our recent blogs

Contact Form

side bar form

This field is for validation purposes and should be left unchanged.

Share via :

Share on facebook
Share on twitter
Share on linkedin

About the Author

Pathik Shah


Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.

He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.