UAE Cabinet Resolution No. 134 of 2025 - A Practical Guide

Why Cabinet Resolution No. 134 of 2025 Is Important Now

If Federal Decree Law No. 10 of 2025 is the legal foundation of the UAE’s new AML regime, Cabinet Resolution No. 134 of 2025 functions as the operational rulebook.

In simple terms, the Decree Law defines “what” must be done, while the Cabinet Resolution defines “how” it must be implemented.

For compliance teams, the focus has shifted from merely having policies to demonstrating that controls are proportionate, effective, and evidence based.

Relationship Between Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025

The structure of UAE AML legislation can be understood as follows:

• Federal Decree Law No. 10 of 2025 establishes the primary AML/CFT/CPF legal obligations.
• Cabinet Resolution No. 134 of 2025 provides the executive regulations for practical implementation.
• The 2025 Resolution supersedes the 2019 executive framework.

For boards and senior management, this creates a direct obligation to ensure AML/CFT operating models are updated comprehensively, not just reworded legally.

Scope and Applicability Under Cabinet Resolution No. 134 of 2025

From a practical compliance perspective, the resolution has broad sector coverage, including:

• Financial Institutions
• Designated Non-Financial Businesses and Professions (DNFBPs)
• Virtual Asset Service Providers (VASPs)

Market-facing commentary also highlights scope expansion through explicit Proliferation Financing integration and DNFBP perimeter developments relevant to gaming-related activities, requiring careful licence and business-line applicability checks.

Core Compliance Themes Reinforced by Cabinet Resolution No. 134 of 2025

Risk-Based AML/CFT and PF Control Design

The resolution emphasizes a risk-based framework, not a checklist. Controls should be designed around:

• Customer risk
• Product and service risk
• Transaction behaviour
• Delivery channel exposure
• Geography and sanctions exposure
• Proliferation Financing vulnerabilities

A generic template is unlikely to meet supervisory expectations.

Governance, Accountability, and Senior Oversight

Accountability must be visible and documented. Senior management should evidence:

• Clear ownership of AML/CFT and PF controls
• Periodic effectiveness reviews
• Risk-prioritised remediation decisions
• Timely escalation of high-risk findings

Stronger CDD, EDD, and Beneficial Ownership Justification

Institutions must show why conclusions were reached, not just that checks occurred.
 UBO logic, risk scoring, and EDD triggers must be consistent, logical, and auditable.

Monitoring Quality Over Alert Quantity

The resolution encourages a shift from alert-heavy models to intelligence-driven monitoring, improving detection quality and reducing operational noise.

STR Decision Quality and Documentation Discipline

Suspicious Transaction Reporting remains a key outcome. Investigations should be:

• Chronology-based
• Fact-driven
• Clearly reasoned
• Supported by approval trails

Integration of PF and Sanctions into Daily Operations

PF and sanctions controls must be embedded across:

• Onboarding
• Screening
• Transaction reviews
• Escalation workflows
• Governance reporting

Regulatory Mapping Across UAE Jurisdictions

AML obligations are not jurisdiction neutral. Firms operating in multiple environments must align with:

• DIFC governance and regulatory requirements
• ADGM rulebook expectations
• VARA obligations for virtual assets
• CMA standards for capital markets
• MOET oversight for DNFBPs
• MOJ requirements for legal and professional services

Best practice involves a unified AML architecture with tailored procedures for each regulatory and legal entity.

Immediate Action Steps for Firms

Step 1: Legal-to-Control Mapping

Map each obligation to policies, procedures, systems, ownership, and evidence.

Step 2: AML/CFT/PF Gap Assessment

Evaluate effectiveness across EWRA, CDD/EDD, UBO, monitoring, sanctions, PF, and STR workflows.

Step 3: Monitoring and Screening Recalibration

Tune rules based on actual transaction behaviour and investigation results.

Step 4: Investigation and Reporting Upgrades

Standardise documentation, escalation logic, and approval frameworks.

Step 5: Board and Senior Management Strengthening

Provide dashboards highlighting risk concentration, control performance, and remediation status.

Step 6: Role-Based Training Delivery

Train frontline staff, operations, compliance teams, and leadership on decision quality and evidence standards.

Common Implementation Mistakes and Corrective Measures

1. Treating Implementation as Legal Drafting
   Fix: Approach it as a control transformation programme.
2. Using Generic Procedures Across Sectors
   Fix: Tailor controls to business model and risk profile.
3. High Alert Volume with Low Analytical Value
   Fix: Continuously measure and tune monitoring performance.
4. Weak Remediation Ownership
   Fix: Assign accountable owners with timelines and escalation triggers.
5. Limited Management Visibility
   Fix: Establish board-level reporting linked to risks and unresolved issues.