Everything You Need to Know About AML Laws for VASPs in UAE

Virtual Asset Services Covered Under AML Laws for VASPs in UAE

This guide is intended for UAE-based or UAE-facing virtual asset businesses that fall within the VASP regulatory perimeter. It is relevant to senior management, MLROs, compliance teams, operations departments, and product leaders.

The AML laws apply to VASPs conducting the following activities:

• Exchange between Virtual Assets and fiat currencies
• Exchange between one or more types of Virtual Assets
• Transfer of Virtual Assets
• Safekeeping or administration of Virtual Assets, or tools enabling control over Virtual Assets
• Financial services related to an issuer’s offer or sale of Virtual Assets, or participation in such offers
• Any additional activity determined by a resolution of the Supervisory Authority in coordination with the National Committee

AML Laws Applicable to VASPs in the UAE

Federal AML / CFT Legal Instruments:

The following federal laws and cabinet resolutions form the primary AML framework:

• Federal Decree-Law No. (10) of 2025 on Anti-Money Laundering, Combating the Financing of Terrorism and Proliferation Financing
• Cabinet Resolution No. (134) of 2025 – Executive Regulations of Federal Decree-Law No. (10) of 2025
• Federal Law No. (7) of 2014 on Combating Terrorism Offences
• Cabinet Resolution No. (74) of 2020 – Regulation of Terrorist Lists and UN Security Council Implementation
• Cabinet Resolution No. (71) of 2024 – Violations and Administrative Penalties (MoJ & MoE Supervised Entities)
• Cabinet Decision No. (109) of 2023 – Beneficial Owner Procedures
• Cabinet Resolution No. (132) of 2023 – Administrative Penalties for Beneficial Owner Violations

UAE National Risk Assessment:

• UAE ML/FT National Risk Assessment

FATF Guidance Relevant to VASPs:

• Targeted Update on Implementation of FATF Standards on Virtual Assets and VASPs – 9 July 2024
• Updated Risk-Based Approach Guidance for Virtual Assets and VASPs – October 2021
• Second 12-Month Review of Revised FATF Standards – July 2021
• NAMLCFTC Public-Private Partnership Report on Criminal Use of Virtual Currencies

Common Regulatory Guidance for All Reporting Entities Including VASPs:

• Guidance on Targeted Financial Sanctions (EOCN) – July 2025
• Proliferation Finance Institutional Risk Assessment Guidance – December 2023
• Terrorist and Proliferation Financing Red Flags – December 2023
• Counter Proliferation Financing Guidance – November 2022
• Joint Guidance on Combating Unlicensed VASPs – November 2023
• Joint Guidance on Satisfactory / Unsatisfactory Practices – June 2021
• FIU Strategic Analysis Report on Terrorist Financing – May 2025

AML/CFT/CPF Legal Framework for VASPs in Dubai:

VASPs operating in or from Dubai fall under the supervision of the Virtual Asset Regulatory Authority (VARA). These entities must comply with VARA’s Compliance and Risk Management Rulebook in addition to federal AML laws, cabinet resolutions, national risk assessments, and FATF standards.

AML/CFT/CPF Legal Framework for VASPs in the UAE (Except Dubai):

VASPs operating outside Dubai are supervised for AML purposes by the Capital Market Authority (CMA). In addition to federal requirements, they must adhere to CMA-issued guidelines and circulars, including:

• CMA AML/CFT Guidelines – Board Decision No. (13/Chairman) of 2021, Chapter 5
• AML/CFT and Illegal Organisations Guidelines for Financial Institutions – July 2023
• Regulations of Virtual Assets and VASPs – 2023
• CMA Examination Observation Circulars
• Semi-Annual AML/CFT Minimum Reporting Standards – 2023
• CMA Instructions for 2024 Annual AML/CFT & TFS Risk Assessment
• CMA Questions & Answers – NRA