AML/CFT Legal Framework in the UAE – Laws, Obligations & Enforcement (2026)

Table of Contents

Federal Decree-Law No. 10 of 2025 represents a comprehensive overhaul of the UAE’s approach to combating money laundering, terrorist financing, and the financing of proliferation. It replaces the earlier federal AML legislation and strengthens both preventive and enforcement mechanisms.

The law is designed to achieve three core objectives:

  • Strengthen the criminalisation and prosecution of financial crime

  • Enhance preventive obligations across regulated sectors

  • Align supervisory and enforcement powers with international standards

This law applies across all Emirates and forms the primary legal foundation for AML/CFT compliance in the UAE.

Put an AML Policy in Place That Meets UAE Standards

Custom AML policies and procedures aligned with UAE AML law and supervisory expectations for auditors and accountants.

Draft My AML Policy

Activities and Persons Covered by the Law

The law applies to any natural or legal person involved in activities that may expose the UAE financial system to money laundering or terrorist financing risk.

Covered persons include, but are not limited to:

  • Financial institutions

  • Designated non-financial businesses and professions

  • Virtual asset service providers

  • Any person involved in transactions or arrangements connected to proceeds of crime

The law applies irrespective of whether activities are conducted onshore, in free zones, or in financial free zones, subject to sector-specific supervisory arrangements.

Key point:
Coverage is activity-based, not merely licence-based.

Criminalisation of Money Laundering and Terrorist Financing

The law clearly defines money laundering as any act involving:

  • Concealment or disguise of the nature, source, location, movement, or ownership of proceeds of crime

  • Acquisition, possession, or use of illicit proceeds

  • Assisting another person to evade legal consequences relating to criminal proceeds

Terrorist financing and the financing of proliferation are criminalised as standalone offences, regardless of whether a terrorist act ultimately occurs.

This broad formulation ensures that intent, facilitation, and indirect involvement are all captured under the law.

Predicate Offences and Proceeds of Crime

Federal Decree-Law No. 10 of 2025 adopts an expansive approach to predicate offences. Any offence generating proceeds, whether committed inside or outside the UAE, may give rise to money laundering charges if there is a UAE nexus.

This includes:

  • Financial crimes

  • Tax-related offences

  • Corruption and fraud

  • Organised crime

  • Environmental and cyber-enabled offences

This approach removes technical loopholes and allows enforcement agencies to pursue laundering offences independently of conviction for the predicate crime.

Preventive Obligations Introduced by the Law

The law mandates regulated entities to implement preventive AML/CFT measures proportionate to their risk exposure. These obligations include, at a high level:

  • Risk-based customer due diligence

  • Ongoing monitoring of business relationships

  • Identification of beneficial ownership

  • Screening against relevant lists and sanctions

  • Reporting of suspicious transactions and activities

  • Maintenance of adequate records and documentation

The law establishes legal accountability for failures in implementation, not merely policy existence.

Governance, Accountability, and Senior Management Responsibility

A key feature of the 2025 law is the emphasis on governance and accountability.

Senior management and controlling persons are expected to:

  • Ensure AML/CFT systems are effectively implemented

  • Allocate sufficient resources to compliance functions

  • Oversee risk assessment and mitigation strategies

  • Support independent compliance and reporting lines

Failure to demonstrate oversight may attract personal liability, depending on the nature and severity of non-compliance.

Reporting Obligations and Cooperation Requirements

The law obligates reporting entities to:

  • Submit suspicious transaction and activity reports promptly

  • Cooperate fully with supervisory authorities and the Financial Intelligence Unit

  • Provide information, documents, and records upon request

Legal protections are provided for good-faith reporting, while strict confidentiality requirements apply to prevent tipping-off.

Train Your Team on UAE AML Obligations

Role-based AML training for partners, staff, and MLROs with practical, regulator-ready, and audit-proof.

Schedule AML Training

Enforcement Powers and Sanctions

Federal Decree-Law No. 10 of 2025 grants wide enforcement powers, including:

  • Administrative penalties for non-compliance

  • Criminal sanctions for serious breaches

  • Asset freezing, seizure, and confiscation

  • Enforcement of foreign judgments and cooperation requests

Sanctions may apply to both individuals and legal persons, depending on the facts of the case.

The law also allows regulators to escalate matters where systemic weaknesses or repeated failures are identified.

Relationship With Executive Regulations and Supervisory Rulebooks

While the law establishes core obligations, it is intentionally high-level. Practical implementation is shaped by:

  • Executive regulations issued by the Cabinet

  • Sector-specific supervisory rulebooks

  • Guidance and circulars issued by competent authorities

Understanding the law therefore requires reading it alongside these instruments.

Why This Law Matters in Practice

Federal Decree-Law No. 10 of 2025 shifts the compliance conversation from form to substance. Regulators now assess:

  • Whether controls operate effectively

  • Whether risks are genuinely understood

  • Whether reporting is timely and meaningful

Entities that treat compliance as a documentation exercise face increasing regulatory exposure.

FAQs on AML/CFT Legal Framework in the UAE

The AML/CFT legal framework in the UAE is the set of federal laws, executive regulations, Cabinet decisions, and supervisory rulebooks designed to prevent money laundering, terrorist financing, and the financing of proliferation. It applies across all Emirates and governs financial institutions, DNFBPs, and virtual asset service providers.

The foundation of AML/CFT compliance in the UAE is Federal Decree-Law No. 10 of 2025. This law criminalises money laundering and terrorist financing, establishes preventive obligations, and grants enforcement powers to regulators and authorities. It is supported by executive regulations and Cabinet decisions.

AML/CFT laws in the UAE apply to financial institutions, designated non-financial businesses and professions, and virtual asset service providers. This includes banks, real estate brokers, accountants, auditors, lawyers, dealers in precious metals and stones, trust and company service providers, and crypto-related businesses, among others.

Yes. UAE AML/CFT laws apply across mainland, free zones, and financial free zones. While entities in areas such as DIFC and ADGM may follow specific supervisory rulebooks, they remain subject to federal AML/CFT legislation.

A risk-based approach means that AML/CFT controls must be proportionate to the risks posed by a business’s customers, products, services, and geographies. Higher-risk activities require enhanced controls, while lower-risk activities may justify simplified measures, provided risks are properly assessed and documented.

No. UAE regulators assess AML/CFT compliance based on effectiveness, not just documentation. Having policies is not sufficient if controls do not operate properly in practice or are not aligned with the actual risks of the business.

At a high level, UAE AML/CFT obligations include customer due diligence, risk assessment, ongoing monitoring, sanctions and screening checks, suspicious transaction reporting, record keeping, internal controls, governance, and staff training.

Executive regulations and Cabinet decisions explain how the AML/CFT law must be implemented in practice. They define thresholds, timelines, reporting procedures, and specific requirements that regulated entities must follow. Non-compliance with these instruments can lead to penalties.

AML/CFT supervision in the UAE is carried out by multiple authorities depending on the sector. These include federal bodies, financial regulators, DNFBP supervisors, and free zone authorities. Each regulator supervises compliance within its remit under the same federal legal framework.

Failure to comply with UAE AML/CFT laws can result in administrative fines, criminal penalties, restrictions on business activities, asset freezing or confiscation, and reputational damage. Enforcement actions may target both entities and individuals.

No. AML/CFT obligations apply regardless of the size of the business. However, the level of controls required should be proportionate to the risk profile of the business, in line with the risk-based approach.

The UAE AML/CFT framework is aligned with international standards and reflects commitments to global cooperation and financial crime prevention. International alignment influences legislation, supervision, and enforcement practices in the UAE.

Yes. Regulated entities are legally required to report suspicious transactions or activities to the UAE Financial Intelligence Unit through prescribed reporting mechanisms. Legal protections apply to good-faith reporting, while tipping-off is strictly prohibited.

UAE AML/CFT law places strong emphasis on governance and accountability. Senior management and controlling persons may be held accountable where failures arise from lack of oversight, inadequate controls, or deliberate non-compliance.

A business should start by understanding the legal framework, identifying its applicable regulator, conducting a proper risk assessment, and then translating legal obligations into practical policies, procedures, systems, and governance arrangements.

Strengthen AML Compliance Beyond goAML Registration

Implement AML software, managed KYC services, and ongoing compliance support tailored for accounting and audit firms in the UAE.

Get Compliance Ready Now!