Navigating the UAE’s AML Framework: Staying ahead of white-collar risks

Corruption remains one of the most pervasive global threats, undermining the foundations of societies and economies alike. It erodes public trust, distorts the rule of law, weakens human rights protections, and exacerbates inequality. Its effects are felt in every region of the world. No country is immune, and the cost of inaction is too great to ignore. Addressing this challenge requires collective responsibility and sustained commitment at both national and international levels. This article provides an up-to-date overview of the UAE’s evolving AML landscape, highlighting what the law requires, who enforces it, what businesses must do to comply, and the consequences of getting it wrong.

According to the 2024 Corruption Perceptions Index published by Transparency International, the UAE received a score of 68 out of 100, maintaining one of the highest rankings in the Middle East and North Africa region. This reflects the country’s continued efforts to combat corruption and promote good governance across both public and private sectors.

The UAE’s status as a global financial hub is built on trust and a firm stance against financial crime. Its Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) framework is not merely a regulatory requirement but a strategic necessity that protects businesses from financial crime while unlocking competitive advantages. Recent regulatory updates have further strengthened this framework, introducing stricter controls, heightened enforcement, and increased accountability. For financial institutions (Fis), designated non-financial businesses and professions (DNFBPs), and virtual asset service providers (VASPs), compliance is now an essential obligation. 

Strengthening the UAE’s AML regulatory landscape

The UAE’s AML framework is primarily governed by Federal Decree-Law No. 20 of 2018, which was significantly reinforced in August 2024 with the introduction of Federal Decree-Law No. 7 that established the Supreme Committee for AML/CFT, a high-level entity aimed at enhancing national coordination. This move underscores the UAE’s commitment to financial integrity, following its removal from the Financial Action Task Force Grey List in February 2024. In September 2024, the UAE approved the 2024-2027 National AML/CFT Strategy, prioritising cybercrime, digital payments, and trade-based money laundering (TBML). The launch of the National AML/CFT Committee General Secretariat in December 2024 further enhances AML policy implementation and global regulatory alignment, ensuring businesses operating in the UAE meet international compliance standards.

AML enforcement in the UAE operates through a coordinated federal and local framework. The CBUAE regulates FIs, the Ministry of Economy (MOE) oversees DNFBPs - such as real estate agents, precious metals dealers, and lawyers - and the Securities and Commodities Authority (SCA) monitors securities firms. The Financial Intelligence Unit (FIU) processes Suspicious Transaction Reports (STRs) via the goAML platform. At the emirate level, Dubai’s Department of Economy and Tourism and Dubai Police investigate AML breaches, while Abu Dhabi’s Department of Economic Development and Abu Dhabi Police oversee compliance in the capital. Similarly, Sharjah’s Economic Development Department and local law enforcement target TBML risks in trade-heavy industries.

The UAE’s rapidly expanding crypto and fintech sectors are facing increased regulatory oversight. The SCA and the Virtual Asset Regulatory Authority have formalised a cooperation agreement to standardise AML regulations for crypto exchanges across the UAE. VASPs are now required to implement stringent KYC measures, including wallet verification, blockchain forensics, and cross-border transaction monitoring. New regulations impose rigorous AML requirements on VASPs and non-profit organisations to mitigate emerging financial crime risks. Additionally, corporate transparency has been strengthened with stricter UBO disclosure requirements, designed to prevent the misuse of shell companies.

Regulatory enforcement and free zone compliance

The CBUAE has introduced enhanced AML controls for payment processors and digital banks. In January 2025, it updated guidelines encouraging - not mandating, AI-driven transaction monitoring and real-time fraud detection for high-risk fintech entities. The SCA monitors securities firms, while the FIU processes STRs via goAML to detect illicit activities across sectors.

In financial free zones, the DIFC and ADGM maintain independent AML frameworks while aligning with federal regulations. The Dubai Financial Services Authority (DFSA) enforces CDD measures without a transaction threshold, while the ADGM’s Financial Services Regulatory Authority (FSRA) applies a three-tier CDD system, imposing heightened scrutiny on crypto-related transactions.

The DFSA’s approach prioritises ongoing monitoring and enhanced due diligence (EDD) for politically exposed persons, allowing firms to adapt CDD to risk profiles but mandating immediate STR filing for suspicious activities. In 2025, the DFSA ramped up unannounced inspections in the DIFC, focusing on crypto firms and wealth managers to ensure compliance. The FSRA’s three-tier system - simplified, standard, and enhanced CDD - expects blockchain analysis as a practical measure for crypto transactions and mandates EDD for high-risk jurisdictions, reflecting ADGM’s tech-driven AML strategy.

These free zone regulators cater to international businesses, balancing global standards with UAE-specific obligations, making them pivotal in the national AML ecosystem.

Compliance obligations

Compliance with the UAE’s AML framework requires robust measures. Businesses must conduct a business risk assessment to pinpoint vulnerabilities, such as TBML in trade sectors or cash-heavy deals in real estate. This drives a risk-based due diligence approach, tailoring CDD and EDD to customer risk - low-risk clients need basic checks, while high-risk entities require deeper scrutiny. Firms must maintain accurate UBO records, file timely STRs via goAML, and appoint a Money Laundering Reporting Officer (MLRO) with direct Board access.

AML compliance is essential for businesses, particularly those operating in high-risk sectors such as real estate, crypto, gold trading, and trade finance. Dubai real estate firms must report cash transactions exceeding a monetary threshold (AED 55,000 for occasional transactions), assess ongoing business relationships based on risk, and screen high-risk buyers. Sharjah’s trade sector faces increased TBML monitoring, requiring robust trade document verification. Fintechs and VASPs must integrate AI-driven compliance solutions to mitigate risk. Corporate governance responsibilities have intensified, with Compliance Officers and MLROs mandated to report directly to Boards.  

Consequences of not complying

Failure to comply with AML regulations carries severe penalties, including licence revocations, asset freezes, and reputational damage. Money laundering offences can result in corporate fines of up to AED 50 million, while individuals may face imprisonment of 5 to 10 years and/or fines ranging from AED 5 million to AED 50 million. For general AML violations, such as failure to file STRs or conduct adequate CDD, penalties range from AED 10,000 to AED 1,000,000 and may include imprisonment of 1 to 6 months.

Recent enforcement actions highlight this tough stance: the CBUAE imposed a fine of approximately USD 1.6 million (AED 5.8 million) on a bank for AML failures, and the MOE revoked the licences of numerous precious metals dealers for persistent breaches. These measures reinforce the UAE’s zero-tolerance policy, urging businesses to prioritise compliance to protect operations and credibility.

Turning compliance into a competitive advantage

The UAE’s enhanced AML framework provides businesses with a robust foundation for financial security and regulatory trust. With the establishment of the Supreme Committee, the launch of the National Strategy, and intensified enforcement, businesses must align with evolving requirements. 

Effective AML compliance transforms regulatory obligations into business strengths - implementing rigorous KYC/CDD procedures, filing timely STRs, conducting independent audits, and maintaining Board accountability not only satisfy regulatory requirements but also establish businesses as trusted market participants. 

In a market that demands integrity, compliance is the pathway to long-term success. For expert guidance in strengthening your AML framework, aligning with the latest regulatory developments, and safeguarding your business from financial crime risks, reach out to Rebecca Kelly, Peter Hodgins or Damian Wright.