AML Compliance Guidelines: United Arab Emirates

Strategically positioned in the Middle East, the United Arab Emirates is one of the most developed and stable economies in the world. Multi-speciality free zones, tax exemptions, consistent and friendly business policies have played a crucial role in decreasing the country’s reliance on oil exports and becoming a financial and trade hub of the region. Regarded as one of the safest countries and prominent luxurious destinations, the country is not only attractive to foreign investments and human capital but it may also appeal to financial criminals and illicit funds.

To curb the risks of financial crimes and protect the financial system, UAE has implemented a robust AML/CTF framework on par with global standards and Financial Action Task Force’s recommendations through various regulatory and supervisory bodies.

Who must comply with AML/CTF regulations in the UAE?

Financial Institutions (FIs)

• Banks
• Fintech
• Money Services Businesses
• Remittance Service Providers
• Finance and Insurance Companies
• Security and Commodity Traders & Brokers
• Exchanges
• Fund Management Companies
• Financial Service Firms
• Capital Market Intermediary Firms
• Virtual Asset Service Providers (VASPs)

Designated Non-Financial Businesses and Professions (DNFBPs)

• Real Estate Professionals
• Dealers in Precious Metals & Stones
• Lawyers, Notaries and Other Legal Professionals
• Accounting, Auditing or Insolvency Firms
• Trust and Company Service Providers

Who regulates the AML/CTF obliged entities in UAE?

Central Bank of UAE (CBUAE)

The Central Bank of the United Arab Emirates is the primary regulator for the financial institutions including banks, fintech, finance and insurance companies, money changers and remittance service providers within the UAE mainland and commercial free zones.

The Central Bank is responsible to ensure adherence and development of the UAE’s AML CFT legal and regulatory framework for the financial institutions and to detect any threats, vulnerabilities, and emerging terrorism financing and money laundering risks to the UAE’s financial sector.

What are Sanctions Screening requirements for Financial Institutions in UAE?

Central Bank’s guidance for licensed financial institutions (LFI) on transaction monitoring and sanctions screening provides for comprehensive procedures and systems to design and implement sanctions screening and transaction monitoring programs. This guidance provides that the sanctions screening program should be designed to include both name screening and transaction screening. Name screening includes all the data sets related to a client other than transactions.

Guidance also recommends that LFI can use manual or automated screening programs based on the nature, size and complexity of the institution. LFI with a large customer base or larger scale of operations should deploy an automated screening system capable of handling increased volume and frequency of transactions and clients. As per the Cabinet Resolution No. 74 of 2020 and Executive Office’s guidance, sanctions screening is a continuous process (at least daily) as sanctions (asset freezing measures) should be immediately implemented upon any change or update to sanctions lists.

What are PEP Screening Requirements for Financial Institutions?

AML CTF guidelines for financial institutions jointly prepared by the supervisory authorities state that financial institutions in accordance with AML/CTF Decision Article 15 are obliged to implement management systems to determine whether a customer, beneficial owner, beneficiary or controlling person is a politically exposed person (PEP). In this regard, financial institutions, based on their size and complexity should implement automated screening systems to screen customer and transaction data to identify any matches to known PEP data.

Screening your entire customer base manually, on a regular basis, can be expensive and a challenging task. It will require a large number of human and financial resources and still with fears of missing deadlines. AML Watcher, built on cutting edge AI technology with a database consisting of all updated Local and International Lists, provides automated, efficient and customised screening solutions based on the scale and nature of the business.

Ministry of Economy (MoE)

UAE’s Ministry of Economy is the main supervisory authority for the designated non-financial businesses and professions (DNFBPs) in the UAE mainland and the commercial free zones to counter money laundering and combating terrorist financing.  The Ministry of Economy provides guidance, training and required knowledge to DNFBPs to enable them to meet their compliance obligations and to enhance the country’s overall compliance framework according to FATF standards and international best practices. Ministry also issues different circulars on updates or any changes required to be implemented by the designated non-financial businesses and professions.

What are sanctions screening requirements for DNFBPs sector in UAE?

As per the guidelines jointly prepared by the supervisory authorities in the UAE for the designated non-financial businesses and professions, the customer due diligence measures should include screening the customer, beneficiaries, or any beneficial owner against the targeted or any other international financial sanctions and screening against any potential adverse information such as criminal history.

What are the PEP screening requirements for the DNFBP sector of the United Arab Emirates?

As per these guidelines the DNFBPs are obliged to have effective risk management systems in place to determine whether a customer, beneficiary, controlling person or beneficial owner is a PEP. To implement these measures DNFBPs should have automated screening systems in place which can screen the clients and transaction data for matches with the known PEPs. For the purpose of reviewing or updating the CDD information, real-time screening of clients can provide valuable information about any materially adverse information found through media reports about allegations or investigations of fraud, corruption or other predicate offences or crimes.

What are AML Screening obligations for Auditors, Real Estate Agents, Dealers in Precious Metals and Stones in UAE?

Ministry of Economy’s guidance for Auditors, in order to comply with their AML/CTF obligations, under the Decree-Law 20 of 2018 and its implementing regulations, provides that Auditors should have systems in place to screen their clients (including beneficial owners and controlling persons) and prospective clients against the local and international financial sanctions, and perform background checks to identify potentially adverse information (inclduding association with a financial crime or any other information which can pose them as high-risk client like  association with a PEP) available related to their client, prospective client or third party intermediaries. The Ministry has also issued similar guidelines for screening requirements for the real estate brokers, dealers in precious metals and stones, and Trust and company service providers as well.

Securities and Commodities Authority (SCA) of UAE

SCA is the federal authority within UAE that is responsible for licensing capital market intermediaries’ firms, financial service firms, security and commodity brokers and traders, Fund management and exchanges. SCA is also responsible to supervise and regulate these firms to implement and enforce measures for regulatory compliance under AML regulations in UAE.

Ministry of Justice

Lawyers, notaries and other legal consultants in the UAE are regulated by the Ministry of Justice. The Ministry of Justice supervises and provides guidelines to the lawyers and legal consultants on how to comply with  anti-money laundering and combating terrorist financing when carrying out financial transactions in the course of performing certain activities on behalf of their client.

Dubai Financial Services Authority (DFSA)

DFSA is a regulatory and supervisory authority for the Dubai International Financial Center, a financial free zone within Dubai. DFSA provides AML and CFT framework for Financial Institutions, Virtual Asset Service Providers (VASPs) and designated non-financial businesses and professions (DNFBPs) registered within the DIFC(Dubai International Financial Centre).

Financial Services Regulatory Authority (FSRA)

FSRA regulates and supervises entities registered within the Abu Dhabi Global Markets, a financial free zone in Abu Dhabi. FSRA provides AML CFT regulatory framework for Financial Institutions, designated non-financial businesses and professions, and virtual assets service providers within the ADGM.

What are the obligations of the Law Firms, Real Estate, Dealers in Precious Metals and Stones regarding PEP, Adverse Media and Sanctions Screening?

ADGM provides clear guidelines regarding DNFBPs for screening customers against sanctions, adverse media and political exposure particularly for gatekeeper professions like real estate firms, law, notary or independent legal firms, company service providers, audit, accounting, tax and insolvency firms, dealers in precious metals and stones etc.

ADGM guidelines state that regulated entities are expected to conduct screening at the time of client onboarding and also on an ongoing basis as part of their KYC processes. This screening process can be conducted through multiple tools like manual online searches, publicly accessible information or subscription based commercial databases and background investigation services. The screening process of a customer shall include screening against both the United Nations and UAE sanctions lists including any other sanctions applicable based on the other jurisdictions you operate in, currencies you transact in and counterparties you do business with.

AML CFT Regulations by Dubai’s Virtual Assets Regulatory Authority (VARA)

The Virtual Assets Regulatory Authority (VARA) is a regulatory and supervisory authority which oversees provision, exchange and use of virtual assets within and from the emirate of Dubai except the jurisdiction of Dubai International Financial Center (DIFC). VARA is responsible for regulation and compliance in relation to money laundering, terrorist financing, the financing of unlawful organisations or sanctions non-compliance in the Emirate in respect of all Virtual Asset Service Providers and Virtual Asset Activity.

What are sanctions and watchlists screening requirements for VASPs in Dubai?

VARA’s compliance and risk management rulebook states client onboarding risk is one of the key risks associated with VASPs and their operations;  this alludes to the risks arising from onboarding of a client whether individual or a corporate. This risk can be mitigated by applying a certain level of client due diligence, such as sanction screening, watchlist screening and risk rating.

What are PEP screening requirements for VASPs in UAE?

Compliance and Risk Management Rulebook (Part III, Rule B.3 – Policies and Procedures) requires that VASPs shall develop adequate policies and procedures to screen clients, Ultimate Beneficial Owners (UBOs), Virtual Asset transactions and VA Wallet addresses to identify potential illicit activities, potentially adverse media like criminal background and applicability of Targeted Financial Sanctions or other International Financial Sanctions.

What is FATF crypto “Travel Rule” compliance in UAE?

As part of compliance with FATF’s Crypto Travel Rule, VASPs in UAE should require and hold accurate beneficiary and originator information for transactions exceeding AED 3500, the information should be then available to authorities upon request.  Required originator information includes name, account number, VA wallet address and residential address while required beneficiary information includes name and account number. To mitigate money laundering and terrorism financing risks VASPs should do the risk-based assessment of the counterparty VASP.

What are the key legislations governing Anti Money Laundering Laws in UAE?

Decree Federal law No. (20) of 2018 on AML-CTF.

Federal Decree No. (20) of 2018 is a fundamental pillar of the UAE’s AML/CFT compliance efforts. This decree mandates the establishment of a dedicated committee under AML/CFT objectives and establishment of a Financial Intelligence Unit to receive and investigate reports about suspected illicit financial activities.

Article   2 – What is Money Laundering?

As per this article any person who has knowledge that the funds are the proceeds of a felony and willfully transfers and moves the proceeds with aim to conceal their illegal source, or acquires, processes or uses the proceeds upon receipt, or assists the perpetrator of the predicate offence to escape the punishment commits the crime of money laundering.

Article 3 – What is Terrorist Financing & Financing of Illegal Organisations?

• Any person commits terrorism financing who is aware that the proceeds are owned by a terrorist person or organisation or intended to finance a terrorist person or organisation, or a terrorism crime and willfully transfers, moves, provides or facilitates their obtainment knowing that such proceeds will be used for a terrorism offence.
• Any person commits financing of illegal organisation who is aware that the proceeds are owned by an illegal organisation or intended to finance an illegal organisation or a person belonging to illegal organisation and willfully transfers, moves, provides or facilitates their obtainment knowing that such proceeds will be used for the benefit of an Illegal organisation or of any of its members.

Article 14 – What is the Penalty or Fine for Violating AML CTF Regulations?

The Regulatory Authority can impose fines from AED 50,000 to AED 5,000,000 for each violation of this Decree Law and its implementing Regulations on FIs, DNFBPs and Non-Profit Organisations.

Article 16 – What are the Core Elements of AML/CFT Program?

• Risk Assessment: Financial institutions and designated Non-financial businesses and professions shall identify crime risks in scope of their work and continuously assess, document and update such assessment.
• Customer Due Diligence: FIs and DNFBPs shall take necessary due diligence measures and define their scope for customer and real beneficiary identification taking in account the risk factors established in national risk assessment. Implementing regulations will define where these measures will be applied or deferred.
• Internal Policies and Procedures: FIs and DNFBPs shall develop internal policies, controls and procedures and continuously review and update them to manage and mitigate the risks identified.
• Compliance with UNSC Resolution: FIs and DNFBPs shall comply with the directives issued related to the measures required by UNSC resolution for Prohibition and Suppression of the Financing of Terrorism and Proliferation of weapons of mass destruction.
• Records: FIs and DNFBPs shall maintain all the relevant records and documents about customers and transactions and make it available to competent authorities upon request.
• Compliance with Implementing Regulation: FIs and DNFPs shall comply with any obligations stipulated by Implementing Regulations of this Decree Law.

Article  22 – What Penalty or fine can be Imposed on Individuals committing Money Laundering, Terrorism Financing or Financing of Illegal Organisations?

A person can be jailed for 10 years up to life imprisonment and a fine ranging from AED 100,000 to AED 10,000,000 dirhams can be imposed for offences in relation to money laundering, terrorist financing or financing of illegal organisation.

Article  23 – What is Penalty or Fine for a Company committing Money Laundering, Terrorism Financing or Financing of Illegal Organisations?

A penalty ranging from AED 500,000 to AED 50,000,000 can be imposed on any legal person whose representatives or managers or agents commit for its account or its name any of the crimes mentioned in this Decree Law. If crime is related to terrorism financing court will order its dissolution and closure of its offices.

Federal Decree No. 26 of 2021 amending certain provisions of Law No. 20 for 2018 on AML-CFT.

Federal Decree-Law No. 20/2018 was a significant step towards the country’s efforts to implement the AML/CFT regime in accordance with FATF standards. However, complexities brought by the recent technological developments and evolving nature of money laundering financial crimes demanded further improvements and clarification, leading to the introduction of Federal Decree-Law No. 26/2021.

Cabinet Decision No. (10) of 2019 Concerning The Implementing Regulation Of Decree Law No. (20) OF 2018 On AML-CTF.​

This secondary legislative instrument, Cabinet Decision No. (10) of 2019, formulates regulations for the implementation of the primary legislation Decree Law No. (20) on prevention of money laundering and countering terrorism financing.

Who is a Politically Exposed Person As per UAE’s AML/CFT Laws?

Natural persons who are or have been entrusted with prominent public functions in the State or any other foreign country such as Heads of States or Governments, senior politicians, senior government officials, judicial or military officials, senior executives managers of state-owned corporations, and senior officials of political parties and persons who are, or have previously been, entrusted with the management of an international organisation or any prominent function within such an organisation; and the definition also includes the following:

• Direct family members (Of the PEP, who are spouses, children, spouses of children, parents).
• Associates known to be close to the PEP, which include:
  • Individuals having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP.
  • Individuals having individual ownership rights in a legal person or arrangement established in favour of the PEP.

Risk assessment of PEPs under a regulatory regime which has a broader definition of politically exposed persons can be challenging. AML Watcher through its comprehensive coverage of PEP databases which include Domestic PEPs, Foreign PEPs, Heads of SOEs and International PEPs provides an accurate PEP risks assessment empowering AML obliged sectors to navigate through challenges efficiently.

Article 15 – Why should FIs and DNFBPs identify and classify Politically Exposed Persons?

This article requires Financial Institutions and designated non-financial businesses and professions to put in place management systems to identify if the customer or a beneficial owner is considered a PEP. FIs and DNFBPs are further required to identify whether a PEP is categorised a Foreign PEP or a Domestic PEP and then take relevant measures required in each category.

Cabinet Resolution No. 74 of 2020

Cabinet Resolution no. 74 (2020) provides obligations of financial institutions, VASPs and DNFBPs in relation to implementation of targeted financial sanctions to comply with UN Security Council Resolutions, UAE terrorist lists, and prevention of money laundering and proliferation financing and weapons of mass destruction.

Article 21 – What are Sanctions Screening Obligations of Financial Institutions and DNFBPs?

This article requires Financial institutions and DNFBPs shall abide by the following:

1. All FIs and DNFBPs should register with the Executive Office of the Committee for Goods Subjected to Import and Export Control (CGMSIEC) to receive notifications about changes in listings of the UN Security Council, Sanctions Committee or the Cabinet.
2. FIs and DNFBPs in UAE are required to regular data screening of customers and transactions against the lists issued by UNSC, the Sanctions Committee or the Local Lists.
3. This customer and transaction data shall include names of current and potential customers, beneficial owners, names of counterparties to any transactions, names of associates whether person or organisation.
4. This screening is a continuous process and shall especially be performed when establishing a relationship with a customer, before conducting a transaction or immediately upon notification of any change to Sanctions Lists or Local Lists.
5. Regulated entities should immediately freeze the funds related to an entity matched against any of the lists mentioned without any delay or prior notice to the affected party.
6. Funds related to a person or entity who has been removed from the sanctions list or delisted shall also be released without delay.
7. This section requires that FIs and DNFBPs shall immediately notify the Supervisory Authority about:

• Identification of funds and actions taken to implement these requirement

• Inform the authority if any match found against UNSC or Local Lists
• If it was found that one of it’s previous customers were matched to UNSC or Local Lists
• If it was found that a current or former customer has a relationship with a listed entity
• Where action was not taken because of similarity of the name and it can’t be cleared through available or accessible information
• Information about unfrozen funds and relevant actions taken

1. Requires FIs and DNFBPs to develop controls and procedures to implement decisions mentioned in this article.

Cabinet Resolution No. 20 of 2019

This legislation was abrogated once the Cabinet Resolution No.74 of 2020 came into force repealing any conflicting provision in Cabinet Resolution No.20 of 2019.

The SCA Board Chairman’s Decision No. (21/Chairman) Of 2019 Procedures Of AML-CTF.

This legislation talks about the powers, functions, and obligations of the Securities and Commodities Authority to enforce AML/CTF Regulations according to Decree-Law and its executive regulations.

High Risk Jurisdictions

What are the obligations of FIs and DNFBPs regarding High Risk Jurisdictions?

Under Section 9, Article 22 of the Cabinet Resolution No. (10) of 2019 Concerning the Executive Regulations of Federal Decree-Law No. (20) of 2018, Financial Institutions, VASPs and DNFBPs are required to perform enhanced due diligence measures when establishing a business relationship or conducting a transaction with a legal or natural person from jurisdictions determined to be high risk by the National Committee on AML/CTF or countries with weak AML/CTF controls.

What are measures specific to the jurisdiction of an individual or entity?

NAMLCTFC provides clear instructions on identification and countermeasures to be taken in respect of specific jurisdictions determined by the FATF.  For this purpose the committee directly refers to the Greylist (Jurisdictions Under Increased Monitoring) and Blacklist (Jurisdictions Subject to a Call for Action) of the FATF.

Regarding Blacklist countries FATF calls for application of enhanced due diligence and countermeasures to effectively reduce the money laundering, terrorism financing and proliferation financing emanating from these countries. As of August 2024, only three countries Iran, Myanmar and North Korea (DPRK) are on this list. FATF does not ask to apply enhanced due diligence with respect to all countries in the Greylist but to take a risk based approach to assess the AML/CTF risk posed by each jurisdiction and take measures proportionate to the identified risks. Enhanced due diligence measures are clearly defined in Article 4, subsection 2 of the Cabinet Resolution No. (10) of 2019.

What is the future of AML/CFT Compliance in UAE?

The United Arab Emirates had been put on the FATF grey list in March 2022. The financial watchdog removed the country from the FATF grey list in February 2024. During the period on FATF grey-list the country took a number of measures including a tighter scrutiny of financial and even non-financial sectors, establishment of a dedicated anti-money laundering authority and New National Strategy 2024-2027. AML obliged sectors in UAE, financial or non-financial may need to adopt innovative tech-based approaches to comply with complex UAE AML regulations and do the due-diligence in line with FATF recommended risk-based approach.