The UAE has introduced a new anti-money laundering (AML) framework under Federal Decree-Law No. 10 of 2025 and its implementing regulations under Cabinet Resolution No. 134 of 2025, replacing the previous regime under the 2018 law and its 2019 regulations. The structure of the regime remains familiar, continuing to follow a risk-based approach. The real change sits in how the law expands its scope, how it lowers and clarifies evidentiary thresholds, and how enforcement bodies are expected to apply those thresholds in practice.
It changes how cases are built, reduces what needs to be proven at the outset, and allows authorities to move more quickly where there are reasonable grounds to suspect that funds are linked to criminal activity. It also increases the likelihood that responsibility will be traced back to individuals within an organisation, particularly where there are gaps in oversight or control.
| Key Takeaways |
|
Key Changes Under UAE Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025
At a structural level, the new framework expands the range of activities and entities within scope and tightens the treatment of ownership, control, and financial risk. The framework also introduces important changes in how AML breaches are enforced in practice. This includes a lower evidentiary threshold for money laundering, allowing knowledge to be inferred from objective circumstances, and a greater focus on individual accountability at senior management level. Together, these changes are expected to support more proactive enforcement and place greater emphasis on individual accountability at senior management level. Senior management should be more alert to their personal exposure, including the risk of scrutiny where there are gaps in oversight, failures in implementation, or weaknesses in internal controls.
Expansion of DNFBPs: Commercial Gaming Operators Now Captured
One clear expansion is the inclusion of commercial gaming operators as a category of Designated Non-Financial Businesses and Professions (DNFBP). The new regulations define commercial gaming broadly to include activities such as lotteries, betting, internet gaming, and other chance-based or skill-based activities involving monetary stakes. Under the previous regime, this category was not expressly captured. This reflects the UAE’s recognition that the sector presents heightened exposure to illicit conduct and money laundering risks, driven by its cash intensity, anonymity, and rapid movement of funds.
Virtual Assets: Deeper Integration Into the Core AML Regime
The framework also develops the treatment of virtual assets. While virtual asset activities were already captured under the 2019 regulations, the 2025 regulations integrate them more fully into the core AML regime and align their treatment more closely with financial institutions and other DNFBPs. The key change is not the list of activities, but how clearly those activities are brought within the broader compliance and enforcement framework.
In practice, this means firms operating in the virtual asset space can no longer rely on technical distinctions in how their services are structured. If they are facilitating the movement, safekeeping, or use of virtual assets as a business activity, they are expected to comply with the same core AML standards as other regulated entities, and regulators have a clearer basis to assess and enforce those obligations.
Beneficial Ownership and Control: Nominee Arrangements, Defined Standards, and New Penalties
A more technical but important change sits in how the law treats beneficial ownership and control. The 2019 framework defined beneficial ownership in broad terms. The 2025 regulations go further. They introduce express recognition and defined terms for Nominee Shareholders and Nominee Directors, defined as persons acting on the instructions of a “nominator”. Importantly, such nominees are not treated as beneficial owners. This closes a gap that existed in practice. Under the old framework, nominee arrangements could obscure the real decision-maker without clearly breaching the definition of beneficial ownership. The new drafting removes that ambiguity.
The regulations also tighten the approach to beneficial ownership by introducing expressly defined concepts of “Adequate”, “Accurate”, and “Up-to-Date” information, which did not exist in this structured form under the previous framework.
|
“Adequate information” refers to information sufficient to identify the beneficial owner and how ownership or control is exercised, including key details such as identity, nationality, address, and the roles and powers of relevant persons in legal arrangements. |
|
“Accurate information” requires that this information be verified, using reliable and independent sources, with an obligation to resolve discrepancies through supplementary measures, depending on risk. |
|
“Up-to-date information” requires that beneficial ownership information be kept current, with updates made within a reasonable timeframe following any change. |
Taken together, this moves the requirement from simply collecting ownership information to ensuring it is complete, verified, and actively maintained.
Those who intentionally provide incorrect or misleading information regarding beneficial ownership to any authority shall be liable for imprisonment and a fine of no less than AED 20,000, or both.
Proliferation Financing: From Sanctions Framework to Standalone Criminal Offence
Another notable development is the formal integration of proliferation financing into the core AML framework. Previously, this risk was addressed primarily through targeted financial sanctions. It is now expressly embedded within the primary AML law, which defines proliferation as the illicit and unauthorised trade in materials, systems, equipment, components, programmes, or technology contributing to the development of weapons of mass destruction and their means of delivery.
Importantly, the new law also introduces standalone criminal liability for proliferation financing. A person who commits the crime of proliferation financing is subject to prison term of up to 15 years and a fine of not less than AED 1,000,000 and up to AED 10,000,000, or an amount equal to twice the value of the relevant criminal property, whichever is greater. This marks a clear shift from a sanctions-driven framework to one where proliferation financing is treated as a direct criminal offence within the AML regime.
Enforcement Changes: FIU Powers, Operational Independence, and Asset Freezing Authority
The new framework also strengthens the role of the FIU and, importantly, reinforces its operational independence.
Under the previous framework, the FIU was described as having “operational autonomy” and acting as the national centre for receiving suspicious transaction reports. In practice, this positioned the FIU as an analytical body, but the scope of that autonomy was not developed in detail.
The 2025 regulations retain this foundation but go further by expressly providing that the FIU shall enjoy “operational independence,” and by defining what that independence means in practice. In particular, the FIU is now given clear authority to decide on the analysis, request, re-dissemination, and referral of information, and is required to operate independently from concerned authorities and counterpart units. This moves the FIU from a largely passive analytical role to a more active decision-making role within the enforcement chain.
The FIU is also vested with new powers previously reserved for the Central Bank Governor. It can now suspend transactions for up to 10 days and freeze assets for up to 30 days. Additionally, the Public Prosecution may seek the FIU’s opinion during investigations, reinforcing its role as a critical advisory body in financial crime cases.
Evidentiary Thresholds: Inferring Knowledge From Objective Circumstances
The most important change under the new framework is not just how evidence is assessed in practice, but how money laundering itself is defined.
Under the previous law, a person committed money laundering where they knew that funds were the proceeds of an original offence and carried out certain acts, such as transferring, concealing, or using those proceeds. While the law clarified that a conviction for the predicate offence was not required, in practice the requirement for “knowledge” often led to an expectation that the underlying offence itself could be clearly established.
The 2025 law retains the same core acts but introduces a critical shift in the mental element of the offence. A person now commits money laundering where they know, or where there are sufficient indications or evidence to believe, that the funds are the proceeds of a predicate offence. This expands the basis on which liability can arise. It is no longer necessary to demonstrate actual knowledge in a strict sense. It is sufficient that the surrounding circumstances point to the illicit origin of the funds. In this respect, the revised formulation brings the UAE position more closely into alignment with international standards and comparable regimes such as the UK under the Proceeds of Crime Act 2002, where liability may arise on the basis of “suspicion,” a similarly low threshold capturing cases where the facts would put a reasonable person on notice. While the UAE formulation of “sufficient indications or evidence to believe” is framed slightly differently, it operates in a comparable manner by permitting the inference of knowledge from objective circumstances rather than requiring direct proof.
In practical terms, this shift has important evidential consequences, lowering the burden on enforcement authorities by allowing reliance on circumstantial indicators of illicit origin, while correspondingly increasing the expectation on individuals and firms to identify and act upon red flags that would point to criminal property. Authorities are not required to establish a complete evidentiary record of the predicate offence, particularly where that conduct occurred outside the UAE. Instead, the focus is on whether the available evidence, taken as a whole, provides sufficient indication that the funds are of illicit origin (and from a jurisdictional perspective, that the tainted funds have flowed into the UAE).
This is reflected in how cases are now being approached. In a number of recent matters, particularly those involving cross-border conduct, there is greater acceptance of circumstantial evidence, including transaction patterns, inconsistencies in documentation, unexplained movement of funds, and the use of intermediaries or layered structures. The analysis is increasingly centred on whether the financial behaviour is consistent with legitimate activity, rather than whether the underlying offence can be fully proven.
Authorities are increasingly willing to engage with cases involving complex financial flows, particularly where supported by asset tracing and transaction analysis. In most cases, this still needs to be accompanied by a local expert report that sets out how the facts meet the elements of money laundering under the AML law and explains the financial flows and jurisdictional link.
At the same time, there remains a period of adjustment. In some cases, police and Public Prosecution continue to apply a more traditional approach, looking for a clearly established predicate offence and, in cross-border matters, evidence that some form of proceedings or criminal complaint has been initiated in the country where the predicate offence took place. In others, there is greater openness to cases built on financial evidence and inferred knowledge. The position is not yet uniform, but the directional shift is clear.
Senior Management Liability Under UAE AML Law: Senior Management Obligations and Individual Accountability
One of the most significant developments under the new framework is the clearer focus on senior management.
Who Qualifies as Senior Management Under the 2025 Regulations
The regulations define “Senior Management” as those with authority to take strategic or executive decisions affecting risk management, compliance policies, and operational governance, including CEOs, general managers, and board members. This is a broad definition that captures not only formal directors but anyone who has real influence over how the business is run.
AML Obligations Linked to Senior Management Approval and Oversight
This definition links directly to the obligations imposed on firms. The regulations require that AML policies, controls, and procedures are approved by senior management, proportionate to the business, and subject to ongoing monitoring and improvement. They also require enhanced due diligence measures, senior management approval for higher-risk relationships, and ongoing oversight of business relationships in higher-risk scenarios.
In practice, this creates a clear chain of responsibility. Where there is a failure in AML controls, authorities can look to whether senior management:
- approved appropriate policies;
- ensured those policies were implemented;
- responded to identified risks; and
- maintained adequate oversight of the business.
From our recent discussions with authorities, there is a clear shift towards examining who within the organisation was responsible for these elements. Importantly, this is not limited to compliance teams and extends to those making strategic and operational decisions.
Individual Accountability as an Enforcement Tool
Under the previous regime, personal liability existed but was not always central to enforcement. The current approach indicates that authorities are more willing to use individual accountability as an enforcement tool, particularly where there are systemic failures or clear gaps in oversight.
This has significant practical consequences. senior managers need to be able to demonstrate that they are actively engaged in AML risk management and aware of their responsibilities and potential liabilities. This includes understanding the firm’s risk profile, reviewing and approving policies, and ensuring that escalation and reporting mechanisms are working effectively. It is not enough for policies to exist, as authorities are likely to look at how those policies operate in practice, and whether senior management took reasonable steps to ensure compliance.
Conclusion: What the New UAE AML Framework Means for Businesses
The new UAE AML framework builds on the existing system in a way that materially strengthens its scope, clarity, and practical application. While many of the core concepts remain familiar, the changes introduced are significant in how they expand the reach of the regime and refine how it operates in practice.
The expansion of scope brings a broader range of activities and sectors within the regulatory perimeter, while the more detailed treatment of ownership and control reduces the ability to rely on formal structures to obscure who ultimately exercises influence. At the same time, the formal integration of proliferation financing into the legislative framework broadens the range of risks that firms are required to identify, assess, and manage.
The changes to how money laundering is defined and how evidence can be assessed make the framework more workable from an enforcement perspective. By allowing knowledge to be inferred from objective circumstances and reducing the need to establish the predicate offence in full, the law lowers the barrier to pursuing cases that would previously have faced practical challenges. In parallel, the increased focus on senior management shifts how responsibility is assessed within organisations, placing greater emphasis on oversight, decision-making, and the effectiveness of internal controls.
Taken together, these developments result in a framework that may be more capable of being enforced and less open to technical or structural gaps. For businesses, the key issue is no longer simply whether AML policies exist, but whether those policies are properly implemented, actively monitored, and supported by meaningful engagement at the senior management level.