- within Government and Public Sector topic(s)
- in Canada
- with readers working within the Accounting & Consultancy, Media & Information and Law Firm industries
- within Government, Public Sector, Corporate/Commercial Law and Finance and Banking topic(s)
- with Finance and Tax Executives
Executive Summary
The United Arab Emirates ("UAE") has enacted Federal Decree‑Law No. 10 of 2025 (the "2025 AML Law") to modernise its legal architecture on anti-money laundering ("AML"), counter-terrorism financing ("CTF") and proliferation financing ("PF"). Coming into force on 14 October 2025, the law repeals and replaces Federal Decree‑Law No. 20 of 2018, and aligns UAE standards with the latest recommendations of the Financial Action Task Force ("FATF"). It broadens scope to include virtual asset service providers ("VASPs"), designates new offences (including PF), lowers evidentiary thresholds, enhances regulator powers and imposes significantly tougher penalties. The legislation demands urgent action by financial institutions, DNFBPs (designated non-financial businesses and professions), compliance officers and senior management. This article explains the key changes in lay but precise terms, highlights practical implications, and offers compliance-focused insights for boards and senior leadership.
Background & Legislative Intent
Over the past decade, the UAE has transformed into a global financial hub characterised by openness and connectivity. With that growth though, comes the need to protect the integrity of its financial system from being used for illicit flows. In response to the evolving typologies of financial crime — including use of cryptocurrencies, dual-use goods, and complex corporate structures — the UAE government launched its National AML/CFT and CPF Strategy (2023–2027) and committed to incorporate the newest FATF standards.
The 2025 AML Law is the result of that policy and regulatory recalibration. The law is designed to:
- Respond to the FATF mutual evaluation outcomes, addressing previously identified gaps.
- Integrate proliferation financing control (for the first time in UAE federal law) so that financing of weapons of mass destruction ("WMD") and related dual-use materials falls within the regime.
- Enhance supervisory efficiency, improve inter-agency coordination, and unify enforcement across sectors.
- Promote transparency of corporate ownership, tightening beneficial ownership disclosure requirements.
In effect, the law marks a shift from a reactive, compliance-tick-box regime into a proactive, intelligence-driven ecosystem.
Scope & Coverage: Who is Caught?
The 2025 AML Law employs a broad perimeter, bringing within scope a wide variety of entities and activities previously less regulated or subject to regulatory ambiguity.
Key categories covered:
- Financial institutions – banks, insurance and reinsurance undertakings, securities & commodities brokers, money-exchange houses, payment/remittance service providers.
- Designated Non-Financial Businesses & Professions (DNFBPs) – real-estate brokers/agents, auditors, accountants, notaries/advocates, corporate & trust service providers, dealers in precious metals and gemstones.
- Virtual Asset Service Providers (VASPs) – exchanges, wallet providers, crypto asset platforms (explicitly brought within the perimeter).
- Any natural or legal person engaged in or facilitating financial transactions in the UAE—whether onshore or in free-zones (including Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market ("ADGM").
This inclusive scope ensures that sectors historically vulnerable to misuse — such as real estate, luxury goods trade, corporate service providers and crypto businesses — are now squarely under regulatory scrutiny.
Key Legislative Changes (2018 vs. 2025)
| Feature | 2018 Law (Federal Decree-Law No. 20/2018) | 2025 Law (Federal Decree-Law No. 10/2025) |
|---|---|---|
| Scope of offences | Money laundering + terrorism financing | Adds proliferation financing (PF) |
| Predicate offences | Traditional financial crimes | Now explicitly includes tax evasion (direct & indirect) |
| Virtual assets / crypto | Implicit or regulated via secondary rules | Explicitly covers VASPs, digital systems, encryption technologies. |
| Evidentiary threshold | "Actual knowledge" required | Lower threshold: "sufficient evidence or circumstantial evidence" is enough. |
| Maximum corporate fine | Up to AED 50 million | Up to AED 100 million or value of illicit assets. |
| Licensing regime for DNFBPs/VASPs | Limited statutory licensing obligations | Statutory licensing/registration required under Article 20. |
Institutional & Supervisory Architecture
The new model seeks to strengthen both vertical oversight (through regulators) and horizontal coordination (between agencies) to detect and disrupt illicit flows more efficiently.
Key institutional changes:
- Establishment of a Supreme Committee for Supervising the National Strategy on AML/CFT/CPF, to oversee strategy, risk assessments and international engagement.
- Establishment of a National Committee for Combating Money Laundering, the Financing of Terrorism and Financing of Arms Proliferation.
- The Financial Intelligence Unit (FIU), hosted by the Central Bank of the UAE ("CBUAE"), now enjoys greater autonomy, enhanced powers, and digital integration via the goAML platform.
- Regulators segment oversight by sector: CBUAE (banks/finance), Securities and Commodities Authority ("SCA") (capital markets), Insurance Authority (insurance), Ministry of Economy (DNFBPs), DIFC/ADGM authorities (free-zones).
- All supervisory authorities must adopt risk-based supervisory models, conduct on-site/off-site inspections, issue guidance, impose administrative sanctions, and exchange information with the FIU.
Substantive Offences & Penalty Regime
The 2025 AML Law consolidates and sharpens the "three pillars" of financial crime: Money Laundering (ML), Terrorism Financing (TF) and—critically—Proliferation Financing (PF).
Money Laundering (ML): Under Article 2, ML is defined as the conversion, transfer, concealment or disguise of illicit proceeds, or the acquisition, possession or use of property knowing, or having sufficient evidence/circumstantial evidence to support knowledge, that the funds derive from a predicate offence. In a pivotal change, this law introduces an autonomy principle: a previous conviction for the predicate crime is no longer required to prosecute ML.
Terrorism Financing (TF): TF offences now cover the provision, collection or management of funds used to support terrorist acts or organisations. The law explicitly captures financing via digital or virtual-asset channels, including encrypted systems.
Proliferation Financing (PF) For the first time at federal level, PF is codified as a standalone criminal offence. The law targets the financing of development, acquisition or transfer of weapons of mass destruction (WMD), related dual-use goods and technologies.
Penalties Summary
| Offence | Penalty |
|---|---|
| Money laundering (standard case) | Imprisonment: 1–10 years and fine of not less than AED 100,000 and not more than 5,000,000 or value of criminal property whichever is more. |
| Money laundering (if influence or authority granted to him by virtue of his job or professional activity/NPO/organized criminal group/oud/crime of chapter VII of part 1) | Temporary imprisonment and fine of not less than AED 1,000,000 and not more than 10,000,000 or twice the value of criminal property value whichever is more. |
| Terrorism financing | Life or temporary imprisonment (≥10 years) and fine of not less than AED 1,000,000 and not more than 10,000,000 or twice the value of criminal property value whichever is more. |
| Proliferation financing | Temporary imprisonment and fine of not less than AED 1,000,000 and not more than 10,000,000 or twice the value of criminal property value whichever is more. |
| Legal person: ML/TF/PF | fine of not less than AED 5,000,000 and not more than 100,000,000 or the value of criminal property value whichever is more and dissolution/closure the premises in which it operates. |
| DNFBPs/VASPs operating without licence | Imprisonment and fine of not less than AED 200,000 and not more than AED 10,000,000 or by one of these two penalties. |
| False/misleading beneficial ownership/BO info | Imprisonment and fine of not less than AED 20,000 or by one of these two penalties. |
| Tipping off, mismanagement, asset concealment | Imprisonment and a fine of not less than AED 50,000 or by one of these two penalties. |
Key observations:
- Maximum corporate fines have doubled compared with the 2018 law (from AED 50 million to AED 100 million).
- The law allows asset confiscation, dissolution of legal entities and indefinite limitation periods for serious offences.
- The FIU may issue freeze orders up to 30 days (extendable) without prior notice — a major expansion of enforcement tools.
Preventive Compliance & Governance Obligations
The law casts compliance obligations deep into the operational fabric of regulated entities.
Key obligations include:
- Customer Due Diligence (CDD): Identity verification of clients and Ultimate Beneficial Owners (UBOs), assessment of purpose and nature of transaction.
- Enhanced Due Diligence (EDD): For high-risk clients (PEPs, cross-border flows, VASPs), including senior-management approval, source‐of‐wealth checks and enhanced monitoring.
- Record-keeping: Entities must retain relevant documentation for at least 5 years after termination of relationship or transaction.
- STR/SAR reporting: Suspicious activity must be reported via the digital goAML system to the FIU without tipping off the subject. Entities must exercise confidentiality.
- Beneficial ownership registers: Entities must maintain accurate and updated information on UBOs. ➤ Under Cabinet Decision No. 58 of 2020.
- Governance & training: Senior management and boards must oversee AML programmes; compliance officers must be appointed; regular training required.
- Sanctions screening & trade finance due diligence: Entities must screen clients and transactions against UN, UAE and international sanctions lists. Particular attention must be given to trade-finance flows involving dual-use goods or goods subject to proliferation risk.
- Licensing/Registration: Article 20 now requires that any person or entity performing financial activities, VASP operations, or DNFBP services must be licensed or registered by the competent authority
For many businesses, this means moving beyond a compliance "check-the-box" culture and implementing a risk-based, proactive control environment, supported by technology, governance and regular challenge to systems and processes.
International Cooperation & Cross-Border Dimensions
The 2025 AML Law places a strong emphasis on cross-border cooperation and alignment with global frameworks.
- Under Chapter 9, the law permits the execution of foreign confiscation or asset-seizure orders, without requiring a separate domestic investigation, and prohibits refusal of cooperation solely on the grounds of bank secrecy, tax matters or other confidentiality, except legal privilege.
- The UAE's membership in the Egmont Group enables real-time intelligence exchange via the FIU, supporting asset-tracing and coordinated global investigations.
- The law ensures that digital or virtual-asset-based cross-border flows are within the ambit of the legislation, so as to address emerging typologies of financial crime.
International businesses and financial institutions operating in the UAE must expect foreign-authority cooperation requests and be ready to support investigations and disclosures of global illicit flows.
Practical Implications & Enforcement Trends
Real-world enforcement in 2024–2025 reflects the UAE's increasingly assertive stance. Although the new law only recently entered into force, regulatory bodies have already demonstrated significant willingness to penalise non-compliance. For example, in mid-2025 the CBUAE imposed fines exceeding AED 300 million on exchange houses and bank branches for AML/CFT failures (reports indicate one fine at AED 200 million), and further international bank branches were fined (one for AED 10.6 million) for insufficient internal controls. These measures send a clear signal that senior management and compliance teams cannot treat AML as a back-office function but must prioritise it as a strategic corporate matter. Indeed, the new law's structure means that senior executives may now face personal accountability, and boards should view compliance risk as a part of enterprise-risk governance. Businesses should consider the following practical actions now:
- Conduct a full gap-analysis of existing AML/CFT/CPF frameworks against the new law's requirements.
- Update policies, procedures, technology platforms (transaction monitoring, sanctions screening, VASP controls).
- Re-train staff (front-office, compliance, senior management) to reflect expanded scope and new red-flags (crypto, dual-use trade, proliferation risk).
- Strengthen data-and-analytics capabilities to identify unusual patterns, make STR/SAR filings more timely and maintain audit-ready documentation.
- Perform mock regulatory inspections and internal audits to test readiness for regulator on-site visits.
- Ensure board and senior management oversight includes regular
reporting on AML/CFT/CPF compliance, risk trends, and incident
response.
The new law has raised the cost of non-compliance significantly — both financially and reputationally — and companies cannot afford to be passive.
Strategic Observations & Future Outlook
The introduction of the 2025 AML Law signals the UAE's seriousness about aligning with global best practices and enhancing its credibility as a transparent jurisdiction. Several strategic take-aways are noteworthy:
- By incorporating PF into the main statute, the UAE acknowledges that financial crime now spans finance, trade, logistics and defence-industry ecosystems.
- The explicit inclusion of virtual assets and lowered evidentiary thresholds reflect an understanding that illicit finance is increasingly digital, cross-border, and opaque.
- The sharper penalties and stronger institutional architecture suggest that the UAE is prepared to use its regulatory tools aggressively, both domestically and in global cooperation contexts.
- The compliance burden for entities is increasing — but so too is the opportunity for firms with strong controls to demonstrate trust, resilience and credibility in the global financial marketplace.
For businesses operating in or via the UAE, compliance should now be viewed as a strategic enabler rather than a cost-centre. Firms that invest in strong governance, technology, and culture will not only avoid penalties—they will also strengthen their competitive position. On the other hand, firms that delay or minimise AML/CFT/CPF reforms risk significant disruption, regulatory sanctions, and reputational damage.
Conclusion
The 2025 AML Law is more than a statutory update—it is a fundamental reset of the UAE's financial-crime prevention regime. Its expanded scope, tougher evidentiary standards, elevated penalties and strengthened enforcement powers collectively usher in a new era of compliance expectation. For legal professionals, compliance officers and senior executives, the message is clear: the era of regulatory complacency is over. Effective compliance now requires board-level oversight, technology-enabled monitoring, continuous risk assessment and a culture of transparency and accountability. The UAE has signalled that it will not tolerate misuse of its financial system for money laundering, terrorism financing or proliferation of weapons. For stakeholders willing to invest in compliance excellence, this shift offers both a challenge and an opportunity.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
