Regulatory Overview of Anti-Money Laundering and Know Your Customer Measures in the UAE for the Year 2024
In the United Arab Emirates (UAE), the fight against money laundering and the financing of terrorism (AML/CFT) is a top priority. The country has a robust and evolving regulatory framework that covers financial institutions, designated non-financial businesses and professions (DNFBPs), non-profit organizations, and virtual asset service providers.
The AML/CFT regulations in the UAE are primarily governed by Federal Decree-Law No. (20) of 2018, along with its Executive Regulation (Cabinet Decision No. 10 of 2019). These set the legal foundation for AML/CFT compliance across sectors.
Financial Institutions (FIs) and DNFBPs, which include real estate brokers, metals and gemstones dealers, corporate service providers, and others, must register with the UAE Financial Intelligence Unit (FIU) and report suspicious transactions using the goAML system. The Central Bank of the UAE (CBUAE) supervises AML/CFT compliance for financial institutions and enforces regulations through inspections and sanctions.
Non-profit organizations are also subject to AML/CFT measures, reflecting international obligations to prevent abuse for terrorist financing. They must adhere to risk-based due diligence in line with UAE AML laws and FATF guidance.
Virtual Asset Service Providers (VASPs) have additional regulatory requirements overseen by the Virtual Assets Regulatory Authority (VARA), including mandatory licenses and compliance with the Central Bank’s regulations related to payment token services and proprietary trading.
The UAE National Committee regularly updates a list of high-risk jurisdictions and requires all regulated entities—including banks, DNFBPs, VASPs, and non-profit organizations—to apply enhanced due diligence measures proportionate to risks identified.
FIs and DNFBPs are required to undertake Customer Due Diligence (CDD) measures, including understanding the nature of the customer’s business and the purpose of the transaction in specified cases. FIs must enhance their CDD measures for customers identified as high-risk, such as Politically Exposed Persons, customers associated with high-risk countries, and correspondent banking institutions.
The designated Competent Authority for reporting suspicious transactions in the UAE is the FIU, and suspicious activities should be reported through the goAML portal. If FIs fail to report suspicious activities, their managers or employees may be subjected to imprisonment and fines.
Businesses need to follow Know Your Customer (KYC) requirements when working with their customers, collecting different types of documents from individual customers and companies. To stay compliant, businesses should monitor customer transactions, ensure authentic data, and report suspicious cases.
The UAE government has published special guidelines for FIs and DNFBPs to help businesses stay compliant with AML/CFT regulations. The country also has a Specialized Money Laundering Court and a dedicated department, the Anti-Money Laundering and Combating the Financing of Terrorism Supervision Department (AMLD), within the CBUAE, to regulate AML and CFT matters.
The statutory retention period for all records is at least five years, from the date of the most recent of various events. The Financial Action Task Force (FATF) stated in February 2024 that the UAE is no longer subject to increased monitoring, reflecting proactive regulatory oversight.
In summary, the UAE has a comprehensive and evolving AML/CFT regulatory framework to meet international standards set by the Financial Action Task Force (FATF). Non-compliance results in significant fines and sanctions, reflecting the country's commitment to combating money laundering and the financing of terrorism.
Businesses in the UAE must comply with the Know Your Customer (KYC) requirements when working with their customers, collecting various documents and continuously monitoring their transactions to identify and report any suspicious cases. Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs), such as real estate brokers, metals and gemstones dealers, corporate service providers, and others, are also required to undertake Customer Due Diligence (CDD) measures, including understanding the nature of the customer's business and the purpose of the transaction, and to register with the UAE Financial Intelligence Unit (FIU) for AML/CFT compliance.
