Below are the key updates and enhancements introduced under the new AML law:

Reporting Obligations

All regulated entities must promptly file Suspicious Transaction Reports (STRs) with the Financial Intelligence Unit (FIU). Confidentiality is mandatory, and institutions are prohibited from informing clients or third parties of investigations. However, legal professionals are exempt when information is protected under legal privilege.

Inclusion of Virtual Asset Service Providers (VASPs)

The new law formally brings Virtual Asset Service Providers (VASPs) under the UAE’s AML/CFT framework. VASPs are now required to comply with all AML/CFT obligations, including registration, customer due diligence, reporting of suspicious transactions, and ongoing monitoring, ensuring transparency and accountability across virtual asset activities.

Enhanced Controls for Designated Non-Financial Businesses and Professions (DNFBPs)

The legislation also introduces stricter compliance requirements for DNFBPs, mandating enhanced risk assessments, record-keeping, and reporting obligations. These measures aim to strengthen oversight of high-risk sectors and ensure full alignment with international FATF standards.

Compliance and Risk Management

Financial and non-financial institutions are required to conduct documented risk assessments, enforce internal controls, and report compliance outcomes. The UAE’s risk-based approach mandates proportional measures based on customer and transactional risk levels.

Beneficial Ownership and Transparency

Institutions must verify ultimate beneficial owners (UBOs) and prevent fictitious transactions, ensuring transparency throughout customer and transactional records.

Record-Keeping and Evaluation

The updated regulation extends the AML/CFT record-keeping requirement to ten years from the transaction date or the end of the business relationship, covering all Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs). Regulators also maintain detailed statistics on STRs, convictions, and recovered assets to evaluate policy effectiveness and strengthen overall compliance.

Temporary Measures and Asset Freezing

Authorities may suspend or freeze suspicious assets for 30 days, extendable by the Attorney General, to prevent disposal during criminal investigations.

Administrative Penalties

Failure to comply triggers penalties ranging from warnings and fines up to AED 5 million to license suspension or cancellation. Repeat offenders face escalated penalties and mandatory corrective reporting.

Penalties for Violations

Criminal penalties include imprisonment (1 to 10 years) and fines (AED 100,000 to AED 10 million), depending on offense type, money laundering, terrorism financing, or proliferation financing. Corporate offenders may be fined up to AED 100 million or dissolved.

In summary, the UAE maintains one of the most advanced Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) frameworks globally and this new regime is comprehensive, enforcing strong preventive, reporting, and transparency obligations for financial and non-financial sectors while ensuring alignment with global standards and FATF best practices.

If you would like to explore how our AML/CFT compliance solutions can strengthen your organization’s AML compliance framework, please contact us.