Anti-Money Laundering (AML) Compliance for UAE Businesses: Navigating the 2025 Legislative Overhaul

Navigate the 2025 UAE AML legislative overhaul with comprehensive compliance strategies for businesses in a global financial hub.

Engineer robust AML compliance frameworks to strategically safeguard UAE businesses against financial crime in 2025.

By Nour Attorneys / 6 January 2025

Anti-Money Laundering (AML) Compliance for UAE Businesses: Navigating the 2025 Legislative Overhaul

The United Arab Emirates (UAE) has cemented its position as a leading global financial and commercial hub, attracting international investment and fostering structural advancement. This rapid growth, however, necessitates a robust regulatory framework to safeguard the economy against illicit financial activities. In a decisive move to strengthen its defenses and align with the highest international standards set by the Financial Action Task Force (FATF), the UAE government has enacted a significant legislative overhaul in late 2025.

Related: Explore our property title transfer dubai services for strategic legal architecture in the UAE.

This article provides an authoritative and in-depth analysis of the new Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) regime, focusing on the critical updates businesses must implement to ensure compliance in 2026 and beyond. The changes are not merely incremental; they represent a fundamental shift in the legal landscape, demanding immediate attention from all regulated entities, including financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs).

Related: Explore our Legal Title Verification Process in | Secure Your Property Rights services for strategic legal architecture in the UAE.

The New Legislative Foundation: Federal Decree Law No. 10 of 2025

The cornerstone of the UAE’s updated AML/CTF framework is Federal Decree Law No. 10 of 2025, Concerning Combating Money Laundering, Terrorism Financing, and the Financing of Proliferation (the "New AML Law"). This landmark legislation, which came into effect on October 14, 2025, repeals and replaces the previous Federal Decree Law No. 20 of 2018.

Related: Explore our Free Zone Company Formation for Foreign Investors | Expert Legal Services services for strategic legal architecture in the UAE.

The New AML Law is a clear signal of the UAE’s unwavering commitment to combating financial crime, introducing stricter enforcement powers, higher penalties, and a broader scope of application.

Related: Explore our Legal Title Verification Process in | Secure Your Property Rights services for strategic legal architecture in the UAE.

1. Expansion of Scope: The Inclusion of Proliferation Financing (CPF)

The most significant change is the explicit inclusion of a framework for combating Proliferation Financing (CPF). This addition brings the UAE’s legal structure into full alignment with the latest FATF recommendations, which require countries to criminalize and take action against the financing of the proliferation of weapons of mass destruction. For businesses, this means compliance programs must now extend their risk assessments and monitoring systems to identify and mitigate risks associated with CPF, requiring a deeper understanding of international sanctions lists and the nature of transactions involving dual-use goods or high-risk jurisdictions.

2. A Lowered Legal Threshold: The Objective Test for Knowledge

The New AML Law fundamentally alters the burden of proof for establishing money laundering and other principal offences by introducing an objective test. Knowledge that funds were illicit can now be inferred from the factual and objective circumstances. This means that liability can arise where a person knew or should have reasonably known about the illicit nature of the funds.

This shift from a subjective test of actual knowledge to an objective test of competence and diligence is the most critical change for compliance officers and senior management. It places a much higher onus on businesses to maintain robust, documented, and effective internal controls. A failure to detect suspicious activity due to negligence or inadequate systems, such as a failure of due diligence, ignoring clear red flags, or inadequate training, is no longer a defense; it is now a potential basis for criminal liability. This new standard necessitates a culture of proactive vigilance and requires businesses to demonstrate that their policies are effective, regularly tested, and rigorously enforced.

3. Increased Penalties and Personal Liability for Managers

The financial and personal stakes for non-compliance have been dramatically raised.

Corporate Fines: Penalties for legal entities have been significantly increased, with fines ranging from AED 5 million to AED 100 million or a sum equivalent to the value of the criminal property, whichever is greater. Courts also have the power to order the dissolution of a legal entity or the closure of its headquarters.
Manager Liability: The New AML Law introduces the concept of personal criminal liability for managers of legal entities. Managers can face fines or imprisonment if they have actual knowledge of a principal offence or if the offence occurred as a result of a breach of their employment duties. This provision ensures that accountability for compliance failures reaches the highest levels of corporate governance.

4. Regulation of Virtual Assets and VASPs

Acknowledging the rapid evolution of financial technology, the New AML Law and its Executive Regulations explicitly address the use of digital systems, virtual assets, and encryption technologies. Virtual Asset Service Providers (VASPs) are now directly regulated, with strict licensing, reporting, and anti-anonymity requirements. Businesses dealing with cryptocurrencies or other virtual assets must ensure their AML/CTF programs are specifically tailored to the unique risks associated with this sector, including transaction monitoring and wallet screening.

Operationalizing Compliance: Cabinet Resolution No. 134 of 2025

The practical implementation of the New AML Law is detailed in its Executive Regulations, specifically Cabinet Resolution No. 134 of 2025, which came into force on December 14, 2025. This resolution provides the operational framework for regulated entities.

1. Stricter Beneficial Ownership (BO) Requirements

The Executive Regulations place a significantly higher scrutiny on establishing and verifying Beneficial Ownership. Regulated entities must maintain accurate and up-to-date records of their ultimate beneficial owners and must apply Enhanced Due Diligence (EDD) when the beneficial owner is a high-risk individual or entity. This requirement is crucial for preventing the misuse of corporate structures for money laundering. For businesses, this means a thorough review of their company formation and corporate governance records is essential. [Placeholder Backlink: /service/company-formation]

2. Expanded Powers of the Financial Intelligence Unit (FIU)

The FIU’s enforcement toolkit has been significantly expanded, granting it powers to act swiftly against suspected illicit activities.

FIU Power: Description, Implication for Businesses *Seizure Order: Suspend transactions suspected to be linked to financial crime for up to 10 working days, without prior notice., Transactions can be halted instantly, requiring immediate response and clear documentation of compliance procedures. Freezing Order*: Freeze funds suspected to be linked to financial crime for a period of 30 days (extendable)., Assets can be immobilized for extended periods, severely impacting operations and liquidity.

These expanded powers underscore the need for real-time transaction monitoring and a rapid, well-defined internal process for handling FIU inquiries and orders.

3. Enhanced International Cooperation

The New AML Law broadens the UAE courts' powers to implement foreign orders for 'provisional measures' or confiscate criminal property without the need for a local, UAE-based money laundering investigation. This enhanced mechanism for mutual legal strategic deployment highlights the UAE's role as a cooperative partner in the global fight against financial crime.

For professional legal guidance, explore our Aml Compliance Advisory, Aml Compliance Advisory Services, Strategic Aml Compliance Advisory legal architecture In..., and Business Compliance Advisory Services service pages.

Focus on DNFBPs and the Risk-Based Approach (RBA)

Designated Non-Financial Businesses and Professions (DNFBPs) remain a critical focus area for the UAE’s regulatory bodies, particularly the Ministry of Economy and Tourism (MoET). DNFBPs include real estate agents, dealers in precious metals and stones, auditors, and legal consultants. In August 2025, the MoET released Circular No. 6 of 2025, which re-emphasized the importance of a robust, risk-based approach (RBA) to AML compliance.

Sector-Specific Compliance Deep Dive

The RBA requires businesses to tailor their controls to their specific risks.

Real Estate: Due to the sector's vulnerability to money laundering, agents must conduct CDD on both the buyer and the seller, verify the source of funds and wealth, and prioritize the identification of the Beneficial Owner for all high-value transactions.
Precious Metals and Stones (DPMS): DPMS must apply CDD to all cash transactions exceeding the set threshold (typically AED 55,000) and implement robust systems for identifying and reporting suspicious transactions, especially those involving unusual payment methods.
Legal and Accounting Professionals: When involved in specific financial transactions for a client (e.g., managing client money, forming companies), they must apply CDD and EDD. They must be acutely aware of the risk of tipping off a client when filing a Suspicious Transaction Report (STR), a balance that requires specialized legal advisory and training. [Placeholder Backlink: /service/legal-advisory]

The MoET’s focus on RBA is a direct call for DNFBPs to move beyond a tick-box approach and embed risk management into their core operations. This is where expert risk advisory becomes indispensable. [Placeholder Backlink: /service/risk-advisory]

A Roadmap for 2026: Key Compliance Pillars

The legislative changes of 2025 necessitate a comprehensive review and upgrade of existing AML/CTF compliance programs. Businesses should focus on the following key pillars to navigate the new regulatory environment successfully.

1. Governance and Internal Controls

The increased personal liability for managers makes strong governance non-negotiable. This includes appointing a dedicated, senior Compliance Officer, immediately updating all internal policies and procedures to reflect the New AML Law and Executive Regulations (especially concerning CPF, Virtual Assets, and the objective test), and conducting a regular, independent audit of the AML/CTF program to ensure effectiveness.

2. Technology and Automation: The Modern AML Stack

The scale and complexity of transactions demand a modern, technology-driven approach.

Automated KYC/CDD: Implement automated systems for real-time sanctions screening, PEP screening, and adverse media checks to reduce human error and provide an auditable trail.
AI-Driven Transaction Monitoring (TM): Move beyond simple rule-based systems to deploy AI and machine learning for detecting subtle, non-obvious patterns of suspicious activity, such as deviations from a customer's normal behavior.
Case Management and Reporting: Deploy integrated case management systems that centralize all data and ensure a consistent, documented, and timely process for filing Suspicious Transaction Reports (STRs) with the FIU. The new law’s expanded FIU powers mean that delays in reporting are more likely to result in severe penalties.

3. Training and Awareness

Compliance is a culture, not just a department. The new law’s focus on manager liability and the objective test for knowledge means that training must be comprehensive and targeted. Senior management training must focus on their personal responsibilities and the legal implications of the new objective test, while all relevant employees must receive regular, role-specific training on identifying red flags, applying CDD/EDD, and internal reporting procedures. Training records must be meticulously maintained.

Practical Scenarios Under the Objective Test

To fully grasp the gravity of the "should have reasonably known" standard, businesses must consider how this new legal principle will be applied in enforcement actions. The objective test shifts the focus from the defendant's internal state of mind to the adequacy of the firm's compliance infrastructure.

Scenario 1: The Complex Corporate Structure A DNFBP is engaged to provide services to a company whose ownership structure involves multiple layers of holding companies registered in various offshore jurisdictions. The firm's compliance officer performs only basic CDD, accepting the provided documentation without conducting an independent search for the ultimate Beneficial Owner (BO). If the BO is later identified as a high-risk individual on a sanctions list, the compliance officer and senior management could face personal liability. The argument would be that a reasonable compliance professional, faced with a complex, multi-jurisdictional structure, should have known that Enhanced Due Diligence (EDD) was mandatory and that the failure to perform it constituted a breach of duty.

Scenario 2: The Unusual Transaction A long-standing client of a financial institution, whose business profile is in local retail, suddenly attempts a large, unexplained wire transfer to a company in a jurisdiction known for high money laundering risk. The transaction monitoring system flags the transfer, but the compliance analyst, due to heavy workload and lack of training, dismisses the alert as a "false positive" without proper investigation or documentation. When the funds are later traced to a criminal enterprise, the institution and the analyst are exposed. The objective test will focus on the analyst's failure to follow established procedures for investigating a red flag, arguing that any reasonable person in that role should have known the transaction was suspicious and required a Suspicious Transaction Report (STR).

These scenarios highlight that the New AML Law effectively criminalizes willful blindness and gross negligence in compliance matters. The only effective defense against the objective test is a comprehensive, documented, and demonstrably effective AML program that leaves no room for reasonable doubt regarding the firm's diligence.

The 2026 Compliance Roadmap: Detailed Steps for Implementation

The transition to full compliance with the 2025 legislative framework requires a structured, multi-phase project. Businesses should immediately initiate the following detailed steps:

Phase 1: Gap Analysis and Risk Reassessment (Q1 2026) 1. Conduct a New Business Risk Assessment (BRA): The existing BRA is likely obsolete. A new assessment must explicitly incorporate the risks of Proliferation Financing (CPF), the increased risk from Virtual Assets, and the implications of the Objective Test. 2. Policy and Procedure Gap Analysis: Compare all current AML/CTF policies against the requirements of Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025. Identify all missing or deficient controls, particularly those related to EDD triggers, BO verification, and STR filing protocols. 3. Resource Allocation Review: Assess the current compliance team's capacity, expertise, and technology stack. Determine the necessary budget and personnel increases to meet the new regulatory burden.

Phase 2: Remediation and Implementation (Q2-Q3 2026) 1. Policy Drafting and Approval: Draft and formally approve all updated AML/CTF policies and procedures. This includes a new internal manual detailing the firm's response to the objective test and the new personal liability for managers. 2. Technology Upgrade: Implement or upgrade the AML technology stack. This is the time to integrate automated KYC/CDD legal architecture and deploy AI-driven transaction monitoring systems capable of handling the new complexity, including virtual asset transactions. 3. BO Register Clean-up: Conduct a full remediation of the Beneficial Ownership register. This involves re-verifying the BO for all high-risk clients and documenting the steps taken to identify the ultimate natural person, especially for complex structures.

Phase 3: Training and Culture (Ongoing) 1. Mandatory, Role-Specific Training: Roll out a mandatory training program. The training must be customized: * Senior Management: Focus on personal liability, governance, and the objective test. * Front-Line Staff: Focus on red flag identification, CDD/EDD procedures, and internal reporting. * Compliance Team: Focus on new STR filing protocols, FIU expanded powers, and technology usage. 2. Independent Audit: Commission an independent, external audit of the newly implemented AML program. This audit provides an objective assessment of the program's effectiveness and serves as crucial evidence of the firm's commitment to compliance, which is vital under the new objective test.

Final Call to Action: Partnering for a Compliant Future

The UAE’s 2025 legislative overhaul, spearheaded by Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, marks a new era of heightened accountability and regulatory rigor. The shift to an objective test for knowledge, the introduction of personal liability for managers, and the massive increase in corporate fines collectively raise the compliance bar to an unprecedented level.

For businesses operating in the UAE, the message is clear: proactive, comprehensive, and technology-driven compliance is no longer optional—it is a fundamental requirement for continued operation and success. Given the complexity, the severity of the penalties, and the rapid pace of regulatory change, seeking specialized external AML compliance consulting is a prudent and often necessary step. [Placeholder Backlink: /service/aml-compliance-consulting]

By immediately reviewing and upgrading their AML/CTF frameworks, businesses can not only mitigate severe legal and financial risks but also contribute to the UAE’s reputation as a secure and trusted global financial center.

Related Services: Explore our Money Laundering Defense Uae and Aml Compliance For Sme services for practical legal support in this area.

Disclaimer: The information provided in this article is for general informational purposes only and does not constitute legal advice. Readers should seek professional legal advice tailored to their specific circumstances before making any decisions or taking any action based on the content of this article.

Nour Attorneys Team

Additional Resources

Explore more of our insights on related topics: