The UAE government has recently changed its Anti-Money Laundering and Counter-Financing of Terrorism law. It is focused on strengthening the financial integrity and also meeting the international standards. By the use of Federal Decree Law No. 10 of 2025 UAE has changed the 2018 law.
This new rule works for both financial and non-financial institutions, along with virtual assets providers. We will be talking in detail about the AML regulations, the obligations, and enforcement through this article.
What is the Regulatory Framework: Key Laws and Updates (2025) ?
2025 AML Law: A new era
- The 2025 AML Law came into effect on 14 October 2025 and formally supersedes the previous Federal Decree-Law No. 20 of 2018.
- The new law has made changes to the scope of AML/CFT regulation. It has introduced new criminal offences which increase the penalties and corporate liability.
- It further adds Proliferation Financing, which deals in weapons, dual-use goods, and other factors. It is an offense now.
Inclusion of Virtual Assets and VASPs
- Virtual Asset Service Providers like exchanges, wallet providers, and crypto must be formally regulated. This rule has come after the 2025 changes.
- The law prohibits the use of anonymity-enhancing virtual assets that obscure the origin or ownership of funds; unlicensed activity by VASPs carries criminal and administrative penalties, including fines.
Expanded “Regulated Entities” and Scope
The law now covers a broad range of entities beyond traditional banks and finance firms. Key covered categories include:
- Financial institutions (banks, insurers, securities firms, money-exchange houses, payment/remittance services)
- Designated Non-Financial Businesses and Professions (DNFBPs) — e.g., real estate agents, auditors and accountants, corporate/trust service providers, dealers in precious metals and gems, legal professionals.
- Virtual-asset providers (VASPs) and related fintech businesses.
- Entities dealing with cross-border value movement, cash, virtual assets, and high-value assets, even in free zones (like DIFC or ADGM).
Core Obligations: What Businesses Must Do (AML, CFT, CPF, KYC)
Based on the changes in rules, companies must use a strong compliance and governance system. The key roles for the 2025 framework are:
Customer Due Diligence (CDD) & Know Your Customer (KYC)
- All companies must verify client identity, like a passport, an Emirates ID, and a trade license. You should also understand the ownership structure and obtain beneficial ownership information before signing the client.
- Risk-based approach: Standard due diligence must be followed for regular clients. Likewise, enhanced due diligence must be followed for high-risk clients like politically exposed persons, complex ownership, or virtual assets.
- Continuous monitoring: Transactions should be monitored for suspicious patterns; entities must screen vendors and clients against sanctions lists (domestic and international) and PEP registers.
Registration & Reporting Obligations
- The regulated entities, like financial institutions, DNFBPs, and VASPs, must register with the domestic financial intelligence reporting platform called goAML.
- If the entities find any suspicious activity, they should file a Suspicious Transaction Report.
- All the records of customer identification, transactions, beneficial ownership, and compliance documents must be maintained.
Governance, Compliance & Internal Controls
- Companies must have a compliance officer or Money Laundering Reporting Officer who looks for AML/CFT/CPF issues
- High-level management must use AML oversight in corporate governance. It includes documented AML policies, regular risk assessment, internal audits, compliance training programs, record keeping, etc
- Authorities must use risk assessment, on-site and off-site inspection, and reviews to make sure of compliance.
AML & CFT Regulations for Insurance Companies
- Insurance and reinsurance also fall under the regulated 2025 AML laws. The life insurance, general insurance, and reinsurers must follow the KYC/CDD requirements. This is useful for policyholders, beneficiaries, and premium payers.
- All the transactions must be monitored, and any suspicious activity must be reported.
- AML/CFT rules must be included in their internal compliance programs by insurance companies. An MLRO must be appointed to see whether the laws are implemented or not.
Enforcement & Penalties Under the New Regime
The 2025 AML law has seen major changes in fines and penalties. The major changes are:
- Substantial corporate fines: Entities might pay fines up to AED 100 million if they are found guilty of serious money laundering, terrorist financing, or proliferation financing issues.
- Criminal penalties for individuals: Senior management, officers, or individuals involved in violations or fraud might face imprisonment and personal fines.
- Administrative fines and sanctions: The fines can be up to 100 million if the rules aren’t followed. It could also result in license suspension, deregistration of the firm, and a business ban.
- Enhanced powers for the FIU and regulators: Based on the 2025 law FIU has major powers to freeze assets, suspend transactions, demand new information, and coordinate with foreign counterparts.
What is the Practical Implications for Accounting Firms and Corporate Clients ?
For the accounting firms and corporate clients, the 2025 AML change will bring major operational implications. Every business should follow this with honesty.
- Wider client scope: The companies that were considered less risky are now within the AML/CFT/CPF scope. These businesses include real estate, precious metals, legal professionals, consultancy firms, etc. Firms should check whether the clients follow the 2025 AML law and work accordingly.
- Stricter KYC and enhanced due diligence: There should be strong KYC/CDD processes before signing new clients. Mainly, the high-risk or cross-border clients must be checked on beneficial ownership or risk assessment.
- Enhanced governance and compliance frameworks: Every company must have an MLRO or a compliance officer. They will implement formal AML policies that help in tracking, logging, documentation, etc.
- Ongoing monitoring and reporting obligations: Firms must check every transaction, client activity, and suspicious pattern. You will need to register on the goAML platform and be prepared to file STR.
- Risk of severe consequences: Companies that don’t follow the rule will have to pay a heavy fine, have their license suspended, and their reputation might be damaged. Thus, compliance should be treated as a strategic, not administrative, issue.
Accounting firms serving Dubai clients — especially those engaged in cross-border transactions, crypto, real estate, corporate structuring, or high-value deals — should urgently conduct a gap analysis of current practices against the 2025 AML requirements.
Conclusion
The introduction of the 2025 AML law shows a massive moment in the UAE’s regulatory landscape. Expansion of regulated entities, inclusion of virtual asset providers, explicit targeting of proliferation financing, and better compliance expectations are the major foundations.
This shows that the UAE is focused on fighting money laundering, terrorist financing, and financial crime issues strictly. Compliance is no longer an option for financial institutions, insurance companies, fintechs, or non-financial service providers.
You will need to follow the law and corporate governance. For businesses in Dubai, adapting to the changes will help you build a long-term vision and trust of clients.
