UAE's New AML Law 2025/2026: Key Changes Under Federal Decree-Law No. 10 and What Businesses Must Do Now

AML compliance in the UAE

On 14 October 2025, the UAE took one of its most significant legislative steps in the fight against financial crime. Federal Decree-Law No. 10 of 2025 came into force, repealing and replacing the previous AML law that had governed the country’s anti-money laundering framework since 2018. This is not a minor update. It is a comprehensive overhaul, and every regulated business operating in the UAE needs to understand exactly what has changed, what is now required, and what the cost of non-compliance looks like in 2026.

With the FATF Mutual Evaluation scheduled for June 2026, the timing of this legislation is deliberate. The UAE is signaling to international assessors that its legal framework is not just reformed on paper but is being actively enforced. For compliance officers, legal teams, and business owners across the Emirates, the window to align with the new law is already narrowing.

Why This Law Was Introduced

The UAE’s removal from the FATF grey list in February 2024 marked a turning point, but it also came with an implicit expectation: that the country would continue strengthening its AML/CFT architecture rather than ease off once the immediate pressure had passed. Federal Decree-Law No. 10 of 2025 is the legislative centerpiece of that continued commitment.

The new law addresses gaps that the 2020 Mutual Evaluation identified, incorporates the findings of the UAE’s third National Risk Assessment published in April 2025, and aligns domestic legislation more closely with the FATF’s evolving global standards. It also reflects the realities of a financial landscape that looks very different from 2018, including the rapid growth of virtual assets, the increasing sophistication of financial crime, and the UAE’s expanded role as a global trading and investment hub.

Key Changes Under Federal Decree-Law No. 10 of 2025

Area of Change Previous Position (2018 Law) New Position (2025 Law)
Proliferation Financing Addressed within broader CTF provisions Now a standalone criminal offence with specific obligations
Predicate Offences Limited list of underlying crimes Expanded to explicitly include tax evasion
Virtual Assets Limited coverage Explicit inclusion of VASPs and digital asset transactions
Beneficial Ownership General obligations Strengthened verification and record-keeping requirements
Penalties Existing penalty framework Significantly enhanced fines and criminal sanctions
Digital Systems Not explicitly addressed Explicitly covered, including digital onboarding and e-KYC
Risk-Based Approach Encouraged Mandated with documented evidence of application
STR Obligations Existing framework Expanded scope of reporting triggers and timelines
Supervisory Powers Existing framework Broader powers granted to supervisory authorities
Cross-Border Cooperation General provisions Strengthened mutual legal assistance and information sharing

The Five Most Significant Changes Explained

1. Proliferation Financing as a Standalone Offence

Perhaps the most consequential change in the new law is the introduction of proliferation financing (PF) as a distinct criminal offence, separate from broader counter-terrorism financing obligations. Under the 2018 framework, PF controls were embedded within general CTF provisions and were often treated as an extension of sanctions screening. The 2025 law demands a fundamentally different approach.
Businesses must now:

  • ● Conduct a specific Proliferation Financing Risk Assessment (PFRA) that is separate from their general Business Risk Assessment
    ● Implement targeted financial sanctions (TFS) controls specifically designed to detect and prevent PF activity
    ● Document their PF risk exposure and the controls applied to mitigate it
    ● Train staff on PF typologies, red flags, and reporting obligations

This change alone will require most regulated entities to revisit their existing risk assessment frameworks from the ground up.

2. Tax Evasion as a Predicate Offence

Key Stats to Know

Key Stats to Know

Key Stats to Know

The explicit inclusion of tax evasion as a predicate offence to money laundering carries significant practical implications, particularly for businesses that serve high-net-worth individuals, corporate clients with complex cross-border structures, or customers operating in multiple jurisdictions.

Where previously tax matters were largely treated as a separate regulatory concern, compliance teams must now consider tax risk as part of their AML customer due diligence process. Enhanced due diligence for clients with opaque tax structures, offshore holdings, or exposure to high-risk jurisdictions is now an expectation, not a discretionary measure.

3. Virtual Assets and VASPs

The UAE has become one of the most active virtual asset markets in the world, and the 2025 law reflects that reality. Virtual Asset Service Providers are now explicitly brought within the scope of the AML framework, with obligations that mirror those applied to traditional financial institutions.
Key requirements for VASPs and entities transacting in virtual assets include:

  • ● Full compliance with the Travel Rule for virtual asset transfers above threshold values
    ● Risk-based CDD on virtual asset customers, including source of funds verification
    ● Real-time sanctions screening against all relevant lists including OFAC, UN, and UAE local lists
    ● Suspicious Transaction Reporting for anomalous virtual asset activity
    ● Licensing verification of counterparty VASPs before processing transactions

4. Strengthened Beneficial Ownership Requirements

Beneficial ownership transparency has been a persistent weakness in the UAE’s AML framework, and the 2025 law addresses it directly. Regulated entities are now required to verify beneficial ownership information more rigorously at onboarding, review it more frequently throughout the relationship, and maintain records in a format that is accessible and auditable.

The practical implications are significant:

  • Ownership structures with multiple layers or complex corporate chains require deeper investigation
  • Passive reliance on customer-provided documentation is no longer sufficient
  • Ongoing monitoring must flag changes in ownership structure that could indicate emerging risk
  • Records must be maintained in a format that can be produced quickly to supervisory authorities

5. Enhanced Penalties and Supervisory Powers

5. Enhanced Penalties and Supervisory Powers

The 2025 law grants supervisory authorities, including the Central Bank, CBUAE, SCA, VARA, and DFSA within their respective jurisdictions, significantly broader powers to investigate, sanction, and prosecute non-compliance. Penalties have been enhanced across the board, with fines reaching into the tens of millions of dirhams for serious or repeated breaches.

The Central Bank has already signaled the direction of travel, issuing approximately AED 350 million in AML-related fines in recent months. Under the new law, that enforcement posture is backed by an even stronger legal foundation.

Who Is Affected: Regulated Entities Under the New Law

The following categories of business fall within the scope of Federal Decree-Law No. 10 of 2025:


● Banks, exchange houses, and financial institutions
● Insurance companies and brokers
● Investment firms and asset managers
● Real estate agents and brokers
● Lawyers, notaries, and independent legal professionals
● Accountants and auditors
● Company formation agents and corporate service providers
● Dealers in precious metals and stones
● Virtual Asset Service Providers (VASPs)
● Free zone entities engaged in financial or designated non-financial activities


If your business falls into any of the above categories and you have not yet conducted a gap analysis against the new law, that process should begin immediately.

What Businesses Must Do Now: A Compliance Action Plan

Action Priority Timeline
Conduct gap analysis against Federal Decree-Law No. 10 Critical Immediately
Update Business Risk Assessment to include PF risk Critical Within 30 days
Review and update CDD and EDD procedures High Within 30 days
Update sanctions screening to cover all required lists Critical Immediately
Implement or review Travel Rule compliance (VASPs) High Within 30–60 days
Retrain staff on new typologies, PF, and tax evasion High Within 60 days
Review beneficial ownership verification procedures High Within 30 days
Update AML policies and procedures manual High Within 45 days
Conduct board-level briefing on new obligations Medium Within 30 days
Stress-test transaction monitoring rule sets Medium Within 60 days
Prepare evidence pack for regulatory inspection Medium Within 90 days

The Role of Technology in Meeting the New Standard

The obligations introduced under Federal Decree-Law No. 10 are not achievable through manual processes alone. The volume, complexity, and speed of data required to meet the new law’s expectations demand a technology-led approach. This is where investing in robust AML compliance software becomes not just useful but essential. A capable platform enables regulated entities to:

  • ● Screen customers and transactions against hundreds of global and local sanctions lists in real time
    ● Apply dynamic, risk-based scoring to customer profiles that updates automatically as new information emerges
    ● Monitor transactions continuously for patterns consistent with money laundering, proliferation financing, or tax evasion
    ● Generate and file Suspicious Transaction Reports within the required timeframes
    ● Maintain auditable records of every compliance decision for regulatory inspection
    ● Produce management information and board-level reporting on compliance performance
    ● Document the application of a risk-based approach in a format assessor can verify

Without the right technology embedded in your operations, the gap between what the law now requires and what your organization can demonstrate is likely to be significant.

Common Gaps Regulators Will Identify in 2026

Based on the new law’s provisions and the FATF’s 5th Round Methodology, the following weaknesses are most likely to be identified during supervisory inspections and the June 2026 Mutual Evaluation:

  • ● Proliferation financing risk assessments that are absent, generic, or not tailored to the specific business model
    ● Transaction monitoring systems that generate high volumes of false positives but miss genuine suspicious activity
    ● CDD files that are incomplete, outdated, or do not reflect the current risk rating of the customer
    ● STR filings that are low in volume, poor in quality, or submitted outside required timeframes
    ● Beneficial ownership records that cannot be verified independently or accessed quickly
    ● Staff training that is annual and tick-box rather than ongoing and risk-informed
    ● Governance structures where the compliance function lacks sufficient seniority, resource, or board access

Each of these gaps is both a regulatory risk and an operational vulnerability. Addressing them before an inspection is infinitely preferable to explaining them during one.

How First Compliance Supports Full Alignment with the New Law

At First Compliance, we have developed our platform specifically for regulated entities operating within the UAE’s legal and regulatory environment. Every module is built to address the obligations that matter most under Federal Decree-Law No. 10 of 2025 and the broader FATF framework. For any regulated business searching for dependable AML compliance software, our solution is purpose-built for exactly this environment.

Our platform covers:

  • Sanctions and PEP Screening – real-time screening against hundreds of global lists including OFAC, UN, EU, HM Treasury, and UAE local lists
    ● eKYC and Customer Due Diligence – automated, risk-scored onboarding with full document management and beneficial ownership mapping
    Transaction Monitoring – AI-powered detection of suspicious patterns with customizable rule sets aligned to current UAE typologies
    Proliferation Financing Controls – dedicated modules supporting PFRA and TFS compliance
    ● Regulatory Reporting – structured STR and CTR workflows that ensure accurate, timely filing
    ● Case Management – complete audit trails for every alert, investigation, and compliance decision
    ● Risk Management – dynamic customer risk scoring that reflects a genuine risk-based approach
    ● Dashboard and Analytics – real-time management information for compliance officers and board-level reporting

Whether you are a bank, a VASP, a DNFBP, or a free zone entity, our platform scales to your size, your risk profile, and your regulatory obligations.

The Bottom Line

Federal Decree-Law No. 10 of 2025 has raised the bar for AML compliance in the UAE in a way that cannot be addressed through policy updates alone. It demands operational change, technological investment, and a genuine culture of compliance that runs from the front line to the boardroom.

With the FATF Mutual Evaluation arriving in June 2026, the question is not whether your organization will face scrutiny. It is whether you will be ready when it arrives.

The businesses that act now, closing gaps, upgrading systems, and embedding the new law’s requirements into daily operations, will not only survive the evaluation. They will demonstrate the kind of institutional commitment that regulators and international partners are looking for.

Take the Next Step with First Compliance

Do not wait for a regulatory inspection to discover where your gaps are. First Compliance gives you the tools, the data, and the audit trail to face the new AML landscape with confidence. Our AML compliance software is trusted by regulated entities across the UAE to deliver exactly the kind of operational readiness that the new law demands.

Schedule your free demo today at First Compliance and let our team show you exactly how our platform aligns with Federal Decree-Law No. 10 of 2025, the FATF’s 5th Round requirements, and the supervisory expectations of 2026.

Your compliance framework should be an asset, not a vulnerability. Let us help you make it one.

Whatsapp Linkedin Envelope

Event Details

January 28, 2026

10:00 AM - 1:00 PM

DoubleTree by Hilton - M Square Hotel, Al Mankhool, Dubai, UAE

Limited to 35 senior compliance leaders

By invitation only

WhatsApp
Schedule a Free Demo Today
Demo Image

Ready to Streamline Your Compliance Efforts?

  • Ready to simplify compliance? Let's talk.
  • Experience the future of AML compliance.
  • Don't let compliance hold you back.

Trusted Global Compliance Partner

Advanced Screening & Reporting Tools

Scalable Solutions for Growing Businesses

Trusted Global Compliance Partner

Advanced Screening & Reporting Tools

Scalable Solutions for Growing Businesses

First Compliance

First Compliance is a comprehensive compliance and due diligence software platform designed to meet the rigorous standards of global regulations. Developed by a team of experts in law, compliance, and anti-financial crime, our tool leverages advanced technology to streamline investigations and ensure thorough due diligence.

Company

Links

useful links

Contact

Phone
+971 44 52 90 91
 +971 50 686 9463 / +971 50 798 4175
Whatsapp
+971 50 68 69 463
Address
Po Box 58553,
Saaha Offices,
Block C, Office W501A,
The Palace Downtown, Dubai
E-mail
info@adizone.com
info@bilberrysolutions.com
support@firstcompliancesolution.com
First Compliance

First Compliance is a comprehensive compliance and due diligence software platform designed to meet the rigorous standards of global regulations. Developed by a team of experts in law, compliance, and anti-financial crime, our tool leverages advanced technology to streamline investigations and ensure thorough due diligence.

Company

Links

Contact

Phone
+971 44 52 90 91
 +971 50 686 9463 / +971 50 798 4175
Whatsapp
+971 50 68 69 463
Address
Po Box 58553,
Saha Offices,
C Block, W501A,
Palace Downtown, Dubai
E-mail
info@adizone.com
info@bilberrysolutions.com
support@firstcompliancesolution.com
© 2026 First Compliance. Powered by Bilberry Solutions. All rights reserved.
Facebook-square Instagram Linkedin
Scroll to top