Why UAE Gaming Operators Need a Reliable AML Screening Solution in Dubai
The UAE established the General Commercial Gaming Regulatory Authority (GCGRA) in September 2023, transforming from a jurisdiction with a total prohibition on gambling into one of the most closely watched gaming licensing destinations in the world.
Under Federal Decree-Law No. 10 of 2025, gaming operators are now formally classified as Designated Non-Financial Businesses and Professions (DNFBPs). This triggers the full spectrum of UAE anti-money laundering and counter-terrorism financing obligations. Deploying a robust AML screening solution in Dubai is a prerequisite for licensing, not an afterthought.
At First Compliance Solution, we help gaming operators, technology vendors, and key persons build the compliance infrastructure the GCGRA demands. This guide covers everything you need to know.
Part 1: The UAE Gaming Market in Context
From Prohibition to a Federal Licensing Regime
The UAE Penal Code previously prescribed fines of up to AED 20,000 and up to two years’ imprisonment for gambling participants, and up to ten years’ imprisonment for organisers.
The regulatory shift was driven by economics. Research indicated that even a 1.6% gaming contribution to GDP could generate approximately USD 6.6 billion annually, a meaningful diversification of the UAE’s economic base beyond oil and tourism.
On 3 September 2023, WAM (Emirates News Agency) announced the GCGRA’s establishment by federal decree, with a mission to “create a socially responsible and well-regulated gaming environment, ensuring that all participants adhere to strict guidelines and comply with the highest standards.” The GCGRA’s founders framed this not as an abandonment of cultural values, but as a responsible entertainment framework built on player safety, financial crime prevention, and responsible gaming.
Key Milestones
● January 2024: Mahzooz and Emirates Draw paused operations to pursue GCGRA licensing.
● July 2024: The Game LLC received the UAE’s first Lottery License.
● November 2024: The UAE national lottery launched, including the AED 100 million “Lucky Day” jackpot.
● October 2024: Wynn Resorts received the UAE’s first casino license for a USD 3.9–5 billion integrated resort on Al Marjan Island, Ras Al Khaimah, opening early 2027.
● December 2024: The GCGRA issued a Consumer Advisory Notice warning against unlicensed operators.
● April 2025: The GCGRA signed an MOU with New Jersey gaming regulators for cross-border regulatory cooperation.
● Late 2025: Play971 became the UAE’s first licensed online gaming and sports betting platform.
● 1 June 2026: Federal Decree-Law No. 25 of 2025 came into effect, making GCGRA-licensed gaming contracts enforceable in UAE civil courts for the first time.
Morgan Stanley estimates the UAE gaming market could generate USD 3–5 billion in gross gaming revenue annually, making a GCGRA licence one of the most commercially significant regulatory permits available in the industry right now.
Part 2: The GCGRA's Structure and Mandate
The GCGRA is headquartered in Abu Dhabi and holds exclusive federal jurisdiction to regulate, license, and supervise all commercial gaming activities across all seven emirates. It operates with three core mandates: establishing and enforcing regulatory standards, overseeing financial crime prevention, and promoting responsible gaming through evidence-based player protection programmes.
The Four Categories of Regulated Gaming
Internet Gaming: Online casino games, eSports betting, and fantasy sports across all digital platforms. The definition is intentionally broad to accommodate new formats as they emerge.
Land-Based Gaming Facilities: Physical casinos, gaming floors, and slot halls. Wynn Al Marjan Island is the flagship project, with further licences expected.
Sports Wagering: Regulated betting on sporting events under GCGRA technical standards.
Lotteries: The GCGRA intends to maintain one official lottery. Existing games like Big Ticket and Dubai Duty Free may continue under GCGRA supervision, but no new lottery licences will be granted.
Technical Standards
The GCGRA has partnered with Gaming Laboratories International (GLI) to adopt GLI-19 (Interactive Gaming Systems) and GLI-33 (Event Wagering Systems) as its technical benchmarks.
Operating Without a Licence
Engaging in, conducting, or facilitating commercial gaming in the UAE without a GCGRA licence is illegal. Penalties include heavy fines, imprisonment, and business closure.
Part 3: GCGRA Licensing - Types, Eligibility, and Process
Who Must Apply?
Every business and individual involved in any aspect of commercial gaming must obtain the appropriate licence before commencing activities, not just operators.
Licence Types
Entity Licences cover Gaming Operators, Gaming-Related Vendors and Suppliers, and Key Persons at the corporate level.
Individual Licences cover Key Persons (individuals) and Gaming Employees involved in the operation, supervision, or management of a licensed entity.
A single gaming operation may require multiple licence types. A resort operating a casino floor with proprietary software would need both a Gaming Facility Operator licence and a Gaming Technology Supplier licence.
Eligibility Requirements
The GCGRA evaluates all applicants against standards of integrity, financial capacity, and operational competence. Core criteria include a clean regulatory record across all operating jurisdictions, sufficient financial resources, and a detailed business plan incorporating responsible gaming frameworks, an AML compliance programme, and technical infrastructure specifications.
The Six-Step Licensing Process
Step 1: Intake Form. Submit the GCGRA Intake Form with company information, ownership structure, key persons, and intended licence types.
Step 2: Initial Screening and Portal Access. The GCGRA conducts preliminary screening. If in scope, the applicant gains access to the licensing portal.
Step 3: Full Documentation Submission. Submit corporate filings, AML/KYC policies, technical certifications, a responsible gaming programme, and key personnel documentation.
Step 4: Suitability Investigation. The GCGRA conducts background checks, financial verification, and operational capability assessments.
Step 5: Assessment and Approval. No formal deadline is set, but the GCGRA is committed to a smooth process. Applicants should plan for several months.
Step 6: Ongoing Monitoring. Licensing is not a one-time event. Operators face continuous compliance obligations and regular GCGRA engagement.
Documentation Checklist
● Constituent documents and certificate of registration
● Detailed business plan with financial forecasts and organisational charts
● AML/CFT compliance programme documentation
● Responsible gaming programme
● Technical specifications and independent laboratory certifications
● Key personnel backgrounds and declarations
● Proof of financial stability
● Local representative contact details
Part 4: AML/CFT Compliance Under the GCGRA
Gaming Operators Are Now DNFBPs
Cabinet Resolution No. 134 of 2025 formally includes gaming operators in the DNFBP definition under Article 3, Item 1. The AML threshold is a single or linked transaction at or above AED 11,000. At that level, the full UAE AML/CFT compliance framework applies.
Federal Decree-Law No. 10 of 2025 replaced the 2018 AML law, coming into effect on 14 October 2025. Cabinet Resolution No. 134 of 2025 followed on 14 December 2025 as its implementing regulation.
This is a significant structural shift for the gaming industry. Operators that previously had no formal AML obligations now sit within the same regulatory perimeter as financial institutions and real estate brokers. An effective AML screening solution in Dubai is not a compliance add-on for gaming businesses. It is the backbone of a licensable operation.
The Legal Framework at a Glance
● Federal Decree-Law No. 10 of 2025 on Combating Money Laundering, Terrorist Financing, and Proliferation Financing
● Cabinet Resolution No. 134 of 2025 (Executive Regulations)
● FATF Recommendation 22 (Enhanced CDD for casinos)
● The 2025 Commercial Gaming Policy Paper (GCGRA sector-specific guidance)
● Cabinet Decision No. 74 of 2020 (Targeted Financial Sanctions)
Core AML Obligations for Gaming Operators
- Customer Due Diligence (CDD): Operators must verify customer identities at onboarding. For online platforms this means Emirates ID verification with Arabic OCR and tamper detection, alongside international documents for expatriate and tourist users, and beneficial ownership identification under Cabinet Decision No. 109 of 2023.
- Enhanced Due Diligence (EDD): EDD is mandatory for Politically Exposed Persons (PEPs) and their associates, high-value customers, clients from high-risk jurisdictions, and customers displaying unusual transactional behaviour.
- Sanctions Screening: Operators must screen against the UAE Local Terrorist List and the UN Security Council Consolidated List under Cabinet Decision No. 74 of 2020. This must happen in real time, not as a periodic batch process. Any AML screening solution in Dubai deployed for gaming must cover both lists with continuous monitoring.
- Suspicious Transaction Reporting (STR): All STRs must be filed with the UAE Financial Intelligence Unit via the goAML platform. The GCGRA supervises reporting culture but does not receive STRs directly.
- Five-Year Record Retention: All CDD records, transaction records, and compliance documentation must be retained for a minimum of five years and made available to supervisory authorities on request.
- Enterprise-Wide Risk Assessment (EWRA): Operators must continuously assess and document ML/TF/PF risks across customer types, products, geographies, and delivery channels, aligned with the 2024 UAE National Risk Assessment.
- Designated MLRO: Every licensed operator must appoint a qualified Money Laundering Reporting Officer. Boards and senior management carry explicit responsibility for AML/CFT oversight.
- Staff Training: All relevant staff must receive regular, documented AML/CFT training covering gaming-specific typologies including structuring, chip washing, and layering through gaming platforms.
Part 5: Why a Dedicated AML Screening Solution in Dubai Is Central to Gaming Compliance
Gaming platforms process high transaction volumes, serve high-net-worth and international clientele, handle cash-equivalent instruments, and are attractive to those seeking to launder proceeds through the apparent legitimacy of winnings. Manual screening cannot meet the speed, accuracy, or scale that the GCGRA and Federal Decree-Law No. 10 of 2025 require.
The UAE national lottery operator, The Game LLC, is the clearest market example. The company deployed an AI-powered screening system that screens participants against PEP databases, sanctions lists, and adverse media reports to ensure no high-risk individuals can access lottery services. The system was integrated in under 11 weeks.
This is the standard the GCGRA expects. Any operator that approaches screening as a manual or ad hoc process will not survive regulatory scrutiny. A purpose-built AML screening solution in Dubai is the only practical answer.
What the Screening Solution Must Cover
PEP Screening: Real-time detection of domestic and foreign Politically Exposed Persons and their networks. Both PEP categories require EDD including source of wealth and source of funds verification. PEP status is time-bound and must be monitored continuously.
Sanctions Screening: Coverage across 1,300+ global watchlists and 200+ sanctions lists, including UAE-specific lists, UN consolidated lists, and enforcement databases.
Adverse Media Screening: Negative news monitoring identifies customers connected to financial crime or reputational risk who may not yet appear on formal sanctions lists.
Transaction Monitoring: Continuous monitoring for structuring, unusual deposit and withdrawal patterns, rapid chip conversion, and other gaming-specific money laundering typologies.
goAML Integration: The solution must support timely, high-quality STR submissions to the UAE FIU through the goAML portal.
Name Screening at Onboarding: Automated name screening at the point of customer registration is the first line of defence. Speed and accuracy here directly determine how much manual review burden the compliance team carries downstream.
Part 6: Responsible Gaming Obligations
The GCGRA treats responsible gaming as a core regulatory pillar. Every licensed operator must submit a Responsible Gaming Programme covering the following:
● Self-exclusion mechanisms allowing players to voluntarily exclude
● Deposit and loss limits configurable daily, weekly, and monthly
● Cooling-off periods enforced at the platform level
● Age verification with all marketing restricted to persons aged 18 and over, with no targeting of minors or vulnerable individuals
● Staff training on identifying and assisting problem gamblers
● Dedicated Responsible Gaming Officer responsible for programme oversight and GCGRA liaison
Part 7: Cybersecurity and Technical Compliance
GCGRA compliance extends to platform integrity and data protection. Mandated controls include:
● Platform penetration testing and vulnerability assessments
● Random Number Generator (RNG) certification by a GCGRA-approved laboratory
● Secure encryption for player data and financial transactions
● Payment system integrity controls
● Incident response plans for cybersecurity breaches and data protection incidents
● Player data protection in compliance with UAE data privacy law
Part 8: Enforcement and Penalties
The GCGRA has modelled its enforcement powers on regulators from New Jersey and Las Vegas. Non-compliance carries serious consequences.
Financial Penalties: Fines calibrated to the severity and duration of the breach. Under the broader UAE AML framework, administrative fines can reach AED 5,000,000 per violation.
Licence Suspension or Revocation: Serious or persistent AML failures or unlicensed operation can result in immediate suspension or permanent revocation.
Criminal Liability: Operating without a licence or facilitating unlicensed gaming may constitute a criminal offence. Violations of licensing requirements under Federal Decree-Law No. 10 of 2025 carry fines of not less than AED 200,000 and up to AED 10,000,000, plus potential imprisonment.
Cross-Border Enforcement: The GCGRA’s MOU with New Jersey regulators and its FATF-aligned framework enable active cooperation with international counterpart authorities.
Operators should also note that AML failures specifically trigger the harshest regulatory responses. A gap in your sanctions screening process, a missed PEP match, or a failure to file an STR are not minor administrative infractions in the UAE. They are grounds for licence revocation. This is precisely why selecting and deploying the right AML screening solution in Dubai must happen before you go live, not after your first supervisory review.
Part 9: The June 2026 Civil Code Reform
Federal Decree-Law No. 25 of 2025 (effective 1 June 2026) removed Articles 1012–1019 from the UAE Civil Transactions Law, eliminating the civil-law basis that treated gaming contracts as void. GCGRA-licensed gaming contracts are now enforceable in UAE civil courts for the first time. Unregulated gaming remains illegal.
For operators, this means contractual certainty with vendors, suppliers, and players, and a materially reduced risk profile for institutional investors. It also signals that the UAE is committed to building a permanent, mature gaming jurisdiction rather than a transitional regulatory experiment.
Part 10: Building Your Compliance Programme - A Practical Framework
Governance: Appoint a qualified MLRO with appropriate seniority. Establish Board-level AML/CFT oversight with documented accountability and a compliance committee with regular reporting lines.
Risk Assessment: Conduct an EWRA covering customer, product, geographic, and delivery channel risk. Map it to the UAE National Risk Assessment 2024 and the 2025 Commercial Gaming Policy Paper. Review annually or following material business changes.
Customer Onboarding and KYC: Deploy identity verification for Emirates IDs and international documents. Implement real-time PEP, sanctions, and adverse media screening at onboarding. Build risk-based CDD profiles with clear EDD triggers. The onboarding workflow is where your AML screening solution in Dubai does its most critical work. Get it right from the start.
Transaction Monitoring: Deploy a system with gaming-specific typology rules. Set thresholds aligned with the AED 11,000 DNFBP trigger. Integrate STR workflows directly with goAML.
Policies and Procedures: Document all AML/CFT policies in line with Cabinet Resolution No. 134 of 2025 and the 2025 Commercial Gaming Policy Paper. Review and approve annually at senior management level.
Trainin: Deliver regular, documented training to all relevant staff. Include gaming-specific typologies and case studies. Maintain training records for GCGRA inspection.
Regulatory Reporting: Register on goAML before commencing operations. Establish clear escalation and investigation procedures. Retain all records for a minimum of five years.
Ready to Build Your GCGRA-Compliant AML Programme?
Whether you are planning your GCGRA licence application, building your AML/CFT framework from scratch, or stress-testing an existing programme against Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025, First Compliance Solution is your partner.
Contact us today for a confidential consultation. Our specialists will assess your compliance posture, identify gaps against GCGRA and UAE AML requirements, and design a tailored roadmap to full regulatory readiness.
This blog is intended for informational purposes and does not constitute legal advice. First Compliance Solution recommends engaging specialist advisors for all GCGRA licensing and AML compliance matters.
Trusted Global Compliance Partner
Advanced Screening & Reporting Tools
Scalable Solutions for Growing Businesses
Trusted Global Compliance Partner
Advanced Screening & Reporting Tools
Scalable Solutions for Growing Businesses
First Compliance is a comprehensive compliance and due diligence software platform designed to meet the rigorous standards of global regulations. Developed by a team of experts in law, compliance, and anti-financial crime, our tool leverages advanced technology to streamline investigations and ensure thorough due diligence.
Company
Links
useful links
- AML Screening Solution in Dubai
- Automated Compliance Software in Dubai
- KYC Onboarding Software in Dubai
- Transaction Monitoring Software in Dubai
- AI Transaction Monitoring in Dubai
- AML Compliance Software in Dubai
- KYC Compliance Monitoring in Dubai
- AML Risk Assessment Tool in Dubai
- Enterprise Risk Management Software Solutions in Dubai
- Compliance Monitoring Software in Dubai
- ESG Reporting Platform in Dubai
First Compliance is a comprehensive compliance and due diligence software platform designed to meet the rigorous standards of global regulations. Developed by a team of experts in law, compliance, and anti-financial crime, our tool leverages advanced technology to streamline investigations and ensure thorough due diligence.