UAE's New AML Law 2025/2026: Key Changes Under Federal Decree-Law No. 10 and What Businesses Must Do Now
On 14 October 2025, the UAE took one of its most significant legislative steps in the fight against financial crime. Federal Decree-Law No. 10 of 2025 came into force, repealing and replacing the previous AML law that had governed the country’s anti-money laundering framework since 2018. This is not a minor update. It is a comprehensive overhaul, and every regulated business operating in the UAE needs to understand exactly what has changed, what is now required, and what the cost of non-compliance looks like in 2026.
With the FATF Mutual Evaluation scheduled for June 2026, the timing of this legislation is deliberate. The UAE is signaling to international assessors that its legal framework is not just reformed on paper but is being actively enforced. For compliance officers, legal teams, and business owners across the Emirates, the window to align with the new law is already narrowing.
Why This Law Was Introduced
The UAE’s removal from the FATF grey list in February 2024 marked a turning point, but it also came with an implicit expectation: that the country would continue strengthening its AML/CFT architecture rather than ease off once the immediate pressure had passed. Federal Decree-Law No. 10 of 2025 is the legislative centerpiece of that continued commitment.
The new law addresses gaps that the 2020 Mutual Evaluation identified, incorporates the findings of the UAE’s third National Risk Assessment published in April 2025, and aligns domestic legislation more closely with the FATF’s evolving global standards. It also reflects the realities of a financial landscape that looks very different from 2018, including the rapid growth of virtual assets, the increasing sophistication of financial crime, and the UAE’s expanded role as a global trading and investment hub.
Key Changes Under Federal Decree-Law No. 10 of 2025
| Area of Change | Previous Position (2018 Law) | New Position (2025 Law) |
|---|---|---|
| Proliferation Financing | Addressed within broader CTF provisions | Now a standalone criminal offence with specific obligations |
| Predicate Offences | Limited list of underlying crimes | Expanded to explicitly include tax evasion |
| Virtual Assets | Limited coverage | Explicit inclusion of VASPs and digital asset transactions |
| Beneficial Ownership | General obligations | Strengthened verification and record-keeping requirements |
| Penalties | Existing penalty framework | Significantly enhanced fines and criminal sanctions |
| Digital Systems | Not explicitly addressed | Explicitly covered, including digital onboarding and e-KYC |
| Risk-Based Approach | Encouraged | Mandated with documented evidence of application |
| STR Obligations | Existing framework | Expanded scope of reporting triggers and timelines |
| Supervisory Powers | Existing framework | Broader powers granted to supervisory authorities |
| Cross-Border Cooperation | General provisions | Strengthened mutual legal assistance and information sharing |
The Five Most Significant Changes Explained
1. Proliferation Financing as a Standalone Offence
Perhaps the most consequential change in the new law is the introduction of proliferation financing (PF) as a distinct criminal offence, separate from broader counter-terrorism financing obligations. Under the 2018 framework, PF controls were embedded within general CTF provisions and were often treated as an extension of sanctions screening. The 2025 law demands a fundamentally different approach.
Businesses must now:
- ● Conduct a specific Proliferation Financing Risk Assessment (PFRA) that is separate from their general Business Risk Assessment
● Implement targeted financial sanctions (TFS) controls specifically designed to detect and prevent PF activity
● Document their PF risk exposure and the controls applied to mitigate it
● Train staff on PF typologies, red flags, and reporting obligations
This change alone will require most regulated entities to revisit their existing risk assessment frameworks from the ground up.
2. Tax Evasion as a Predicate Offence
Key Stats to Know
Key Stats to Know
Key Stats to Know
The explicit inclusion of tax evasion as a predicate offence to money laundering carries significant practical implications, particularly for businesses that serve high-net-worth individuals, corporate clients with complex cross-border structures, or customers operating in multiple jurisdictions.
Where previously tax matters were largely treated as a separate regulatory concern, compliance teams must now consider tax risk as part of their AML customer due diligence process. Enhanced due diligence for clients with opaque tax structures, offshore holdings, or exposure to high-risk jurisdictions is now an expectation, not a discretionary measure.
3. Virtual Assets and VASPs
The UAE has become one of the most active virtual asset markets in the world, and the 2025 law reflects that reality. Virtual Asset Service Providers are now explicitly brought within the scope of the AML framework, with obligations that mirror those applied to traditional financial institutions.
Key requirements for VASPs and entities transacting in virtual assets include:
- ● Full compliance with the Travel Rule for virtual asset transfers above threshold values
● Risk-based CDD on virtual asset customers, including source of funds verification
● Real-time sanctions screening against all relevant lists including OFAC, UN, and UAE local lists
● Suspicious Transaction Reporting for anomalous virtual asset activity
● Licensing verification of counterparty VASPs before processing transactions
4. Strengthened Beneficial Ownership Requirements
Beneficial ownership transparency has been a persistent weakness in the UAE’s AML framework, and the 2025 law addresses it directly. Regulated entities are now required to verify beneficial ownership information more rigorously at onboarding, review it more frequently throughout the relationship, and maintain records in a format that is accessible and auditable.
The practical implications are significant:
- Ownership structures with multiple layers or complex corporate chains require deeper investigation
- Passive reliance on customer-provided documentation is no longer sufficient
- Ongoing monitoring must flag changes in ownership structure that could indicate emerging risk
- Records must be maintained in a format that can be produced quickly to supervisory authorities
5. Enhanced Penalties and Supervisory Powers
5. Enhanced Penalties and Supervisory Powers
The 2025 law grants supervisory authorities, including the Central Bank, CBUAE, SCA, VARA, and DFSA within their respective jurisdictions, significantly broader powers to investigate, sanction, and prosecute non-compliance. Penalties have been enhanced across the board, with fines reaching into the tens of millions of dirhams for serious or repeated breaches.
The Central Bank has already signaled the direction of travel, issuing approximately AED 350 million in AML-related fines in recent months. Under the new law, that enforcement posture is backed by an even stronger legal foundation.
Who Is Affected: Regulated Entities Under the New Law
The following categories of business fall within the scope of Federal Decree-Law No. 10 of 2025:
● Banks, exchange houses, and financial institutions
● Insurance companies and brokers
● Investment firms and asset managers
● Real estate agents and brokers
● Lawyers, notaries, and independent legal professionals
● Accountants and auditors
● Company formation agents and corporate service providers
● Dealers in precious metals and stones
● Virtual Asset Service Providers (VASPs)
● Free zone entities engaged in financial or designated non-financial activities
If your business falls into any of the above categories and you have not yet conducted a gap analysis against the new law, that process should begin immediately.
What Businesses Must Do Now: A Compliance Action Plan
| Action | Priority | Timeline |
|---|---|---|
| Conduct gap analysis against Federal Decree-Law No. 10 | Critical | Immediately |
| Update Business Risk Assessment to include PF risk | Critical | Within 30 days |
| Review and update CDD and EDD procedures | High | Within 30 days |
| Update sanctions screening to cover all required lists | Critical | Immediately |
| Implement or review Travel Rule compliance (VASPs) | High | Within 30–60 days |
| Retrain staff on new typologies, PF, and tax evasion | High | Within 60 days |
| Review beneficial ownership verification procedures | High | Within 30 days |
| Update AML policies and procedures manual | High | Within 45 days |
| Conduct board-level briefing on new obligations | Medium | Within 30 days |
| Stress-test transaction monitoring rule sets | Medium | Within 60 days |
| Prepare evidence pack for regulatory inspection | Medium | Within 90 days |
The Role of Technology in Meeting the New Standard
The obligations introduced under Federal Decree-Law No. 10 are not achievable through manual processes alone. The volume, complexity, and speed of data required to meet the new law’s expectations demand a technology-led approach. This is where investing in robust AML compliance software becomes not just useful but essential. A capable platform enables regulated entities to:
- ● Screen customers and transactions against hundreds of global and local sanctions lists in real time
● Apply dynamic, risk-based scoring to customer profiles that updates automatically as new information emerges
● Monitor transactions continuously for patterns consistent with money laundering, proliferation financing, or tax evasion
● Generate and file Suspicious Transaction Reports within the required timeframes
● Maintain auditable records of every compliance decision for regulatory inspection
● Produce management information and board-level reporting on compliance performance
● Document the application of a risk-based approach in a format assessor can verify
Without the right technology embedded in your operations, the gap between what the law now requires and what your organization can demonstrate is likely to be significant.
Common Gaps Regulators Will Identify in 2026
Based on the new law’s provisions and the FATF’s 5th Round Methodology, the following weaknesses are most likely to be identified during supervisory inspections and the June 2026 Mutual Evaluation:
- ● Proliferation financing risk assessments that are absent, generic, or not tailored to the specific business model
● Transaction monitoring systems that generate high volumes of false positives but miss genuine suspicious activity
● CDD files that are incomplete, outdated, or do not reflect the current risk rating of the customer
● STR filings that are low in volume, poor in quality, or submitted outside required timeframes
● Beneficial ownership records that cannot be verified independently or accessed quickly
● Staff training that is annual and tick-box rather than ongoing and risk-informed
● Governance structures where the compliance function lacks sufficient seniority, resource, or board access
Each of these gaps is both a regulatory risk and an operational vulnerability. Addressing them before an inspection is infinitely preferable to explaining them during one.
How First Compliance Supports Full Alignment with the New Law
At First Compliance, we have developed our platform specifically for regulated entities operating within the UAE’s legal and regulatory environment. Every module is built to address the obligations that matter most under Federal Decree-Law No. 10 of 2025 and the broader FATF framework. For any regulated business searching for dependable AML compliance software, our solution is purpose-built for exactly this environment.
Our platform covers:
- ● Sanctions and PEP Screening – real-time screening against hundreds of global lists including OFAC, UN, EU, HM Treasury, and UAE local lists
● eKYC and Customer Due Diligence – automated, risk-scored onboarding with full document management and beneficial ownership mapping
● Transaction Monitoring – AI-powered detection of suspicious patterns with customizable rule sets aligned to current UAE typologies
● Proliferation Financing Controls – dedicated modules supporting PFRA and TFS compliance
● Regulatory Reporting – structured STR and CTR workflows that ensure accurate, timely filing
● Case Management – complete audit trails for every alert, investigation, and compliance decision
● Risk Management – dynamic customer risk scoring that reflects a genuine risk-based approach
● Dashboard and Analytics – real-time management information for compliance officers and board-level reporting
Whether you are a bank, a VASP, a DNFBP, or a free zone entity, our platform scales to your size, your risk profile, and your regulatory obligations.
The Bottom Line
Federal Decree-Law No. 10 of 2025 has raised the bar for AML compliance in the UAE in a way that cannot be addressed through policy updates alone. It demands operational change, technological investment, and a genuine culture of compliance that runs from the front line to the boardroom.
With the FATF Mutual Evaluation arriving in June 2026, the question is not whether your organization will face scrutiny. It is whether you will be ready when it arrives.
The businesses that act now, closing gaps, upgrading systems, and embedding the new law’s requirements into daily operations, will not only survive the evaluation. They will demonstrate the kind of institutional commitment that regulators and international partners are looking for.
Take the Next Step with First Compliance
Do not wait for a regulatory inspection to discover where your gaps are. First Compliance gives you the tools, the data, and the audit trail to face the new AML landscape with confidence. Our AML compliance software is trusted by regulated entities across the UAE to deliver exactly the kind of operational readiness that the new law demands.
Schedule your free demo today at First Compliance and let our team show you exactly how our platform aligns with Federal Decree-Law No. 10 of 2025, the FATF’s 5th Round requirements, and the supervisory expectations of 2026.
Your compliance framework should be an asset, not a vulnerability. Let us help you make it one.
Trusted Global Compliance Partner
Advanced Screening & Reporting Tools
Scalable Solutions for Growing Businesses
Trusted Global Compliance Partner
Advanced Screening & Reporting Tools
Scalable Solutions for Growing Businesses
First Compliance is a comprehensive compliance and due diligence software platform designed to meet the rigorous standards of global regulations. Developed by a team of experts in law, compliance, and anti-financial crime, our tool leverages advanced technology to streamline investigations and ensure thorough due diligence.
Company
Links
useful links
- AML Screening Solution in Dubai
- Automated Compliance Software in Dubai
- KYC Onboarding Software in Dubai
- Transaction Monitoring Software in Dubai
- AI Transaction Monitoring in Dubai
- AML Compliance Software in Dubai
- KYC Compliance Monitoring in Dubai
- AML Risk Assessment Tool in Dubai
- Enterprise Risk Management Software Solutions in Dubai
- Compliance Monitoring Software in Dubai
- ESG Reporting Platform in Dubai
First Compliance is a comprehensive compliance and due diligence software platform designed to meet the rigorous standards of global regulations. Developed by a team of experts in law, compliance, and anti-financial crime, our tool leverages advanced technology to streamline investigations and ensure thorough due diligence.
