The United Arab Emirates (UAE) has reinforced its position as a global financial hub with the enactment of Federal Decree-Law No. 10 of 2025 on Combating Money Laundering Crimes, the Financing of Terrorism, and the Financing of the Proliferation of Weapons (the “2025 AML Law”).

This landmark legislation repeals the 2018 anti-money laundering law and introduces expanded obligations that bring the UAE fully in line with Financial Action Task Force (FATF) standards.

For financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs), the new AML law demands stronger internal controls, wider risk coverage, and greater accountability.

1. Expanded Scope of Financial Crime in the UAE

The UAE AML Law 2025 significantly broadens the definition of financial crimes to address modern threats such as:

• Proliferation financing (PF): funding or facilitating the development or spread of weapons of mass destruction (WMDs);
• Tax evasion: now recognised as a predicate offence under AML rules; and
• Virtual asset misuse, including money laundering through cryptocurrencies and blockchain platforms.

This expansion ensures the UAE’s compliance with FATF Recommendations 3 and 7, enhancing its global standing in financial integrity and transparency.

2. Enterprise-Wide Risk Assessment (EWRA)

Under the new regime, all businesses must conduct an enterprise-wide risk assessment (EWRA) to identify exposure to ML, TF, and PF risks.

Risk assessments should consider:

• Trade in dual-use goods that could contribute to proliferation activities;
• Tax-related vulnerabilities in complex ownership structures;
• Use of virtual assets or cross-border payment systems; and
• Dealings with high-risk jurisdictions or sanctioned individuals.

An updated EWRA serves as the foundation for all AML compliance controls and is expected to be reviewed regularly.

3. Enhanced Customer Due Diligence (CDD) and KYC

The 2025 AML law reinforces Know Your Customer (KYC) and Customer Due Diligence (CDD) requirements for both financial institutions and DNFBPs.

Key obligations include:

• Verifying beneficial ownership using reliable documentation;
• Screening all clients and transactions against UAE, UN, and international sanctions lists;
• Applying Enhanced Due Diligence (EDD) to politically exposed persons (PEPs), high-risk clients, and crypto-related activities; and
• Identifying the source of funds and source of wealth.

Importantly, the law mandates the inclusion of proliferation financing risk indicators in compliance programmes — a new and critical requirement.

4. Reporting and Recordkeeping Obligations

The UAE’s Financial Intelligence Unit (FIU) continues to oversee reporting through the goAML platform. Businesses must file:

• Suspicious Transaction Reports (STRs);
• Suspicious Activity Reports (SARs); and
• The newly introduced Suspicious Proliferation Financing Report (SPFR), covering suspected WMD-related funding.

Records of customer identification, transactions, and internal communications must be retained for at least five years after the transaction or business relationship ends.

5. Governance and Compliance Oversight

Every regulated entity must appoint a qualified Compliance Officer responsible for AML/CTF/PF implementation and liaison with the FIU and regulators.

Firms must:

• Update AML/CTF/PF policies and compliance manuals;
• Establish clear reporting lines and escalation procedures;
• Deliver ongoing staff training on AML, tax evasion, and proliferation risks; and
• Conduct independent compliance audits at least annually.

A documented governance framework is essential to demonstrate compliance readiness.

6. Regulation of Virtual Assets and VASPs

The UAE AML Law 2025 explicitly covers Virtual Asset Service Providers (VASPs), ensuring regulation of crypto exchanges, custodians, and wallet providers.

VASPs must:

• Register with the appropriate authority (e.g., VARA or ADGM FSRA);
• Implement robust blockchain monitoring and transaction tracing tools; and
• Report suspicious crypto activity via the goAML system.

Non-compliance may result in significant fines, licence suspension, or criminal liability.

7. Asset Freezing and Cross-Border Cooperation

The 2025 AML law strengthens the UAE’s framework for asset freezing and mutual legal assistance.
Authorities may:

• Freeze assets related to ML, TF, or PF without prior notice;
• Suspend suspicious transactions for up to 10 days; and
• Enforce foreign freezing and confiscation orders, even where no domestic investigation exists.

This improves international cooperation and supports the UAE’s participation in global asset recovery efforts.

8. Penalties and Enforcement

The law imposes severe sanctions for AML non-compliance:

• Individuals: imprisonment and fines of up to AED 5 million;
• Legal entities: fines up to AED 100 million or the equivalent value of illicit assets.

Authorities can also apply administrative penalties, including licence revocation and public disclosure of violations.
The evidentiary threshold is lower — enforcement may occur where a person “knew or should have known” of an offence.

9. Practical Compliance Checklist for UAE Businesses

To remain compliant under the 2025 AML regime, businesses should:

1. Update AML/CTF/PF policies to reflect the new law.
2. Conduct a comprehensive EWRA covering ML, TF, and PF risks.
3. Implement advanced sanctions screening, including proliferation-related lists.
4. File STRs, SARs, and SPFRs through goAML promptly.
5. Deliver targeted AML training to all employees.
6. Assess and register VASP activities, if applicable.
7. Undertake an annual independent AML audit.

Final Observations

The UAE Anti-Money Laundering Law 2025 marks a major evolution in the country’s approach to financial crime compliance.
By explicitly addressing proliferation financing, tax evasion, and digital asset risks, it positions the UAE at the forefront of global AML/CTF standards.

For businesses, robust compliance is not merely a legal requirement — it is an essential component of operational resilience and corporate integrity. Proactive risk management and continuous improvement will be key to navigating this strengthened regulatory landscape.

For more information or assistance with AML/CTF/PF compliance, please contact Ahmed Hadeed, Managing Partner, at Hadeed & Partners a.hadeed@hadeedpartners.ae.