Federal Decree-Law No. 10 of 2025 took effect October 14, 2025, and the Central Bank of the UAE's April 16, 2026 guidance pushes licensed financial institutions decisively toward real-time, technology-enabled AML compliance.
A new AML law
Federal Decree-Law No. 10 of 2025 took effect on October 14, 2025, repealing Federal Decree Law No. 20 of 2018 and its 2021 amendments. The new law broadens regulated activity, formalizes the Financial Intelligence Unit and supervisory authorities, and — significantly — elevates Proliferation Financing (PF) to a standalone offense alongside AML and CFT, supported by new statutory definitions.
CBUAE's April 2026 guidance
On April 16, 2026, the Central Bank of the UAE issued updated guidance on anti-money laundering, combating terrorism financing, and counter-proliferation financing. The guidance signals a decisive shift from procedural compliance toward continuous, technology-enabled risk management — explicitly aligned with FATF standards and the post-grey-list strategy.
What licensed financial institutions must now do
The new expectations include real-time transaction monitoring with automated anomaly detection, dynamic risk-based customer due diligence with ongoing reassessment rather than one-time onboarding, enhanced controls in high-risk trade sectors (gold, commodities, re-exports), tighter VASP supervision, and integrated PF oversight inside enterprise-wide risk assessments. Compliance officer remits expand to cover PF and VASP risks. Nominal managers and shareholders must be identified for UBO purposes.
Why the UAE is moving fast
The UAE was removed from the FATF grey list in 2024 and is investing heavily in keeping that standing. Real-time AML enforcement is a strategic economic priority for a hub connecting Asia, Africa, and Europe. Companies in gold trading, metals, oil, and re-exports — and the financial institutions banking them — should expect heightened scrutiny.
Practical next steps
LFIs and VASPs should refresh their Enterprise-Wide Risk Assessments to include PF risk, revise AML/CFT/CPF policies and procedures, upgrade transaction monitoring to support genuine real-time detection, and retrain compliance officers on broader remits. Technology partners should be evaluated against the CBUAE's expectation of continuous, audit-ready risk management.
How UMCA helps
UMCA's platform delivers the real-time, audit-ready AML/CFT/CPF monitoring that the CBUAE's new guidance expects from licensed financial institutions.
