UAE’s New AML Law (2025): Key Changes and What Businesses Must Know
In 2025, the United Arab Emirates introduced a ground breaking overhaul of its anti-money laundering (AML), counter-terrorist financing (CTF) and counter-proliferation financing (CPF) framework along with Federal Decree-Law No. 10 of 2025. This new law brings a major step in aligning the UAE’s financial crime regime with the Financial Action Task Force (FATF) standards and thereby enhancing the country’s overall reputation as a global financial hub.
If you are a financial institution, a designated non-financial business or profession (DNFBP), a fintech or virtual asset service provider (VASP), or a corporate entity, the new AML law makes stronger obligations, expands the categories of offences, imposes higher penalties, and enhances enforcement powers.
This blog explains the key changes under the 2025 AML Law, their implications on UAE businesses and practical steps to stay compliant.
Disclaimer: The companies and examples mentioned in this article are illustrative and created solely for educational purposes.
Why the New AML Law Was Introduced
The UAE has historically adapted its AML/CFT regime to meet global threats and regulatory expectations. The previous framework followed, mainly Federal Decree-Law No. 20 of 2018, has served its purpose but had some gaps. The revised 2025 law:
✔ Widens regulatory scope to cover modern financial risks
✔ Expands the list of predicate offences
✔ Strengthens the enforcement powers of AML/CTF/CPF
✔ Lining up with the UAE’s National AML/CFT and CPF Strategy (2023–2027)
✔ Removes limitation periods for financial crime or offences
Key Changes in the AML Framework
1. Expanded Scope of Offences and Definitions
The 2025 law introduced some major additions:
Proliferation Financing as a Standalone Offence
For the first time, the law explicitly criminalises financing of proliferation. That means financing given for the production or distribution of weapons that can cause mass destruction or dual-use items 0in line with global security priorities.
Broader Predicate Offences
Predicate offences already covered traditional crimes such as drug trafficking or fraud. The new law also includes:
-
Direct and Indirect Tax Evasion
-
Serious breach of regulatory provisions
-
Financial manipulations between countries
This means the results from these acts can be pursued within the AML regime.
Digital and Virtual Assets Included
The law defines that AML/CFT crimes can occur through digital systems, encryption technologies or virtual assets. This brings crypto exchanges, wallets, token platforms and related hybrid financial technologies into the regulatory framework.
2. Lowered Evidentiary Thresholds
Under the law of 2018, prosecutors have to prove that they have actual knowledge that the funds were derived from criminal conduct. The new law introduces a more objective standard:
A person can be held liable if they know or reasonably should have known that the funds they are using originated from a predicate offence.
This “should have known” standard greatly minimises the limit for enforcement, aligning the UAE with other mature AML jurisdictions and increasing corporate accountability.
3. Stronger Penalties and Enforcement Powers
The new AML law changed the framework for punishment:
Heavier Financial & Criminal Penalties
-
Fines on the entity level can reach up to AED 100 million or more, in proportion to the value of offences.
-
Individuals conducting a breach may get imprisonment for terms of 10 to 15+ years for serious offences.
Administrative Sanctions
The regulatory body may impose:
-
Fines per violation range from AED 10,000 to AED 5 million
-
Suspension or revocation of the licenses
-
Certain restrictions on carrying out business activities
-
Punishment and removal of senior management
Unlimited Exposure for Financial Crime Offences
The new law effectively removes limitation periods for offences under AML, CTF and CPF, meaning past breaches can also be prosecuted regardless of when they occurred.
4. Enhanced Powers of the Financial Intelligence Unit (FIU)
The new law gives more powers to the operational authority:
✔ They can suspend the suspicious transactions for up to 10 working days
✔ Authority to freeze funds for up to 30 days (extendable based on discretion)
✔ Can access accounts or systems during investigations
✔ Increased cooperation with international counterparts
This means transactions can be identified quickly where there is suspicion of criminal activity, and businesses must be ready for possible temporary disruptions.
5. Virtual Asset Service Providers (VASPs) Now Fully Covered
Under the new regulations:
-
VASPs are treated as equals with banks and financial institutions
-
They should comply with the provisions of AML/CTF/PF laws
-
Operations which are not licensed carry specific criminal penalties
-
Anonymity-enhanced assets or non-traceable wallets are high risk with strict monitoring requirements
This expansion is significant for the UAE’s growing digital finance ecosystem.
Practical Implications for UAE Businesses
FIs, DNFBPs & VASPs Must Strengthen Compliance Programs
All regulated entities, not only banks or financial institutions, are liable for strict due diligence, enhanced monitoring and timely reporting.
Board & Senior Management Accountability
The law brings a top-down compliance approach, making directors and executives liable personally and corporately for AML failures
Beneficial Ownership Transparency Is Critical
Making false disclosures or incomplete information about UBO is now categorised as a criminal offence, increasing the need for stronger ownership verification processes.
Asset Freezes & Operational Risks
With increased freezing powers, businesses should prepare plans on:
-
Suspension of transactions
-
Delay in payments
-
Temporary freeze of accounts
Best Practices to Ensure Compliance
✔ Businesses should implement enhanced customer due diligence (CDD) and know-your-customer (KYC) policies
✔ Maintain clear and accurate records of UBO details
✔ Monitor ongoing transactions for suspicious patterns
✔ Invest in compliance tools that are highly driven by technologies
✔ Give proper training to staff on the new AML/CFT liability standards and provisions
✔ Develop protocols for timely responding to notices from FIU
How Flyingcolour Tax Consultant Can Help?
We support entities with:
✔ Assessment of AML Risks and development of a framework
✔ Design adequate Compliance programs
✔ Verification of UBO
✔ Systems to monitor the transactions and implementation
✔ Guidance on regulatory and FIU reporting requirements
✔ Training and advisory services for senior management
Frequently Asked Questions (FAQs)
1️ When did the new UAE AML Law come into effect?
The new law was issued on September 30, 2025, and came into effect on October 14, 2025.
2️ What new offences are introduced under the 2025 AML Law?
The law recognises proliferation financing as a crime, digital/virtual asset facilitation of AML offences and broadens predicate crime definitions to include transactions leading to indirect tax evasion.
3️ Are VASPs regulated under the new AML regime?
Yes. Virtual Asset Service Providers are now explicitly covered under the regime and must comply with complete AML/CTF/PF obligations.
4️ Can businesses be prosecuted for historical AML breaches?
Yes. Under the new Law, there is no period of limitations, meaning AML offences can be prosecuted regardless of when they occurred.
5️ What happens if a company provides false UBO information?
Giving false or misleading Ultimate beneficial ownership details is now recognised as a specific criminal offence that involves significant fines and potential imprisonment.
To learn more about UAE’s New AML Law (2025): Key Changes and What Businesses Must Know, book a free consultation with one of the Flyingcolour team advisors.
Disclaimer: The information provided in this blog is based on our understanding of current tax laws and regulations. It is intended for general informational purposes only and does not constitute professional tax advice, consultation, or representation. The author and publisher are not responsible for any errors or omissions, or for any actions taken based on the information contained in this blog.