CBUAE strengthens AML expectations for financial firms

Marie Chowdhry and Seya Rahnema of Pinsent Masons were commenting as the CBUAE issued a comprehensive package of updated guidance and best-practice manuals that are expected to strengthen and boost anti-money laundering (AML) compliance in the UAE’s financial sector.

The supervisory guidance (3 pages / 192KB PDF) focuses on improving the effectiveness of compliance systems related to AML, counter-terrorist financing (CTF) and countering proliferation financing (CPF) frameworks for licensed financial institutions operating in the country.

The guidance is extensive and covers four distinct areas: proliferation financing (PF); trade-based money-laundering (TBML); correspondent banking relationships and customer due diligence (CDD); and know‑your‑customer (KYC) requirements including record‑keeping.

The PF guidance clarifies that institutions are now expected to treat PF as a standalone risk category. It sets out specific expectations for institutions to assess inherent PF risk, evaluate the adequacy of their existing policies, procedures and controls, and, where gaps are identified, implement remediation measures. The guidance also emphasises the importance of ongoing monitoring of emerging proliferation risks, including new typologies, trends and parties involved in potential PF activity.

The updated guidance on TBML and transshipment aims to help licensed financial institutions (LFIs) and registered Hawala providers (RHPs) in the UAE identify and manage money laundering, terrorist financing and proliferation financing risks linked to their trade activities and transshipment. The guidance also strengthens existing monitoring capabilities to ensure compliance with UAE legal and regulatory requirements.

The CBUAE has also used the guidance to clarify its expectations for managing AML/CFT/CPF risks associated with correspondent banking services. The guidance is intended to assist institutions in developing policies and procedures that align with the UAE’s regulatory frameworks and address risks arising from correspondent relationships effectively.

The final set of guidance relates to financial institutions’ CDD and KYC checks and record keeping. The CBUAE sets out expectations around customer identity verification and ongoing risk assessment throughout the customer lifecycle. It clarifies requirements relating to simplified and enhanced due diligence and specifies the types of data and documentation that institutions must retain to remain compliant.

Chowdhry, a financial regulation and fintech expert at Pinsent Masons’ Dubai office, said the guidance underscores the CBUAE’s expectation that LFIs and RHPs adopt a more proactive, risk‑based and forward‑looking approach to compliance and financial risk in these areas. “Institutions will need to ensure that their frameworks adequately address proliferation financing risks, which continue to attract increasing international regulatory focus, as well as risks arising from complex trade arrangements and correspondent banking relationships,” she said.

Dubai-based financing expert Rahnema said the breadth and depth of the guidance marks a shift from “a rules‑based compliance mindset” to a more “dynamic, risk‑led and outcomes‑focused framework” and reflects the UAE’s “growing integration into global trade and financial markets”, as well as the increasingly sophisticated risks that come with it.

Both Chowdhry and Rahnema said the guidance’s emphasis on “continuous monitoring” is indicative of the greater expectations the CBUAE now has for financial institutions and their approach to risk assessment. “The expectation of continuous monitoring and reassessment, rather than static onboarding checks, is notable,” said Rahnema. “This signals that AML is now a board‑level governance and culture issue rather than just a compliance function.”

Chowdhry added that the guidance on CDD, KYC and record‑keeping also reinforces the importance of robust customer risk profiling and lifecycle management, including the use of tailored due diligence measures and comprehensive documentation practices.

The CBUAE also published two best-practice manuals to help businesses implement the new guidance. A manual covering a risk-based approach and institutional risk assessments provides a practical framework for businesses to develop methodologies to assess institutional ML/TF/PF risks and implement proportionate control measures based on the nature and scale of those risks.

A second manual covers best practices on implementing role-based AML/CFT/CPF training. It focuses on building staff and senior management capability through targeted, role‑specific training programmes designed to improve early detection of suspicious activity and strengthen compliance culture.

From an operational perspective, Chowdhry said the best‑practice manuals also signalled the heightened expectations for institution‑wide risk assessments and staff training. “Firms are now expected to demonstrate that AML/CFT/CPF capabilities are embedded across different roles and levels within the organisation,” she added.

These updates follow the CBUAE’s recent launch of a nationwide unified electronic Know Your Customer (e‑KYC) platform, following the signing of a technology partnership agreement (2 pages / 287 KB PDF) with Norbloc AB earlier this month.

The new platform, which is designed to streamline KYC and KYB processes through automated workflows and the integration of trusted data sources, will form a core pillar of the CBUAE’s Financial Infrastructure Transformation (FIT) Programme and mark a significant step forward in the UAE’s transition towards shared digital financial infrastructure. Firms should begin preparing for how this model could be embedded into their long‑term compliance and operating strategies, Chowdhry and Rahnema said.

As well as raising regulatory and compliance standards for financial institutions across the UAE, Rahnema said all these reforms would significantly enhance the country’s position as an innovative financial hub. “By aligning more closely with Financial Action Task Force (FATF) standards and global best practice, the UAE strengthens its credibility as a trusted international financial hub, which is particularly important for cross‑border banking, trade finance and investment flows.”

He added that the challenge and opportunity for both banks and financial institutions now lies in embedding these requirements through smarter systems, better data and stronger internal coordination, and ultimately by turning compliance into “a source of resilience and competitive advantage rather than a box‑ticking exercise.”