UAE and New AML guidelines: What Financial Institutions Should Know

7 mins

Ever since its grey-listing by global money laundering watchdog Financial Action Task Force (FATF) in March 2022, the UAE has been very active in strengthening its anti-financial crime framework. 

The measures included a new Anti-Money Laundering (AML) Department within the Ministry of Economy, special courts to handle money laundering cases, a new whistleblowing regime announced by the Dubai Financial Services Authority (DFSA), increased monitoring of virtual assets with a dedicated regulator and strengthened international cooperation to share best practices. 

To stay put with the ever-evolving UAE regulatory regime, financial institutions should identify and monitor customer activities, in order to ensure that they provide authentic data, and report suspicious activities to the regulatory bodies. It is imperative for them to proactively develop effective AML compliance programs, leveraging the power of modern technology. 

The onus is on the financial institutions to put the regulations into action they normally do this via regulatory compliance programs, which include both human and technology resources. When it comes to AML compliance financial institutions are often troubled by outdated compliance systems, the scarcity of skilled compliance staff and inefficient allocation of staff. A shortfall in any of these might result in regulators sanctions and penalties.  

In order to explore some of the critical things that financial institutions need to know about the new AML guidelines in the UAE, Tookitaki conducted a webinar on October 27 as part of our Compliant Conversations webinar series

Moderated by Gloria Chraim, Tookitaki’s Regional Head of Sales (MEA), we were fortunate to have on board Mr. Christos Christou, Group Chief Compliance Officer of Lulu Financial Holdings, as the key speaker. A well-known compliance professional, Christos opened his treasure of experience to the audience, convering topics including the history of AML compliance in the UAE, the ways in which financial institutions mitigate financial crime risks, the role of technology in compliance and the future of compliance.  

The Key Topics of Discussion

  • The Background on the AML landscape in the UAE

Having present in its nascent form for almost four decades, the AML regulatory regime started to see major changes after the unfortunate 9/11 incident in the US. The authorities started to realise that apart from drugs, illegal human trafficking and all other major offenses, there are other types of crimes that relate to financial services, and they should be criminalized or controlled somehow. 

Therefore, from the beginning of the 21st century onwards, there was regulation and laws in the UAE that tried to identify red flags and help the financial services services providers in the country to mitigate the risks of the economy, so that it may not be used for any type of financial crime. 

In 2013 and 2014, the exchange houses and banks organized themselves and created an AML subcommittee which was trying to identify the areas whereby the businesses need to enhance their controls and help not to be exposed to any types of financial crime. Apart from organized training, there were guidelines or best practices designed later in order to help the compliance officers become more professional and more organised.

When the FATF assessed the country back in 2021, the global watchdog felt that there is a need to further develop the AML environment to meet its enhanced requirements, leading to its grey-listing. Since then, there have been enormous developments in the AML compliance space and the UAE has advanced to a very high level of regulation, guidelines, legal requirements and other standards compared to many other countries. 

  • The UAE Regulators and Their Main Objectives

There are three different regulatory authorities within the UAE, including the CBUAE (onshore) and Dubai Financial Services Authority (DFSA) and the Financial Services Regulatory Authority (FSRA) under the Abu Dhabi Global Market. 

In cooperation with the government, its different departments and other competent authorities, they implement policies and regulations in order to control the licensing part and issue licenses and permissions to those financial services providers under which the whole financial environment is operating in. They regulate the banking sector and the non-banking financial services sector, including the exchange houses, payment services providers and electronic money issuers (EMIs). They also have AML guidelines for designated professionals such as accountants, lawyers and consultants. 

They try to identify, license and regulate all the types of professionals and businesses that are dealing with the public within the UAE or outside the UAE.

  • AML Guidelines and Regulations in the UAE

There have been broad guidelines issued for the banking sector as well as for the non-banking financial services sector, including the exchange houses. There are separate guidelines for registered and non-registered financial services, and Designated Non-Financial Businesses and Professions (DNFBPs) as well. 

Specifically for non-banking financial services, the guidelines are clearly targeting all the areas of business, of exchange houses, of agents or other third party non-banking financial service providers, payment service providers, e-money wallets and any other type of financial services that the incorporate under the CBUAE. 

Compliance professionals need to be updated with all these regulations, guidances, notices, diplomatic reviews, training materials, red flags and standards, and it is a continuous process. They were issued in order to complete the professionals’ knowledge from the different types of legal and regulatory requirements in order to execute their job in the most appropriate way. 

  • The Implications of Non-Compliance

Financial instiutions are given a framework, whereby they have to work in order to assess, to identify risks, assess them, evaluate them and apply a risk-based approach in your decision making. Ultimately, the intention of the framework is to help the financial system not to be abused by criminals, money launderers, terrorists, and illicit organisations that to proliferation financing. 

There can be gaps between what is required from institutions and what they actually do. However, institutions should do a gap analysis and try to close. If they don’t do despite multiple assessment-based warnings by regulators, they will impose sanctions that may include increased risk categorisation, downgrade of license, waiver of license and cancellation of license. The ultimate goal of the regulator is not to penalise organisations, rather they look to implement measures to protect the country and the economy.

  • How Can Financial Institutions Mitigate Financial Crime Risks and Stay Compliant 

No financial institutions, can have a clone of compliance people, being at the same level at the same time and executing the same type of work. Ideally, they need to employ a professional that will be the head or the so-called compliance officer (MLRO). The person should be equipped enough and should be adequately supported by the board of the owners of the company to design and implement a compliance programme. 

The officer should be given adequate time and resources (including human, technical and financial) to design it proper. He or she must be given the support in order to implement it, and identify the gaps through different independent assessments. Once implemented, the compliance officer should continuously monitor the effectiveness and guide his/her colleagues to perform their duties. 

Compliance officers should be futuristic. They need to identify where the market goes and position their business within that market sector. 

UAE Webinar-1

  • How Can Technology Help You Stay Compliant 

Technology in general is an enabler. It's a designer of what is current and future financial crime fighting is. 

The most scarce resource in this planet is people, and they are the biggest cost for any organisation. Technology can automate many functions that humans do today. It is the same in the case of compliance. Humans will be used in order to design tools and help themselves execute whatever they need to execute and stay compliant. 

The role of technology in compliance is twofold: 1) to bring the knowledge or the requirement from the brain of the compliance officer and 2) to implement that in practice. Ultimately, technology is not expected to replace compliance personnel, rather it is expected to provide meaningful suggestions to take an action. 


In order to stay compliant, financial institutions are required to invest in their compliance staff, increasing their academics and professional education related to how to execute the role of compliance. In addition, they need to invest in technology and technological systems and intelligence built into the technological systems. They can immensely contribute to the organisations’ compliance efficiency and effectiveness. 

Headquartered in Singapore, Tookitaki is a regulatory technology company offering financial crime detection and prevention to some of the world's leading banks and fintechs to help them stay vigilant and compliant,

Today, anti-money laundering (AML) compliance departments of financial institutions are inundated with voluminous false positives and case backlogs that add to costs and prevent them from filtering out high quality alerts. 

Tookitaki’s Anti-Money Laundering Suite (AMLS) covers the entire customer onboarding and ongoing processes through Transaction Monitoring, Smart Screening, Customer Risk Scoring and the Case Manager. Together they provide holistic risk coverage, sharper detection, and significant effort reduction in managing false alerts. It is uniquely designed to complement existing systems by cutting through the noise and  clutter generated by large volumes of alerts in legacy transaction monitoring processes.  


To know more about our products and our approach to fight financial crime, request a demo today.