Introduction
On 30 September 2025 the UAE issued Federal Decree-Law No. 10 of 2025 on combating money laundering, the financing of terrorism, and the financing of the proliferation of weapons. The law came into force on 14 October 2025 and repealed the previous framework under Federal Decree-Law No. 20 of 2018. Its executive regulations, issued as Cabinet Resolution No. 134 of 2025, followed and took effect on 14 December 2025. Together they represent the most significant rewrite of the UAE's financial crime regime in years, and they were designed to keep the country aligned with the standards of the Financial Action Task Force (FATF) after a sustained period of national reform.
This Jurisdiction Report explains what changed and, more importantly, what it means in practice for businesses operating in the Emirates. We cover the new offence of proliferation financing, the lower knowledge threshold for committing money laundering, the inclusion of tax evasion as a predicate crime, the explicit reach into virtual assets, the heavier penalties, and the new exposure of senior managers to personal liability. If you run or advise a company in a designated non-financial sector, a financial institution, or a virtual asset business, the obligations described here apply to you, and the cost of getting them wrong has risen sharply.
Why the Law Was Rewritten
The 2018 law served the UAE through a demanding period, including its time on the FATF grey list and the work that led to its removal. The 2025 law consolidates the lessons of that period and closes gaps that international assessors and domestic enforcement experience had exposed. Three pressures drove the rewrite.
- FATF alignment. The new definitions, the explicit treatment of proliferation financing, and the broadened predicate crime list track FATF recommendations more closely than the 2018 text did.
- The rise of digital finance. Virtual assets, virtual asset service providers, and encryption technologies barely featured in the older framework. The 2025 law writes them in.
- Enforcement credibility. A lower evidentiary threshold, personal liability for senior managers, and larger fines give prosecutors and supervisors sharper tools and signal that compliance is now a board-level matter.
The result is not a light refresh. It is a structural reset that changes who is exposed, what counts as an offence, and how severely it can be punished.
What the Law Replaces and When It Applies
The simplest way to grasp the change is to compare the old and new regimes side by side.
| Element | Previous regime | 2025 regime |
|---|---|---|
| Primary law | Federal Decree-Law No. 20 of 2018 | Federal Decree-Law No. 10 of 2025 |
| Executive regulations | Cabinet Resolution No. 10 of 2019 | Cabinet Resolution No. 134 of 2025 |
| Law in force from | 2018 | 14 October 2025 |
| Regulations in force from | 2019 | 14 December 2025 |
| Proliferation financing | Addressed within the broader framework | Treated as a distinct offence |
| Tax evasion as predicate crime | Not expressly listed | Direct and indirect tax evasion expressly listed |
| Virtual assets / VASPs | Limited explicit coverage | Explicitly in scope |
Two effective dates, not one
The primary law took effect on 14 October 2025, but the executive regulations under Cabinet Resolution No. 134 of 2025 took effect on 14 December 2025. Do not treat compliance as a single deadline. The operational detail, including customer due diligence and governance expectations, sits largely in the regulations, so your framework needs to satisfy both instruments.
Proliferation Financing Becomes a Distinct Offence
The clearest structural addition is proliferation financing. The 2025 law addresses the financing of the proliferation of weapons as its own category within the AML/CFT framework rather than treating it as an adjunct to terrorist financing. This matters because proliferation financing has its own typologies, sanctions overlay, and red flags, and supervisors will expect firms to screen for it specifically.
The law also removes any statute of limitations for money laundering, terrorist financing and proliferation financing offences (and their proceeds and penalties), so prosecution of these crimes is not time-barred by the passage of time. Because historical conduct can remain actionable indefinitely, the stakes rise for record-keeping and for any business with exposure to dual-use goods, sanctioned jurisdictions, or complex trade finance.
What firms should screen for
- Counterparties or shipments linked to dual-use goods or controlled technologies
- Transactions involving jurisdictions subject to proliferation-related sanctions
- Obscured ownership or routing designed to disguise the ultimate destination of goods or funds
- Trade documentation that does not match the apparent commercial substance of a deal
The Lower Knowledge Threshold
Perhaps the single most consequential change for everyday compliance is the new mental element for money laundering. Under Article 2 of the 2025 law, a person commits money laundering where they know, or have sufficient evidence or circumstantial evidence supporting their knowledge, that all or some of the funds derive from a predicate crime, and then intentionally carries out one of the prohibited acts.
Legal commentators describe this as a shift toward an objective, should-have-known standard. In other words, liability can arise not only where actual knowledge is proven, but where the surrounding evidence and circumstances indicate that a reasonable person in that position would have known. The practical effect is that wilful blindness, the deliberate decision not to ask obvious questions, becomes far harder to hide behind.
Wilful blindness is no longer a safe harbour
If your business ignored clear red flags because confirming them was commercially inconvenient, the new circumstantial-evidence standard works against you. Document the questions you asked, the answers you received, and the basis on which you proceeded. Contemporaneous records of your reasoning are now part of your defence.
Tax Evasion as a Predicate Crime
The 2025 law expressly lists direct and indirect tax evasion among the predicate crimes that can give rise to a money laundering offence. This is a profound change in how AML and tax compliance relate to one another in the UAE.
Until now, many businesses treated corporate tax, VAT, and AML as separate workstreams owned by different teams. That separation no longer reflects the legal reality. Where proceeds are connected to tax evasion, handling, moving, or concealing those proceeds can constitute money laundering. The introduction of UAE corporate tax has sharpened this link further: a tax position that crosses from aggressive planning into evasion can now seed an AML offence built on the same facts.
Where AML and tax now overlap
- Undeclared or misdeclared income that is later moved through company accounts
- False invoicing or transfer mispricing structured to reduce taxable profit
- VAT fraud schemes whose proceeds enter the financial system
- Concealment of beneficial ownership that frustrates both tax and AML transparency
The takeaway is that tax governance and AML governance must now be designed to talk to each other. Our corporate tax compliance and AML and compliance teams increasingly review these controls together for exactly this reason.
Virtual Assets and VASPs Brought Into Scope
The older framework predated the maturity of the UAE's digital asset sector. The 2025 law corrects this by writing virtual assets, virtual asset service providers (VASPs), and the use of digital systems and encryption technologies into explicit scope. Money laundering committed through digital systems, virtual assets, or encryption technologies is captured directly.
The Financial Intelligence Unit's remit was also expanded to cover virtual asset service providers, and its operational powers were strengthened. For example, the FIU's ability to freeze funds was extended from a short window to up to thirty days, with scope for further extension by the Public Prosecutor. For exchanges, custodians, token issuers, and any business accepting virtual assets, this confirms that AML obligations are not optional or peripheral. They sit at the centre of the licence to operate.
Heavier Penalties and Corporate Consequences
The penalty architecture under the 2025 law is materially tougher, and it operates on two tracks: criminal penalties for the offences themselves, and administrative penalties for compliance failures.
| Penalty type | What it covers | Reported exposure |
|---|---|---|
| Imprisonment | The money laundering offence | Generally one to ten years, retained from the prior regime |
| Criminal fine (individuals) | The money laundering offence | Substantial fines; reportedly can match the value of the criminal property where that is higher than the stated maximum |
| Criminal fine (entities) | The offence committed by a legal person | Reported up to AED 100 million |
| Court-ordered dissolution | Serious or systemic offending | Possible at the court's discretion |
| Administrative penalties | Compliance failures alone, without a predicate offence | Imposed by supervisory authorities for governance and reporting failures |
Two features deserve emphasis. First, the option to set a fine by reference to the value of the criminal property removes the comfort of a fixed ceiling: the larger the laundered sum, the larger the potential fine. Second, administrative penalties can bite even where no underlying money laundering is proven. A firm with weak systems, poor due diligence, or a failure to report can be sanctioned for the failure itself.
Treat administrative and criminal risk separately
You can be clean of any predicate offence and still be penalised for inadequate systems or a missed suspicious transaction report. Build and evidence your AML programme as if a supervisor will inspect it tomorrow, because the administrative track does not wait for an actual laundering event to occur.
Senior Management Personal Liability
For directors and executives, this is the change that should command attention. Under the 2025 framework, any individual responsible for the actual management of a legal person can be personally liable, by imprisonment, a fine, or both, where it is proven that they were aware of the offence and that its commission resulted from their breach of duty.
The executive regulations define senior management broadly. The category covers individuals vested with authority to take executive decisions or exert direct influence over operations affecting risk management, compliance policies, and operational governance. It expressly includes, but is not limited to, chief executive officers, general managers, and members of the board of directors. Personal exposure can arise from inadequate supervision, weak governance, or a failure to act on identified risks, including failures such as not maintaining adequate systems or not filing a suspicious transaction report.
What this means for the boardroom
- AML is now a board-level fiduciary matter. Oversight of the AML programme cannot be fully delegated and forgotten. Directors should receive regular, documented reporting on AML risk and control performance.
- Evidence of oversight is your shield. The law turns on whether an offence resulted from a breach of duty. Minutes, escalation logs, and a clear record of decisions taken on risk are how you demonstrate that you discharged that duty.
- The compliance officer needs real authority. A senior management appointment with no budget, no access to the board, and no ability to halt risky business is a governance failure waiting to be exposed.
- Personal liability changes incentives. When their own liberty and assets are in play, executives tend to fund and prioritise compliance properly. That is precisely the behavioural shift the law intends.
Document the oversight you actually do
Liability hinges on breach of duty. If your board genuinely oversees AML risk but keeps no record of it, you forfeit the evidence that protects you. Maintain dated reporting packs, decision logs, and escalation trails so that diligent oversight is provable, not merely asserted.
What Businesses Should Do Now
The transition period for adjusting to the 2025 regime has effectively closed, since both the law and its regulations are in force. The priority is to confirm that your framework reflects the new requirements and that you can prove it.
A practical action plan
- Re-baseline your risk assessment. Update your enterprise-wide AML risk assessment to capture proliferation financing, tax-evasion-linked proceeds, and virtual asset exposure as distinct risk drivers.
- Refresh policies and procedures. Rewrite your AML policy, customer due diligence procedures, and screening rules to reflect the new offences, the lower knowledge threshold, and the broadened predicate crime list.
- Integrate tax and AML controls. Establish a working link between your tax function and your compliance function so that tax-evasion red flags feed into AML monitoring, and vice versa.
- Re-confirm senior management roles. Identify who falls within the broad senior management definition, clarify their AML responsibilities in writing, and ensure they receive the reporting they need to discharge them.
- Strengthen your evidence trail. Implement dated board reporting, escalation logs, and decision records so that oversight is documented and defensible.
- Pressure-test suspicious transaction reporting. Review your STR triggers, timelines, and approval chain. A missed or late report is a standalone exposure for both the firm and its managers.
A readiness checklist
- Enterprise AML risk assessment updated for proliferation financing, tax evasion, and virtual assets
- Customer due diligence and screening rules aligned to the new predicate crimes and threshold
- Tax and AML controls connected, with shared red-flag escalation
- Senior management responsibilities documented and supported by board-level reporting
- Suspicious transaction reporting process tested for triggers, timing, and accountability
- Record-keeping designed to evidence oversight, given that money laundering, terrorist financing and proliferation financing offences are not time-barred
Common pitfalls to avoid
- Treating the law as a single deadline. The regulations took effect two months after the primary law and carry much of the operational detail.
- Keeping tax and AML in separate silos. Tax evasion is now a predicate crime; the two functions must share intelligence.
- Relying on wilful blindness. The circumstantial-evidence standard makes deliberately not knowing a liability rather than a defence.
- Under-resourcing the compliance function. A senior compliance role without authority or budget exposes both the firm and its executives.
How This Connects to Setting Up and Running a UAE Business
For founders and groups establishing a presence in the UAE, AML readiness is no longer a step you bolt on after launch. It belongs in the design of the entity itself: how ownership is structured, who is appointed to senior roles, and how governance is documented from day one. Getting this right at formation avoids costly retrofitting later and demonstrates good faith to supervisors and banking partners.
This is where AML, tax, and structuring decisions converge. Our company formation work, our corporate tax compliance support, and our AML and compliance advisory are most effective when they are coordinated, precisely because the 2025 law has made these areas legally interdependent. Establishing clean beneficial ownership records, sound governance, and integrated controls at the outset is far simpler than reconstructing them under regulatory pressure.
Key Takeaway
Federal Decree-Law No. 10 of 2025 does more than tighten rules. It widens who is exposed, including senior managers personally, lowers the bar for what counts as money laundering, and links AML directly to tax compliance, so treating AML as a documented, board-level, cross-functional discipline is now the only safe posture.
Conclusion
The UAE's 2025 AML reset is best understood as a change in expectations rather than a list of new clauses. Compliance is now a continuous, evidenced, board-supervised activity, and the law assumes that a well-run business can demonstrate exactly how it manages financial crime risk. Proliferation financing, virtual assets, and tax evasion are squarely within the perimeter, and the lower knowledge threshold means that what you reasonably should have known carries weight alongside what you actually knew.
For most businesses, the work ahead is practical: refresh the risk assessment, connect tax and AML controls, clarify and document senior management oversight, and make sure the suspicious transaction reporting process functions under pressure. None of this is exotic, but all of it must be in place and provable, because both the criminal and administrative tracks now reach further than before.
Where the stakes include personal liability for executives and fines that can scale with the value of the criminal property, professional guidance earns its place. AURNÉ helps UAE businesses align their AML, corporate tax, and structuring decisions to the new law, building frameworks that satisfy supervisors and protect the people who run the company. The firms that treat this reset as an opportunity to strengthen governance, rather than a box to tick, will be the ones best placed for the next phase of UAE regulation.