Article about UAE AML executive regulations 2026: What Cabinet Resolution 134 Means for Your Business : – Reviewed by: Abraham, Senior Chartered Accountant at ProAct — Expert in Auditing, Accounting, Corporate Tax, VAT, AML, UAE Company Formation & Free Zone Compliance.
Quick Answer: The UAE AML executive regulations 2026 — formally Cabinet Resolution No. 134 of 2025 — implement Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Countering the Financing of Terrorism, and Countering Proliferation Financing. The regulation came into force on 14 December 2025, contains 71 articles and nearly 300 enforceable obligations, and requires every financial institution, DNFBP, and virtual asset service provider in the UAE to update their compliance programmes immediately.
As of 2025–2026, the UAE AML executive regulations have shifted more significantly than at any point in the past decade. If your business falls anywhere in the chain of financial services, real estate, legal consultancy, accounting, or even commercial gaming, these regulations — which took effect on 14 December 2025 — may have already placed you in breach of your compliance obligations without you knowing it.
Has your firm updated its Enterprise-Wide Risk Assessment to account for Proliferation Financing? If the answer is no, or even “we’re not sure,” you are likely non-compliant with Cabinet Resolution No. 134 of 2025, and the consequences are no longer theoretical.
ProAct Chartered Accountants is a UAE-based financial advisory firm specialising in accounting, corporate tax, auditing, VAT compliance, AML compliance, and business setup services — supporting businesses across Dubai, Abu Dhabi, and all UAE free zones including DMCC (Dubai Multi Commodities Centre), JAFZA (Jebel Ali Free Zone Authority), and IFZA (International Free Zone Authority). When it comes to AML compliance under the new UAE AML executive regulations, ProAct’s team works directly with regulated entities across all sectors to bridge the gap between what the law requires and what your company currently has in place.
This guide breaks down exactly what Cabinet Resolution 134 means for your business — which specific obligations have changed, what you need to update, and how to ensure you are inspection-ready before your next supervisory visit.
UAE AML executive regulations Cabinet Resolution 134 of 2025 rewrites UAE AML rules. Find out what your business must update now to avoid fines up to AED 100 million.What Is Cabinet Resolution No. 134 of 2025 — and Why Should Your Business Care? (ما هي اللائحة التنفيذية رقم 134 لسنة 2025؟ / Что такое Постановление Кабинета № 134?)
Cabinet Resolution No. 134 of 2025 is the UAE’s implementing regulation — it translates the parent law into 71 enforceable articles. It came into force on 14 December 2025 and directly replaces Cabinet Resolution No. 10 of 2019.
This is not a minor update. The 2019 regulations were built around a two-pillar framework — Anti-Money Laundering and Countering the Financing of Terrorism. The 2025 UAE AML executive regulations add a third mandatory pillar: Countering the Financing of Proliferation (CPF) of weapons of mass destruction. Every regulated entity in the UAE, whether a bank, an accounting firm, a real estate agent, or a gold dealer, now has explicit legal obligations around proliferation financing that did not exist under the previous regulations.
Something we see every year is businesses treating regulatory updates as minor addendums that HR handles with a one-hour online refresher course. Cabinet Resolution 134 is categorically different — it introduces nearly 300 enforceable requirements, and senior management now bears explicit personal responsibility for compliance across all three pillars. If your compliance officer has not reviewed and updated your internal policies since December 2025, that gap is already a liability.
Senior Chartered Accountant at ProAct Chartered Accountants, puts it: “What we see most often is a well-intentioned AML programme that was built for the 2019 framework and never updated. Cabinet Resolution 134 isn’t just an amendment — it’s a complete rewrite of the operational standard, and every business with AML obligations needs to treat it that way.”
The Central Bank of the UAE (CBUAE) AML supervisory and the Financial Intelligence Unit (FIU) are the primary supervisory bodies enforcing this resolution. The UAE Ministry of Finance oversees the national AML/CFT/CPF policy framework under which both authorities operate.
To be fair, this isn’t always straightforward — many businesses genuinely don’t know which category they fall into, and the expansion of the DNFBP definition doesn’t help. But the law does not distinguish between intentional non-compliance and administrative oversight. Supervisory inspections are now more frequent, more detailed, and increasingly focused on whether controls actually work in practice — not whether a policy document exists on a shared drive.
Which UAE Businesses and Sectors Are Now Covered Under the New UAE AML executive regulations Framework?
Every regulated entity operating in the UAE must comply with Cabinet Resolution 134. The scope is wider than most businesses realise.
Financial institutions (FIs) operating in the UAE — including banks, exchange houses, insurance companies, and licensed finance companies — have long been subject to AML obligations. Cabinet Resolution 134 does not change their core obligations so much as intensify and expand them, particularly around Proliferation Financing screening and Enhanced Due Diligence requirements.
The more significant expansion affects Designated Non-Financial Businesses and Professions (DNFBPs — الأعمال والمهن غير المالية المحددة). Under the new UAE AML executive regulations, DNFBPs include real estate agents, lawyers and notaries, accountants and auditors, dealers in precious metals and stones, and — new for 2025 — commercial gaming operators. Gaming operators must now apply a reporting threshold of AED 11,000 for single or linked transactions and register on the FIU’s goAML portal.
Virtual Asset Service Providers (VASPs) are now explicitly aligned with conventional financial institutions in their AML/CFT/CPF obligations. VASPs must comply with the Travel Rule for cross-border virtual asset transfers, apply full originator and beneficiary identification for transfers of AED 3,500 or more, and conduct continuous sanctions and Proliferation Financing screening.
Here’s something that surprises most clients: if your business sends or receives international wire transfers and any single transfer — or series of linked transfers — exceeds AED 3,500, you are required to collect and retain full originator and beneficiary information. Many smaller UAE businesses assume this threshold is much higher.
| Entity Type | CDD Trigger (2019) | CDD Trigger (2025) | Proliferation Financing Obligation | Key New Requirement |
|---|---|---|---|---|
| Financial Institutions (FIs) | AED 55,000 | AED 55,000 (unchanged) | Now mandatory (new pillar) | Source of wealth required for EDD (not just source of funds) |
| DNFBPs (real estate, lawyers, accountants, DPMS) | AED 55,000 | AED 55,000 (unchanged) | Now mandatory (new pillar) | EWRA must incorporate PF risk factors |
| Virtual Asset Service Providers (VASPs) | AED 55,000 | AED 3,500 (significant reduction) | Now mandatory (new pillar) | Travel Rule compliance; continuous sanctions screening |
| Gaming Operators (new DNFBP category) | Not regulated | AED 11,000 | Now mandatory (new pillar) | Full CDD, STR reporting, goAML registration required |
| Wire Transfer Originators (all sectors) | AED 3,500 | AED 3,500 (unchanged) | Now mandatory (new pillar) | Full originator and beneficiary details required |
| Source: Cabinet Resolution No. 134 of 2025 and Cabinet Resolution No. 10 of 2019, UAE Ministry of Finance / Federal Decree-Law No. 10 of 2025 | ||||
If you’re running a DNFBP in Dubai — whether an accounting firm, a real estate brokerage, or a dealership in precious metals — here’s what matters most to you: your EWRA must now explicitly identify and rate Proliferation Financing risks in addition to money laundering and terrorism financing. An EWRA that predates December 2025 is already outdated and non-compliant on its face.
How Have Customer Due Diligence (CDD) Requirements Changed for 2026? (متطلبات العناية الواجبة بالعميل / Требования к надлежащей проверке клиента)
The CDD framework has been tightened around Proliferation Financing, beneficial ownership identification, and Enhanced Due Diligence — three areas where the 2019 rules were silent or imprecise.
Customer Due Diligence (CDD / Надлежащая проверка клиента) is the process by which a regulated entity identifies, verifies, and understands its customers and their transactions. In the UAE context, this means collecting identification documents, understanding the purpose and nature of the business relationship, and assessing the risk profile of each customer. It applies to all financial institutions, DNFBPs, and VASPs operating under UAE AML law.
Cabinet Resolution 134 requires that all customer risk profiles now incorporate Proliferation Financing risk as a distinct factor. Under the 2019 regulations, a customer risk assessment focused on money laundering and terrorism financing risk. Updating your risk scoring methodology to include PF is not optional — it is a specific enforceable requirement under the new UAE AML executive regulations, and supervisory examinations will test for it.
Beneficial ownership data must be updated within 15 working days of any change. The Financial Intelligence Unit (FIU) and sector supervisors have access to beneficial ownership registers, and inspections now test whether these records are current and accurate.
What Is Enhanced Due Diligence (EDD) — and When Does It Now Apply?
Enhanced Due Diligence (EDD) is a deeper level of customer scrutiny applied to higher-risk relationships, and its scope has expanded materially under Cabinet Resolution 134.
A common mistake that’s easy to avoid: many compliance teams apply EDD only to customers on sanctions lists or known Politically Exposed Persons (PEPs). Under the new regulations, EDD is triggered by a broader set of factors, including cross-border correspondent relationships and any customer presenting elevated Proliferation Financing risk. For those relationships, EDD now requires identifying source of wealth — not just source of funds, which was the previous standard — and obtaining the first payment from an account in the customer’s name at a CDD-comparable institution. Both are new, specific, enforceable obligations introduced by Cabinet Resolution 134.
Speak with a ProAct specialist today to assess whether your current EDD procedures meet the Cabinet Resolution 134 standard — no obligation, just clarity.
What Is Proliferation Financing — and Why Is Your Business Now Responsible for It? (ما هو تمويل انتشار الأسلحة؟)
Every regulated entity in the UAE now has a mandatory obligation to screen for Proliferation Financing — regardless of what sector your business operates in.
Proliferation Financing (تمويل انتشار الأسلحة) is the act of providing funds or financial services that contribute to the development, production, acquisition, or transfer of weapons of mass destruction. In the UAE context, this means regulated entities must screen customers and transactions for any activity linked to the financing of nuclear, chemical, biological, or radiological weapons programmes — in addition to their existing AML and CFT screening. It applies to all financial institutions, DNFBPs, and VASPs operating under UAE law.
Why does this matter to an accounting firm in Dubai or a real estate agent in Abu Dhabi? The UAE’s alignment with international Financial Action Task Force (FATF) standards and the outcomes of the UAE’s 2024 FATF Mutual Evaluation placed PF risk as a specific area requiring legislative attention. Cabinet Resolution 134 is the direct operational response.
The question we get asked most is: “My business has nothing to do with weapons — why am I responsible for proliferation financing?” The answer is that PF risk is not about what your business produces. It is about the funds that flow through your business. If a customer’s payment pattern is consistent with sanctions evasion or the layering of proceeds connected to proliferation-linked entities, your firm has an obligation to identify it, assess it, and report it.
Based on ProAct’s review of client compliance programmes across DMCC (Dubai Multi Commodities Centre) and mainland Dubai entities, the most common gap is an EWRA that correctly covers money laundering risks but makes no mention of PF risk whatsoever. That is now a regulatory deficiency that will be cited in your next supervisory examination.
The UAE’s Financial Intelligence Unit (FIU) is vested with new powers previously reserved for the Central Bank Governor, and can now suspend transactions for up to 10 days and freeze assets for up to 30 days. These powers were granted under Federal Decree-Law No. 10 of 2025 and are operational from 14 December 2025.
The ProAct Compliance Workflow for Cabinet Resolution 134
Updating your AML programme for Cabinet Resolution 134 does not mean discarding everything you have. It means a structured gap assessment against the specific changes introduced by the executive regulations, followed by targeted, documented updates.
Step 1 — Data Gathering: Collect all current AML/CFT policy documents, your most recent EWRA, your customer risk rating methodology, your CDD procedures, STR reporting logs, and your record-retention evidence. Identify the date of last review for each document and flag anything predating 14 December 2025.
Step 2 — 4-Layer Review: ProAct’s compliance specialists assess your documentation against four layers: (i) Federal Decree-Law No. 10 of 2025; (ii) Cabinet Resolution No. 134 of 2025; (iii) your sector-specific supervisory guidance from the CBUAE, FTA, or Ministry of Economy; and (iv) your internal risk appetite and actual business activities.
Step 3 — Issue Flagging: Every gap is documented with a reference to the specific regulatory article it triggers, a risk rating of high, medium, or low, and a recommended remediation action. This creates an auditable compliance trail that can be presented to supervisors if needed.
Step 4 — Documentation and Filing: Revised policies are adopted by senior management, updated procedures are communicated to staff, the EWRA is formally signed off, and all review evidence is retained for the mandatory five-year period.
- Update your EWRA to include a dedicated Proliferation Financing risk assessment section — this is the most commonly cited gap in DNFBP supervisory examinations.
- Revise your internal AML/CFT/CPF policies to reflect the three-pillar framework under Cabinet Resolution 134, including PF red flags and typologies specific to your business sector.
- Update your customer risk rating methodology to score PF risk as a distinct factor alongside ML and TF risk.
- Expand your EDD procedures to require source of wealth identification and confirmation that first payments originate from CDD-comparable institutions.
- Confirm your compliance officer’s documented role includes explicit responsibility for PF risk monitoring, oversight, and internal reporting.
Why Do So Many UAE Businesses Miss AML Compliance Deadlines Every Year?
The pattern is consistent.
A business sets up in a UAE free zone, receives its trade licence, appoints a compliance officer — usually the CFO or a senior office manager — and files a basic AML policy document. For two or three years, nothing happens. Then a regulatory update comes through, the compliance officer doesn’t hear about it through the right channels, and suddenly the business is sitting on an outdated EWRA, an unchanged CDD policy, and no awareness that a major new UAE AML executive regulations has been in force for months.
We’ve seen this happen with every significant AML regulatory change in the UAE since 2020. Cabinet Resolution 134 is likely to produce the same cycle unless businesses take proactive steps now.
What most accountants won’t tell you is that a supervisory inspection does not always require advance notice in the UAE. The FIU and sector-specific supervisors can conduct examinations at short notice, and the standard they will apply is the current regulatory standard — not what was current when your policy was last reviewed.
That said, not every business needs to overhaul its entire compliance programme from scratch. Many existing controls remain fully valid under Cabinet Resolution 134. The key is to perform a targeted gap assessment against the specific changes introduced by the executive regulations and make the precise updates required — which is exactly what ProAct’s AML review process is designed to deliver.
Frequently Asked Questions About UAE AML Executive Regulations 2026
What is Cabinet Resolution No. 134 of 2025 and when did it come into force?
Cabinet Resolution No. 134 of 2025 is the executive regulation implementing Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Countering the Financing of Terrorism, and Countering Proliferation Financing. It was published in Official Gazette No. 811 on 15 November 2025 and entered into force on 14 December 2025. The resolution contains 71 articles and replaces Cabinet Resolution No. 10 of 2019 in its entirety. All regulated entities in the UAE — including financial institutions, DNFBPs, and VASPs — are required to comply from the effective date. You can review the official text on the UAE Legislation Portal.
Does Cabinet Resolution 134 apply to free zone companies in the UAE?
Yes. Cabinet Resolution No. 134 of 2025 applies to all regulated entities operating in the UAE, including companies established in free zones such as DMCC, JAFZA (Jebel Ali Free Zone Authority), and IFZA. DMCC is regulated by the Dubai government and requires all member companies conducting regulated activities to maintain compliant AML/CFT/CPF programmes. Free zone licensing does not exempt a business from UAE federal AML law — it supplements it. Companies in free zones conducting DNFBP activities must register with the relevant supervisory authority and comply with all applicable Cabinet Resolution 134 obligations.
What is Proliferation Financing and does my UAE business need to address it?
Proliferation Financing is the provision of funds or financial services that support the development, production, or transfer of weapons of mass destruction. Under Cabinet Resolution No. 134 of 2025, every regulated entity in the UAE must incorporate Proliferation Financing risk into their Enterprise-Wide Risk Assessment and internal compliance policies. This obligation applies regardless of whether your business has any direct connection to weapons or arms sectors. It is a risk-based screening obligation triggered by your customer base and transaction patterns — not by your industry category.
What documents does my business need to update under the new AML executive regulations?
At a minimum, Cabinet Resolution No. 134 of 2025 requires updating your Enterprise-Wide Risk Assessment to include Proliferation Financing risk, your AML/CFT/CPF internal policies and procedures to reflect the three-pillar framework, your customer risk rating methodology to score PF risk as a distinct factor, and your Enhanced Due Diligence procedures to require source of wealth identification for high-risk clients. Your compliance officer role documentation must also be expanded to cover PF oversight responsibilities. All updated documents must be signed off by senior management and retained for the mandatory five-year period.
How do I submit a Suspicious Transaction Report (STR) under the new framework?
All Suspicious Transaction Reports must be submitted exclusively through the UAE Financial Intelligence Unit’s goAML portal. This applies to all financial institutions, DNFBPs, and VASPs. The obligation is immediate — file an STR as soon as suspicion is formed, not after completing an internal investigation. Tipping off the customer about a report remains a criminal offence under Federal Decree-Law No. 10 of 2025. The FIU can order a 10-day transaction suspension while reviewing any STR submitted through the portal.
Can ProAct help my business update its AML programme for Cabinet Resolution 134?
Yes. ProAct Chartered Accountants specialises in AML compliance support for regulated entities across the UAE, including DNFBPs, financial institutions, and free zone companies across Dubai, Abu Dhabi, DMCC, JAFZA, and IFZA. ProAct’s services include EWRA gap assessments, policy and procedure updates aligned to Cabinet Resolution No. 134 of 2025, compliance officer training, and preparation for supervisory inspections. Contact ProAct for a no-obligation initial review of your current compliance position.
Why ProAct Is the Right Partner for Your 2026 AML Compliance Update
When you contact ProAct, you are not put through to a junior account manager with a call script. Within 24 hours, a senior compliance specialist will review your enquiry and come back to you with a plain-language outline of what an AML review would involve, what it would cover, and what the output would be. There is no sales pitch, no obligation, and no jargon — just a clear picture of where your compliance programme stands under Cabinet Resolution 134 of 2025.
ProAct has supported regulated entities through every major UAE AML regulatory update since the FATF grey-listing period, and our team understands exactly where supervisory examiners focus their attention in 2026. We believe most businesses are closer to compliance than they think — they just need someone to map the specific gaps against the specific regulation, and put the documentation in place that makes compliance demonstrable.
Request a compliance review from ProAct before your next AML supervisory deadline — speak with our team at proactfs.com.
Disclaimer: The content in this article is for general informational purposes only and does not constitute formal financial, legal, or compliance advice. For guidance specific to your business situation, please consult a qualified professional.
Author Bio:
Written By,
