Regulatory Update June 2025 – ME Region

On 2 June, the Dubai Financial Services Authority (‘DFSA’) issued a follow-up Artificial Intelligence (‘AI’) survey to Senior Executive Officers of Authorised Firms in the DIFC. This survey builds on the initial 2024 AI survey and subsequent engagement activities, including roundtable discussions held at the 2024 Dubai AI and Web3 Festival in collaboration with the DIFC Authority in September 2024.

The 2025 survey seeks to gather updated insights on:

• the types and extent of AI adoption within Authorised Firms
• key drivers and challenges impacting AI use
• governance frameworks established to oversee AI implementation.

Responses were requested via the DFSA ePortal by 30 June 2025. The DFSA intends to continue engaging with firms to promote the safe and responsible adoption of AI within the DIFC.

You can read the Dear SEO Letter here.

On 3 June, the DFSA published an updated list of “Recognised Crypto Tokens”, which now includes the addition of Ripple (‘RLUSD’).

You can read the DFSA announcement here.

On 3 June, the DFSA announced its contribution to the newly published Dubai Financial Services Unified Guidebook, issued by Dubai’s Department of Economy and Tourism (‘DET’).

Developed in collaboration with different authorities including the Dubai International Financial Centre (‘DIFC’), and the Virtual Assets Regulatory Authority (‘VARA’), the guidebook provides a consolidated overview of Dubai’s financial services landscape. It aims to assist businesses in identifying the appropriate jurisdiction and regulatory authority when setting up or expanding operations in the Emirate.

The DFSA’s contribution focuses on outlining the regulatory framework within the DIFC, supporting the goals of Dubai’s Economic Agenda D33. The guidebook also highlights Dubai’s innovation-friendly ecosystem, streamlined business setup process, and strategic regulatory coordination.

You can read the DFSA article here and find the Guidebook here.

On 16 June, the DFSA announced that it has entered the next phase of its tokenisation regulatory sandbox, selecting firms to join its Innovation Testing Licence programme (‘ITL’), an initiative launched in 2017 to test innovative financial products in a controlled environment. This follows the DFSA’s progressive steps in regulating digital assets, including the launch of its Investment Token regime in 2021, an enhanced crypto token regime in 2022, and further refinements in June 2024 to streamline token-recognition and approve stablecoins.

Launched in March 2025, the sandbox attracted 96 expressions of interest from global jurisdictions, including the UAE, UK, EU, Canada, Singapore, and Hong Kong. Applications proposed tokenising financial instruments such as bonds (including sukuks), fund units, and custody/trading solutions, showcasing the global diversity and potential of tokenisation models.

The initiative reinforces the DFSA’s commitment to supporting responsible financial innovation within the DIFC and highlights growing interest from both established institutions and emerging start-ups in exploring tokenisation in a regulated framework.

You can read the DFSA announcement in full here.

On 17 June 2025, the DFSA issued a Dear SEO Letter titled “EBCM requirements for Authorised Firms holding client assets” to all prudential category 3 and 4 Authorised Firms with an endorsement on their licence to hold or control client assets.

The DFSA confirmed that, effective 1 July 2025, the Expenditure Based Capital Minimum (‘EBCM’) under the amended Prudential — Investment, Insurance Intermediation and Banking (‘PIB’) rules will apply only to category 3 and 4 Firms that:

• hold client assets, if client assets are directly held by the Authorised Firm, held in an account in its name, or held by a person or in an account controlled by the Authorised Firm
• are licensed to carry out one or more of the following Financial Services:
  • providing custody
  • providing money services
  • acting as trustee of a fund
  • operating an employee money purchase scheme
  • acting as administrator of an employee money purchase scheme
  • managing a collective investment fund (excluding venture capital funds).

Firms under prudential categories 3 or 4 that do not meet the above conditions will no longer be subject to the EBCM requirements as of the effective date.

The DFSA also clarified that where prudential category 3 or 4 Firms have a “hold or control client assets” endorsement but only control (and do not hold) client assets as part of their operating model, the DFSA will exempt them from the EBCM requirement, provided the Firm certifies that:

• it does not currently hold client assets
• it does not intend to hold client assets within the next 18 months.

This exemption applies to all forms of client assets, including client investments, client money, and client crypto tokens. Authorised Firms must submit their certification via the DFSA ePortal using the form titled “Holding or Controlling Client Assets – Certification to the DFSA” by 31 July 2025.

You can read the Dear SEO Letter here.

On 18 June, the DFSA in collaboration with members of the UAE Sustainable Finance Working Group (‘SFWG’), launched a public consultation on draft Principles for Climate Transition Planning. This initiative forms part of the SFWG’s broader efforts to support the UAE’s sustainable finance framework.

The draft Principles are intended to guide financial institutions in developing credible and effective transition plans aligned with climate objectives.

The key areas covered by the consultation are as follows:

• transition objectives
• governance
• strategic and risk integration
• metrics and targets
• data and customer engagement
• reporting and transparency
• implementation
• review and updates.

You can read the DFSA article here and the draft Principles here. The consultation is open to DFSA stakeholders, with the deadline for submissions set for 16 July 2025. Feedback may be submitted via the online form.

On 24 June, the DFSA hosted a webinar to present an overview of the new client assets rules, as introduced in Consultation Paper 160 “Updates to Client Assets Regime”. These rules will come into effect on 1 January 2026 and will apply to Authorised Firms that hold or control Client Assets or that are authorised to provide the Financial Service of Providing Custody.

Points discussed during the webinar include:

• an update made to the definition of “controlling client assets,” whereby control is now determined based on the authority granted by the client, rather than being linked to specific activities
• investment management of funds
• client assets crisis preparedness pack
• client assets auditor’s report
• Third-Party Agent suitability assessment
• Third-Party Agent written acknowledgement
• client disclosure requirements
• reconciliations
• client reporting
• client account naming
• arranging custody.

Additionally, on 24 June, the DFSA published a set of frequently asked questions (‘FAQ’) on the revised client assets regime. The FAQ addresses common queries raised by Authorised Firm and auditors during recent industry engagement, focusing on the application of the revised rules, transitional arrangements, and supervisory expectations. It complements both the revised rules and the feedback statement to Consultation Paper 160, which was published on 14 March 2025.

You can read the FAQ in full here read Consultation Paper 160 here.

On 18 June, the DFSA hosted several engagement sessions for newly authorised firms in the DIFC, in line with the Dear SEO Letter titled “Newly Authorised Firms Engagement 2025”, published on 28 April.

The DFSA shared insights on common pitfalls and best practices in the following areas:

• general requirements
• conduct of business requirements
• prudential requirements
• AML, CTF and sanctions obligations
• operational resilience and cyber risk
• market risk.

You can access the DFSA slides from this session here.

On 30 June, the DFSA announced the publication of its report “Cyber and Artificial Intelligence Risk in Financial Services: Strengthening Oversight Through International Dialogue”. The report offers critical insights into the growing digital risk landscape and how emerging technologies—particularly AI and quantum computing—are reshaping global regulatory priorities.

The report follows the DFSA’s first-ever Cyber and AI Risk Regulatory College held in May 2025, which brought together 70 senior representatives from 18 international financial authorities to discuss the increasing complexity of cyber threats and technological innovation.

Key themes include:

• the rise in sophisticated cyberattacks
• the urgent need to prepare for quantum computing’s impact on encryption
• the importance of responsible AI adoption through explainability, third-party oversight, and governance.

DFSA officials emphasised that digital risks are becoming systemic, requiring coordinated global responses.

You can read the DFSA article here.

On June 25, the DIFC published Consultation Paper No.2 “Variable Capital Company Regulations”, aimed at enhancing investment structuring and asset management options within the centre. The new framework introduces a flexible investment vehicle tailored for proprietary investment activities.

The Variable Capital Company (‘VCC’) regime is designed to operate without requiring DFSA authorisation or a regulated fund manager, making it a cost-efficient and adaptable solution for investors.

Key features include the following:

• the VCC is a private limited company in which shareholders may hold shares
• the ability to create segregated or incorporated cells to isolate assets, and flexibility in capital management based on net asset value
• removal of traditional restrictions on dividends and share transactions
• it is open to a wide range of applicants for proprietary investment, with regulatory authorisation required only if financial services are provided.

This model is particularly suited to family offices, complex multi-asset holdings, and proprietary portfolios seeking enhanced structuring flexibility.

You can read the Consultation Paper here. Comments are welcome until 24 July.

On 9 June, the Financial Services Regulatory Authority (‘FSRA’) published Dear SEO Letter “FSRA Outsourcing Thematic Review and accompanying surveys” regarding a thematic review on outsourcing and on cybersecurity and AI. These initiatives aim to enhance the understanding of Authorised Firms’ practices in outsourcing, cybercrime risk management, and AI adoption.

Firms were encouraged to participate in the survey and to submit their responses by 27 June 2025. Based on these responses, some Firms may be selected for further review.

On 10 June, the FSRA implemented amendments to its digital assets’ regulatory framework, effective immediately. These changes followed Consultation Paper No. 11 of 2024 and aim to streamline the process for recognising Accepted Virtual Assets (‘AVAs’) within the Abu Dhabi Global Market (‘ADGM’).

Key updates include:

• revisions to the assessment process for Virtual Assets (‘VAs’) to be designated as AVAs
• adjustments to capital requirements and fees applicable to VA Firms conducting “Regulated Activities”
• introduction of a product intervention power specific to VAs
• codification of the existing prohibition on privacy tokens and algorithmic stablecoins
• expansion of permissible investments for Venture Capital Funds.

The FSRA has also updated its guidance on the regulation of Virtual Asset activities to reflect these changes and to assist firms in meeting the AVA assessment criteria.

The amendments affect several rulebooks:

• Conduct of Business Rulebook (‘COB’)
• Fund Rulebook (‘FUNDS’)
• Prudential – Investment, Insurance Intermediation and Banking Rulebook (‘PRU’).

You can read the FSRA announcement in full here.

On 10 June, the FSRA implemented amendments to its regulatory framework for digital assets and published the updated Financial Services and Markets Regulations 2025 and Fees Rules.

Key updates to FSMR include:

• section 5A(4) Authorised Persons conducting a regulated activity in relation to VAs or Spot Commodities
  • regulated activities in ADGM must not involve algorithmic stablecoins, privacy tokens, or any digital assets using similar technology
• section 5(B) General Direction power relating to Virtual Assets and Fiat-Referenced Tokens
  • the FSRA may, by written notice, issue a direction prohibiting the issue, sale, purchase, transfer, or custody of a VAs or Fiat-Referenced Token (‘FRT’) if it believes such activity breaches the regulations or is not in the interests of ADGM
  • this written notice must provide detail the nature of the prohibition, explain the FSRA’s reasons for issuing the direction and the effective date, inform the person of their right to make representations within a specified period, state the effective date of the prohibition; and advise of the right to refer the matter to the appeals panel.
• Clarification of definitions of AVAs and VAs not being a specified investment, FRTs or spot commodity or guaranteed by a government or central bank.
• Schedule1, Part 2 Activities, Chapter 7 Credit, Exclusions (49):
  • Virtual Assets are now included in the exclusions from the definition of entering into a Credit Facility as a Lender, where the agreement is incidental to or connected with transactions in Virtual Assets.

You can read the full amendment to the FSMR and associated fees schedule here.

On 11 June, the ADGM launched its Business Directory App (the ‘Directory’), developed specifically for the ADGM community. The Directory serves as a comprehensive guide to all businesses operating within the ADGM jurisdiction and aims to facilitate easier access to information, services, and navigation within the community. With consent, the content of the Directory will also be published across ADGM’s digital channels.

The Directory can be accessed here.

On 11 June, as part of ongoing efforts to keep stakeholders informed of regulatory developments, the FSRA hosted an in-person “Policy and Legal Legislative Update Session” to provide an overview of key regulatory updates, including:

• 2024 regulatory accomplishments
• review of the prudential framework for lower-risk firms
• developments in virtual assets and fiat-referenced tokens, including a new process for approved virtual assets (‘AVAs’) and revised criteria for AVAs
• cyber risk management enhancements and updates to the General Rulebook (‘GEN’), Market Infrastructure Rulebook (‘MIR’), Conduct of Business (‘COBS’), and Prudential Rulebook (‘PRU’)
• updates to the funds reporting framework and proposed changes to reporting requirements
• 2025 legislative priorities focusing on innovation, alignment with international standards, and operational resilience.

You can read the FSRA presentation slides here.

On 11 June, the FSRA published Consultation Paper No. 6 “Proposed ‘Substantial Public Interest’

Rules to be Issued Under the Data Protection Regulations 2021”, inviting public comment on proposed amendments to the Data Protection Regulations 2021. The amendments aim to introduce additional substantial public interest grounds for processing special categories of personal data, to be implemented through the forthcoming Data Protection Regulations Rules 2025.

You can read the Consultation Paper in full here. Comments were welcome until 2 July 2025.

On 17 June, the FSRA published Consultation Paper No. 7, “Proposal to Enact Administrative Regulations concerning Investigative Powers, Enforcement Procedures and Sanctions”. The paper invites public comment on a proposal to issue new Administrative Regulations (‘Admin Regulations’) that would apply to the majority of the ADGM’s commercial legislation.

The proposed Admin Regulations aim to enhance the ADGM Registration Authority’s statutory framework relating to contraventions, sanctions, and procedural fairness. The objective is to improve and simplify the existing regime while promoting consistency across ADGM’s commercial legislative landscape.

The key proposed changes include:

• introduction of a standalone, overarching regulation governing enforcement procedures, investigations, and other administrative matters
• this regulation will apply across all commercial legislation
• amendments to the existing standard fee scale and enforcement powers of the RA
• updates to the administrative sanctions
• enhanced supervisory powers of the RA
• the right of a person to consent in writing to the enforcement action being imposed.

You can read the Consultation Paper in full here. Comments are welcome until 17 July 2025.

On 24 June, the ADGM RA published circular No. 4 of 2025, “Requirement to obtain Work Permits and Temporary Work Permits”. The purpose of this circular is to remind all ADGM licensed firms of their obligation to obtain and maintain valid work permits or temporary work permits for all individuals working in or from the ADGM jurisdiction, in accordance with the ADGM Employment Regulations 2024 and the Employment Regulations (‘Temporary Work Permit’) Rules 2024 (‘Regulations and Rules’).

ADGM firms that fail to obtain or maintain the required work permit or temporary work permit for individuals working on their premises will be deemed in breach of the applicable Regulations and Rules and may be subject to financial penalties and late filing fees.

You can read the RA Circular in full here.

On 30 June, the FSRA published a decision issued by the National Committee for Combating Money Laundering and Financing Terrorism and Illegal Organisations (‘NAMLCFTC’) concerning high-risk jurisdictions.

The decision formalises the UAE’s adoption of the Financial Action Task Force (‘FATF’) list of high-risk jurisdictions subject to a Call for Action (the “Blacklist”), along with associated countermeasures under the interpretive note to Recommendation 19. It also adopts FATF’s list of Jurisdictions under Increased Monitoring (the “Grey List”) and mandates the application of proportionate enhanced due diligence measures in accordance with the interpretive note to Recommendation 10 and Article 4 of the 2019 Cabinet Decision (as amended by Cabinet Resolution No. 24 of 2022).

All Firms are expected to regularly review and verify updates issued by the FATF and the ‘NAMLCFTC’, and to factor this information into the implementation of countermeasures and/or enhanced due diligence procedures, as appropriate and proportionate to their risk exposure.

You can read the FSRA Circular in full here.

On 4 June, the Securities and Commodities Authority (‘SCA’) held a workshop focused on introducing the newly issued financial influencer regulation and raising awareness among market participants.

The key points covered included:

• the risks associated with promoting fraudulent or unregulated entities
• the legal implications of providing unregistered financial advice
• an overview of the registration process with SCA for individuals offering financial recommendations
• investor education on the risks linked to influencer-driven investment advice
• a summary of the SCA’s enforcement tools and its role in safeguarding market integrity.

In alignment with global regulatory trends highlighted in a recent report by the International Organisation of Securities Commissions (‘IOSCO’), the SCA introduced Regulation No. 10 of 2025, formalising its oversight of financial influencers (“Finfluencers”) operating within or targeting the UAE.

A Finfluencer is defined as an individual registered with the SCA who:

• provides investment-related opinions or advice through traditional or digital media (e.g., Instagram, YouTube, TV, or radio)
• offers insights on financial products, services, issuers, or virtual assets
• is a certified financial analyst by the SCA or equivalent
• is an independent CFA holder (not employed by an SCA-licensed firm)
• has a recognised market presence (e.g., 1,000+ genuine followers and a minimum six-month track record of financial content, or recommendations cited by a reputable third party).

The regulation applies to:

• UAE-based individuals providing financial recommendations on either domestic or international products
• any advice concerning SCA-regulated offerings.

This development positions SCA among the growing number of regulators addressing the risks posed by unlicensed financial promotions and influencer-led investment advice, particularly through social media platforms.

You can read the SCA article in full here.

On 10 June, the Capital Markets Authority (‘CMA’) announced the cancellation of Circular No. (6) of 2019, which set supervisory requirements for branches of foreign banks licensed for securities activities in Kuwait. This cancellation reflects the CMA’s ongoing efforts to enhance supervisory mechanisms in line with international best practices. Consequently, these branches are no longer required to submit periodic financial reports and statements to the CMA unless specifically requested.

You can read the full CMA circular here.

On 17 June, the Central Bank of the UAE (‘CBUAE’) and CIPS Co., Ltd. (‘CIPS’), the operator of China’s Cross-Border Interbank Payment System, have signed a Memorandum of Understanding (‘MoU’) to enhance cooperation in payment infrastructure. This partnership aims to improve the efficiency of cross-border payments between the UAE and China.

Under the agreement, the parties will collaborate on initiatives to enable more seamless, streamlined, and cost-effective cross-border transactions. They will also work together to strengthen risk management and compliance efforts, sharing expertise to bolster the security, safety, soundness, and stability of cross-border payment infrastructures between the two countries.

You can read the CBUAE announcement in full here.

On June 3, the CBUAE and the Central Bank of Kenya (‘CBK’) signed two MoUs to enhance financial cooperation between the two countries. The first MoU establishes a framework to promote the use of local currencies for settling cross-border transactions and to support the sustainable development of both financial markets. The second MoU focuses on collaboration in payment systems, including exploring the interlinking of instant payment platforms and national card switches, in line with each country’s regulatory and supervisory requirements.

You can read the CBUAE announcement in full here.

On 17 June, the Executive Office for Control and Non-Proliferation (‘EOCN’), hosted a virtual webinar focused on complex trade-based transactions and emerging proliferation financing (‘PF’) risks.

The key highlights are as follows:

• UAE’s proliferation financing risk assessment
  • emphasis on FATF Recommendations and United Nations (‘UN’) sanctions relating to Iran (“UNSCR 2231”) and North Korea (“UNSCR 1718”)
  • risks assessed include trade finance misuse, revenue raising through front companies, cash smuggling, cybercrime, and complex corporate structures
• risk factors
  • threats: use of cryptocurrencies and shell companies (classified as medium-risk)
  • vulnerabilities: geographic location, weak legal transparency, and economic environment (classified as high-risk)
  • mitigation: considered partially effective, with notable gaps in the supervision of Virtual Asset Service Providers (‘VASPs’), Designated Non-Financial Businesses and Professions (‘DNFBPs’), and export controls
• recommendations
  • strengthen compliance and supervisory measures, particularly regarding virtual assets and non-financial businesses
  • enhance customer due diligence with focus on PF-related red flags
  • improve monitoring of trade finance monitoring and build law enforcement capacity
• PF typologies and red flags
  • common methods include the use of front companies, falsified documents, and obscured beneficial ownership to facilitate PF
  • Emphasis placed on the importance of awareness around relevant UN Harmonised Systems (‘HS’) codes and UAE control lists to support effective trade screening.

Final thoughts from the webinar emphasized that PF risks are increasingly sophisticated and constantly evolving, with the potential to impact multiple sectors. To address these challenges effectively, compliance teams must remain vigilant, consistently review and update internal controls, and strengthen collaboration with regulatory authorities and industry stakeholders. A thorough understanding of PF typologies and heightened awareness of red flags are critical for the timely detection and mitigation of PF activities.

On 20 June, the UAE Sustainability Finance Working Group (‘SFWG’), chaired by the FSRA, released draft principles for climate transition planning and invites feedback from key stakeholders.

The SFWG comprises major national regulators including the CBUAE, SCA, Ministry of Finance (‘MOF’), Ministry of Climate Change and Environment (‘MOCCAE’), FSRA, and DFSA. Together, they have published foundational frameworks such as the “Guiding Principles on Sustainable Finance (2020)”, “Principles for Effective Management of Climate-related Financial Risks (2023)”, and “Principles for Sustainability-Related Disclosures (2024)”.

The current draft principles focus on governance, risk management, metrics, data and customer engagement, reporting, and implementation to help financial institutions develop credible and effective climate transition plans.

You can read the Consultation Principles in full here. Comments are welcome until 16 July 2025.

On 26 June, the CBUAE hosted a Climate Forum in Abu Dhabi, bringing together key stakeholders to discuss the integration of climate considerations into financial sector practices and promote sustainable finance initiatives across the UAE.

The forum’s agenda focused on incorporating climate considerations into risk management frameworks, strengthening the resilience of the financial sector, and promoting both regional and global collaboration in sustainable finance. It also emphasised the need for financial institutions to adopt leading practices in assessing environmental risks and enhancing transparency through improved sustainability-related disclosures.

You can read the CBUAE announcement in full here.

On 11 June, VARA issued a circular to all regulated VASPs regarding the publication of the updated UAE National Risk Assessment (‘NRA’) on Anti-Money Laundering (‘AML’), Combating the Financing of Terrorism (‘CFT’), and Proliferation Financing (‘PF’).

Key findings identified in the NRA for specific risk factors affecting the VA sector are as follows:

• cyber threats targeting blockchain networks
• use of virtual assets by international criminal networks
• geographical risks arising from simplified cross-border transactions
• infrastructure vulnerabilities, including malware and data theft.

VARA expects that all VASPs promptly review and incorporate the UAE NRA findings into their Business Risk Assessments (‘BRAs’), updating them within 60 days from the issuance of the circular to address identified virtual asset-related threats and vulnerabilities. VASPs must also ensure their AML/CFT policies, controls, and monitoring systems reflect these risks, including customer onboarding, transaction monitoring, and internal audits. Updated BRAs should be submitted to VARA upon request or during supervisory reviews. Additionally, all VASPs must implement or enhance measures to mitigate risks, such as customer due diligence, transaction monitoring, compliance with targeted financial sanctions, and reporting suspicious activities.

You can read the full VARA circular here.

On 23 June, the SCA issued Chairman’s Resolution No. (14/Chairman) of 2025, amending the Regulations Manual of Financial Activities approved by Chairman’s Resolution No. (13) of 2021. Amendments included a new definition for “Robo-Advisor Service” and the technical controls and requirements for such a service under the Business Conduct manual.

Following this, firms intending to launch Robo-Advisory services must:

• obtain the appropriate SCA approval and meet the new regulatory requirements
• implement technical and operational controls in accordance with the Business Conduct manual
• engage certified external IT auditors to review their infrastructure and processes
• apply necessary measures for managing AI risks
• firms may use advanced technologies, such as Blockchain, to document all transactions and modifications to ensure transparency and prevent tampering with the activity log.

This resolution shall be published in the Official Gazette and shall come into force on the day following its publication.

You can read the SCA resolution in full here.

On 23 June, the SCA issued Chairman’s Resolution No. (15/Chairman) of 2025, introducing a comprehensive regulatory framework governing Security Tokens and Commodity Token Contracts. This resolution supports the SCA’s strategy to regulate digital assets within existing laws and aims to address and mitigate any risks that may arise from the use of distributed ledger technology.

Key regulatory developments include:

• taking a technological neutrality approach, applying existing regulatory principles to both traditional and tokenised forms of financial instruments
• definitions for key terms formalised
• applies to Security Tokens and Commodity Contract Tokens issued within or from the UAE
• excludes virtual assets and tokenised Real-World Assets unless they represent securities.

This Decision shall be published in the Official Gazette and shall come into effect after 30 days from the date of its publication.

You can read the SCA resolution in full here.

On 13 June, the FATF released an updated list of jurisdictions under increased monitoring, commonly referred to as the ‘grey list’. As part of this update, Croatia, Mali, and Tanzania were removed from the list, while Bolivia and the British Virgin Islands were added as countries now subject to increased monitoring. There have been no changes to the list of High-Risk Jurisdictions subject to a call for action, which continues to include the Democratic People’s Republic of Korea (‘DPRK’), Iran, and Myanmar.

You can read the updated ‘grey list’ here.

In June, the FSRA launched the national readiness program in preparation for the second round of the UAE FATF Mutual Evaluation, which is expected to take place around 2026 – 2027, subject to the FATF’s updated calendar and the UAE’s specific schedule under MENAFATF.

Preparatory activities are already underway and include targeted readiness programs and roundtable sessions for selected Firms, as outlined in FCCP Notice No. 63 of 2025, which was issued directly to those Firms.

You can read more about FATF Mutual Evaluations here.

The United Nations Security Council (‘UNSC’) has made amendments to its sanctions list. As a UN member, the UAE is committed to enforcing UNSC resolutions, and all firms are required to report their involvement with sanctioned entities or individuals.

On 9 June, following a delisting request submitted through the Office of the Ombudsperson, the Security Council Committee made amendments to remove the following individual from the Sanctions List:

• Name: Hajjaj bin Fahd al-Ajmi
• Date of Birth: 10 August 1987
• Nationality: Kuwait

Further details can be found here.

On 16 June, the Security Council Committee approved the addition of the following individual to the Sanctions List:

• Name: Abubakar Swalleh
• Date of Birth: 13 January 1992
• Nationality: Uganda

Further details can be found here.

On 10 June, the CBUAE imposed financial sanctions totalling AED 12,300,000 on six exchange houses operating in the UAE. These sanctions were issued under Article 14 of Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations, including its amendments.

The penalties follow examinations conducted by the CBUAE, which uncovered violations and failures by the exchange houses to comply with the AML/CFT framework and related regulatory requirements.

You can read the CBUAE announcement in full here.

On 13 June, the ADGM Registration Authority (‘RA’) accepted Enforceable Undertakings from MBK Auditing and its Registered Audit Principal, Mr Rajeev Vishnupant Kulkarni, following significant audit failings identified during a regulatory inspection. The undertakings include financial penalties totalling US$ 120,000 and a commitment to remediate identified deficiencies.

The RA’s inspection revealed serious breaches of the International Standards on Auditing (‘ISA’), including:

• failure to maintain accessible working papers
• inadequate disclosure in the audit report where key information was not obtained
• lack of due skill, care, and diligence in the audit process.

In recognition of their cooperation, the RA agreed to a reduced penalty amount. The terms of the enforceable undertakings include:

• US$ 85,000 penalty payable by MBK Auditing
• US$ 35,000 penalty payable by Mr Kulkarni
• submission of a detailed remediation plan to address gaps in staff training, audit methodology, quality management, and audit file retention.

The RA reiterated that high-quality audits and reliable corporate reporting remain core supervisory priorities and expects all ADGM-registered audit firms and principals to maintain full compliance with regulatory and professional standards.

You can read the ADGM RA announcement here.

On 17 June, the CBUAE revoked the licence of Sundus Exchange, removed it from the licences register, and imposed a financial penalty of AED 10Mn. This action was taken pursuant to Article 14 of Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations, including its amendments.

The licence revocation and financial sanction follow the findings of CBUAE examinations, which revealed multiple violations and failures to comply with the AML/CFT framework and related regulations.

You can read the CBUAE announcement in full here.

On June 24, the SCA announced that following an inspection and a series of investigations of an unlisted public joint stock company, it had identified legal violations committed by certain board members. The breaches, related to Federal Decree-Law No. 32 of 2021, led the SCA to refer the individuals to public prosecution for legal action.

You can read the SCA article in full here.

On 24 June, the CBUAE imposed a financial sanction of AED 2,000,000 on an exchange house operating in the UAE, under Article 137 of the Decretal Federal Law No. (14) of 2018 concerning the Central Bank and Organisation of Financial Institutions and Activities, including its amendments.

The penalty follows the CBUAE’s examination, which identified failures by the exchange house to comply with AML/CFT policies and procedures.

Through its supervisory and regulatory mandate, the CBUAE is committed to ensuring that all exchange houses, their owners, and staff adhere to UAE laws, regulations, and standards, thereby safeguarding the transparency and integrity of the exchange house sector and the broader UAE financial system.

You can read the CBUAE announcement in full here.

On 25 June, the CBUAE suspended a UAE bank’s Islamic Window from onboarding new customers for six months and imposed a financial penalty of AED 3,502,214. The action followed Sharia supervision examinations that revealed non-compliance with Sharia governance requirements and relevant provisions of Decretal Federal Law No. (14) of 2018. The CBUAE reaffirmed its commitment to ensuring all banks adhere to UAE laws and maintain the integrity of the financial system.

You can read the CBUAE announcement in full here.