Regulatory Update July 2025 – ME Region

On 4 July, the Dubai Financial Services Authority (‘DFSA’) published Consultation Paper No.167 titled “Proposed Enhancements to the DFSA’s Rulebook to Align with Basel Core Principles”. The paper outlines proposed improvements to the DFSA’s regulatory frameworks, aiming to achieve closer alignment with the Basel Core Principles for Effective Banking Supervision (‘BCP’), as issued by the Basel Committee on Banking Supervision (‘BCBS’). These proposals follow the results of comprehensive benchmarking exercises completed by regulatory authorities in Australia, Canada, Hong Kong SAR, Singapore, the UAE, the European Union and the United Kingdom.

The proposals are primarily targeted at Authorised Firms within prudential Categories 1, 2, and 5. However, the DFSA confirmed that certain policy recommendations related to risk management processes will apply across all prudential categories.

Key proposed changes include the following:

• clarifying and reinforcing the responsibilities of an Authorised Firms’ governing body in establishing and communicating a sound risk culture and corporate values
• reinforcing the second line of defence by the establishment of a dedicated risk management function responsible for overseeing risk taking activities, and that the function be adequately resourced and independent
• the risk management function to be headed by a person who holds a position of senior manager
• clarifying the scope of the internal audit function’s work to include the review of governance and risk management arrangements
• clarifying that an Authorised Firm’s comprehensive risk management policies and processes should cover all material risks, including those that could materialise over longer time horizons, such as climate-related financial risks, risks related to digitalisation, and other emerging risks
• strengthening the requirements for the management information system (‘MI’)
• broadening the scope of the current requirements for Authorised Firms in relation to new products, strategies and activities, so that these requirements also include material modifications to existing products, services and systems, and that major changes in systems, process and business models, and major acquisitions are subject to the governing body approval.

You can read the Consultation Paper here. Comments are welcome until 5 September 2025.

On 7 July, the Dubai International Financial Centre (‘DIFC’) Academy launched an extensive 7-week training series under the Cyber Forward Programme 2025 (the ‘Programme’), designed to help firms operating in DIFC navigate the rapidly evolving cyber landscape. The Programme is open to anyone interested in learning about the intricacies of cybersecurity and the latest strategies to ensure cybersecurity compliance.

The Programme covers key area of the National Institute of Standards and Technology (‘NIST’) Cybersecurity Framework and Dubai’s Information Security Regulation (‘ISR’) such as:

• introduction to cybersecurity governance
• information security management system (‘ISMS’) asset and risk management
• identity management, authentication, access control, user awareness
• operations management, software development, lifecycle management
• continuous monitoring, adverse event analysis
• incident management, analysis, reporting, communication
• incident recovery plan, business continuity planning
• AI-enabled cybersecurity measures.

Interested participants may register directly through the DIFC Academy’s official website here.

On 8 July, the DIFC Data Protection Law No. 5 of 2020 (‘DPL 2020’) was amended to incorporate several substantive changes. These amendments largely align with the proposals outlined in the February 2025 Consultation Paper. However, not all recommendations from the Consultation Paper were adopted, some notable proposals were ultimately excluded from the final legislation.

The key changes include the following:

• introduction of a new statutory cause of action that allows data subjects to bring claims against a controller or processor who contravenes the DLP 2020
• the scope of application extended to
  • controllers or processors incorporated in the DIFC, regardless of where they process personal data
  • the processing of personal data in the DIFC (including any transfers outside the DIFC) by any controller, processor (or any of their sub-processors), even if not incorporated in the DIFC, as part of stable arrangements
• clarified obligations when sharing data with public authorities
  • a controller or processor is now permitted to disclose personal data to a public authority only after determining that the request is both valid and proportionate
• new and increased financial penalties in relation to annual assessment, data protection impact assessments (‘DPIAs’), and disclosure or transfer to public authorities (Article 28).

You can read the DIFC article in full here.

On 28 July, the DIFC announced its mid-year performance results, reaffirming its role as one of the key contributors to Dubai’s Economic Agenda D33.

In the first half of the year, 1,081 new companies joined DIFC, a 32% increase on the same period in 2024. The total number of active companies registered in the Centre increased to 7,700, up from 6,153 in H1 2024 – a 25% year-on-year increase. The number of professionals working in DIFC also rose to 47,901, marking a significant 9% increase from 43,787 a year earlier.

You can read the DIFC article in full here.

In July, the DFSA issued several public warnings regarding scams involving fraudulent licenses, impersonation of Authorised Firms, and false claims of DFSA authorisation.

You can read the DFSA alerts in full here.

On 2 July, the Financial Services Regulatory Authority (‘FSRA’) issued a Dear SEO/MLRO Letter regarding compliance with Targeted Financial Sanctions (‘TFS’) and reporting through goAML. The letter serves as a reminder to all Authorised Firms (‘AFs’) of their responsibilities concerning TFS and other applicable sanctions. This notice is intended to raise awareness and support ongoing compliance efforts but does not outline all obligations applicable to AFs on this matter.

The key element of the anti-money laundering (‘AML’) obligations include:

• legal framework
  • AFs are required to comply with the federal legislation, AML Rulebook and be aware of all notices issued by the FSRA as well as relevant guidance and guidelines issued by governmental authorities in the UAE, including the Executive Office for Control and Non-Proliferation (‘EOCN’)
• compliance with TFS
  • AFs are required to establish and maintain effective systems and controls to enable compliance with TFS, register on goAML, subscribe to EOCN notification system, conduct sanction screening, apply asset freeze upon any confirmed match or partial name match, maintain appropriate records
• compliance with non-TFS sanctions
  • AFs are required to understand what sanctions regimes apply to their jurisdiction of origin, its business and/or customer base and apply sanctions measure appropriately
  • when activity or transactions involving targets of non-TFS Sanctions (e.g., international sanctions) are detected, and are suspicious, AFs must submit a Suspicious Transaction/Activity Report (‘STR/SAR’) through the goAML system.

You can read the Dear SEO Letter here.

On 2 July, the Abu Dhabi Global Markets (‘ADGM’) Courts launched its Pro Bono Mediators Panel (the ‘Panel’), representing a significant advancement in expanding access to justice and further enhancing its Court-Annexed Mediation Scheme established in 2019 as the first of its kind in the region. The Panel will feature internationally accredited mediators who volunteer their expertise on a pro bono basis, while gaining valuable experience through court-annexed mediation proceedings.

You can read the ADGM announcement in full here.

On 8 July, the FSRA issued a Dear SEO/MLRO Letter regarding key AML/TFS obligation, registration and reporting through goAML portal for Authorised Firm operating in the ADGM.

This notice is intended to strengthen awareness and support ongoing compliance efforts across three key requirements:

• ensuring adherence to applicable AML/CFT regulations
• maintaining an active subscription to the goAML system
• submitting the relevant reports through the goAML portal.

You can read the Dear SEO Letter here.

On 17 July, the FSRA signed a Memorandum of Understanding (‘MoU’) with the Central Bank of the Republic of Azerbaijan to foster collaboration across financial technologies, capital markets, and related sectors. The agreement establishes a framework for both authorities to exchange expertise and information, and to jointly organise training programmes, research initiatives, and study visits. This strategic partnership reinforces ADGM’s commitment to international cooperation and regulatory alignment, supporting innovation and sustainable growth in both jurisdictions.

You can read the FSRA announcement in full here.

On 24 July, the FSRA published its 2024 annual report outlining its key regulatory achievements and underscoring its commitment to delivering a world-class regulatory environment for financial services. The report is centered around the following strategic objectives:

• innovation
  • leading the way in areas such as Virtual Assets, FinTech, Regulatory Technology (‘RegTech’) and Supervisory Technology (‘SupTech’), and sustainable finance considering the UAE’s commitment to being net zero by 2050
• efficient and safe markets
  • ensuring well-functioning and safe markets with integrity at their core
• growth through sound regulation and cooperation
  • ensuring compliance with international standards, collaboration and cooperation with fellow regulators and other authorities
• building the future
  • providing high-quality financial education to FSRA staff through ADGM Academy and developing staff through ADGM’s Al Yah program.

You can read the annual report in full here.

On 30 July, the FSRA issued Consultation Paper No. 8 “Enhancements for Continued Alignment with International Standards – IOSCO Principles”. In line with the FSRA’s strategic objectives, maintaining compliance with international standards and promoting collaboration with other regulators and authorities, the Paper proposes targeted improvements to the FSRA’s regulatory framework. While the FSRA’s regulatory framework is aligned with the International Organization of Securities Commissions (‘IOSCO’) Principles, the proposed enhancements are designed to ensure deeper and more appropriate alignment across all international standards.

In January of this year, the FSRA implemented the amendments to its regulatory framework following the completion of a benchmarking exercise against the “Core Principles for Effective Banking Supervision” issued by the Basel Committee on Banking Supervision (‘BCBS’).

Furthermore, the FSRA intends to assess the regulatory framework against the remaining international standards, the International Association of Insurance Supervisors (‘IAIS’) Principles. Where enhancements are considered necessary, a further consultation exercise will be conducted to address those areas.

The key proposed changes include:

• addition of a general prohibition against misleading and deceptive conduct
• expanding the FSRA’s suspension powers as an interim measure in appropriate circumstances
• clarifying the FSRA’s ability to exercise certain powers and the relevant procedures that apply in certain circumstances, such as:
  • the granting of a financial services permission subject to conditions
  • withdrawal of conditions or restrictions
  • the giving of directions for prudential purposes with immediate effect
  • exercising powers in urgent circumstances where the application of the usual advance notice procedures would be prejudicial or detrimental to the ADGM financial system
• addition of a prohibition on offering a unit of a fund without a complying prospectus to Financial Services and Markets Regulations (‘FSMR’)
• addition of the power to issue a stop order in relation to the offer of units in a fund that do not meet applicable requirements.

You can read the Consultation Paper in full here. Comments are welcome until 27 August 2025.

On 29 July, the FSRA announced amendments to its regulatory framework, focusing on enhanced cyber risk management. Compliance with these amendments will be required by 31 January 2026.

The implementation follows extensive industry engagement and feedback received on Consultation Paper No. 3 of 2025. The amendments require firms to integrate cyber risk management into their existing risk frameworks and build upon the FSRA’s “Information Technology Risk Management Guidance and Governance Principles and Practices to Mitigate Cyber Threats and Crime”.

Key updates include:

• COBS
  • addition of Guidance under 17.5, 19.23.1 and 20.14.1 on additional requirements that apply to Authorised Persons (‘APs’) in relation to Cyber Risk management in chapter 3.5
  • addition of Guidance under 19.23.2 and 20.14.2 on the requirement of APs to notify the FSRA in certain circumstances
• GEN
  • addition of a new rule 3.5 (“Cyber Risk Management”) outlining requirements for establishing a cyber risk management framework, identification and assessment for establishing cyber risk management framework, protection of information and technology (‘ICT’) assets against cyber incidents, monitoring and testing, detection, response and recovery, and notifications to the regulator
  • addition of Guidance under 3.3.2(1) on additional requirements that apply to APs that receive services directly from a third party or a subcontractor of a third party which involve accessing the Authorised Person’s IT Systems or Networks or accessing or processing its data
• GLO
  • addition of definitions associated with the newly introduced cyber rules in GEN 3.5 such as cyber incident, cyber incident response, cyber risk, cyber risk management framework, ICT asset, ICT service, IT systems, network, third-party cyber risk, and identify and access management practices
• MIR
  • confirmation under 1.1.4 of Recognised Bodies being in scope of the new GEN 3.5 cyber risk regulations
  • addition of requirements under Rule 5.4.1 mandating that Recognised Bodies must notify the FSRA of any cyber incident either immediately or within no more than 24 hours of identification
• Prudential – Insurance Business Rulebook (‘PIN’)
  • addition of requirement for an insurer to implement and maintain a risk management system to identify the operational risks including cyber risk
• Prudential – Investment, Insurance Intermediation and Banking Rulebook (‘PRU’)
  • addition of Guidance under 6.6.1 and 6.7 on additional requirements that apply to APs in relation to the new GEN rules in chapter 3.5
• Captive Insurance Business Rulebook (‘CIB’)
  • addition of requirement for a captive insurer to implement and maintain a risk management system to identify the operational risks including cyber risk
  • addition of Guidance under 2.4.2 on additional requirements that apply to APs in relation to the new GEN rules in chapter 3.5.

You can read the FSRA announcement in full here.

Between 30 June and 1 July, the FIU hosted two workshops aimed at enhancing the quality of Suspicious Transaction Reports (‘STRs’) and Suspicious Activity Reports (‘SARs’) submitted by Financial Institutions (‘FIs’) and VASPs. The workshop also covered fundamental AML/CFT concepts, including risk-based approaches, transaction monitoring, three lines of defence model, and customer due diligence.

The key takeaways included guidance on how to prepare a thorough STR/SAR submission which provide critical information required to understand and evaluate the merit of the SAR.

Reports should address the following elements:

• “when”: indicate when the suspicious activity was first observed. Include a timeline, specific transaction dates, duration of the activity, and clarify whether the transactions were completed or merely attempted
• “where”: detail all locations and jurisdictions involved, including foreign institutions, physical addresses, account numbers, and the full transaction path from the originator to the beneficiary
• “who”: provide identification of all relevant parties, including subjects, beneficiaries, account holders, Ultimate Beneficial Owners (‘UBOs’), directors, and signatories. Include their roles, relationships, occupations, and all relevant identifying information
• “what”: describe the instruments used (e.g., wire transfers, letters of credit), the delivery channels employed (e.g., internet, telephone, courier), the origin and intended use of funds, and the accounts affected by the activity
• “why”: clearly explain why the activity raises suspicion and how it deviates from the customer’s expected behaviour, taking into account the types of products or services utilised and comparisons to typical peer behaviour
• “how”: outline the modus operandi, including transaction patterns such as the frequency, value, and direction (incoming/outgoing) of wire transfers or other relevant movements.

The FIU emphasised the correct communications protocols such as:

• all communication must be conducted via IEMS, categorised per subject
• avoid delays in submitting documentation or updates
• always ensure the “checker” role is properly activated as part of the submission and approval workflow.

On 4 July, the Central Bank of Bahrain (‘CBB’) announced the introduction of a framework for licensing and regulating stablecoin issuers, aimed at ensuring the safe and sound integration of stablecoins into the financial system.

Under the newly issued stablecoin regulation, licensed stablecoin issuers are authorised to issue single-currency stablecoins backed by the Bahraini Dinar (‘BHD’), United States Dollar (‘USD’), or other fiat currencies deemed acceptable by the CBB. The regulation is designed to address and mitigate risks associated with unregulated stablecoins, with the overarching goal of cultivating a secure and resilient digital asset ecosystem. By reinforcing investor protection and instilling greater market confidence, the framework seeks to promote responsible innovation and drive sustainable growth across the sector.

You can read the CBB’s announcement in full here.

On 8 July, VARA issued a circular to all regulated VASPs regarding the publication of the update to the list of jurisdictions under increased monitoring and the high-risk jurisdictions subject to a call for action issued by the National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organizations Committee (‘NAMLCFTC’).

You can read the full VARA circular here.

On 10 July, the European Commission amended Delegated Regulation (EU) 2016/1675 to officially remove the UAE from the European Union’s (‘EU’) list of high-risk third countries for anti-money laundering and counter-terrorism financing.

The EU list identifies non-EU jurisdictions that have strategic deficiencies in their AML and CFT regimes. These countries pose significant threats to the integrity of the EU’s financial system and are therefore subject to enhanced due diligence obligations under the EU’s Anti-Money Laundering Directive (‘AMLD’).

You can read the full announcement here.

On 18 July, the Executive Officer for Control and Non-Proliferation (‘EOCN’) issued an updated guidance on TFS for Financial Institutions and Designated Non-Financial Business and Professions (‘DNFBPs’) and Virtual Asset Service Providers (‘VASPs’). This update builds upon the previous version issued in September 2022.

The EOCN underscored the critical role of the private sector in the UAE and emphasised that effective implementation of TFS, robust compliance frameworks, and strict adherence to national legal requirements remains essential.

The updated guideline clarifies the obligations of firms under the UAE’s TFS legal framework and defines the scope and application of TFS measures within the country. It outlines key requirements, including:

• registration in the EOCN’s Notification Alert System (‘NAS’)
• screening of the UAE local terrorist list and the United Nations Security Council consolidated list
• immediate freezing of funds or other assets and prohibition on making them available to designated persons
• reporting all TFS measures undertaken.

Additionally, the guideline provides explanations of key concepts such as ownership and control in the context of TFS implementation, and details potential enforcement actions in cases of non-compliance. The document also offers guidance on the obligations pertaining to the implementation of unilateral and multilateral sanctions.

The key updates in 2025 version include the following:

• renaming funds freeze report (‘FFR’) to confirmed name match report (‘CNMR’)
• clarification on weekend/public holiday screening obligations
• enhanced guidance on partial name match report (‘PNMR’) procedures and examples
• grievance procedures moved to a separate document.

The guidance can be accessed directly via the EOCN’s website here.

On 21 July, the SCA issued Chairman’s Resolution No. (16/Chairman) of 2025. This resolution aims to establish a comprehensive regulatory framework for regulating goodwill in public joint-stock companies and will come into effect after three months from the date of its publication.

The main points are summarised below:

• public joint-stock companies’ compliance with requirements to record and evaluate good will
• establishing clear bases for the requirements for recording and evaluating goodwill to support audit and audit committees’ activities
• the necessary level of disclosure and transparency to investors in relation to goodwill in the business to assist them with investment decision making.

You can read the SCA resolution in full here.

On 22 July, the Abu Dhabi Securities Exchange (‘ADX’) and the Budapest Stock Exchange (‘BSE’) have signed a Memorandum of Understanding (‘MoU’) to strengthen cooperation between their capital markets.

The MoU includes exploring dual listings, cross-border trading, and ESG cooperation, as well as sharing best practices in regulation, product development, and IT. Both parties will also assess integrating BSE into ADX’s Tabadul Hub, a digital platform enabling seamless cross-border market access.

The partnership enhances global connectivity for both exchanges and supports their goals of expanding investment opportunities and fostering sustainable financial growth.

You can read the ADX article in full here.

On 23 July, VARA issued a circular to all regulated VASPs, reminding them of the payment token services regulation (‘PTSR’) issued by the CBUAE, which came into effect in August 2024. Under the PTSR, all VASPs engaged in fiat-backed payment token (‘FPT’) activities are required to register with the CBUAE. The grace period granted by the CBUAE to facilitate the transition to the new regulatory obligations ends on 25 August 2025.

All VASPs are reminded to complete an internal review to assess the applicability of the PTSR. Where applicable, VASPs must communicate with the CBUAE as required. Entities falling within the scope of the registration requirements must also notify their designated VARA supervision contact.

You can read the VARA circular in full here.

On 31 July, the CBUAE published a comprehensive report detailing its progress towards launching the “Digital Dirham,” the UAE’s national central bank digital currency. The report outlines key design principles, policy frameworks, and achievements to date, emphasising security, trust, and user-friendliness in alignment with international standards from the International Monetary Fund and Bank for International Settlements.

The CBUAE has collaborated closely with the financial sector and strategic partners to ensure effective adoption. The Digital Dirham is designed to enhance financial inclusion – including access for unbanked individuals and non-residents – support faster and more efficient payment systems, and enable features such as offline payments, smart contracts, and cross-border transactions.

A digital wallet and a dedicated platform have been developed for issuing, trading, and using the Digital Dirham across various payment scenarios. The Digital Dirham is part of the broader Financial Infrastructure Transformation (‘FIT’) Programme launched in 2023 and has already undergone cross-border trials and real-value retail pilots to test its design, technology, and use cases in the digital economy.

You can read the CBUAE announcement here and the policy report here.

On 31 July, VARA issued a circular, reminding all commercial entities operating in, or from Dubai that are engaged in, or intending to engage in, VA activities, including those participating in VA proprietary trading, that they are required to complete an assessment to decide the appropriate scope of regulatory oversight.

Under the VARA Regulations 2023, commercial entities conducting VA Proprietary Trading are subject to prior authorisation and must obtain a No Objection Certificate (‘NoC’) from VARA. Commercial entities engaged in VA proprietary trading must possess a valid trade licence that includes the specific activity code for “VA Proprietary Trading.” Entities operating without the appropriate commercial licence will be deemed non-compliant with VARA’s requirements.

You can read the VARA circular in full here.

From 7 – 9 July, the Middle East and North Africa Financial Action Task Force (‘MENAFATF’) conducted a Regional Workshop on “Investigation and Prosecution of Money Laundering Crimes”. The event was hosted by the Arab Republic of Egypt, represented by the Egyptian Money Laundering and Terrorist Financing Combating Unit (‘EMLCU’), in collaboration with the United Nations Office on Drugs and Crime (‘UNODC’), the Deutsche Gesellschaft für Internationale Zusammenarbeit (‘GIZ’), and the International Monetary Fund (‘IMF’). The workshop convened over 40 experts from 14 member countries, representing Financial Intelligence Units and law enforcement agencies, alongside representatives from participating international organizations.

The event aimed to enhance the technical capabilities of participants in conducting financial investigations and prosecuting money laundering crimes, including:

• role of financial investigations in money laundering cases
• legal and evidentiary foundations for prosecuting stand-alone money laundering offenses
• role of supervisory bodies in supporting investigations
• use of beneficial ownership information to trace criminal assets.

The workshop also focuses on enhancing cooperation among relevant authorities at both national and international levels, including the use of informal communication channels.

You can read more about the workshop here.

On 8 July, the Financial Action Task Force (‘FATF’) issued an updated report on terrorist financing (‘TF’) risks, highlighting serious and evolving threats while cautioning that many countries lack the capacity to fully understand TF trends and respond effectively. The report was developed with contributions from FATF global network delegates.

The report also outlines key recommendations for addressing TF risks:

• assessment of transnational/global TF risks, such as smuggling of goods, online fundraising campaigns, diversion of humanitarian aid, and extortion within diaspora communities
• assessment of regional and local TF risks, including increased financing to larger terrorist groups and the rising number of lone actors who rely on microfinancing through sources like salaries, social benefits, family support, small-scale fraud, or drug trafficking
• effective implementation of FATF Standards, especially provisions concerning virtual assets, which terrorists increasingly use alongside other financing channels
• evaluation of humanitarian activity impacts, noting that since December 2024, such activities have been excluded from UN asset freeze measures under the ISIL and Al-Qaida sanction regime
• assessment of TF risks linked to technological advancements, which may introduce new vulnerabilities in financial systems.

The report also includes a set of practical risk indicators to assist competent authorities, the private sector, and other stakeholders in detecting and disrupting terrorist financing. These indicators span patterns in payment behaviour, travel activity, and social media usage.

Following the publication of the TF report, the FATF hosted two webinars featuring experts from across its global network. These discussions explored the evolving nature of terrorism risks, examined prominent terrorist financing methods, complex proliferation financing and sanctions schemes, and analysed key emerging trends.

You can read the FATF report in full here.

On 10 July, the FATF introduced a new process to address unintended consequences arising from the misapplication of its standards concerning non-profit organisations (‘NPOs’). This initiative seeks to identify, evaluate, and rectify the adverse impacts resulting from the way countries implement these standards.

The FATF standards are designed to safeguard the non-profit sector from exploitation for terrorist financing. Anchored in a risk-based approach, they aim to preserve the integrity of legitimate NPO activities without disruption. However, when misapplied, these Standards can lead to unintended outcomes, including the unjust targeting and suppression of lawful NPOs.

You can read the FATF article in full here.

On 23 July, the FATF published an updated consolidated ratings table. The table summarises jurisdictions’ progress against the 40 FATF recommendations. The recommendations assess the jurisdiction’s maturity against AML, counter terrorist financing (‘CTF’) and proliferation financing measures.

You can read the consolidated rating table here.

The United Nations Security Council (‘UNSC’) has made amendments to its sanctions list. As a UN member, the UAE is committed to enforcing UNSC resolutions, and all firms are required to report their involvement with sanctioned entities or individuals.

On 8 July, the UNSC pursuant to resolution 2653(2022) approved the addition of two entries to its Sanctions List.

Further information can be found here.

Between 2 and 16 July, the CBUAE imposed financial sanctions totaling AED 6.5Mn on two branches of foreign banks operating in the UAE, following supervisory examinations that identified significant regulatory breaches.

The branches were found to be in breach of Article (14) of Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations, due to deficiencies in compliance with the AML/CFT framework and related regulatory obligations, as well as Article (137) of Decretal Federal Law No. (14) of 2018 Regarding the Central Bank and Organisation of Financial Institutions and Activities, for violations of the Market Conduct and Consumer Protection Regulations and Standards.

These actions reaffirm the CBUAE’s commitment to enforcing regulatory compliance and protecting the integrity of the UAE’s financial sector.

You can read the CBUAE notices in full here.

Between 7 and 21 July, the CBUAE imposed varying financial sanctions amounting to AED 4.9Mn on four exchange houses, pursuant to Article (14) of the Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations and its amendments and Article (137) of the Decretal Federal Law No. (14) of 2018 regarding the Central Bank and Organisation of Financial Institutions and Activities, and its amendments.

The financial sanction has been imposed after assessing the findings of examination conducted by the CBUAE, which revealed that the three exchange houses failed to comply with AML/CFT policies and procedures.

You can read the CBUAE notices in full here.

On 10 July, the CBUAE imposed a financial sanction on a bank of AED 3Mn, pursuant to Article 14 of the Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations and its amendments, and Article 137 of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities and its amendments.

The sanctions result from the CBUAE’s examinations, which revealed the bank’s failure to comply with the CBUAE instructions in relation to its AML/CTF arrangements.

You can read the CBUAE notice in full here.

On 11 July, the CBUAE revoked the licence of Al Khazna Insurance Company P.S.C (‘Al Khazna’), pursuant to the Article 33 of Federal Decree Law No. (48) of 2023 regulating Insurance Activities (‘the Insurance Law’). This is due to Al Khazna’s failure to meet the licencing requirements necessary to conduct insurance business during the period of suspension of its licence.

The revocation results from the findings of examinations and follow ups conducted by the CBUAE, which revealed that Al Khazna failed to comply with requirements set out in the Insurance Law and other regulatory requirements imposed by the CBUAE, during the period of suspension of its license.

You can read the CBUAE notice in full here.

On 29 July, the CBUAE suspended the motor insurance business of a foreign insurance company’s branch (the ‘Insurer’), pursuant to Articles (33) and (44) of Federal Decree Law No. (48) of 2023 Regulating Insurance Activities. The Insurer remains liable for all rights and obligations arising from insurance contracts concluded before the suspension.

This enforcement action was taken as a result of the entity’s failure to meet the solvency and guarantee requirements outlined in the applicable legislation and regulatory framework governing insurance companies in the UAE.

You can read the CBUAE notice in full here.

On 30 July, the CBUAE revoked the licence of Al Nahdi Exchange and removed it from the official register, in accordance with Article 137 of Federal Law No. 14 of 2018. This decision followed regulatory examinations revealing serious breaches in AML/CFT, and sanctions compliance.

You can read the CBUAE notice in full here.

On 31 July, the CBUAE revoked the licence of Gotmi Exchange and removed it from the official register, in accordance with Article 137 of Federal Law No. 14 of 2018. This decision followed regulatory examinations revealing serious breaches in AML/CFT, and sanctions compliance.

The CBUAE reaffirmed its commitment to upholding the integrity, transparency, and regulatory compliance of the exchange house sector within the UAE’s financial ecosystem. It emphasised that both institutions and individuals will be held accountable to its supervisory standards and obligations under the prevailing regulatory framework.

You can read the CBUAE notice in full here.