Regulatory Update December 2025 – ME Region

On 8 – 9 December, the Dubai International Financial Centre (‘DIFC’) in partnership with GRC World Forums, hosted Risk GCC 2025, a two-day event focused on privacy, data protection, artificial intelligence (‘AI’), and governance, risk and compliance (‘GRC’).

The event brought together governance, risk, compliance, privacy, and risk professionals from across the region to share knowledge, enhance learning, and promote innovation.

You can read the DIFC announcement here.

On 17 December, the DIFC announced that it has become a member of the Global Cross-Border Privacy Rules Forum (‘Global CBPR Forum’). The announcement was made during a Global CBPR Forum workshop held in the Philippines, marking the first time a jurisdiction outside the Asia-Pacific Economic Cooperation has joined the Forum. As part of the membership requirements, DIFC also acceded to the Global Cooperation Arrangement for Privacy Enforcement (‘Global CAPE’).

This development underscores DIFC’s commitment to promoting interoperable, inclusive and trusted cross-border privacy frameworks that respond to the evolving needs of global businesses and individuals.

You can read the DIFC announcement here.

On 11 December, the Dubai Financial Services Authority (‘DFSA’) issued Consultation Paper No. 169, “Miscellaneous Changes,” seeking feedback on a range of proposed policy updates and rule clarifications across several areas of the DFSA Rulebook, including:

• Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (‘AML’)
• Fees (‘FER’)
• Prudential – Investment, Insurance Intermediation and Banking Module (‘PIB’).

You can read the Consultation Paper in full here. Comments were welcome until 10 January 2025.

In December, the DFSA published several amendments to its regulatory framework.

On 4 December, the following changes were issued and came into force on 31 December, affecting the following rulebooks:

• General Module (‘GEN’)
  • clarification of the scope of the GEN requirements, confirming that the financial promotion rules do not apply to authorised persons making an offer of securities from the DIFC to a Person located outside the DIFC
• Markets Rules (‘MKT’)
  • addition of specific wording for instances where offers of securities are made in the DIFC
  • removal of requirement to notify the DFSA in writing at the timing of filing the prospectus of any non-DIFC jurisdiction into which the offer is to be made
• Islamic Finance Rules (‘IFR’)
  • extension of the requirements in IFR applicable to any person making an offer in or from the DIFC in relation to a unit of a fund that is operated, or represented as being operated, as an Islamic fund.

You can read the DFSA announcement in full here.

On 10 December, the following changes were issued and came into effect on 11 December and 1 January 2026 respectively, affecting the following rulebooks:

• Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (‘AML’)
  • removed references to, and the definition of, domestic fund from the glossary section
• GEN
  • re‑ordered the wording relating to acquisitions (with no change to the underlying requirements) and clarified that an acquisition includes the subscription of shares in a new undertaking
• Prudential – Investment, Insurance Intermediation and Banking Business Module (‘PIB’)
  • removed capital resources as liquid assets for annual accounts, adding Category 3D to the EPRS reporting templates (B40A and B40B), and introducing a formula for calculating capital requirements for hedged positions
• COB
  • removed guidance stating that firms are expected to maintain proper books and accounts that are legible, up to date, and include narratives providing sufficient information about transactions (including client investments and crypto).

You can read the DFSA announcement in full here.

On 15 December, the following changes were issued, arising from previously issued Consultation Papers 168 and 165, coming into effect on 12 January and 1 July 2026, respectively:

• GEN
  • rule updates in relation to crypto tokens, and algorithmic tokens prohibitions, and transitional rules
• COB
  • removal of the restriction that previously required excluding unrecognised crypto tokens from the ‘net assets’ test when determining client classification
  • removal of prohibition to include only 33% of the market value of recognised crypto tokens belonging to an individual when determining client classification
  • removal of obligation to provide key features documents if providing or arranging custody
  • addition of a requirement to assess any third party providing safe custody of crypto tokens, including its authorised or supervised status, the adequacy of its crypto‑token storage policies, and the overall robustness of its custodial arrangements
• Collective Investment Rules Module (‘CIR’)
  • removal of restriction for an external fund manager to manage a domestic fund that invests in crypto tokens in section 6.1.6
  • removal of restriction for an external fund manager that invests in crypto tokens in section 6.2.4
  • removal of prohibition for authorised firms to make an offer of a unit of a foreign fund unless the fund’s investment in crypto tokens is limited to recognised crypto tokens and does not exceed 20% of the gross asset value of the fund
• FER
  • removal of application fees for crypto tokens to be a recognized crypto token
• Authorised Market Institutions Module (‘AMI’) miscellaneous changes
• MKT
  • name change from “recognized” crypto tokens and “suitable“ crypto tokens
• Glossary Module (‘GLO’)
  • removal of “recognized” crypto token
  • addition of definition of “suitable” crypto token
• GEN
  • rule updates in relation to conduct and conduct principles including an addition of “Principle 7 – disclosure to the DFSA” and extension of conduct principles to all individuals rather than authorised individuals only
  • additional rules for appointments of individuals to perform the licensed function where that individual is already appointed for another firm
  • addition of assessment of candidates prior to logging applications with the DFSA
  • annual review of authorised individual being fit and proper
• GLO
  • addition of definition of “relevant employee”.

You can read the DFSA announcement in full here.

In December 2025, the DFSA issued three warmings in relation to impersonations scams. Across all three cases, scammers engaged in sophisticated targeting both regulated firms and the DFSA itself. The tactics included fraudulent websites, misuse of corporate and employee identities, falsified regulatory documents, and fabricated communications designed to appear official.

The DFSA consistently warns the public not to respond to such communications, not to send money under any circumstances, and to rely on the DFSA public register and official alerts page to verify legitimacy. These incidents highlight the ongoing risks of impersonation fraud and the importance of vigilance within the financial services community.

You can read the DFSA alerts here.

On 4 December, the Financial Services Regulatory Authority (‘FSRA’) issued a public alert regarding suspected fraudulent activity by Mirage by Mag Investment LLC, trading as Trade Mirage, which has been making false and misleading claims on its website and Instagram account. The entity purports to be a “globally recognised forex trading platform” and falsely states that it is accredited and regulated by ADGM.

The FSRA confirms that Trade Mirage is not, and has never been, licensed, authorised, or incorporated in ADGM, nor has it been granted any financial services permission to conduct regulated activities. The regulator warns that these misrepresentations may mislead investors into believing the firm operates legitimately within ADGM.

Market participants and the public are advised not to deal with Trade Mirage and to verify the regulatory status of any firm via the FSRA’s public register before engaging in financial services activities.

You can read the FSRA alert here.

On 5 December, the FSRA published Discussion Paper No. 1 of 2025, seeking industry feedback on a major update to its insurance and reinsurance regulatory framework. The initiative forms part of a broader strategic review aimed at strengthening ADGM’s position as a competitive and well‑regulated hub for insurance activity.

The FSRA is undertaking a holistic reassessment of its current regime, with the objective of balancing competitiveness, regulatory robustness, and operational simplicity. The review draws on global best practices and is designed to modernise the framework without the constraints of legacy measures that may not suit all market segments. A particular focus is placed on reinsurance, in line with the UAE’s federal requirement that insurance activities in financial free zones be limited to reinsurance.

The paper highlights several drivers for reform, including the global shift toward risk‑sensitive, economic‑capital‑based approaches to capital requirements. The FSRA notes that while the existing framework is sound, refinements are needed in areas such as capital determination, asset eligibility, and diversification recognition, to avoid excessive capital burdens that could impact competitiveness. The FSRA also intends to address broader industry challenges, including structural market changes and the increasing use of derivatives.

The Discussion Paper is relevant to insurers, reinsurers, intermediaries, asset managers, actuarial and risk professionals, policyholders, regulators, and industry associations.

You can read the FSRA discussion paper here. Comments are welcome until 16 February 2026.

On 8 December, the FSRA issued Dear SEO/MLRO Letter concerning the update of the UAE Federal AML/CFT legislative framework in line with Federal Decree by Law No. (10) of 2025 on Anti-Money Laundering, Combating the Financing of Terrorism and Financing of Illegal Organizations, replacing the Federal Decree-Law No. (20) of 2018, and the UAE Cabinet Resolution No. (134) of 2025 Concerning the implementation of Federal Decree No. (10) of 2025, replacing the UAE Cabinet Resolution No. (10) of 2019.

The FSRA remined all financial institutions (‘FIs’), virtual assets service providers (‘VASPs’) and designated non-financial businesses and professions (‘DNFBPs’), that they are required to complete the following actions:

• review the Federal Decree by Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025 in detail
• assess the impact of the new provisions on their AML/CFT and TFS compliance frameworks
• update their AML/CFT and Targeted Financial Sanctions (‘TFS’) policies, manuals, systems, tools, and controls accordingly to ensure full alignment with the revised federal legislative framework.

You can read the FSRA notice in full here.

On 8 December, the Abu Dhabi Finance Week (‘ADFW’) 2025 was held under the patronage of His Highness Sheikh Khaled bin Mohamed bin Zayed Al Nahyan, convening global financial and business leaders to engage on Abu Dhabi’s evolving economic role.

You can read the ADGM announcement here and the agenda for the event here.

On 9 December, the FSRA convened the 4th Global Financial Regulators Summit, bringing together senior regulatory representatives from the Middle East and North Africa (‘MENA’), European and Asian regions, alongside leading US industry participants. Now established as a premier closed‑door forum for international regulatory dialogue, the Summit enables high‑level collaboration on regulatory innovation, emerging risks and the evolution of global financial frameworks.

This year’s discussions centred on the rapid expansion of the global private credit market, one of the fastest‑growing areas within the non‑bank financial intermediation sector. Regulators examined key themes including leverage, liquidity, interconnectedness and increasing retail participation, reflecting heightened global scrutiny of the sector’s systemic implications.

Two dedicated roundtables explored recent market developments and associated risks, as well as potential regulatory responses. Key insights from these closed‑door deliberations were subsequently shared with the broader ADFW audience.

You can read the FSRA announcement in full here.

On 10 December, the FSRA presented a series of updates to its digital asset regulatory framework. Since launching its virtual assets (‘VA’) regime in 2018, ADGM has grown to host more than 20 regulated firms active in virtual assets and fiat‑referenced tokens.

Following extensive industry consultation, the FSRA has refined the process for recognising accepted virtual assets (‘AVA’), adjusted capital and fee requirements for VA firms, introduced a dedicated product‑intervention power, and expanded the permissible investment scope for venture capital funds.

The FSRA also advanced work on emerging areas of the digital asset ecosystem. A proposed framework for VA staking (published in September 2025) sets out which Authorised Persons may conduct staking activities, with feedback currently under review. In addition, finalised amendments to the fiat‑referenced token (‘FRT’) regime, effective 1 January 2026, broaden the range of regulated activities that may be carried out using FRTs and address new business models through proportionate, risk‑based requirements.

You can read the FSRA announcement in full here.

On 15 December, following the public consultation issued in May 2025 (CP 4 of 2025), the FSRA published the Consumer Protection Regulations 2025, taking effect on the same day.

You can read the FSRA announcement here.

On 11 December, the FSRA announced that in 2025 it continued to strengthen its sustainable finance agenda, introducing new initiatives that reinforce ADGM’s position as a leader in the transition to a low‑carbon economy.

Building on the UAE Sustainable Finance Working Group’s 2023 Principles, the FSRA has taken the next step in strengthening its sustainable finance framework with the release of Consultation Paper No. 13 of 2025 – IAIS Insurance Core Principles and Climate Risk Management. The paper seeks industry feedback on proportionate requirements for Authorised Persons to identify, assess and manage climate‑related financial risks that may be material to their businesses.

The proposals reflect extensive engagement with banks, asset managers, industry bodies and data providers throughout 2025. As a result, the FSRA’s suggested enhancements are calibrated to the nature, size and complexity of each firm, and include integrating climate‑related risks into capital adequacy assessments and public disclosures, alongside tailored Guidance for Recognised Bodies. The consultation remains open until 30 January 2026.

Throughout 2025, the FSRA also played a central role in shaping the UAE Sustainable Finance Working Group’s forthcoming Principles for Climate Transition Planning (the ‘Principles’). Working closely with other members and industry stakeholders, the FSRA contributed to the development of a framework that reflects growing interest in transition planning across the financial sector.

The Principles establish foundational expectations for financial firms, covering governance, integration into business strategy, data and metrics, stakeholder engagement, and reporting and disclosure. This work highlights the FSRA’s continued commitment to advancing the UAE’s sustainability agenda and promoting transition planning as both a strategic and risk‑management priority for regulated firms.

You can read the FSRA announcement in full here.

On 12 December, the FSRA issued Notice No. FSRA/FCCP/179/2025 to announce launch of the first weekly Cyber Threat Intelligence (‘CTI’) newsletter. This initiative is aligned with Notice No. FSRA/FCCP/15/2024, which addressed Cyber Security Council Alerts and Indicators of Compromise (‘IoCs’).

The weekly newsletter is intended to serve as an additional resource to support all Relevant Persons in strengthening their overall cyber resilience.

The insights shared in the newsletter are drawn from the newly developed FSRA Cyber Threat Intelligence (‘CTI’) platform. This platform aggregates, analyses, and centralises intelligence from a diverse range of credible sources. All information is carefully filtered to ensure that the intelligence disseminated is not only timely but also actionable and highly relevant.

All firms are encouraged to take the following actions:

• enhance organisational awareness by actively reviewing information in the newsletter to stay informed about current and emerging threats
• adopt a proactive stance against cyber risks by anticipating evolving attack methods and preparing defensive measures in advance
• establish internal accountability for the collection, validation, and analysis of CTI within the organisation
• embed structured processes to ensure CTI is distributed effectively across all relevant departments
• ensure CTI reaches critical functions, including
  • risk management teams
  • front‑line IT and cybersecurity operations
  • incident response planning teams.

You can read the FSRA announcement here and access the CTI here.

On 18 December, the FSRA issued Notice No.183 of 2025, reminding Firms of the expiry of UN Security Council Resolution 2231 (2015) and the reimposition of UN Targeted Financial Sanctions (‘TFS’) pursuant to Resolutions 1696 (2006), 1737 (2006), 1747 (2007), 1803 (2008), 1835 (2008), and 1929 (2010). These measures have been reinstated through the UN’s snapback mechanism.

This reminder applies to all ADGM FIs, VASPs, DNFBPs, who are required to implement UN TFS related to Proliferation Financing without delay, in line with Cabinet Resolution No. (74) of 2020, the AML Rulebook, and FATF Recommendation 7.

The FSRA expects immediate action to ensure full compliance, including:

• updating internal policies and procedures to reflect TFS obligations and ensure staff training is aligned
• regularly updating sanctions screening systems with the latest UN Consolidated Sanctions List
• immediate re screening of all customers, beneficial owners, and counterparties against the updated list to identify confirmed or potential matches
• implementing asset freezing measures without delay, ensuring no funds or assets are made available to designated persons or entities
• reporting obligations, promptly report Confirmed Name Matches (‘CNMRs’) and Partial Name Matches (‘PNMRs’) to the Executive Officer of Control and Non-Proliferation though the goAML system, and in accordance with the TFS Guidance.

This notification underscores the importance of proactive compliance and vigilance in sanctions monitoring, particularly in light of the reestablishment of earlier UN resolutions.

You can read the FSRA Notice in full here.

On 19 December, following the public consultation in October 2025 (CP 11 of 2025), the FSRA published new rules and regulations covering sales and promotions, temporary commercial activities, and events and entertainment:

• the amended regulations are
  • beneficial ownership and control regulations (amendment no. 2) 2025
  • distributed ledger technology foundations regulations (amendment no. 2) 2025
• the amended rules are
  • commercial permits regulations (entertainment and events) rules 2025
  • commercial permits regulations (temporary commercial) rules 2025
  • commercial permits regulations (sales and promotions) rules 2025
  • commercial permits regulations (fees) rules 2025.

The updates took effect from the date of publication, 19 December 2025.

You can read the FSRA announcement in full here.

On 10 December, the General Secretariat of the National Anti-Money Laundering and Combatting the Financing of Terrorism and Proliferation Financing Committee (‘GS-NAMLCFTPFC’) released a new analytical paper titled “Anatomy of a Digital Threat: Understanding and Addressing Cyber‑Enabled Financial Crime in the UAE”.

This publication represents one of the UAE’s most comprehensive examinations of how rapid technological transformation, including artificial intelligence, virtual assets, e‑commerce, and digital payments, is reshaping the national financial‑crime risk landscape.

Key highlights include:

• cyber‑enabled financial crime is estimated to launder over US$ 2Tn annually, with US$ 1Tn lost to fraud, increasingly driven by AI, deepfakes, crypto mixers, and automation
• the UAE’s fintech market is projected to reach US$ 3.5Bn in 2025, with crypto inflows exceeding US$ 34Bn last year boosting digital growth but widening exposure to financial crime risks
• criminals are leveraging AI to scale money laundering and fraud, including “fraud‑as‑a‑service” platforms and AI‑powered phishing kits
• fraud and drug trafficking remain dominant, now enabled by encrypted communications, online marketplaces, and virtual assets
• the paper underscores the UAE’s reforms, strengthening AML/CFT/CPF supervision, enhancing oversight of virtual‑asset service providers, expanding cyber‑intelligence, and embedding a whole‑of‑government approach.

You can read the announcement in full here.

On 10 December, the UAE Authorities published Cabinet Decision No. (134) of 2025, concerning the Executive Regulation of Federal Decree-Law No. (10) of 2025 on Combating Money Laundering Crimes, Terrorist Financing, and Proliferation Financing (the ‘Decision’).

The Decision introduces updated AML/CFT and PF obligations for all regulated entities, requiring firms to review the changes and update their internal frameworks and controls accordingly. It took effect on 14 December 2025.

You can read the Decision in the UAE Official Gazette here.

On 10 December, the EOCN and the ADGM signed a Memorandum of Understanding (‘MoU’) to strengthen cooperation in implementing TFS and enhancing private‑sector compliance. The agreement supports the UAE’s commitment to Financial Action Task Force (‘FATF’) standards and its broader efforts to combat terrorism financing and proliferation.

The MoU focuses on improving joint understanding of terrorism‑financing and proliferation risks, enhancing supervision of the private sector, and ensuring timely implementation of freezing measures. It also includes collaboration on developing guidance, training materials, and capacity‑building programs for national staff and private‑sector entities.

You can read the EOCN announcement here.

On 12 December, senior representatives from the UAE’s National Anti‑Narcotics Authority met with leadership from the Central Bank of the UAE (‘CBUAE’).

The meeting focused on enhancing national efforts to combat narcotics‑related financial crimes through strengthened institutional cooperation, improved information‑sharing, and coordinated policy implementation. Both sides emphasised the importance of protecting the community, ensuring transparency and integrity within the financial sector, and supporting the stability of the UAE’s financial system.

Participants also discussed expanding the exchange of relevant data and enhancing the efficiency of national responses to financial crime risks. During the visit, the delegation was briefed on the CBUAE’s supervisory mandates, its regulatory framework for combating financial crimes, and ongoing initiatives under its financial infrastructure transformation programme, including payment system digitisation and capacity‑building efforts to improve proactive detection of suspicious transactions.

You can read the CBUAE announcement in full here.

On 16 December, the CBUAE held its Board meeting in Abu Dhabi to review 2025 achievements and approve key regulatory and strategic initiatives aimed at strengthening the UAE’s financial sector.

The Board endorsed the issuance of three new regulations, the Insurance Licensing Regulation, Insurance Brokers’ Regulation, and Telemarketing Regulation, supporting enhanced consumer protection and improved market efficiency in line with Cabinet Resolution No. 56 of 2024.

The Board also reviewed progress on major financial infrastructure transformation projects, including the International Central Securities Depository initiative and enhancements to the Real Time Gross Settlement (‘RTGS’) system.

The Board was briefed on the expansion of the “Jisr” cross‑border central bank digital currency (‘CBDC’) platform, with several central banks joining the initiative and its integration with the UAE’s Instant Payment Interface (‘IPI’) and the national card scheme “Jaywan”. These developments aim to reduce transaction costs, enable instant cross‑border settlement, and reinforce the UAE’s leadership in global financial connectivity.

The meeting also covered updates on governance initiatives, international cooperation, and the ongoing development of regulatory frameworks across the banking and insurance sectors.

You can read the CBUAE announcement in full here.

On 18 December, the UAE Sustainable Finance Working Group (‘SFWG’) released its fourth statement, reaffirming the nation’s commitment to sustainable finance and aligning its efforts with major national strategies, including the UAE Green Agenda 2015 – 2030, the National Climate Change Plan 2017 – 2050, and the UAE Net Zero by 2050 initiative. Coordinated by the FSRA of ADGM, the Working Group brings together national regulators, ministries, and financial markets to drive coordinated action across the financial sector.

The statement highlights progress across four core workstreams:

• sustainability‑driven corporate governance
  • the 2023 principles for effective management of climate‑related financial risks continue to guide financial institutions in integrating climate risks into governance, strategy, and risk management
• sustainability‑related disclosures
  • the 2024 sustainability disclosure principles enhance transparency and consistency in ESG reporting at both entity and product levels, aligning UAE practices with global standards such as the International Sustainability Standards Board (‘ISSB’)
• UAE sustainable finance taxonomy
  • ongoing work on a UAE‑specific taxonomy builds on the 2023 general principles, designed to ensure international interoperability and supported by a traffic‑light classification system and minimum social safeguards
• climate transition planning
  • the newly issued climate transition planning principles provide a structured framework for financial institutions and corporates to develop credible transition strategies, emphasising governance, scenario analysis, data, and risk management.

These developments reinforce the UAE’s proactive approach to sustainable finance and establish a national reference framework for embedding climate and sustainability considerations across financial services, corporates, and capital markets.

You can read the SFWG Statement here.

On 19 December, the GS‑NAMLCFTC (the ‘National Committee’) approved an update to the specific countermeasures that FIs, DNFBPs, VASPs, and non‑government organisations (‘NGOs’) must apply when dealing with high‑risk jurisdictions. The Committee also reiterated the corresponding obligations applicable to all entities. This update was also communicated publicly by the FSRA through FSRA/FCCP/186/2025, which summarised the National Committee’s Decision and outlined the required actions for regulated firms.

The Committee resolved to implement the following actions:

• adopt the FATF list of high‑risk jurisdictions for money laundering, terrorist financing, and proliferation financing, in line with the FATF public statement on jurisdictions subject to a Call for Action (the ‘Black List’), and approved the application of the countermeasures set out in the Interpretive Note to Recommendation 19
• adopt the FATF list of Jurisdictions under Increased Monitoring (the ‘Grey List’), together with the requirements for FIs, DNFBPs, VASPs, and NPOs to implement procedures that may include enhanced due diligence measures referenced in the Interpretive Note to Recommendation 10 and Article (4) of the 2019 Cabinet Decision (as amended by Cabinet Resolution No. 24 of 2022), proportionate to the level of risk posed by these jurisdictions
• agree to publish on its website the URL links to both the Blacklist and Grey List.

All FIs, DNFBPs, VASPs, and NGOs in the UAE are reminded that they must regularly review the most current FATF and Committee lists and incorporate this information when applying countermeasures and enhanced due diligence proportionate to the level of risk. These entities must also reassess their due diligence measures for countries removed from the FATF lists, ensuring alignment with the updated risk profile.

You can read the FATF list of countries under increased monitoring here and the FSRA notice here.

On 22 December, the Securities and Commodities Authority (‘SCA’) issued Notice No. 2-2025 to all Licensed Financial Institutions (‘LFIs’) and VASPs, following notification from the EOCN regarding the expiry of UNSC Resolution 2231 (2015) and the re-imposition of prior UN sanctions resolutions relating to Iran.

The SCA highlights the re-application of UNSC Resolutions 1696 (2006), 1737 (2006), 1747 (2007), 1803 (2008), 1835 (2008), and 1929 (2010), including the re-listing of individuals and entities on the UN Consolidated Sanctions List Circular 2-2025.

The SCA requires LFIs and VASPs to take the following actions immediately and without delay:

• update sanctions screening systems to ensure inclusion of the latest UN Consolidated Sanctions List reflecting the re-imposed listings
• re-screen existing relationships and transactions, including:
  • all existing customers
  • all ultimate beneficial owners (‘UBOs’)
  • all related parties to transactions
• apply freezing measures immediately where a match is identified, without prior notice, and prohibit the provision or availability of any funds, assets, or economic resources to designated persons or entities
• report confirmed and partial name matches (‘CNMR’ and ‘PNMR’) promptly to the EOCN through the goAML system, in line with the guidance on TFS.

The SCA reminded that failure to comply with TFS obligations constitutes a regulatory breach and may result in supervisory or enforcement action. Firms must also ensure staff are informed, internal controls are updated, and compliance actions are properly implemented and documented.

On 24 December, the NAMLCFTC, issued a request for firms to complete the Foreign Legal Person Risk Assessment Questionnaire (‘FLP’). The questionnaire is designed to gather information necessary to identify and assess ML/TF risks associated with foreign legal persons and arrangements. Firms were required to submit their responses in early January 2026.

On 30 December, the EOCN circulated a survey to identify the targeted financial sanctions training needs of FIs, DNFBPs, VASPs to support the development of a comprehensive training plan for 2026 and 2027. The survey is a part of the EOCN’s strategy to ensure the sustained and effective implementation of the international standards issued by the FATF, particularly recommendations 1, 6, and 7. The findings will support the development of a comprehensive TFS training plan for 2026 and 2027.

This survey should be completed by the MLROs, Compliance Officers, Sanctions Managers, or other senior personnel responsible for implementing TFS and reporting freezing measures.

The survey will remain open until 16 January 2026.

On 31 December, the SCA published a public consultation on proposed amendments to Articles (76) and (77) of the governance guide for public joint-stock companies (‘PJSCs’). The consultation remains open until 16 January 2026.

The SCA proposes the following updates:

• firms must appoint an authority‑approved consulting firm to:
  • review the annual integrated report, request corrections, and follow new guidance
  • evaluate the effectiveness of internal governance and risk‑management systems, with the auditor issuing a separate report to be published in the governance and risk‑management index
  • prepare an annual report on the firm’s compliance with corporate governance requirements
• consulting firms appointed to conduct annual review of the integrated report must:
  • hold proper licence from the relevant local authority, be a certified auditor, or be the firm’s external auditor
  • carry out its assigned duties independently, without overlap with other work it performs for the firm
  • be fully independent of the firm, having had no interests or relationships with the firm, its board, or its executive management in the previous two years (except where the entity is the firm’s external auditor, which is exempt from this rule).

You can read the SCA consultation in full here.

The SCA issued two warnings regarding several entities that are not licensed to conduct any financial activities under its regulatory remit:

• XC Market Limited and XCE Commercial Brokers LLC (website: www.xcmarket.com)
• Golden Brokers Limited Dubai Branch (representative office).

The SCA confirms that these entities are not authorised to provide any services under its regulatory remit and disclaims responsibility for any dealings with them. Investors are strongly advised to verify the legal status of any firm before entering into agreements or transferring funds, using the list of licensed companies available on the SCA’s official website.

You can read the SCA warnings here.

The United Nations Security Council (‘UNSC’) made amendments to its sanctions list. As a UN member, the UAE is committed to enforcing UNSC resolutions, and all firms are required to report their involvement with sanctioned entities or individuals.

On 9 December, the UNSC updated its Consolidated Sanctions List, which includes individuals and entities subject to sanctions. The updates comprised the removal of one individual, Munir Al Qubaysi.

Further information can be found here.

On 3 December, the FATF published amended Procedures for the FATF AML/CFT/CPF Mutual Evaluations, initially issued in 2022 (the ‘Procedures’).

The FATF carries out mutual evaluations and ongoing follow‑up assessments to determine how effectively its members address money laundering, terrorist financing, and the financing of weapons of mass destruction, as well as how well they have implemented the FATF standards. Through its International Co‑operation Review Group (‘ICRG’), the FATF also identifies and engages with countries and jurisdictions across its Global Network (‘GN’) that have strategic shortcomings in these areas.

The document outlines the procedures that underpin the mutual evaluation, follow‑up, and ICRG processes, and it should be read alongside the Consolidated Processes and Procedures for AML/CFT/CPF Mutual Evaluations and Follow‑up (the ‘Universal Procedures’) and the FATF methodology.

The key updates include:

• assessment sequencing will be determined by the time elapsed since the previous evaluation, the jurisdiction’s ML/TF risk level, and the relative size of its economy and financial sector
• after a mutual evaluation, jurisdictions have three years to remediate identified deficiencies or they will automatically be subject to a series of measures, including potential public statements on outstanding issues
• the follow‑up process is strictly results‑oriented, emphasizing concrete actions taken to address money laundering, terrorist financing, and proliferation financing
• the mutual evaluation cycle under the 2023 methodology will operate on a six‑year basis, supported by enhanced scrutiny and strengthened follow‑up mechanisms to maintain sustained governmental focus on effective ML/TF and proliferation‑financing controls
• the revised public identification process ensures that FATF listings concentrate on jurisdictions posing the highest systemic risk while also providing support to low‑capacity countries.

You can read the amended FATF Procedures here.

On 3 December, the FATF issued updates to its Universal Procedures. These Procedures set out the standardised and mandatory processes that all FATF and FATF‑Style Regional Bodies (‘FSRBs’) must follow when conducting mutual evaluations and follow‑up assessments of countries’ AML/CFT/CPF frameworks. They ensure that every jurisdiction is assessed using consistent methodologies, timelines, safeguards, and quality‑assurance mechanisms.

The UAE will undergo its next FATF mutual evaluation in 2026, conducted under the 5th Round FATF Methodology. The 5th Round of Mutual Evaluations by the FATF began in 2023 and marks a substantial advancement in the way jurisdictions are assessed for compliance with AML/CFT standards. Drawing on the experience of the 4th Round, the 5th Round adopts a more targeted, risk‑sensitive, and outcome‑focused methodology. Under this approach, evaluations will occur on a shorter six‑year cycle and place greater emphasis on the practical effectiveness of AML/CFT frameworks, rather than solely on the existence of laws and regulations.

Specifically, the UAE’s public and private sectors should take note of the following developments in the FATF’s evaluation approach:

• outcome‑based evidence will take precedence over policy declarations, with assessors examining whether risk‑based controls operate effectively in practice and drive measurable behavioural change, resulting in more prescriptive recommendations with defined actions and timelines
• the evaluation cycle is shorter and sequenced by risk, with the 5th Round operating on a six‑year timetable and imposing a higher threshold for demonstrating sustained impact
• beneficial ownership transparency is a central focus, following FATF’s enhancements to Recommendation 24 (legal persons) and Recommendation 25 (legal arrangements) and the issuance of updated guidance between 2022 and 2024
• the UAE will be required to demonstrate that accurate, current UBO information is actively used by supervisors, the FIU, and law‑enforcement authorities
• asset recovery expectations have increased, with revisions to Recommendations 4, 30, 31, and 38 in 2023 aimed at strengthening confiscation and international cooperation; assessors will scrutinise the extent to which financial intelligence is translated into freezing, seizure, and recovery outcomes.
• proliferation‑financing and targeted financial sanctions implementation are subject to heightened scrutiny, with post‑2020 changes requiring jurisdictions to evidence measurable PF risk assessments under Recommendation 1 and timely, consistent TFS execution across all obliged entities.

You can read the FATF amended Universal Procedures here.

On 10 December, the Basel Committee on Banking Supervision (‘BCBS’), issues new principles for the sound management of third-party risk (‘TPR’). This new document replaces the 2005 Joint Forum paper for the banking sector. While many earlier principles remain relevant, the BCBS introduces updated principles reflecting today’s more complex third-party risk providers (‘TPSP’) environment. Principles 1 – 9 guide banks on managing TPSP risks, while Principles 10 -12 guide prudential supervisors. The aim is to improve third‑party risk practices while providing a flexible, common baseline for banks and regulators.

Since the 2005 Joint Forum paper on outsourcing, rapid digitalisation has expanded financial institutions dependence on TPSPs beyond traditional outsourcing arrangements, requiring a broader approach to managing these relationships. While the paper is intended for banks, the growing reliance on TPSPs to access specialised expertise, reduce costs, and enhance efficiency and operational resilience is equally relevant to other financial institutions.

You can read the BCBS paper in full here.

On 22 December, the FATF published the paper “Horizon Scan: Artificial Intelligence and Deepfakes”. The paper provides a forward-looking assessment of current and emerging AI risks and trends. It forms part of the FATF’s phased approach to emerging technologies and focuses on identifying and analysing AI-related risks and vulnerabilities from an AML/CFT/CPF perspective.

You can read the paper in full here.

On 23 December, the FATF published an updated consolidated ratings table. The table summarises jurisdictions’ progress against the 40 FATF recommendations. The recommendations assess the jurisdiction’s maturity against money laundering, counter terrorist financing and proliferation financing measures.

You can read the consolidated rating table here.

On 9 December, the DFSA imposed a restriction on Mr. Kulvir Virk, former Chief Executive of UK fund manager SVS Securities PLC (‘SVS’), preventing him from performing any function in connection with Financial Services in or from the DIFC.

In June 2024, the UK Financial Conduct Authority (‘FCA’) fined Mr. Virk and prohibited him from performing any function related to regulated activities. The FCA found that Mr. Virk failed to act with integrity and did not exercise the required skill, care, and diligence in his role at SVS. The FCA concluded that he was not a fit and proper person and posed a risk to consumers and to the integrity of the financial system.

In November 2024, the DFSA became aware that Mr. Virk had been involved in the management of a DFSA‑Authorised Firm. To safeguard the integrity and reputation of the DIFC and maintain market confidence, the DFSA has therefore decided to restrict Mr. Virk from performing any function in connection with Financial Services in or from the DIFC.

You can read the DFSA announcement here and the DFSA notice here.

On 17 December, the FSRA imposed a financial penalty of AED 36,000 on Payward MENA Holdings Limited (‘PMH’) for failing to complete and submit five AML Returns between 2020 and 2024 and for not paying the related late filing fees.

You can read the FSRA notice here.

On 23 December, the CBUAE revoked the licence of Omda Exchange, removed the firm from its register, and imposed a financial penalty of AED 10M. The enforcement action follows CBUAE examinations that identified multiple breaches of the central bank law and related regulatory requirements.

The CBUAE reiterated its commitment to ensuring that all exchange houses operating in the UAE comply with applicable laws, regulations, and supervisory standards, in order to uphold the transparency and integrity of financial transactions and safeguard the stability of the UAE financial system.

You can read the CBUAE notice here.