Regulatory Update February 2026 – ME Region

On 5 February, the Dubai International Financial Centre (‘DIFC’) announced its annual results for 2025, reflecting continued growth across registered companies, regulated firms, revenue, and workforce.

Key updates were:

• a 39% year-on-year increase in new active registered companies (2,525), bringing the total number of registered entities to 8,844
• 20% revenue growth to AED 2.13Bn and 28% growth in net profit to AED 1.48Bn
• expansion of the wealth and asset management sector to more than 500 firms, including 102 hedge funds
• growth in AI, FinTech, and innovation-focused entities to 1,677 representing a 35% increase.

The announcement highlighted DIFC’s continued focus on strengthening its legal and regulatory framework, enhancing infrastructure, supporting innovation, and attracting global talent and long-term investment.

You can read the DIFC article in full here.

On 10 February, the DIFC issued the Variable Capital Company Regulations 2026 (‘VCC Regulations’), which were enacted on 9 February 2026.

Key features of the VCC Regime include:

• flexible structuring options
  • a VCC may be established as a standalone entity or as an umbrella structure with incorporated or segregated cells
• variable share capital
  • share capital is linked to net asset value, enabling efficient issuance and redemption of shares and facilitating capital inflows and outflows
• distributions from capital
  • a VCC may make distributions from capital based on the net asset value of the VCC or relevant cell, rather than being limited to profit‑based dividends
• asset segregation
  • incorporated or segregated cells allow for distinct investment strategies, differentiated risk profiles, and ring‑fenced liabilities, while enabling economies of scale through centralised management.

The VCC model is expected to be particularly attractive to family‑owned businesses, multi‑asset holding structures, and complex proprietary investment portfolios, including secondaries strategies, seeking consolidated management and enhanced structuring flexibility.

You can read the DIFC publication here.

On 12 February, the Dubai Financial Services Authority (‘DFSA’) published Crypto Token Frequently Asked Questions (‘FAQs’) to support firms in understanding and implementing its updated Crypto Token regulatory framework, which came into force on 12 January 2026.

The FAQs provide clarification on the application of the DFSA Rulebook to financial services and activities involving Crypto Tokens in or from the DIFC, reinforcing regulatory clarity, market integrity, and investor protection.

The key areas covered include:

• when authorisation is required for Crypto Token-related activities in the DIFC
• the DFSA’s expectations regarding firm-led Crypto Token suitability assessments and ongoing monitoring
• the regulatory treatment of Fiat Crypto Tokens
• funds investing in Crypto Tokens
• application of the regime across different business models and financial services activities.

You can read the DFSA article in full here.

On 12 February, the DFSA held an outreach session for Finance Officers in the DIFC on expectations and obligations of authorised firms in relation to prudential reporting, regulatory returns, and auditor engagement.

The key topics discussed were:

• Electronic Prudential System (‘EPRS’)
  • the EPRS is used to submit financial and prudential reports
  • firms must comply with PIB 2.3 and refer to the Prudential Returns Sourcebook (‘PRU’)
  • the Declaration Form B100 requires two signatures for annual returns and one for quarterly returns; originals must be retained for at least six years
  • firms must promptly rectify inaccuracies, omissions, or validation failures
  • quarterly returns are due one month after quarter-end
  • annual returns four months after financial year-end
  • financial data must be reported in USD (thousands)
  • the DFSA performs anomaly checks but is not a fourth line of defence
  • applicable forms are auto populated within EPRS based on the firms’ licence permissions
  • returns are recognised only once validations are completed, including declaration requirements
  • 2025 updates include crypto and investment token reporting through Forms B410, B420, and B440
  • Basel III reporting enhancements are reflected in Forms B130, B140, and B10D
  • an increased number of firms are now subject to proportionality metrics compliance including BCR and EBCM
• Fixed Penalty Notices (‘FPNs’)
  • FPNs serve as an administrative enforcement mechanism
  • penalties escalate from US$ 2,500 for the first contravention, to US$ 7,500 for the second, and US$ 15,000 for subsequent contraventions within the same calendar year
  • common causes of penalties typically include breaches of reporting obligations, such as delayed submissions, failure to finalise or validate returns, incomplete filings, inaccuracies or inconsistencies in reported data, and deficiencies in required supporting documentation, including unsigned or missing declarations and auditor report
• engagement with auditors
  • management remains responsible for maintaining adequate systems, controls, and resources to support accurate financial reporting and regulatory submissions
  • firms must cooperate fully with auditors, submit auditor reports within prescribed deadlines, and notify the DFSA of matters affecting auditor independence or appointment
  • auditors are required to conduct engagements in accordance with applicable regulatory standards, maintain independence, avoid conflicts of interest, and notify the DFSA where resignation arises from governance or control concerns.

You can find the DFSA outreach presentation here.

On 12 February, Global Investigations Review (‘GIR’) hosted its Annual Investigations Meeting in Dubai. GIR is an international platform dedicated to the law and practice of cross‑border investigations. The event brought together a range of stakeholders, including representatives from the DFSA, to examine emerging trends shaping investigations across the Middle East and North Africa.

Key themes discussed included:

• the increasing complexity of trade controls and their impact on regional and international business
• managing regulatory and authority demands in cross‑border investigative matters
• the growing use of AI tools to enhance investigative processes and decision‑

You can read the DFSA’s contributory speech here.

On 16 -17 February, the DIFC hosted its second FinTech Week, convening industry participants, regulators, and technology leaders to discuss developments shaping the financial services landscape. The event focused on emerging trends, evolving risk considerations, and regulatory implications associated with digital finance and innovation.

Key themes included the following:

• continued expansion of real-time and cross-border payment capabilities
• growth of embedded finance and platform-based financial services models
• increasing adoption of digital wallets and alternative payment channels
• deepening collaboration between financial institutions, fintech firms, and technology providers
• application of AI-driven security and fraud prevention measures
• evolving regulatory considerations, including tokenisation, digital identity frameworks, AML obligations, and third Payment Services Directive (‘PSD3’) development
• strategies for building resilient, scalable technology and control frameworks to support innovation while maintaining regulatory compliance.

You can read the DIFC article in full here.

On 23 February, DIFC Innovation Hub announced the launch of the Pakistan FinTech Summit in partnership with the Pakistan Digital Authority. The event will take place on 18 – 19 August 2026 and represents the first international expansion of the Dubai FinTech Summit.

Key updates include:

• expected attendance of over 10,000 participants and up to 150 sponsors and exhibitors
• participation of policymakers, financial institutions, technology firms, investors, and regulators
• focus on cross-border engagement between the UAE and Pakistan
• reference to Pakistan’s FinTech sector growth, including US$ 52.5Mn raised in H1 2025 and US$ 391Mn raised by 450 FinTech companies by November 2025
• programme elements to include investment announcements, product launches, roundtables, and regulatory sessions.

The summit forms part of DIFC’s broader FinTech engagement activities outside the UAE.

You can read the DIFC article in full here.

On 26 February, the DFSA issued amendments to the Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (‘AML’) Rule-Making Instrument (No. 435) 2026 and the Glossary Module (‘GLO’) Rule-Making Instrument (No. 436) 2026. These came into force on 2 March 2026.

The amendments reflect updates to the UAE federal AML legislative framework and introduce additional requirements and clarifications within the DFSA Rulebooks.

Key updates to the AML Module include:

• replacing references to Federal Decree‑Law No. 20 of 2018 with Federal Decree‑Law No. 10 of 2025 on Anti‑Money Laundering and Combating the Financing of Terrorism
• replacing references to “Illegal Organisations” with Proliferation Financing (‘PF’)
• replacing references to the UAE Central Bank with the Financial Intelligence Unit (‘FIU’) in relation to powers to freeze funds or other assets connected to AML, targeted financial sanctions (‘TFS’), and PF
• replacing references to Cabinet Resolution No. 10 of 2019 with Cabinet Resolution No. 134 of 2025
• adding guidance clarifying that Authorised Firms must establish and maintain effective AML policies, procedures, systems, and controls, with the explicit requirement that these be approved by the Authorised Firm’s senior management
• expanded customer due diligence (‘CDD’) requirements for natural persons to include:
  • place of birth
  • where applicable, the name and address of the person’s employer
• additional CDD requirements for body corporates to include:
  • legal form
  • tax registration number
  • unique reference number
  • where incorporated outside the UAE, the name and address of its legal representative in the UAE
• enhanced beneficial ownership requirements, clarifying that Authorised Firms must obtain adequate information in line with Federal AML legislation, including each beneficial owner:
  • full name
  • nationality
  • date and place of birth
  • residential address
  • identity number and type
  • tax registration number
  • other relevant identifying information
• renaming of the National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organisations (‘NAMLCFTC’) to the National Committee
• additional guidance confirming that, when assessing an applicant’s adequacy of resources and AML systems and controls, the DFSA must be satisfied that the applicant will comply with Article 21 (Internal Supervision) of Cabinet Resolution No. 134 of 2025.

Under the GLO Module, amendments were limited to the removal of the defined terms of “Property” and “Suspicious Activity Report”.

These amendments align the DFSA Rulebook with the updated UAE federal AML framework and introduce expanded CDD and beneficial ownership information requirements for Authorised Firms.

You can find the DFSA article here and the notice of amendments here.

On 2 February, the Financial Services Regulatory Authority (‘FSRA’) issued a public alert concerning Mount Nico Corp Ltd, trading as “MKT Investing”, in relation to misleading claims made on its website regarding its regulatory status.

The FSRA clarified that MKT Investing is not, and has never been, licensed or authorised by the FSRA to conduct any regulated activities in or from Abu Dhabi Global Market (‘ADGM’). The FSRA emphasised that only firms granted the appropriate financial services permission may undertake regulated activities in ADGM and advised investors to verify a firm’s regulatory status prior to engaging in any dealings.

The FSRA further reminded the public to consult the FSRA public register and, where relevant, the ADGM registration authority public register to confirm whether an entity is authorised or registered in ADGM.

You can read the FSRA alert here.

On 3 February, the FSRA issued a Dear SEO/MLRO Letter concerning the decision by the National Committee regarding the UAEs’ Virtual Assets Travel Rule.

The FSRA reminded Authorised Firms that, in accordance with section 15 of the Financial Services and Markets Regulations 2015 and Chapter 2 of the Anti‑Money Laundering and Sanctions Rulebook, all Financial Institutions and Virtual Assets Service Providers are required to comply with the measures and obligations set out under the virtual assets travel rule.

You can read the Dear SEO/MLRO letter here and the National Committee’s decision here.

On 10 February, the ADGM released a new AML/CFT Quick Guides on Business Risk Assessments (‘BRA’) for Designated Non‑Financial Businesses and Professions (‘DNFBPs’). The guide outlines how firms should identify, evaluate, and mitigate risks relating to money laundering, terrorist financing, and proliferation financing, and provides clear differentiation between a business risk assessment and a customer risk assessment.

The Guides was developed as a practical, plain‑language resource, the guide is intended to help DNFBPs understand their regulatory obligations, enhance internal controls, and meet supervisory expectations.

The Guides explains how to assess inherent and residual risks in accordance with ADGM’s AML Rulebook and sets out the key risk factors DNFBPs must consider, including:

• customer profiles
• geographic exposure
• products and services
• transaction patterns and
• technological risks.

You can read the AML/CFT Guides in full here.

On 10 February, FSRA issued a Dear SEO Letter to Authorised Firms licensed to conduct banking activities, setting out supervisory observations and expectations arising from its 2025 banking sector risk assessment reviews. The reviews evaluated banks’ business models, governance frameworks, risk management practices, liquidity arrangements, and AML outcomes, in line with the FSRA’s regulatory objectives.

The key observations focused on the following areas:

• business model and strategy
  • clearer articulation was required within the regulatory business plan, particularly in relation to defined objectives, milestones, resource allocation, and the underlying rationale supporting business projections
  • explicit consideration of risks, contingencies, and past‑period performance
  • stronger alignment between the regulatory business plan (‘RBP’) and the internal capital adequacy assessment process and internal risk assessment process (‘ICAAP/IRAAP’)
• governance
  • banks were reminded to ensure effective governing body practices, including periodic reviews of internal governance, strategy development, culture, and reporting quality
  • management information, particularly key performance indicators and key risk indicators requires further refinement to align with business objectives and provide meaningful oversight
• risk management
  • while most ICAAP/IRAP submissions were well structured, the FSRA highlighted gaps including insufficient linkage to business objectives, unclear risk methodologies, incomplete consideration of group‑level risks, and inconsistent integration of findings from internal reviews and audits
• liquidity and treasury management
  • for some banks, the liquidity risk assessment was not included in their ICAAP
• AML outcomes
  • in several instances, the FSRA found that the bank’s assessments and conclusions lacked sufficient depth and supporting evidence, for example, by failing to consider a customer’s total net worth and, at times, conflating the requirements for establishing source of wealth with those for source of funds.

Banks are expected to assess their existing frameworks against these observations and implement enhancements where appropriate. Other authorised firms may also find the themes relevant when reviewing their own governance and risk‑management practices.

You can read the Dear SEO letter in full here.

On 24 February, the FSRA issued a public alert regarding misleading claims made by an entity calling itself “Nubia Gold SPV”, including representations made through the website https://nubiagold.org.

The RA confirms that:

• Nubia Gold SPV is not incorporated, registered, or licensed by the ADGM RA and does not appear on ADGM’s Public Register of Companies
• any assertion or suggestion that Nubia Gold SPV is incorporated, registered, approved, recognised, or otherwise affiliated with ADGM is false and misleading
• the RA has no association with this entity or its website.

Members of the public are advised to safeguard themselves against false or misleading claims of affiliation with ADGM by taking three key steps:

• verifying an entity’s status through the Public Register of Companies
• confirming the legitimacy of any ADGM‑issued documents, such as licences or certificates of incorporation, using ADGM’s free online document‑verification tool
• exercising caution when approached by individuals or entities claiming an ADGM connection, particularly where investment opportunities, payment requests, or requests for personal or financial information are involved.

You can read the ADGM RA alert in full here.

Since launching its weekly Cyber Threat Intelligence (‘CTI’) newsletter in December 2025, the FSRA has continued to issue regular updates to help firms stay informed about emerging cyber threats.

Across February, these updates point to an increasingly active threat landscape driven by social‑engineering attacks, rapid exploitation of newly disclosed vulnerabilities, and state‑linked operations. The month also saw growing use of AI‑enabled intrusion techniques, deepfakes, and new malware families targeting enterprise, FinTech, and blockchain environments.

The FSRA notes that this escalation in both sophistication and targeting reinforces the need for continuous monitoring, timely patching, and strengthened endpoint and identity‑security controls.

You can read the FSRA newsletters in full here.

On 9 February, the Central Bank of the UAE (‘CBUAE’) held an outreach session on advancing financial inclusion, aligning with the recent Financial Action Task Force (‘FATF’) guidance on financial inclusion. The session focused on how countries and financial institutions can expand inclusive access to financial services while maintaining effective AML/CFT safeguards.

The session highlighted practical approaches to applying proportional, risk-based measures that support responsible innovation, digital financial services, and access for underserved populations.

The UAE defines financial inclusion as ensuring that all individuals and businesses have fair access to and actively use quality, affordable, transparent, innovative, and secure financial services, including payments, remittances, savings, investment, credit/financing, and insurance, to support financial health and sustainable economic growth.

The CBUAE launched the national financial inclusion strategy in November 2025, developed in partnership with the World Bank, Organisation for Economic Co‑operation and Development (‘OECD’), and AMF, with input from more than 70 national stakeholders. The strategy aims to expand financial account ownership and digital payments while ensuring that growth and innovation remain aligned with regulatory requirements.

Key initiatives include providing universal financial accounts to all residents, developing tailored financial products for women, youth, and people of determination, and improving access to financial services for entrepreneurs and micro, small, and medium‑sized enterprises (‘MSMEs’). Overall, the strategy seeks to position the UAE as a global leader in inclusive, data‑driven finance by ensuring that high‑quality, affordable financial services are accessible and widely used across the country.

Financial institutions, DNFBPs, VASPs, and registered hawala providers are expected to:

• ensure internal controls are calibrated to support proportionality, preventing compliance processes from creating unintended barriers
• explicitly integrate inclusion and the risk‑based approach (‘RBA’) into the institutional risk appetite, enterprise‑wide risk assessment, and strategic planning
• apply accurate and granular customer segmentation to differentiate low‑risk inclusive segments from higher‑risk profiles
• transition to dynamic risk assessments that reflect real‑time behaviour rather than relying on static, one‑off onboarding checks.

You can read the CBUAE announcement here.

On 9 to 11 February, the Arab Monetary Fund (‘AMF’) hosted Arab Payment Week, bringing together regional and international stakeholders to discuss developments in payments, financial infrastructure, and digital finance.

Discussions highlighted the increasing role of stablecoins and emerging payment technologies in reducing friction in cross-border transactions and enhancing settlement efficiency.

The event underscored continued regulatory and industry focus on innovation, financial stability, and the evolving digital payments landscape.

You can read the AMF announcement here.

On 10 February, the Ministry of Finance (‘MoF’) announced the issuance of Cabinet Decision No. 209 of 2025 on Exchange of Information upon Request for Tax Purposes (‘Cabinet Resolution’). The decision reinforces the UAE’s established framework for international tax cooperation and its long‑standing adherence to internationally agreed standards, including the Exchange of Information on Request (‘EOIR’) Standard. The Resolution took effect on 30 January 2026 and applies across the UAE.

The key practical considerations for firms included the following:

• establishing a clear legislative basis for maintaining key categories of information, including
  • ownership and identity information
  • banking information
  • information relating to legal persons and legal arrangements
  • accounting records
• clarifying the roles and authorities of government entities and regulatory bodies responsible for collecting and providing information to the Ministry of Finance
• supporting compliance through proportionate administrative measures, complemented by clear grievance and appeal procedures.

The Ministry of Finance’s announcement was accompanied by FSRA/FCCP Notice No. 26 of 2026, issued on 12 February, regarding the implementation of Cabinet Resolution No. (209) of 2025 on the Exchange of Information Upon Request for Tax Purposes. The notice informs firms of the UAE authorities’ implementation of the Resolution.

Firms were reminded of their obligations under the Cabinet Resolution and are expected to cooperate fully with any requests issued in this regard. In practice, this includes ensuring that all relevant information and records are accurate, complete, up to date, and readily accessible. Firms must also be prepared to provide the requested information in the form and manner specified, including original documents or certified copies where required.

You can read the MoF announcement here and the FSRA/FCCP Notice here.

On 11 February, the CBUAE and the Hong Kong Monetary Authority (‘HKMA’) held their third bilateral meeting in Abu Dhabi to strengthen financial cooperation and market connectivity between the two jurisdictions. The discussions built on progress from their previous meeting in December 2024 and focused on key areas including cross‑border debt capital market connectivity, developments in digital assets and tokenisation, central bank digital currency initiatives, stablecoin regulatory frameworks, and supply‑chain financing.

A major development announced was the CBUAE’s formal membership in Hong Kong’s Central Moneymarkets Unit (‘CMU’), the region’s central securities depository. This membership provides the UAE and its investors with direct and cost‑effective access to Mainland China’s capital markets through Hong Kong’s established financial infrastructure, marking a significant step toward deeper financial integration and enhanced investment connectivity between the UAE and Asia.

Both regulators reaffirmed their shared commitment to advancing cross‑border financial cooperation and supporting the sustainable development of financial markets through continued strategic and operational collaboration.

You can read the CBUAE article in full here.

On 11 February, the MoF issued Ministerial Decision No. (336) of 2025, formally adding the Dubai Virtual Assets Regulatory Authority (‘VARA’) to the definition of “competent authority” under Ministerial Decision No. (229) of 2025 relating to Qualifying and Excluded Activities for the purposes of the Corporate Tax Law (Federal Decree‑Law No. (47) of 2022).

Under this update, VARA is now recognised as a competent authority for Qualifying Activities specifically related to fund management services and wealth and investment management services. This clarification supports entities operating in the virtual asset sector in determining their eligibility for related corporate tax treatments.

You can read the MoF announcement in full here.

On 12 February, the Higher Committee overseeing the National Strategy on Anti‑Money Laundering and Countering the Financing of Terrorism and Proliferation Financing held its 22nd meeting.

Discussions focused on the UAE’s preparations for the FATF mutual evaluation, including progress on the national strategy, the effectiveness report, and technical readiness ahead of FATF’s on‑site visit in June 2026.

The Committee also approved the National Proliferation Financing Risk Assessment and endorsed a mechanism to update the National Risk Assessment and AML/CFT strategy every three years. Capacity‑building initiatives and continued system enhancements were highlighted as key priorities, reinforcing the UAE’s commitment to combating financial crime and safeguarding the integrity of the financial system.

You can read the Ministry of Foreign Affairs article in full here.

On 16 February, the UAE Capital Markets Authority (‘CMA’) announced via its official LinkedIn channel the launch of a thematic supervisory review focused on targeted financial sanctions screening systems at licensed financial institutions.

The review is intended to assess the efficiency and effectiveness of firms’ compliance frameworks and their alignment with both domestic and international requirements. It forms part of the CMA’s risk‑based supervisory approach aimed at enhancing transparency, supporting digital transformation, and mitigating systemic risks within the capital markets sector.

 Across February, CMA has issued a series of alerts warning investors about unlicensed entities conducting financial activities without its approval. These include:

• Royal Citadel Marketing Management LLC
• an unidentified entity is falsely impersonating the Dubai Gold and Commodities Exchange (‘DGCX’)
• Connect Nexus
• CMV Capitals Financing Broker
• trading and Instagram account:
• a Telegram account identified as “MBUS exchange” (@moneybus_manager_eng)

The CMA confirms that these entities are not authorised to provide any services under its regulatory remit and disclaims responsibility for any dealings with them. Investors are strongly advised to verify the legal status of any firm before entering into agreements or transferring funds, using the list of licensed companies available on the CMA’s official website.

You can read the CMA warnings here.

On 19 February, the VARA issued a market alert addressing recent references to Dubai’s Real Estate Tokenisation Pilot in promotional and marketing materials. VARA confirmed that Phase 1 of the initiative has concluded, successfully validating the technological, regulatory, and operational foundations for tokenising real estate assets in Dubai.

The programme has now moved into Phase 2, a controlled testing and evaluation stage conducted jointly with the Dubai Land Department (‘DLD’). This phase focuses on assessing expanded functionalities, including secondary‑market mechanisms, and determining the appropriate scope and conditions for any future rollout.

VARA noted that some entities have begun referencing the pilot in ways that imply participation or approval that has not been granted. The authority emphasises that any offering, marketing, or facilitation of tokenised real estate products must comply with VARA’s Rulebooks and the legal requirements of Dubai Law No. 4 of 2022 and Cabinet Resolution No. 111/2022.

Investors are advised to verify firm status via VARA’s Public Register and report any suspected unlicensed activity to the authority.

You can read the VARA warning in full here.

On 19 February, the CBUAE and the UAE Internal Auditors Association formalised a new partnership through a Memorandum of Understanding (‘MoU’) aimed at advancing the UAE’s financial regulatory environment.

The agreement underscores a shared commitment to elevating national financial oversight by embedding the highest international standards in internal auditing. It establishes a framework for joint initiatives to modernise governance systems, enhance confidence in financial transactions, and align regulatory practices with global benchmarks.

You can read the CBUAE article in full here.

On 23 February, the CBUAE issued a guidance note outlining expectations for the responsible adoption of artificial intelligence and machine learning by licensed financial institutions. The guidance establishes a supervisory framework aimed at safeguarding consumer rights, strengthening governance and transparency, and promoting fair and sustainable use of AI technologies. It sets out core principles covering governance and accountability, fairness and non‑discrimination, transparency and explainability, human oversight, and data management and privacy. The CBUAE emphasises that responsible AI deployment is essential to maintaining trust, supporting innovation, and preserving financial stability, and confirms that the guidance applies to all institutions under its supervision.

You can read the CBUAE article here and the guidance note here.

On 24 and 25 February, the Executive Officer for Control and Non-Proliferation (‘EOCN’) held two webinars on the outcomes of the UAE Proliferation Financing National Risk Assessment, covering the assessment’s purpose, scope, methodology, key PF threats and vulnerabilities, sector‑specific risks, relevant typologies and case studies, and recommended mitigation measures. The overall residual country risk of the UAE was assessed as Medium-High.

The key points from the webinars included:

• PF operates as a cross‑cutting risk, spanning trade activity, payment flows, ownership structures, and the use of intermediaries
• mainland jurisdictions and financial free zones were assessed separately because they operate under distinct regulatory frameworks and supervisory approaches
• key typologies highlighted included the use of forged or altered documents, front or shell companies, complex transaction routing, intermediary layering, and touchpoints involving virtual assets.

The key vulnerabilities identified include:

• UAE’s position as a global financial, trade, and transshipment hub
• Presence of customs brokers and freight forwarders with varying control environments
• Commercial Free Zones (CFZs) involving complex ownership structures
• Continued expansion and global reach of the VASP sector.

Firms are expected to translate the national findings into their own frameworks, updating PF risk assessments, controls, staff training, and maintaining a clear, well‑documented evidence trail.

On 11 – 13 February, the Financial Action Task Force (‘FATF’) held its fifth Plenary Meeting. The agenda covered a wide range of strategic issues, including the review of mutual evaluation reports, ongoing initiatives to address emerging illicit‑finance risks, and the role of technological innovation in strengthening financial crime prevention. The Plenary also considered updates to the list of jurisdictions under increased monitoring, reflecting FATF’s continued focus on global compliance and supervisory effectiveness.

The UAE delegation participated actively in the Plenary Meeting, holding a series of bilateral engagements with FATF, representatives from MENAFATF member states, other FATF‑Style Regional Bodies such as Financial Action Task Force of Latin America (‘GAFILAT’), and senior Mexican officials hosting the Plenary.

You can read the FATF announcement here.

On 10 February, the Transparency International published the updated Corruption Perceptions Index (‘CPI’) 2025. The CPI is the world’s most widely referenced benchmark for assessing corruption. It evaluates how corrupt a country’s public sector is perceived to be, based on assessments from experts and business professionals.

The 2025 CPI highlights that corruption remains a pervasive global challenge, with only limited signs of improvement across jurisdictions. The results point to a continued erosion of governance standards, driven in part by weakened democratic checks and balances and increasing pressure on independent civil society. Public frustration is evident, with widespread protests reflecting growing dissatisfaction with unaccountable leadership and demands for meaningful reform.

The CPI assesses 182 countries and territories based on perceived levels of public‑sector corruption, using a scale from 0 (highly corrupt) to 100 (very clean). While 31 countries have made notable progress since 2012, the majority have either stagnated or deteriorated. The global average has fallen to a new low of 42, and more than two‑thirds of countries score below 50. These governance shortcomings have tangible societal impacts, contributing to under‑resourced public services, inadequate infrastructure, and diminished opportunities for younger generations.

The UAE has improved its score compared with its 2024 rating.

You can read the CPI publication in full here.

On 13 February, the FATF updated its list of jurisdictions under increased monitoring (the “grey list”), adding Kuwait and Papua New Guinea. No jurisdictions were removed as part of this review.

You can find the FATF statement in full here.

On 17 February, the Middle East and North Africa Financial Action Task Force (‘MENAFATF’) held a practical webinar focused on the misuse of Virtual Assets (‘VAs’) and VASPs for terrorism financing. The session covered global and regional risk trends, practical case studies, and operational considerations for both public‑ and private‑sector stakeholders.

Key themes included:

• global and MENAFATF trends:
  • an overview of emerging risks, red‑flag indicators, and regional typologies relating to VAs and VASPs
• case‑based Insights:
  • real‑world scenarios demonstrating how VAs and VASPs have been exploited for terrorist financing, with examples and good practices shared by jurisdictions such as Nigeria and India
• member state Interventions
  • MENAFATF jurisdictions presented recent cases and operational lessons, highlighting practical challenges and responses
• private‑sector considerations:
  • discussion of tools, capabilities, and limitations in detecting and preventing misuse of VAs, as well as opportunities for enhanced transparency, information sharing, and technological innovation
• upcoming survey
  • an outline of the forthcoming online survey to support the next phase of the MENAFATF Handbook, including the type of information jurisdictions may voluntarily contribute.

On 23 February, the FATF published its Annual Report 2024 – 2025, covering the period July 2024 to June 2025 and outlining developments in standard-setting, risk analysis, mutual evaluations, and the listing process.

The report sets out updates to FATF Recommendations, findings from the latest round of mutual evaluations, and progress in addressing emerging financial crime risks.

Key updates include:

• amendments to Recommendation 16 (Payment Transparency) in June 2025 to revise cross-border payment information requirements and clarify responsibilities of ordering, intermediary and beneficiary institutions
• strengthening of Recommendation 1 (Risk-Based Approach) and issuance of new guidance on financial inclusion
• publication of a Targeted Update on implementation of Standards relating to Virtual Assets and VASPs, noting that 3 in 4 assessed jurisdictions remain non-compliant or partially compliant with Recommendation 15
• issuance of eight thematic risk reports covering proliferation financing, sanctions evasion, terrorist financing, cyber-enabled fraud, online child sexual exploitation, and national risk assessments
• findings that only 16% of jurisdictions demonstrate high or substantial effectiveness in implementing targeted financial sanctions relating to proliferation financing
• findings that 69% of jurisdictions exhibit major or structural deficiencies in investigating and prosecuting terrorist financing cases
• confirmation that fraud is cited in 89% of mutual evaluation reports (156 jurisdictions)
• completion of the latest round of mutual evaluations covering almost 200 jurisdictions and commencement of a new six-year evaluation cycle with greater emphasis on effectiveness
• removal of five countries from increased monitoring (Croatia, Mali, Tanzania, the Philippines, and Senegal) and updates to the listing prioritisation criteria.

The report reflects continued monitoring of global AML/CFT/CPF implementation and further updates to the FATF Standards and assessment framework.

You can read the FATF Annual Report 2024 – 2025 in full here.

On 24 February, the UN Security Council Committee (‘UNSC’), pursuant to resolution 1591 (2005) concerning the Sudan approved the addition of four entries to its Sanctions List.

On 27 February, the UNSC pursuant to resolutions 1267 (1999), 1989 (2011) and 2253 (2015), removed one entry from the ISIL (Da’esh) and Al‑Qaida Sanctions List.

As a UN member, the UAE is committed to enforcing UNSC resolutions, and all firms are required to report their involvement with sanctioned entities or individuals.

All relevant persons were reminded of their obligations to:

• screen the updated entries against internal databases
• report any confirmed or potential matches via the goAML platform.

Further information can be found here and here.

On 24 February, the FATF published a paper titled “Cyber-Enabled Fraud – Digitalisation and Money Laundering, Terrorist Financing and Proliferation Financing Risks”, examining the growing threat of cyber-enabled fraud and how jurisdictions can leverage FATF Standards to address it.

The report highlights that cyber-enabled fraud is now one of the most significant profit-driven crimes globally, with 90% of jurisdictions assessed by FATF identifying fraud as a major money laundering risk.

Key themes include:

• increased use of phishing, AI-enabled deepfakes, messaging platforms, and scam centres
• importance of payment transparency mechanisms to improve traceability of fraud proceeds
• enhanced asset recovery tools, including payment suspension, freezing measures, and non-conviction-based confiscation
• strengthening regulation of virtual assets to reduce misuse in fraud schemes
• improved beneficial ownership transparency to prevent misuse of shell companies
• greater domestic and cross-border cooperation between competent authorities
• use of advanced analytics and machine learning by FIUs and financial institutions to detect fraud patterns.

FATF confirmed that fraud will remain a strategic focus area over the coming years, with continued work on emerging typologies and coordinated international responses.

You can find the FATF paper in full here.

On 25–26 February, the FATF held a Learning and Development Forum (‘LDF’) in London, hosted by HM Treasury and the City of London Corporation. The forum brought together over 100 representatives from financial supervisors, financial intelligence units (‘FIUs’), law enforcement agencies (‘LEAs’), policy makers, Wolfsberg Group members, and major international banks to discuss implementation of the risk-based approach, with particular focus on risk-based supervision.

The discussions focused on strengthening effectiveness in AML/CFT systems and aligning supervisory and private sector efforts with identified risk priorities.

Key themes were:

• emphasis on shifting supervisory focus from rule adherence to addressing the highest money laundering and terrorist financing risks
• importance of aligning national priorities across supervisors, FIUs, LEAs and financial institutions to ensure resources are allocated to higher-risk areas
• recognition of inconsistencies in interpretation and application of the risk-based approach across stakeholders
• need to move away from “zero-failure” approaches and reduce low-value or defensive reporting
• increasing use of public-private partnerships to share operational intelligence and improve detection and prevention outcomes
• evolving supervisory techniques, including greater use of technology and offsite supervision
• focus on “function over form” in assessing effectiveness.

Participants also discussed development of a roadmap to improve global implementation of the risk-based approach and risk-based supervision, including enhanced alignment among stakeholders, regular exchanges of supervisory practices, use of technology and information-sharing mechanisms, and consideration of innovative supervisory models in FATF evaluations.

You can read the FATF Meeting Insights in full here.

On 2 February, the DFSA imposed a financial penalty of US$ 455,176 on Ed Broking (MENA) Limited for multiple contraventions of DFSA legislation, including misleading and deceptive conduct.

The DFSA found that the firm provided different premium amounts to cedent insurers and reinsurers for the same reinsurance placements, misled reinsurers and clients regarding brokerage commissions and premium deductions and used altered documents. These practices were enabled by inadequate disclosure processes and failures to follow the firm’s own systems and controls.

Additional breaches were identified in relation to requirements for clear, fair, and not misleading communications, as well as failures to act with due skill, care, and diligence. The DFSA noted the firm’s cooperation throughout the investigation, including prompt self‑reporting, conducting an internal review, and providing restitution to affected clients, and reiterated its expectation that DIFC firms uphold the highest standards of conduct.

You can find the DFSA decision notice here.

On 6 February, the DFSA imposed a financial penalty of US$ 504,000 on Ark Capital Management (Dubai) Limited for deficiencies in its market‑abuse systems and controls, as well as for failing to notify the DFSA of a proposed change in control.

The DFSA found that the firm did not adequately assess or act promptly on market‑abuse alerts, resulting in unreported or delayed reporting of suspicious trading activity. The regulator also determined that the firm failed to notify it of an ownership structure that could have resulted in a change in control, as required under DFSA rules.

The DFSA reiterated that firms must maintain effective market‑abuse monitoring frameworks, submit timely Suspicious Transaction and Order Reports, and ensure full transparency in relation to proposed changes in ownership.

You can find the DFSA decision notice here.

On 10 February, the Financial Markets Tribunal upheld the DFSA’s decision to impose a financial penalty of USD 25,000 on Al Ramz Capital LLC for failing to immediately report suspicious transactions executed on Nasdaq Dubai.

The DFSA concluded that, as a Recognised Member of Nasdaq Dubai, Al Ramz had reasonable grounds to suspect that the transactions in question may have constituted market abuse. Under the applicable DFSA rules, this triggered an immediate obligation to report the matter to the DFSA. Al Ramz failed to make the required notification.

The Tribunal confirmed that the obligation to submit a suspicious transaction and order report (‘STOR’) arises on an objective basis, where reasonable grounds for suspicion exist, regardless of whether the firm subjectively suspected market abuse.

You can find the DFSA decision notice here.