Regulatory Update May 2026 – ME Region

On 1 May, the Dubai International Financial Centre (‘DIFC’) released a consultation paper seeking public comments on proposed amendments to the Prescribed Company (‘PC’) Regulations, along with minor changes to the DIFC Operating Regulations.

This consultation was of interest to individuals and entities conducting, or planning to conduct, business in the DIFC, including existing PCs, Registered Persons, corporates, family businesses, and other investors looking to establish a special‑purpose vehicle or holding company in the DIFC, as well as Corporate Service Providers (‘CSPs’) and legal advisors supporting any of these groups.

The key proposed changes included:

• removing qualifying requirements for establishing a PC, effectively opening the regime to any applicant
• introducing a requirement for a PC to appoint a (Dubai Financial Services Authority (‘DFSA’) regulated) CSP, unless it is an Exempt PC
• setting out statutory obligations for CSPs to act as the primary compliance and administrative interface between the Registrar of Companies (‘ROC’) and the PC.

You can read the DIFC consultation paper in full here. The comment period closed on 2 June.

On 4 May, the DFSA issued Consultation Paper No. 172 “Enhancements to the Islamic Finance Rules”, inviting comments on proposed updates to the Islamic Finance framework. The consultation focused on three core areas: Islamic endorsement requirements, Takaful disclosures, and consequential amendments across relevant rulebook modules.

A summary of the key changes is as follows:

• Islamic endorsement requirements
  • the DFSA clarified the circumstances in which an Authorised Person is deemed to be conducting Islamic Financial Business and therefore requires an Islamic endorsement
  • these circumstances include when a firm markets products as Shari’a compliant, manages an Islamic Fund or provides opinions on Shari’a compliance
• Takaful disclosure requirements
  • the DFSA proposed relocating existing Takaful‑related disclosure obligations from the Islamic Finance Rules (‘IFR’) module to the Conduct of Business (‘COB’) module to ensure consistent application, regardless of whether a product is marketed as Islamic
  • the proposals also introduced a formal definition of Takaful within the Glossary (‘GLO’) module
• amendments proposed across the IFR, COB, and GLO modules to align terminology and regulatory expectations with the above changes.

You can read the Consultation Paper here. Comments are welcome until 19 June and may be submitted through the designated online response form.

On 6 May, the Ministry of Economy and Tourism (‘MoET’), the Capital Market Authority (‘CMA’), and the DFSA have commenced their first joint Quality Management audit inspections, marking a coordinated national initiative to enhance capital markets oversight across the UAE.

This joint programme follows recently executed Memorandums of Understanding (‘MoUs’) between the DFSA, MoET, and CMA, establishing structured cooperation and information‑sharing mechanisms relating to the regulatory supervision of auditors within each authority’s jurisdiction.

The inspections focused on assessing audit firms’ implementation of International Standard on Quality Management 1 (‘ISQM 1’). The objective is to ensure that financial services firms operating across the UAE benefit from consistent, high‑quality assurance practices, aligned with recognised regulatory and professional benchmarks. This coordinated approach is intended to reinforce confidence in financial reporting integrity, audit quality, and organisational governance across the UAE’s capital markets.

You can read the DFSA announcement in full here.

On 12 May, following the close of the consultation period on the proposed amendments outlined in Consultation Paper 167, “Proposed Enhancements to the DFSA Rulebook to Align with Basel Core Principles”, the DFSA issued updates to several Rulebook modules. To support Firms in understanding these amendments, and to outline how the DFSA evaluated the public comments received on the proposed enhancements, the DFSA has also issued a Feedback Statement for CP 167.

The DFSA Board made the following Rulemaking Instruments to come into force on 1 January 2027.

The key proposed changes included:

• General Module (‘GEN’)
  • addition of new rule 5.3.5A for large and complex organisations requiring them to establish an independent risk management function responsible for overseeing risk-taking activities and managing all material risks faced by the firm
  • Authorised Persons must ensure its information systems produce data that is relevant, accurate, comprehensive, timely, and reliable to support effective decision-making by its Governing Body and senior management
  • for larger or more complex firms (Category 1, Category 2 excluding Matched Principal, and Category 5), the systems must enable firm-wide measurement of exposures across all risk types, products, and counterparties in both normal and stressed conditions, support effective risk data aggregation, and provide adequate reporting capabilities
  • governing bodies are ultimately responsible for sound corporate governance, including establishing and communicating a sound corporate and risk culture across the firm
• Prudential – Investment, Insurance Intermediation and Banking Business Module (‘PIB’)
  • amendments to T2 capital requirements for Category 1,2 and 5 firms
  • addition of a requirement for a process for reporting to the Governing Body and senior management Credit Risk management information
  • amendments to credit risk assessments, whereby Authorised Firms are required to classify their credit exposures into four different categories
  • under Rule 6.2.1, Authorised Firms must now ensure that their Operational Risk policy includes any material modifications to existing products, activities, processes, and systems.
• minor changes to IFR
• minor changes GLO for alignment.

You can read the DFSA amended Regulations in full here and the Feedback Statement on Consultation Paper 167 here.

In May, the DFSA continued its series of Business Continuity Planning (‘BCP’) calls with DIFC‑based firms in response to ongoing regional uncertainties. These discussions aimed to assess firms’ preparedness and ensure continuity of operations under various stress scenarios.

During these calls, the DFSA primarily focused on understanding whether firms have appropriate plans in place, including:

• arrangements for executive staff
• arrangements for non‑executive staff
• potential impact on client servicing
• potential impact on the revenue model
• potential adverse impacts on business operations
• general regional sentiment and whether current conditions may influence business expansion plans or confidence in continuing operations within the DIFC.

In addition, the DFSA continued to emphasise the importance of SEOs staying fully up to date with Dear SEO Letters, including the most recent Dear SEO Letters on temporary regulatory relief and elevated cyber risk threats, which can be found on the DFSA website here.

In May, the DFSA issued three alerts concerning fraudulent activities involving impersonation and false claims of regulatory status.

On 1 May, the first alert involved Astara Bay Capital, which falsely claimed to be a DFSA-regulated entity through its website and social media channels. The DFSA confirmed that this entity is neither authorised nor incorporated in the DIFC.

On 13 May, the second alert concerned the impersonation of a legitimate DFSA Authorised Firm, where a fraudulent website (https://theultimatum.pro) was created using a similar name and misappropriated regulatory details to falsely suggest DFSA authorisation.

On 15 May, the third alert related to an advance fee scam in which the DFSA was impersonated. Fraudsters circulated fake correspondence claiming that recipients were entitled to substantial investment funds held in the UAE bank accounts, subject to payment of fees to obtain a fictitious “Fund Release Authorization Certificate.” Victims were subsequently pressured to make additional payments under time-sensitive conditions.

Collectively, these cases demonstrate a pattern of misuse of DFSA branding, false regulatory claims, and reliance on digital channels to solicit funds. Stakeholders were reminded to verify all entities against the DFSA Public Register and to exercise caution about unsolicited communications.

You can read the DFSA alerts in full here.

On 7 May, following the publication of the UAE Proliferation Financing National Risk Assessment (‘PF NRA’ or the ‘Assessment’) by the UAE authorities, the Financial Services Regulatory Authority (‘FSRA’) issued Notice FSRA/FCCP/82/2026 to disseminate the updated Assessment to all regulated entities.

The FSRA reminded regulated firms to comply with the following requirements:

• update PF risk assessment
  • align the firm’s internal PF risk assessment with the updated UAE PF NRA, ensuring all identified national‑level risks are appropriately reflected
• conduct a PF self‑assessment
  • identify and integrate PF and sanctions‑evasion typologies highlighted in the updated NRA into the firms’ AML/CFT/CPF framework, including policies, procedures, and suspicious‑activity detection systems, with particular emphasis on due diligence, screening, and verification control
• maintain ongoing updates
  • ensure the PF risk assessment, policies, and procedures are reviewed and updated regularly, with risk‑mitigation measures fully embedded and effectively implemented across relevant business lines
• apply enhanced due diligence (‘EDD’)
  • implement EDD measures for higher‑risk PF scenarios, particularly those relating to the financing of weapons proliferation
• provide staff training
  • deliver targeted training and awareness sessions to relevant staff on the updated national PF risk assessment findings and prevalent sanctions‑evasion typologies.

You can read the DFSA Notice in full here.

On 13 May, the FSRA issued Notice FSRA/FCCP/83/2026 to remind Financial Institutions (‘FIs’), Virtual Asset Service Providers (‘VASPs’), and Designated Non‑Financial Businesses and Professions (‘DNFBPs’) of their obligation to respond promptly and accurately to all UAE Financial Intelligence Unit (‘UAE FIU’) enquiries submitted through the Integrated Enquiry Management System (‘IEMS’) or goAML platforms. This supervisory reminder reinforces the critical role of timely information‑sharing in supporting the UAE’s AML/CFT/CPF framework.

The FSRA highlighted that the IEMS User Guide sets out the operational requirements governing the secure receipt, management, and submission of responses to FIU and other competent‑authority requests. Entities are expected to maintain full familiarity with these requirements and ensure robust internal processes to meet them.

Key expectation reiterated by the FSRA included:

• maintaining up‑to‑date knowledge of all goAML and IEMS access, usage, and reporting obligations
• responding to all IEMS enquiries accurately, comprehensively, and within prescribed timelines
• complying with FIU instructions contained in the “FIU Comments” field, attached notices, and associated checklists
• submitting documentation in the exact format and for the precise review period specified
• maintaining effective internal controls to ensure timely escalation, review, and handling of FIU requests
• ensuring staff competency through adequate training on IEMS procedures and AML/CFT/CPF obligations
• implementing freezing orders immediately in accordance with FIU instructions, irrespective of customer liabilities or obligations.

The FSRA emphasised that timely, accurate, and complete responses to UAE FIU enquiries are essential to maintaining the integrity of the UAE’s financial system and ensuring compliance with applicable regulatory requirements. Relevant Persons were further reminded of their obligations under Federal AML/TFS legislation, National Directives, and the ADGM AML Rulebook. The FSRA reiterated that it will take appropriate regulatory action against any Relevant Persons that fails to comply with FSRA‑administered rules or Federal AML/CFT laws.

You can read the FSRA Notice in full here and the IEMS User Guide here.

On 7 May, the ADGM Courts entered a MoU with the Mediation Hub MENA (‘TMH’), marking a significant step in advancing mediation as a key dispute resolution mechanism across the UAE and the wider MENA region.

The MoU establishes a collaborative framework aimed at enhancing the accessibility, efficiency, and uptake of mediation, aligning with international best practices. As part of the agreement, TMH will nominate qualified mediators to support the ADGM Courts’ Court-Annexed Mediation Scheme, further strengthening the existing Pro Bono Mediators Panel.

In addition, the collaboration will explore a range of joint initiatives designed to build capacity and awareness in mediation, including the development of training programmes, stakeholder engagement initiatives, and the potential endorsement of regional efforts such as the UAE Mediation First Pledge.

You can read the ADGM announcement in full here.

On 13 May, the FSRA notified prudential category 1, 2, and 5 firms of a revision to the Countercyclical Capital Buffer (‘CCyB’) applicable to UAE credit risk exposures.

Following an earlier increase to 0.50% effective 1 January 2026, aligned with guidance from the UAE Central Bank, the CCyB has now been reduced back to 0% with immediate effect, in response to current regional and global conditions.

Firms should take note of the immediate applicability of the revised buffer requirement and ensure alignment with the Prudential — Investment, Insurance Intermediation and Banking Rulebook (‘PRU’) Rulebook. The FSRA requested confirmation of receipt of the notification by 22 May 2026.

You can read the FSRA Notice in full here.

On 14 May, the ADGM published the 2026 update to its Money Laundering and Terrorist Financing (‘ML/TF’) Risk Assessment for Legal Persons and Arrangements (‘LPA’), building on the March 2024 assessment, and incorporating a revised methodology, including a transition from a four-point to a five-point risk scale.

The update reflects significant growth in the jurisdiction, with LPA numbers increasing by approximately 72% (from 7,173 in 2024 to 12,302 in March 2026), prompting a more granular reassessment of ML/TF risks.

The revised assessment remains broadly aligned with the UAE National Risk Assessment and provides an ADGM specific view of risks across legal structures. While threat indicators have evolved in line with national intelligence, strengthened mitigants such as enhanced beneficial ownership transparency, increased supervision, and expanded enforcement tools, have helped maintain an overall stable risk profile. The findings continue to inform ADGM’s risk-based approach to licensing, supervision, and enforcement activities.

You can read the ADGM assessment in full here.

On 18 May, ADGM reported its key Q1 2026 performance metrics:

• assets under management increased by 57%, supported by a 24% rise in asset and fund managers to 179, and a 43% increase in the number of funds managed within ADGM
• total active licences reached 13,353, including 961 new licences issued during the quarter
• the number of financial services firms grew by 30% to 365, whilst the workforce expanded by 44% to 47,047.

Overall, these figures reflect the continued expansion of ADGM’s financial ecosystem.

You can read the ADGM results in full here.

On 20 May, the FSRA and the Hellenic Capital Market Commission (‘HCMC’) announced the signing of a MoU, establishing a formal framework for cooperation and mutual assistance between the two authorities. HCMC is an independent public authority responsible for the supervision and regulation of the Greek securities and financial markets, operating under the framework of both Greek law and European Union financial regulation.

The agreement sets out a practical framework for collaboration on the supervision and regulation of capital markets, including structured information exchange and mutual assistance within the respective mandates of each authority. The MoU also supports cooperation on shared regulatory priorities, including the prevention and detection of money laundering, terrorist financing, and proliferation financing, as well as the effective implementation of relevant sanctions requirements.

You can read the FSRA announcement in full here.

On 21 May, the FSRA announced the finalisation of enhancements to its regulatory framework for anti-money laundering, counter-terrorist financing, counter-proliferation financing, and sanctions compliance (the ‘AML Framework’), via FCCP Notice No. 87 of 2026 (Updated Version of the AML Rulebook).The updates follow industry engagement and feedback received in response to Consultation Paper No. 1 of 2026.

The amendments include revisions to the Financial Services and Markets Regulations 2015 (‘FSMR’) and the Anti-Money Laundering and Sanctions Rulebook (‘AML Rulebook’), reflecting developments in the UAE federal legislation and alignment with evolving international standards, including the recommendations of the Financial Action Task Force (‘FATF’). The FSRA noted that the enhancements are expected to have limited impact on existing compliance obligations, consistent with feedback received during the consultation process.

A summary of the key changes are as follows:

• AML Rulebook
  • references updated throughout to refer to the new AML Law (Federal Decree Law No. 10 of 2025) and AML Regulations (Cabinet Resolution No. 134 of 2025)
  • express clarification that the Rulebook cannot be relied upon to interpret federal law, and firms are required to refer directly to the legislation
  • roles of key authorities clarified, including NAMLCFTC identified as responsible for national AML oversight, the FIU for SAR/STR reporting, and the EOCN for targeted financial sanctions implementation
  • new requirement for VASPs to be licensed as an Authorised Person or Recognised Body, prohibiting unlicensed activity
  • with regard to virtual asset transfer requirements, new travel rule framework (Section 10.3) introducing obligations for the originator and beneficiary information to accompany VA/FRT transfers, alongside verification and due diligence requirements
  • enhanced controls also apply to transfers involving unhosted wallets, where full customer due diligence is now mandatory in all cases
  • AML 4.9 introduces a new standalone framework requiring firms to maintain updated FATF lists, prohibiting operations in “Call for Action” jurisdictions and mandating enhanced due diligence where exposure exists
  • requirements for standard CDD were expanded for both natural persons and legal entities, with additional identification data now required
  • reliance on third parties in high-risk jurisdictions is now prohibited, and outsourcing obligations have been significantly expanded to include due diligence, contractual controls, ongoing oversight, and operational resilience requirements
  • foreign PEPs are now automatically classified as high risk, while domestic PEPs remain subject to a risk-based assessment
  • firms must periodically refresh customer risk assessments and ensure that business risk assessments are formally approved by senior management, incorporating UAE national risk findings
  • enhanced requirements were introduced for employee screening, policy approval, and ongoing reporting to senior management
  • firms must also notify the FSRA where foreign laws impede AML compliance
  • the MLRO role has been expanded to include formal review and assessment of AML systems and controls, with an obligation to recommend enhancements
  • in relation to correspondent banking, definitions and terminology have been updated, and firms are now required to conduct ongoing monitoring of such relationships
• FSMR
  • creation of AML section 15A – E
  • section 15A formally recognises the application of UAE Federal AML legislation, including Federal Decree Law No. 10 of 2025
  • clarification that “money laundering” includes terrorist financing and proliferation financing
  • explicit designation of the FSRA as the Supervisory Authority for AML in ADGM
  • sections 15C, 15D, 15E introduce formal regulatory framework for DNFBPs within the ADGM
• GEN Module
• GLO Module.

You can read the FSRA announcement in full here.

On 21 May, the FSRA conducted a compliance roundtable for VASPs. The session covered the following topics:

• an overview of the VASP sector within ADGM
• third party risk monitoring
• leveraging technology for Insights on VASP activities
• operational resilience in a stressed environment.

The FSRA also presented findings from its thematic review of complaints handling practices, highlighting several key issues and expectations.

Key observations included:

• inconsistent approaches to complaints handling across firms, driven by weak governance, insufficient staff training, and unclear distinctions between complaints and service requests
• extremely low reported complaint volumes, raising concerns around potential underreporting or inadequate identification of complaints across all channels.

Regulatory expectations:

• firms must clearly define and consistently identify complaints across all channels
• enhanced governance frameworks, including mandatory staff training and active senior management oversight
• robust procedures to ensure all complaints are recorded, escalated, and appropriately resolved
• proper client segmentation (retail vs professional), with stricter requirements for retail clients, including resolution within 30 days and enhanced protections.

The FSRA clarified that firms will not be penalised for higher complaint volumes, supervisory focus will instead be on the quality of complaint handling and resolution. Firms are expected to strengthen complaints handling frameworks by improving identification, avoiding underreporting, and ensuring comprehensive processes across all channels to support overall sector resilience.

On 22 May, and pursuant to the Notice No. 172 of 2025, the FSRA issued a direct communication to SEOs and MLROs in the ADGM to inform firms that updated English and Arabic versions of the Federal Decree Law No. (10) of 2025 on Anti-Money Laundering, Combating the Financing of Terrorism, and Financing of Illegal Organizations had been published on the FCCP website. Firms were advised to disregard any previous versions of the law and to ensure that reference is made exclusively to the updated versions available online.

You can read the updated AML regulations in full here.

In May, the Statistics Centre Abu Dhabi (‘SCAD’) issued email request to selected ADGM / Abu Dhabi firms to request participation in the statistical surveys conducted to measure the adoption and use of artificial intelligence (‘AI’) technologies within organisations in the Emirate of Abu Dhabi. The first phase of the survey took place between 20 April and 19 May, and evaluated the impact of AI on employment, productivity, innovation, and competitiveness. It also sought to identify challenges and opportunities related to AI technologies and support the development of an economic database in Abu Dhabi.

On 5 May, the FSRA issued an alert to the financial services community and the public regarding fraudulent activity associated with the websites tungsten-me.com and tgst-me.com. The FSRA identified that these websites closely imitate the legitimate online presence of Tungsten Custody Solutions Ltd, an FSRA‑regulated entity, and may mislead individuals into believing they are dealing with the authorised firm.

The FSRA confirms that these websites are not associated with Tungsten, and the operators behind them are not licensed or authorised to conduct any Regulated Activities in or from ADGM. The FSRA believes the websites have been created for the purpose of conducting fraud and poses a risk to potential investors and members of the public.

Individuals who wish to report concerns about fraudulent websites linked to financial services in ADGM should do so through the FSRA’s Complaints Portal. For matters relating to cybercrime, reports should also be submitted to the relevant authorities via the appropriate cybercrime reporting channels.

You can read the FSRA alert in full here.

On 5 May, the National Committee for Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Financing (‘National Committee’), during its second meeting of 2026, endorsed the public edition of the UAE PF NRA.

The UAE positions proliferation financing (‘PF’) as a significant threat to global security and continues to prioritise the prevention of financial crime at the national level. The UAE has established comprehensive mechanisms to implement targeted financial sanctions and counter Weapons of Mass Destruction (‘WMD’) proliferation, with competent authorities working in close coordination across risk identification, intelligence gathering, supervision, enforcement, and international cooperation. Following the FATF’s 2020 revisions to Recommendation 1, the UAE undertook the PF NRA to ensure a full understanding of its exposure to PF risks and to apply proportionate, risk‑based mitigation measures. The assessment outlines key PF typologies and trends relevant to the UAE and calls on both public and private sector entities to use these findings to refine strategies, strengthen internal controls, and allocate resources effectively in line with identified risks.

Key findings from the 2026 PF NRA included the following:

• major threat actors and typologies such as PF risks linked to DPRK (UNSCR 1718) and Iran (UNSCR 1737/2231)
  • use of trade finance and falsified shipping documents
  • front companies and complex ownership structures
  • cyber‑enabled theft of virtual assets
  • cross‑border smuggling of cash, gold, and high‑value goods
• core vulnerabilities of the UAE’s attractiveness as a trade and transshipment hub
  • proximity to Iran
  • high volumes of trade finance transactions
  • growth of the virtual asset sector
  • presence of Commercial Free Zones (‘CFZs’)
  • challenges in identifying ultimate beneficial owners (‘UBOs’).

The key sectoral insights included:

• VASPs
  • high risk in the mainland due to anonymity and cyber‑threat exposure
  • medium‑high in free zones
• Banks, Exchange Houses, Hawala Providers
  • medium‑high in the mainland
  • medium in free zones
• Maritime Insurance
  • medium in the mainland
  • medium‑low in free zones
• Stored Value Facilities
  • medium‑low in the mainland
  • free zones do not host any SVFs
• Securities, Audit Firms, Real Estate
  • low risk in the mainland
• Dealers in Precious Metals and Stones (‘DPMS’)
  • medium risk in the mainland
• Corporate Service Providers (‘CSPs’)
  • medium in the mainland
  • medium‑low in free zones
• Law Firms and Legal Consultants
  • medium‑low in the mainland.

You can read the UAE PF NRA in full here.

On 5 May, the National Committee for Anti-Money Laundering and Combating the Financing of Terrorism and Proliferation Financing (‘National Committee’), during its second meeting of 2026, endorsed the public edition of the UAE PF NRA.

The UAE positions proliferation financing (‘PF’) as a significant threat to global security and continues to prioritise the prevention of financial crime at the national level. The UAE has established comprehensive mechanisms to implement targeted financial sanctions and counter Weapons of Mass Destruction (‘WMD’) proliferation, with competent authorities working in close coordination across risk identification, intelligence gathering, supervision, enforcement, and international cooperation. Following the FATF’s 2020 revisions to Recommendation 1, the UAE undertook the PF NRA to ensure a full understanding of its exposure to PF risks and to apply proportionate, risk‑based mitigation measures. The assessment outlines key PF typologies and trends relevant to the UAE and calls on both public and private sector entities to use these findings to refine strategies, strengthen internal controls, and allocate resources effectively in line with identified risks.

Key findings from the 2026 PF NRA included the following:

• major threat actors and typologies such as PF risks linked to DPRK (UNSCR 1718) and Iran (UNSCR 1737/2231)
  • use of trade finance and falsified shipping documents
  • front companies and complex ownership structures
  • cyber‑enabled theft of virtual assets
  • cross‑border smuggling of cash, gold, and high‑value goods
• core vulnerabilities of the UAE’s attractiveness as a trade and transshipment hub
  • proximity to Iran
  • high volumes of trade finance transactions
  • growth of the virtual asset sector
  • presence of Commercial Free Zones (‘CFZs’)
  • challenges in identifying ultimate beneficial owners (‘UBOs’).

The key sectoral insights included:

• VASPs
  • high risk in the mainland due to anonymity and cyber‑threat exposure
  • medium‑high in free zones
• Banks, Exchange Houses, Hawala Providers
  • medium‑high in the mainland
  • medium in free zones
• Maritime Insurance
  • medium in the mainland
  • medium‑low in free zones
• Stored Value Facilities
  • medium‑low in the mainland
  • free zones do not host any SVFs
• Securities, Audit Firms, Real Estate
  • low risk in the mainland
• Dealers in Precious Metals and Stones (‘DPMS’)
  • medium risk in the mainland
• Corporate Service Providers (‘CSPs’)
  • medium in the mainland
  • medium‑low in free zones
• Law Firms and Legal Consultants
  • medium‑low in the mainland.

You can read the UAE PF NRA in full here.

On 5 May, the CMA published a warning regarding Wealth World Capital Investment Company (LLC) and Arbitrage Prime, including the website (https://www.arbitrageprime.com), based in Dubai.

The CMA noted that these entities are not licensed by the Authority to conduct any regulated financial activities and disclaimed any responsibility for dealings with them, cautioning the public against engaging with such unregulated entities.

You can read the CMA warning in full here.

On 6 May, the CMA held an outreach session to highlight good practices and common weaknesses in AML and financial crime control frameworks, while promoting the effective and consistent implementation of key controls and regulatory obligations.

The outreach emphasised the obligations of regulated entities to enhance and maintain robust AML frameworks. Entities are required to remain aware of, understand, and fully comply with applicable regulatory requirements. The UAE AML framework continues to develop, most recently through Federal Decree-Law No. 10 of 2025 and its related Cabinet Resolutions. Any deficiencies or gaps in policies and procedures may lead to enforcement actions. Accordingly, entities must ensure the timely remediation of deficiencies, the implementation of corrective measures, and the demonstration of improvements where gaps have been identified.

The CMA emphasised that a key regulatory priority is for entities to understand and clearly define their risk profile. Entities are required to complete and assess their internal controls on an annual basis and ensure that their policies and procedures remain aligned with regulatory requirements under a risk‑based approach. The CMA conducts inspections to evaluate these controls, and where deficiencies are identified, entities are required to implement corrective measures.

From a supervisory standpoint, the CMA expects entities to regularly review their internal controls, including the implementation and effectiveness of any remedial actions taken in response to identified deficiencies. This review must extend beyond written policies and encompass the full AML framework, including systems, controls, and procedures.

Entities are expected to take prompt and effective action to address any identified gaps. A proactive compliance function is essential, with sufficient awareness of all activities undertaken within the entity, including the introduction of new products, services, or platforms, to ensure the continued effectiveness of controls. Strong senior management oversight remains a critical component of an effective internal control framework.

Key topics included:

• business wide risk assessment
• risk appetite statement
• regulatory expectations and AML/CFT framework
• governance and senior management arrangements
• CDD-EDD and ongoing monitoring
• transaction monitoring and SAR/STR
• sanctions compliance and targeted financial sanctions
• internal controls and auditing
• gap analysis and training and awareness
• regulatory filings
• communication with CMA.

As a closing remark, the CMA reiterated the importance of maintaining robust governance arrangements and encouraged all entities to reassess their systems and controls to ensure they remain fully aligned with regulatory expectations and operate effectively. Entities were reminded of the need to adopt a proactive approach to AML/CFT compliance, supported by strong controls and oversight across all levels of the organisation.

On 13 May 2026, the UAE Cabinet issued Resolution No. 63 of 2026, amending the UAE Terrorist List to include the names of 21 individuals and entities designated for their links to, or support of, terrorism.

The UAE Terrorist List refers to an official list of individuals, entities, and organizations designated as terrorists by the UAE government. It operates alongside UN sanctions lists and is part of the UAE’s TFS regime, aligned with FATF requirements (notably Recommendations 6 and 7).

Additions to the list included:

• Individuals
  • Ali Mohammed Karneeb
  • Nasser Hassan Nasr
  • Hassan Shehadeh Osman
  • Samer Hassan Fawaz
  • Ahmed Mohammed Yazbek
  • Isa Hussein Qasir
  • Ibrahim Ali Daher
  • Abbas Hassan Ghareeb
  • Emad Mohammed Bazzi
  • Ezzat Yousef Akr
  • Wahid Mahmud Sbeiti
  • Mustafa Habib Harb
  • Mohammed Suleiman Badir
  • Adel Mohammad Mansour
  • Ali Ahmed Krisht
  • Nima Ahmad Jamil
• Entities:
  • Bayt Al Mal Al Muslimeen
  • Al Qard Al Hassan Association
  • Al Tasheelat Company
  • The Auditors for Accounting and Auditing
  • Al Khobara For Accounting Auditing and Studies.

Firms are required to update their records to reflect amendments to the UAE Local Terrorist List and conduct a review of their client databases and relevant information against the updated list. Where matches or potential matches are identified, firms must take appropriate action in accordance with applicable Federal AML legislation.

Firms were also reminded that they are required to subscribe to the UAE Government’s official notification service for updates to the UAE Terrorist List and the UNSC List, in line with Federal Cabinet Resolution No. 74 of 2020. This ensures timely identification and implementation of sanctions-related changes.

You can read the amended entries to the UAE Terrorist List here.

On 21 May, the AML and Financial Crimes Department of the CMA issued a reminder to licensed financial institutions and VASPs, following its earlier communication of 8 May 2026, regarding the UAE Proliferation Financing National Risk Assessment 2026 (PF NRA 2026).

Pursuant to directions from the Executive Office for Control and Non-Proliferation (‘EOCN’), firms were reminded of mandatory actions, including updating internal proliferation financing risk assessments, applying enhanced due diligence for higher-risk exposures, strengthening internal controls and monitoring systems, and delivering targeted staff training.

The CMA emphasised that these requirements are mandated under Federal Law No. 10 of 2025 and will be incorporated into its ongoing supervisory framework.

You can read the PF NRA in full here.

On 21 May, the CMA issued Circular No. 1 of 2026 to licensed companies, informing them of amendments to Chapter Four (Capital Adequacy) of the Rulebook for Financial Activities, pursuant to Chairman’s Decision No. (11/Chairman) of 2026. The amendments are effective immediately and apply from the May 2026 reporting period. They introduce a revised minimum capital requirement for credit risk coverage of 16.5%, to be implemented on a phased basis. The ratio will remain at 14% initially, increase to 15% effective from the July 2027 report, and reach 16.5% from the July 2028 report.

To support implementation, the CMA conducted guidance sessions on 3 and 4 June 2026, covering the updated requirements and preparation of Capital Adequacy Reports.

On 13 May 2026, the 42nd Plenary Meeting of the Middle East and North Africa Financial Action Task Force (‘MENAFATF’), chaired by the United Arab Emirates, concluded in Morocco, following its commencement on 11 May 2026.

The Plenary brought together over 35 member jurisdictions, observers, and international partners, resulting in key decisions to strengthen regional cooperation in combating money laundering, terrorist financing, and proliferation financing. The meeting reviewed member progress on technical compliance and effectiveness, adopting enhanced follow-up reports for Algeria and Kuwait, including upgrades to certain compliance ratings.

The Plenary also noted legislative and supervisory enhancements by member states, including improvements in targeted financial sanctions implementation, beneficial ownership transparency, risk-based supervision, and international cooperation mechanisms such as mutual legal assistance and asset recovery.

The plenary serves as a key regional forum for advancing cooperation, discussing policy developments, and strengthening the implementation of international standards across the AML/CFT/CPF framework.

You can read the MENAFATF announcement in full here.

On 20 – 21 May 2026, the MENAFATF, in cooperation with the United Nations Office on Drugs and Crime (‘UNODC’) and regional partners, convened a workshop in Cairo on the use of virtual assets in laundering proceeds from trafficking in persons and the smuggling of migrants.

The workshop brought together approximately 50 representatives from law enforcement, financial intelligence units, prosecutors, and international organisations to enhance understanding of the risks associated with virtual assets and VASPs, and to support the implementation of FATF standards, particularly Recommendation 15.

Discussions focused on emerging criminal typologies and money laundering methods involving cryptocurrencies, as well as practical investigative approaches, including blockchain tracing and digital wallet analysis. The sessions also explored the risks associated with evolving technologies such as decentralised finance (‘DeFi’), decentralised exchanges, stablecoins, and Web3 ecosystems in facilitating illicit financial flows.

You can read the MENAFATF announcement in full here.

On 21 May 2026, the Committee updated the United Nations Security Council Consolidated List (UNSC List), which contains the names of individuals and entities subject to sanctions, including those designated under Security Council resolutions 1267 (1999), 1989 (2011), 2253 (2015), and 1591 (2005) concerning ISIL Daesh, Al Qaida, and associated individuals, groups, undertakings, and entities.

As part of this update, seven individuals were removed from the UNSC List:

• Majeed Abdul Chaudhry
• Mohammed Tufail
• Mustafa Hajji Muhammad Khan
• Hafiz Abdul Salam Bhuttavi
• Aamir Ali Chaudhry
• Maulana Fazlullah
• Abdul Rehman Makki.

Accordingly, the asset freeze, travel ban, and arms embargo measures set out in paragraph 1 of United Nations Security Council Resolution 2734 (2024), adopted under Chapter VII of the Charter of the United Nations, no longer apply to the individuals listed above.

You can read the amended entries to the UN sanctions list here.

On 13 May, the DFSA imposed a financial penalty of US$ 139,722 on Mr Wael Abdelmohsen Abdellatif Mohamed Emara for misleading and deceptive conduct in breach of DFSA legislation. The sanction reflects a reduction from the original US$ 285,149 following Mr Emara’s settlement and the DFSA’s consideration of his financial‑hardship submission.

In addition to the monetary fine, the DFSA has prohibited Mr Emara from holding office or employment within any DFSA‑Authorised Firm, and restricted him from performing any function related to the provision of financial services in or from the DIFC.

Mr Emara, formerly a senior reinsurance broker at Ed Broking (MENA) Limited, engaged in conduct over more than three years that involved:

• misquoting premiums to cedant insurers and reinsurers to generate undisclosed brokerage
• misrepresenting required deductions from premiums, which were instead retained by the Firm
• manipulating reinsurance documentation provided to clients to conceal inflated premiums or altered brokerage figures.

The DFSA concluded that Mr Emara lacked integrity and is not fit and proper to participate in financial services activities within the DIFC. This action follows an earlier DFSA fine of US$ 455,176 imposed on Ed Broking (MENA) Limited for related breaches.

You can read the DFSA enforcement in full here.