Regulatory Update September 2025 – ME Region

On 9 September, the Dubai Financial Services Authority (‘DFSA’) published the findings of its thematic review on self‑custody arrangements following a review of Fund Managers (‘FMs’) in the DIFC that maintain self‑custody arrangements for domestic funds, including public, exempt, and qualified investor funds (‘QIFs’).

The thematic review was prompted by the significant growth in domestic funds, with 30% operating under self‑custody models, which presented heightened risks such as potential mismanagement or misappropriation of fund property. The DFSA reviewed 23 FMs and tested 46 funds against applicable rules in the collective investment rules (‘CIR’) based on fund type.

The thematic review focused on identifying examples of good practice, areas for improvement, and required actions and covered the following key areas:

• operational risk good practices
  • some firms maintain electronic custody registers, which include all entries related to the real properties owned by the fund
  • some firms establish an operations manual for each fund, which includes a description of all custody arrangements applicable to that fund
• operational risk areas for improvements
  • policies and procedures did not include self-custody arrangements
  • policies and procedures were not periodically reviewed and updated to reflect the current self-custody arrangements
• conflicts of interest risk areas for improvement
  • policies and procedures did not include conflicts of interest risks in relation to self-custody
  • proper disclosures in relation to conflicts of interest were not included in the fund’s private placement memorandum/prospectus
• risk mitigation areas of improvement
  • some FMs did not include a review of their self-custody arrangements as part of the Firm’s compliance monitoring programme
  • compliance reports in relation to self-custody arrangements did not include sufficient details showing how such arrangements were assessed to be adequate
  • none of the FMs considered subjecting their self-custody arrangements to internal audit reviews
• transparency and disclosure risk and liquidity risk
  • the review did not identify major shortcomings in these two areas.

The DFSA now expects all FMs to reflect on the review’s findings and demonstrate how they have incorporated relevant governance and risk mitigation measures in future regulatory interactions.

The following actions are required:

• FMs should review the adequacy of their self-custody policies and procedures to ensure they accurately reflect current arrangements and are proportionate to the nature, scale, and complexity of their business activities, as well as their size and organisational structure
• FMs must ensure that appropriate disclosures regarding self-custody arrangements are clearly communicated to unitholders
• FMs managing open-ended domestic funds must have robust systems and controls in place to effectively manage liquidity risk
• FMs should assess the oversight applied to self-custody arrangements to ensure compliance with relevant DFSA rules and regulations.

You can read the DFSA thematic review in full here.

On 10 September, the DFSA and Hong Kong’s Securities and Futures Commission (‘SFC’) formalised a Memorandum of Understanding (‘MoU’) aimed at enhancing regulatory cooperation in the supervision of collective investment scheme managers operating across both jurisdictions.

The MoU, signed during the 10th Belt and Road Summit in Hong Kong, establishes a framework for ongoing consultation, information exchange, and collaborative oversight. It reflects a shared commitment to promoting regulatory alignment, governance standards, and compliance in cross-border investment management and advisory activities.

This initiative builds on a year of joint engagement between the DFSA and SFC, including high-level discussions and a co-hosted roundtable with leading asset managers. The agreement underscores the strategic importance of regulatory connectivity between the DIFC and Hong Kong, particularly in the context of the Belt and Road market integration.

You can read the full DFSA announcement here.

On 16 September, the DFSA released results of its thematic review focused on high-growth firms operating in or from the DIFC. The review forms part of the DFSA’s broader strategy to promote controlled and sustainable growth within the DIFC.

It was conducted in two phases:

• data analysis, involving a review of existing DFSA regulatory reporting
• desk-based assessment and on-site visits to a selected group of 16 firms.

The report assesses how rapid expansion impacts firms’ financial resources, systems and controls, operational processes, and staffing, while identifying both emerging risks and best practices.

The key trends and growth drivers outlined in the report are based on feedback received from the firms and include the following:

• operational expansion and relocation
  • firms are expanding their presence in DIFC by transferring operations and staff from global financial hubs such as London, Paris, and Singapore
  • brokerage firms are shifting desks and targeting growth in commodities (energy and metals), equities, and prime brokerage services
• talent migration and hedge fund activity
  • staff from other jurisdictions are expressing interest in relocating to Dubai, driven by regional business opportunities
  • the growing presence of hedge funds in DIFC is attracting additional business and talent
• Islamic finance as emerging sector
  • client demand is driving interest in Islamic finance as a regional growth area
• compliance and operational resilience
  • firms are advised to ensure compliance resourcing, systems, and controls scale with growth
  • transfers of staff and clients must be managed carefully, with proper DFSA onboarding and training
• consolidation and acquisition activity
  • industry feedback points to increased acquisitions and brokerage sector consolidation, as smaller firms struggle to compete with larger players’ infrastructure
  • acquiring firms must address risks such as systems integration, entering unfamiliar business areas, inheriting conduct risks etc.
• demographic shifts and wealth migration
  • Dubai’s rising population and influx of high-net-worth individuals are fuelling demand for wealth management and real estate services
  • firms are expanding advisory teams and noting demographic changes, including more clients of Chinese and African descent
• strategic location and time zone advantage
  • Dubai’s position as a gateway between East and West, and its Gulf Standard Time (‘GST’), supports global business connectivity
• positive regulatory environment
  • firms praised the DFSA’s regulatory framework and business-friendly approach, reinforcing Dubai’s appeal as a growth destination.

The review also offered valuable insights regarding business strategy and growth plans:

• good practice
  • the review found that most firms had appropriately updated their regulatory business plans (‘RBP’) to reflect current strategies, operational setups, or to support licence variation applications
  • several firms also demonstrated good practice by providing the DFSA supervision team with advance notice of planned changes to business activities, personnel, or regional expansion
• areas of improvements
  • incomplete RBP updates – some firms failed to include sufficient detail on strategic changes, rationale, and viability
  • failure to notify the DFSA of firm’s intention to establish a new entity, or the potential impact on its existing DIFC operations
• required actions
  • firms should review their RBPs to ensure they remain accurate, up to date, and appropriately reflect the firm’s current business model and scope of activities, as well as anticipated developments over the next 12 months.

The review offered the following insights regarding governance and decision making:

• good practice
  • appointment of new senior executive officer (‘SEO’)
  • creating new committees or sub-committees to enhance governance and oversight
• areas of improvement
  • in many instances, board minutes in several firms were found to be overly high-level, lacking sufficient discussion and challenge around growth strategies, associated risks, resourcing, and financial projections
  • while some firms used management information to identify growth areas and monitor operational impact the DFSA encourages more substantive use of MI to effectively measure expansion success
• required actions
  • firms should assess whether enhancements are required to their existing governance and oversight frameworks
  • firms should also evaluate the need for additional management information (‘MI’) to effectively monitor the impact of new growth areas on both financial and non-financial resources (such as backlogs, complaints, and operational risk events) and to measure the success of their expansion initiatives.

On the topic of key risks and compliance matters, the review found the following:

• good practice
  • there was evidence of some firms proactively identifying potential risks associated with growth and adopting an incremental, iterative approach to expanding their service offerings and launching new products (this included soft launches, testing phases, and multiple feedback loops involving various areas of the business)
• areas of improvement
  • reactive approach to recruitment relying on automated processes and group-level support
  • in several cases, growth initiatives were driven by business teams without early involvement from compliance, limiting proactive risk management
• required actions
  • firms should ensure sufficient headcount, skillsets, and automation to detect, assess, mitigate, and remediate conduct and financial crime risks; especially in high-growth environments
  • regularly assess compliance and risk resourcing to confirm it remains appropriate for the firm’s size, complexity, and evolving business model.

Other insights into good practices and areas for improvement were provided for staffing and resourcing plans, risk management framework, outsourcing, financial resourcing and client onboarding. The DFSA encourages all firms to review the findings and assess their relevance to current operations.

You can read the DFSA thematic review in full here.

In September, the Dubai International Financial Centre (‘DIFC’) Academy successfully concluded its Cyber Forward Programme 2025. The initial sessions offered a comprehensive overview of the initiative, which was developed to empower firms operating within DIFC with the essential tools and insights required to navigate the fast-changing cyber threat landscape.

During the course of several weeks, the following subjects were explored:

• introduction to cybersecurity governance
• information security management system (‘ISMS’) asset and risk management
• identity management, authentication, access control, user awareness
• operations management, software development, lifecycle management
• continuous monitoring, adverse event analysis
• incident management, analysis, reporting, communication
• incident recovery plan, business continuity planning.

The concluding session was held on 19 September, with the main highlights summarised below:

• differences between traditional and AI-driven applications
• AI in cybersecurity and threat detection and automation
• challenges and risks of AI in cybersecurity
• AI bias and discrimination
• AI incident response and management
• AI model poisoning and inversion
• AI incident impact and risk assessment
• AI incident response best practices
• AI incident management and reporting.

As part of the Programme’s forward-looking approach, participants were also encouraged to remain vigilant in their use of artificial intelligence technologies and to explore the adoption of robust AI governance policies. This emphasis reflects the growing importance of ethical, secure, and transparent AI practices in today’s digital ecosystem.

In September, the DFSA issued multiple public warnings about scams involving impersonation of the DFSA, impersonation of authorised firms, operating a fraudulent trading platform, fake authorisation, misappropriation of the DFSA registration number.

The DFSA encourages consumers to consult its public register to confirm the official licensing status of firms and individuals.

The full list of DFSA alerts is available here.

On 2 September, following Consultation Paper No. 2 of 2025, the Financial Services Regulatory Authority (‘FSRA’) issued a Dear SEO Letter “Amendments to Prudential Requirements for Lower Risk Firms.” The letter serves to remind Authorised Firms of recent changes to the Prudential – Investment, Insurance Intermediation and Banking Rulebook (‘PRU’), which took effect on 19 August 2025.

These amendments apply to firms classified under prudential categories 3B, 3C, and 4. The new minimum standards for Professional Indemnity Insurance (‘PII’) will come into force on 1 January 2026.

Firms in the affected categories should review and align with the updated PRU Rulebook requirements.

You can read the Dear SEO Letter in full here.

On 4 September, the FSRA issued invitations to an outreach session focused on Anti-Money Laundering (‘AML’), Countering the Financing of Terrorism (‘CFT’), and Targeted Financial Sanctions (‘TFS’). The session is scheduled to take place on 9 October at ADGM.

This outreach session is intended to provide an update and strengthen the understanding of ADGM private sector on the following key topics:

• reminder on the AML/CFT obligations and key observations from the analysis of the AML return submissions
• overview cyber risk management
• role and responsibility for the AMLCFT GS
• the AML/CFT national strategy and the AML track tool
• the update on the UAE national initiatives, including the national AML/CFT statistics, AML/CFT strategic objectives and the AML track tool
• update on the upcoming FATF UAE Mutual Evaluation and national preparation
• national risk assessment (‘NRA’)
• key findings observed during the onsite and thematic review of our private sectors
• highlight key findings and observations and recommendations to ensure effectiveness and implementation of the necessary measures to strengthen the AMLCFT
• financial intelligence unit of the UAE (‘UAE-FIU’)
• legal persons and concealment of beneficial ownership legal persons risk assessment
• ADGM CSP framework.

On 8 September, the Abu Dhabi Global Market (‘ADGM’) published its half-yearly results, reflecting continued growth and strategic development across its ecosystem. The asset management sector showed sustained momentum, supported by an increasing number of partnerships, signed memoranda of understanding and targeted roadshows aimed at expanding market reach. ADGM also delivered over 100 training sessions and events, reinforcing its commitment to capacity building and professional development and local talent.

Further, the ADGM Courts launched a pro bono mediators panel, enhancing the jurisdiction’s dispute resolution framework. Additional regulatory developments included amendments to the commercial permits regulations, updates to the fee rules, and an increase in supervision assessments, reflecting ADGM’s continued focus on transparency, accountability, and regulatory rigour.

You can read the ADGM announcement here.

On 9 September, the FSRA issued Consultation Paper No. 9 “Proposed Regulatory Framework for Regulated Activities Involving Fiat-Referenced Tokens”. This consultation paper builds upon the Fiat-Referenced Tokens (‘FRT’) regulation introduced in December 2024, along with its subsequent amendments and guidance.

The proposed changes reflect and accommodate the evolving business models that have recently emerged around the use and issuance of FRTs, including providing custody, trading, the purchase or sale of FRTs, providing payment services using FRTs and where authorised firms accept FRTs as payment for the financial services they provide.

The key proposed changes include:

• amending the definition of Payment Services under the Financial Services and Markets Regulations (‘FSMR’) to account for scenarios where payment service providers (‘PSPs’) may facilitate transactions using FRTs, either in lieu of or in addition to fiat currency
• proposing a framework for the “acceptance” of FRTs, outlining the criteria the FSRA will apply when evaluating FRTs issued by entities based outside of ADGM (“Foreign FRTs”)
• expanding the scope of regulated activities related to FRTs, extending beyond issuance and payment services to also encompass the following activities:
  • custody services to cover FRTs, with the imposition of appropriate conduct requirements on custodians engaged in such activities
  • imposition of appropriate conduct requirements on firm employing FRTs to provide payment services
  • introduction of a new regulated sub-activity under money services to specifically capture the provision of “FRT Intermediation.”

You can read the Consultation Paper in full here. Comments were welcome until 7 October 2025.

On 9 September, following Consultation Paper No. 6 of 2025, ADGM issued a notice enacting amendments to the data protection regulations (“Data Protection Regulations (Amendment No. 1) 2025”) and introducing new rules under the “Data Protection Regulations (Substantial Public Interest Conditions) Rules 2025.” These changes came into effect immediately upon publication on 9 September.

The key changes pertain to two areas of data protection. Regarding the processing of special categories of personal data, changes include the following:

• the regulation defines conditions under which the processing of special categories of personal data is permitted for insurance purposes, particularly when:
  • it serves a substantial public interest, and
  • the processing is necessary
• additional conditions for lawful processing apply in scenarios where:
  • the processing does not involve decisions or measures affecting the data subject
  • the data subject has no rights or obligations related to the insurance contract
• in such cases, processing is only permitted if
  • the controller cannot reasonably obtain the data subject’s consent, and
  • the data subject has not actively withheld consent (note: mere non-response does not count as withholding).

Regarding the safeguarding of children and of individuals at risk, changes include the following:

• the regulation takes into account scenarios where data processing is necessary to
  • protect individuals from neglect or physical, mental, or emotional harm
  • safeguard their physical, mental, or emotional well-being
• processing may occur without the data subject’s consent due to one of the following
  • the individual cannot give consent
  • the controller cannot reasonably obtain consent
  • seeking consent would compromise the protective purpose.

You can read the ADGM notice in full here.

On 11 September, the FSRA and the SFC co-hosted a high-level roundtable in Hong Kong, focused on enhancing cross-border connectivity for asset managers.

Led by senior leadership from both regulators, the roundtable welcomed over 20 executives from Hong Kong’s asset management sector. Discussions centred on access to ADGM and broader UAE markets, including the UAE fund passporting regime.

Following the roundtable, the FSRA hosted an industry seminar outlining regulatory requirements for cross-border fund distribution. The session drew participation from more than 30 representatives across Hong Kong’s asset management community.

You can read the FSRA announcement here. 

On 18 September, the ADGM Registration Authority (‘RA’) hosted an outreach session for auditors and the broader professional community within the ADGM.

Building on themes from the previous year, the session addressed key regulatory priorities and practical challenges in audit and corporate reporting:

• screening of the Institute of Chartered Accountants in England and Wales’s (‘ICAEW’) latest training film Crossing the Line (ICAEW, 2025)
• key regulatory updates from the RA
• a focused discussion on group audits, highlighting common challenges and regulatory expectations.

High-quality audit and corporate reporting remain a core regulatory focus for the RA, with continued engagement aimed at strengthening standards across the ADGM.

You can read the ADGM RA announcement here.

On 18 September, the FSRA’s Financial & Cyber Crime Prevention (‘FCCP’) department issued Notice No. FSRA/FCCP/128/2025, urging authorised persons and recognised bodies to reinforce their cybersecurity posture against malware threats.

Malware remains a key enabler of financial crime, compromising credentials, encrypting data, and disrupting operations. The FSRA outlines common infection vectors, including phishing emails, drive-by downloads, and unsecured networks, and calls for a layered “defence in depth” strategy.

Key recommendations include:

• deploying reputable antivirus and email filtering tools
• restricting USB and remote access usage
• enforcing patching, automatic updates, and firewall rules
• implementing intrusion detection and prevention (‘IDS/IPS’) systems and maintaining offline backups
• applying safe browsing and application whitelisting policies.

Firms are reminded that vigilance is not optional, it is foundational to the integrity of the UAE’s financial ecosystem.

For further guidance, contact the FCCP cybercrime prevention team on email.

You can read the FSRA notice here.

On 25 September and following Consultation Paper No. 1 of 2025 “Proposal for Periodic Fund Reporting Requirements”, the FSRA finalised amendments to its regulatory framework requiring fund managers to comply with periodic reporting obligations for each fund they manage. The content and frequency of the periodic fund return will vary depending on the fund type, with reporting templates provided for each category. A Dear SEO Letter on the same topic was circulated to in-scope authorised firms on 29 September.

The key changes include the following:

• addition of a new section 16.6 in the Funds Rulebook (‘Funds’)
• fund managers must submit a periodic fund return for every domestic fund they manage, and for foreign funds if they are an authorised fund manager
• returns must follow the format and method specified by the FSRA
• quarterly reporting schedule (31 March, 30 June, 30 September, 31 December)
  • public funds
  • for open-ended exempt funds submission due within 1 month of each date
• biannually reporting schedule (30 June, 31 December)
  • closed-ended exempt funds
  • qualified investor funds
  • for foreign funds submission due within 6 months of each date
• the FSRA may change reporting dates or request additional information beyond the standard return.

Additionally, miscellaneous amendments to the Funds and Glossary Rulebook (‘GLO’) have been enacted, following Consultation Paper No. 8 of 2025 “Enhancements for Continued Alignment with International Standards – IOSCO Principles”.

The FSRA will implement these requirements in phases and plans to issue a “Dear SEO” letter outlining further guidance for fund managers.

For full details and access to the reporting templates, please refer to the links provided by FSRA.

You can view the FSRA announcement and access the update here.

On 24 September, the FSRA issued a public warning regarding false and misleading claims made by Oscar Markets Limited, trading as Oscar Markets.

Oscar Markets falsely claims to operate from ADGM and offers trading in contracts for difference (‘CFDs’) across forex, cryptocurrencies, commodities, and bonds. The FSRA confirmed that Oscar Markets:

• has never been granted financial services permission to operate in or from ADGM
• is not incorporated or licensed to conduct any commercial activity within ADGM.

The FSRA urged investors and the public to verify the legitimacy of any firm via its public register before engaging in financial dealings. Only authorised firms may conduct regulated activities in ADGM.

You can access the FSRA alert here.

As part of its ongoing commitment to safeguarding the financial ecosystem, the FCCP team regularly disseminates cyber security alerts issued by the UAE Cyber Security Council. These alerts are designed to keep FSRA’s relevant persons informed of both inherent and emerging cyber threats.

All firms operating within ADGM are reminded to remain vigilant and to review these alerts promptly. The information provided is intended to support proactive risk management, strengthen internal controls, and promote a culture of cybercrime prevention across the financial sector.

You can access all FCCP cyber alerts here.

On 30 September 2025, the FSRA issued Consultation Paper No. 10 of 2025 “Proposed Regulatory Framework for the Staking of Virtual Assets” (‘VAs’). This consultation builds on the paper released in January 2024, which explored initial proposals for staking activities.

Staking VAs refers to the process of locking up digital tokens, such as cryptocurrencies, in a blockchain network that uses a proof-of-stake (‘PoS’) consensus mechanism. Other yield-generating activities involving VAs, such as liquidity mining and yield farming, which are often colloquially referred to as “staking” within the VA sector, are considered by the FSRA to be separate and are therefore excluded from the scope of this paper.

The consultation outlines the FSRA’s proposed regulatory approach to staking activities, detailing the principles that would trigger regulatory oversight and the specific requirements to be imposed on authorised persons who engage in staking using their clients’ virtual assets.

The key proposed approach includes the following:

• exclusion from regulation of solo staking where individuals stake on their own without intermediaries
• exclusion from regulation of staking-as-a-service, provided the service is purely technical and does not involve custody or control of client’s VAs
• authorised persons that hold or controls VA on behalf of its clients and acts as an intermediary for staking those assets would be required to obtain a financial services permission (‘FSP’) to conduct the regulated activity of providing custody and/or managing assets
• authorised persons engaged in staking would be in scope of all regulatory obligations applicable to VA-related activities including clear, fair, and accurate disclosures of the material risks associated with the activity
• authorised persons engaged in staking should also adhere to a set of additional obligations, reflecting international best practices and key risk considerations, including specific responsibilities related to the their engagement with the staking service providers (‘SSPs’) such as due diligence on SSPs, due diligence on automated protocols or smart contacts, written agreements with SSPs, client reporting, and the FSRA non-objection to undertaking staking activities.

The consultation also acknowledges that certain staking arrangements may result in the issuance of liquid staking tokens (‘LSTs’). While the FSRA continues to monitor developments in this area, the current proposals do not address LSTs nor permit staking arrangements in or from ADGM where clients may receive LSTs. A dedicated LST regime may be considered in the future.

The consultation is particularly relevant to authorised persons conducting regulated activities involving VAs, prospective applicants, staking service providers, and their advisors.

You can read the Consultation Paper in full here. Comments are welcome until 31 October 2025.

On 3, 4, and 11 September, the AML/CFT Supervisory Subcommittee held three awareness sessions, reinforcing its ongoing commitment to supporting compliance professionals across the UAE. These sessions were part of a wider initiative spanning August and September, focused on strengthening institutional resilience against financial crime, proliferation financing, and terrorism financing.

The sessions focused on key compliance topics including the risk-based institutional risk assessment, institutional risk assessments, transaction monitoring (‘TM’), and risks associated with proliferation finance (‘PF’). They were particularly beneficial for financial institutions (‘FIs’), virtual asset service providers (‘VASPs’), and designated non-financial businesses and professions (‘DNFBPs’), with a specific emphasis on entities regulated by the Central Bank of the UAE (‘CBUAE’).

The key takeaways from the workshops held on 3 September include:

• overview of the best practices for risk identification and assessment
• strategies for developing and implementing proportionate AML/CFT/CPF controls based on risk levels
• practical insights to enhance firm business’s risk management framework

The key takeaways from the workshops held on 4 September include

• components of an effective transaction monitoring system
• applicable legal frameworks and regulatory obligations
• best practices for ensuring compliance and operational effectiveness

The key takeaways from the workshops held on 11 September include

• overview on PF risks guidance
• strategies for implementing effective CPF measures aligned with legal and regulatory requirements
• practical approaches to strengthen firm business’s risk management framework in aligned with the PF threats.

This outreach session was intended solely to provide guidance and share best practices. It does not introduce any changes to TFS Cabinet Decision No. 74 of 2020 or any other applicable federal legislation.

On 10 September, the UAE Financial Intelligence Unit (‘UAEFIU’) released its Annual Report for 2024, detailing its role in advancing national AML/CFT priorities and setting the strategic direction for 2025 and beyond in alignment with the 2024 – 2027 strategy. The Report also features key thematic studies on Trade-Based Money Laundering (‘TBML’), fraud, and the misuse of corporate structures, and notes a marked increase in fraud-related Suspicious Transaction Reports (‘STRs’) as well as strengthened international cooperation.

Key achievements to date include:

• enhancing the effectiveness of financial intelligence
• improving risk-based analysis and dissemination of STRs/SARs
• strengthening inter-agency coordination
• contributing to legislative and policy development.

In 2025, the UAEFIU will prioritise the rollout of its technology modernisation programme, with a strong emphasis on integrating AI and machine learning tools to enhance intelligence generation, streamline reporting workflows, and improve detection of high-risk activity.

A major milestone will be the launch of the upgraded goAML platform, which introduces enhanced case triaging, improved user experience for reporting entities, and better cross-system data correlation, all aimed at boosting operational agility while maintaining regulatory compliance and data integrity.

On the international front, the UAEFIU will advance its strategic outreach through the implementation of the International Engagement Plan 2025 – 2027. This initiative will guide bilateral cooperation, support joint analytical projects, and reinforce the UAEFIU’s role within the Egmont Group and other global AML/CFT forums, particularly in tackling complex cross-border financial activity and emerging technologies.

You can read the full report here.

On 29 September, the Central Bank of the UAE (‘CBUAE’) and the Dubai Finance Department (‘DF’) signed a memorandum of understanding (‘MoU’) to strengthen bilateral cooperation and support the development of the UAE’s capital markets. The agreement enables DF to leverage the CBUAE’s financial infrastructure to issue dirham-denominated government bonds.

The MoU also outlines collaboration in financial technology, payment systems, digital currency platforms, and innovative financial services aimed at enhancing financial inclusion. Both parties will promote capacity-building through training and the exchange of expertise.

You can read the CBUAE announcement in full here.

On 22 September, the Abu Dhabi Ministry of Justice convened the Conference on the Role of Central Authorities in Asset Recovery, welcoming delegations from 14 countries and international organisations. In his opening address, H.E. Judge Abdul Rahman Murad Al Balooshi, Acting Assistant Undersecretary for International Cooperation and Legal Affairs, underscored the importance of asset recovery in tackling corruption, money laundering, organised crime, and terrorism financing, highlighting central authorities as crucial channels for international cooperation. He stressed that asset recovery goes beyond seizing illicit funds, focusing on restoring assets to rightful owners and supporting development and justice.

The conference, which ran until 24 September, featured panels on digital transformation, legal and technical challenges, and best practices in asset recovery. Participants included representatives from the UAE, France, Spain, Poland, the UK, Australia, and several European countries, alongside bodies such as Eurojust, the European Public Prosecutor’s Office, and UNODC. The event reflected the Ministry’s commitment to transparency, strengthening national legislation, and aligning with international AML and asset recovery standards.

You can read the announcement here.

Throughout September, the Securities and Commodities Authority (‘SCA’) issued multiple warnings about entities falsely claiming affiliation with licensed financial institutions, as well as entities and individuals operating without appropriate financial services permissions.

On 4 September, an unidentified entity was found impersonating Mena Corp Financial Services L.L.C – O.P.C, a firm that has ceased operations and no longer engages with investors.

On 23 September, the SCA alerted the public to an impersonation of Finance House PJSC, stressing that it bears no responsibility for unaffiliated dealings.

On 30 September, a warning was issued regarding an entity impersonating both Ajman Bank and Al Ansari Financial Brokerage. In all cases, investors were urged to verify the legitimacy of any entity before entering into agreements or transferring funds.

The SCA also cautioned against engaging with the following firms and one individual, none of which are licensed or register to conduct regulated financial activities in the UAE:

• Inefex, operating via pro and inefex.online
• Top Profit Marketing Services L.L.C, based in Dubai
• BinexFX Ltd, operating via binexfx.com
• borajb, active on Instagram via @borajb_trade and @borajb_crypto.

Investors were advised to confirm licensing status via the SCA’s official register before proceeding with any financial dealings.

Additional details on all public warnings issued by SCA are available here.

On 5 September, the Financial Action Task Force (‘FATF’), Egmont Group (‘EG’), INTERPOL and the United Nations Office on Drugs and Crime (‘UNODC’) jointly released a handbook focused on international cooperation in the detection, investigation, and prosecution of money laundering. The handbook outlines the key challenges to international cooperation in the detection, investigation, and prosecution of money laundering and includes real-world case studies and guidance on informal cooperation mechanisms to accelerate investigations and recover illicit assets. It serves as a practical guide for financial intelligence units, law enforcement agencies, and prosecutors, offering insights to enhance cross-border collaboration and improve the effectiveness of global anti-money laundering efforts.

The handbook was prepared based on responses received from 106 jurisdictions to two questionnaires circulated in September and October 2024, contributing valuable data and perspectives. Additional insights were provided by expert practitioners during a dedicated session at the Joint Experts Meeting held in January 2025.

You can read the handbook here.

On 10 – 11 September, the Annual Summit of the Global Coalition to Fight Financial Crime (‘GCFFC’) took place in the ADGM, gathering over 200 global leaders and experts to advance collaborative efforts against financial crime. The Middle East and North Africa Financial Action Task Force (‘MENAFATF’) took part in the summit, contributing to high-level discussions on emerging financial crime trends in the MENA region, strategic priorities, and the effective implementation of FATF standards. MENAFATF’s involvement underscored its commitment to regional cooperation and alignment with global AML/CFT efforts.

Key messages emphasised the importance of leadership, shared vision, and stakeholder commitment in advancing AML/CFT progress. The role of MENAFATF was highlighted as central to fostering regional cooperation, facilitating technical dialogue, and aligning policy development with international standards. The event underscored that meaningful achievements in combating financial crime depend on collective action, mutual trust, and shared expertise to build resilient and transparent financial systems.

You can read the announcement here.

From 22 to 26 September, the MENAFATF organised a regional workshop titled “Risk-Based Approach and Risk Assessment Mechanisms for Financial Institutions” at the Arab Monetary Fund headquarters in Abu Dhabi, United Arab Emirates.

Held in collaboration with the Arab Monetary Fund and the German Agency for International Cooperation (‘GIZ’), the workshop brought together experts from member countries and observers to strengthen understanding and application of the risk-based approach in AML and CFT.

Key objectives included:

• empowering supervisory authorities to develop risk-driven strategies using modern technologies
• addressing emerging challenges in the financial sector
• enhancing transparency around beneficial ownership
• promoting public-private partnerships through effective information sharing
• participants engaged in interactive case studies and practical exercises, applying AI and data analytics to risk assessment while exchanging regional best practices.

You can read the announcement here.

On 26 September, the FATF published an updated consolidated ratings table. The table summarises jurisdictions’ progress against the 40 FATF recommendations. The recommendations assess the jurisdiction’s maturity against AML, counter terrorist financing (‘CTF’) and proliferation financing measures.

You can read the consolidated rating table here.

On 29 September, the MENAFATF, in cooperation with the World Gold Council (‘WGC’), held a workshop on the misuse of the gold sector for money laundering and terrorist financing.

The event brought together nearly 200 participants from financial intelligence units, judicial authorities, law enforcement agencies, and supervisory bodies across member countries.

The workshop focused on:

• identifying key risks linked to the misuse of the gold sector
• reviewing best practices to enhance integrity and transparency
• supporting member countries in strengthening AML/CFT efforts.

You can read the announcement here.

On 30 September, the FATF announced that it will host a webinar in October focused on extended confiscation, aimed at helping countries enhance their ability to recover criminal assets while ensuring fundamental rights are protected.

Key topics include:

• definition and requirements of extended confiscation under the revised FATF Standards
• national experiences, challenges, and best practices in implementing extended confiscation
• case studies showcasing successful applications
• strategies for integrating legal safeguards to protect fundamental rights during enforcement.

The session is part of a broader series supporting implementation of revised FATF Standards on asset recovery. An international panel of experts from government and academia will explore the definition and requirements of extended confiscation, share national experiences and best practices, present case studies, and discuss how legal safeguards can be effectively integrated into confiscation frameworks.

This session is especially relevant for policymakers, legal professionals, and compliance teams involved in asset recovery and financial crime enforcement.

You can register for the webinar directly through the FATF website here.

On 23 September, the SCA published enforcement decisions against two individuals:

• Khaled Almasri
• Ahmad Al Jaziri.

Both individuals were found to have violated Article 26 of Federal Law No. (4) of 2000 concerning the SCA. Each was issued a financial penalty of AED 100,000, with the decision dated 27 May 2025. These actions reflect the SCA’s continued commitment to upholding market integrity and enforcing compliance with federal securities laws.

You can read the SCA notices in full here.

On 23 September, the SCA issued a series of enforcement actions against several licensed financial institutions for breaches of UAE regulatory requirements. These actions form part of the SCA’s ongoing supervisory efforts to uphold market integrity and ensure compliance with applicable legislation.

National Resources for Financial Consulting L.L.C, Neba Private Clients, and BHM Capital Financial Services were each sanctioned with a financial penalty of AED 100,000 for violations relating to financial reporting and regulatory disclosures, as well as breaches typically associated with licensing conditions, non-compliance with regulatory directives, or conduct undermining market integrity.

MEX Global Financial Services was penalised AED 100,000 for non-compliance with Article 5(3)(a) of Cabinet Resolution No. (93) of 2021, concerning the automatic exchange of information under international tax cooperation frameworks.

In relation to AML obligations, Royal Capital and Al Ramz Capital were subject to enforcement for deficiencies in their AML frameworks. Royal Capital received two separate penalties of AED 200,000 each for failing to implement enhanced customer due diligence and for inadequate controls around politically exposed persons (‘PEPs’). Al Ramz Capital was fined AED 200,000 for failing to incorporate relevant risk factors into its internal policies and for not establishing a methodology to assess money laundering risks.

These enforcement actions underscore the SCA’s continued focus on regulatory compliance, particularly in areas of AML, financial disclosures, and international cooperation. Firms are reminded to regularly review their internal controls and ensure alignment with applicable UAE regulations.

You can read the SCA notices in full here.