UAE Tightens AML Rules for Real Estate, Precious Metals and Crypto DNFBPs

{getToc} $title={Table of Contents}

UAE extends tough AML expectations to real-estate, metals and crypto-linked DNFBPs.

The UAE Ministry of Economy has imposed over AED 130 million in fines on designated non-financial businesses and professions (DNFBPs) since late 2022, targeting real-estate brokers, precious-metals dealers, auditors, and corporate-service providers.
A new AML law effective October 2025 explicitly brings virtual-asset service providers (VASPs) - businesses that exchange, transfer, or custody digital assets - within the UAE's AML regulatory framework.
In the first half of 2025, Ministry of Economy AML inspections resulted in fines exceeding AED 42 million, with most penalties targeting precious-metals traders and real-estate brokerages.
Real-estate brokers must perform customer due diligence, screen against sanctions lists, apply enhanced due diligence for high-risk clients, and report suspicious transactions via the UAE FIU's goAML platform.
VARA issued a January 2026 circular requiring VASPs to apply enhanced due diligence and increased monitoring for dealings with parties from high-risk jurisdictions identified by FATF.
With the 2026 FATF mutual evaluation approaching, authorities have signalled that effective implementation - not just technical compliance - is what will be assessed.

Federal Decree-Law No. 20 of 2018 Anchors the UAE's DNFBP Compliance Regime

The UAE's anti-money-laundering framework has its foundations in Federal Decree-Law No. 20 of 2018, which brought a wide range of non-financial businesses within the same regulatory perimeter as banks. Designated non-financial businesses and professions - known as DNFBPs - include real-estate agents, precious-metals dealers, auditors, and corporate-service providers. The Ministry of Economy serves as the primary AML supervisor for these sectors at the federal level, conducting inspections and imposing administrative penalties for non-compliance.

Reporting obligations for DNFBPs flow through the UAE Financial Intelligence Unit's goAML platform, which receives suspicious transaction reports and related intelligence from across the regulated community. With a FATF mutual evaluation - the Financial Action Task Force's independent assessment of a country's compliance with global financial crime standards - scheduled for 2026, authorities have made clear that effective implementation is what counts. Businesses across real estate, precious metals, and virtual assets should treat AML compliance as a core operational requirement.

Enforcement in Numbers: A Rising Tide of Fines

The Ministry of Economy has conducted multiple waves of DNFBP inspections since 2022, with financial penalties increasing sharply each round. In December 2022, six companies were fined a combined AED 3.2 million for failing to maintain adequate internal AML policies, according to the Ministry's own announcement. In Q1 2023, 137 firms across the DNFBP sector were fined a total of AED 65.9 million, following inspections of 840 companies, as reported by Khaleej Times.

A further enforcement round in 2024 resulted in fines of AED 22.6 million against 29 DNFBP companies, according to The Finance Story. In the first half of 2025, penalties exceeded AED 42 million, with most targeting precious-metals traders and real-estate brokerages, according to A and O Shearman's cross-border white-collar crime review. The pattern across all these rounds is consistent: inspection volumes are rising, penalties are growing, and regulators are not waiting for the FATF evaluation before acting.

Core AML Obligations: What Every DNFBP Must Have in Place

Under the AML law and its executive regulations, all DNFBPs must operate a risk-based AML/CFT framework. Customer due diligence (CDD) - the process of identifying and verifying the identity of clients and their beneficial owners - is a baseline requirement, with enhanced due diligence (EDD) applied to higher-risk relationships. Suspicious transactions must be reported promptly through the goAML platform operated by the UAE Financial Intelligence Unit (FIU).

Ongoing transaction monitoring, record-keeping for a minimum period, and regular employee training are also mandatory. Businesses must screen customers against UN Security Council sanctions lists and local UAE designations, as well as conducting broader background checks. Where risk cannot be adequately mitigated, firms are expected to decline the relationship or exit it.

Real Estate and Precious Metals: Highest-Risk DNFBP Categories

The UAE's National Risk Assessment has classified the real-estate sector as one of the most inherently vulnerable to money-laundering and terrorist-financing risks. Property transactions - sales, purchases, leases, and financing arrangements - can be used to conceal beneficial ownership, layer illicit funds through a series of transactions, and ultimately integrate proceeds of crime into the legitimate economy.

For real-estate brokers, CDD must be performed before or at the point of establishing a client relationship, covering identification of the customer and their ultimate beneficial owner. EDD applies to politically exposed persons (PEPs), clients from high-risk jurisdictions, and transactions of unusual size or complexity, with senior management approval required before proceeding. The Ministry of Economy publishes sector-specific guidance that elaborates on these requirements in detail.

Dealers in precious metals and gemstones face equivalent obligations under Cabinet Decision No. 10 of 2019. When these dealers engage in high-value or cash transactions, their AML obligations effectively mirror those of financial institutions. Risk focus areas include beneficial ownership identification, trade-based money-laundering typologies, and supply-chain integrity for bullion and jewellery.

Virtual Assets: A New and Explicit Addition to the AML Perimeter

A new AML law that entered into force in October 2025 explicitly brings virtual-asset service providers (VASPs) within the UAE's AML regulatory framework. VASPs are businesses that exchange, transfer, or custody digital assets such as cryptocurrencies. Compliance advisers describe the law as a significant step in aligning UAE legislation with FATF standards, and it expressly recognises that money-laundering offences may be committed through electronic systems, digital platforms, and virtual assets.

Core VASP obligations include appointing a dedicated Compliance Officer and Money Laundering Reporting Officer (MLRO), applying risk-based CDD and EDD including sanctions and PEP screening, and conducting continuous transaction monitoring. VASPs must also implement the FATF "Travel Rule," which requires that originator and beneficiary information accompanies virtual-asset transfers between institutions. Failure to comply can result in fines, licence suspension or cancellation, and potential criminal liability.

Regulatory oversight of virtual assets is multi-layered. In Dubai (outside the DIFC), the Virtual Assets Regulatory Authority (VARA) licenses and supervises VASPs under Dubai Virtual Assets Law No. 4 of 2022. In the Abu Dhabi Global Market (ADGM), the Financial Services Regulatory Authority (FSRA) applies stringent FATF-aligned AML requirements to its licensed virtual-asset firms. At the federal level, the Securities and Commodities Authority (SCA) covers virtual-asset offerings and trading platforms. Unlicensed VASPs cannot legally operate in the UAE, and parties that deal with them face direct legal and financial risk.

VARA's January 2026 Circular on High-Risk Jurisdictions

In January 2026, VARA issued a circular requiring all supervised entities to apply enhanced measures when dealing with parties connected to jurisdictions identified as high-risk by FATF or national authorities. Regulated by Regulation Tomorrow, the circular specifies enhanced due diligence, increased transaction monitoring, and in some cases outright restrictions on dealings. It reinforces the UAE's wider strategy of strengthening defences against cross-border financial crime in the virtual-asset space.

Multi-Regulator Oversight and the 2026 FATF Evaluation

Depending on their activity and location, DNFBP firms may be supervised by any combination of the Ministry of Economy, the Central Bank of the UAE, the SCA, VARA, the Dubai Financial Services Authority (DFSA) in the DIFC, or the FSRA in ADGM - each applying FATF-aligned AML expectations. This multi-regulator environment means that firms operating across different activities or free zones need to map their obligations carefully and ensure alignment with each relevant authority.

Legal and consulting commentary from A and O Shearman and others anticipates heightened supervisory and enforcement activity through 2025 and 2026, driven by the upcoming FATF mutual evaluation. Advisers emphasise that effectiveness - not just documented policies - is what FATF assessors examine. DNFBPs that have invested in training, governance, and monitoring systems will be better placed than those that have relied on paper frameworks.

Implications for Corporate-Service Providers and Advisers

Corporate-service providers (CSPs) occupy a dual position: they are themselves DNFBPs subject to AML supervision, and they advise clients across higher-risk sectors including real estate, precious metals, and virtual assets. Regulatory and legal commentary stresses that advisers must go beyond providing standard templates and help clients build frameworks that meet genuine UAE regulatory expectations.

Practical responsibilities include designing sector-specific AML policies, supporting business-wide risk assessments, and implementing CDD and EDD workflows aligned with the client's relevant regulator. DIFC and ADGM entities must appoint a UAE-resident Compliance Officer or MLRO who holds direct responsibility for AML matters and liaison with the FIU. Governance structures, escalation procedures, and technology-enabled transaction-monitoring tools are all areas where advisers can add material value.

Advisers are warning that non-compliance carries consequences well beyond the fine itself. Penalties, licence restrictions, and reputational damage can undermine a firm's relationships with banks and international counterparties - damage that can be far more costly than the cost of compliance. With the 2026 FATF mutual evaluation now imminent, the window for firms to close remaining gaps is narrowing.