With the introduction of Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Combating the Financing of Terrorism and Proliferation Financing and its Executive Regulations under Cabinet Resolution No. 134 of 2025, the UAE AML/CFT/PF record retention practices have been sharpened to align with global standards and enhance the UAE’s financial integrity.
This guide explains what records to retain, how long to keep them under the latest UAE AML/CFT/PF laws, and how Designated Non-Financial Businesses and Professions (DNFBPs) can remain compliant without drowning in paperwork.
Why AML/CFT/PF Record Retention Is Critical Under the New UAE Legal Framework?
The UAE’s AML/CFT/PF regime has been further strengthened and enhanced. Federal Decree-Law No. 10 of 2025, effective from October 2025, repealed and replaced Federal Decree-Law No. (20) of 2018 and further expanded and clarified compliance obligations.
The law mandates that all Regulated Entities must implement documented AML/CFT/PF measures, including customer due diligence (CDD), enhanced due diligence (EDD) for higher-risk clients, ongoing monitoring, record-keeping, and measures to address ML/FT/PF risks.
These obligations are now deeply integrated into the compliance fabric of every organization subject to AML/CFT/PF rules, and regulators have stronger powers to inspect, assess, and enforce compliance.
Under the Executive Regulations (Cabinet Resolution No. 134 of 2025), record retention obligations remain a fundamental component of UAE AML/CFT/PF compliance.
What Records Must DNFBPs Keep (and why)
Good record retention means having clear, retrievable, and defensible evidence of what was done, when, why and by whom. The following categories are critical:
- Customer Due Diligence (CDD) Documentation
You must retain:
- Customer identification (passport, Emirates ID, or legal entity documents)
- Ultimate Beneficial Owner (UBO) information and verification evidence
- Purpose and nature of the business relationship
- Risk assessment records
This demonstrates that proper CDD was performed according to the law.
- Transaction and Activity Records
Maintain:
- Transaction logs and bank references
- Invoices, contracts, receipts, and remittance data
- Records of cash or high-value dealings
These allow reconstruction of transactions if regulators request evidence during inspections.
- Suspicious Transaction/Suspicious Activity Reports (STR/SAR)
Retain:
- Copies of all filings submitted to the FIU
- Internal investigations and decision documents
- Supporting evidence related to suspicions
- Internal AML/CFT/PF Governance Records
These help demonstrate the strength of your compliance framework:
- AML/CFT/PF policies and procedures
- Board and senior management approvals
- Compliance officer appointment letters
- Internal audit reports and risk assessments
- Staff Training and Competence Records
Regulators expect evidence of effective training:
- Training agendas and materials
- Attendance logs and certification
- Records of periodic updates
How Long Must AML/CFT/PF Records Be Retained Under the Latest Laws?
The minimum retention period under Federal Decree-Law No. 10 of 2025 and Cabinet Resolution No. (134) of 2025 is:
For at least 5 years from the latest of:
- The date of the relevant transaction
- The end of the business relationship
- The date of STR/SAR submission
Records must be accessible and retrievable upon request by the Financial Intelligence Unit (FIU) or supervisory authorities or other competent authorities.
Electronic vs Paper Records: What’s Acceptable?
Both paper and electronic records are permitted. However, all records must be:
- Stored securely (protected from tampering)
- Easily retrievable for inspection
- Legible and backed up (especially digital files)
- Maintained in a manner that ensures data integrity and audit trail availability
FAQs: AML/CFT/PF Record Retention in the UAE
- How long must AML/CFT/PF records be kept in the UAE?
At least five years from the latest significant date related to the customer, transaction, or report.
- Must electronic records comply with specific standards?
Yes. They should be secure, retrievable, and protected against unauthorized modification.
- Do STR/SAR documents count as AML/CFT/PF records?
Absolutely. All relevant documentation relating to suspicious reporting must be retained.
- Are UBO updates part of record retention?
Yes, updated beneficial ownership information must be retained and accessible.
Practical Tips to Stay Compliant
- Create structured digital folders with consistent naming conventions
- Use searchable formats (PDFs with metadata)
- Automate alerts for retention deadlines
- Conduct internal audits to catch gaps early
- Centralize CDD and AML/CFT/PF evidence with compliance management tools
The UAE’s 2025 AML framework places increased supervisory emphasis on the completeness, accessibility, and reliability of retained AML/CFT/PF records.
How Jitendra Chartered Accountants Can Help
Keeping up with the latest UAE AML/CFT/PF laws, like Federal Decree-Law No. 10 of 2025 and its Executive Regulations, can be challenging for DNFBPs. Jitendra Chartered Accountants offers tailored support to streamline your AML/CFT/PF record retention and compliance programs, including:
- Drafting AML/CFT/PF record retention policies
- Designing structured documentation systems
- Conducting risk assessments and internal audits
- GoAML registration and STR/SAR support
- Compliance training and governance reviews
Contact Jitendra Chartered Accountants today to ensure your AML documentation practices are regulator-ready and inspection-proof.