The UAE has nine AML/CFT supervisory authorities operating across mainland, commercial free zone, and financial free zone jurisdictions. Each supervises a defined sector and geographic zone under Federal Decree-Law No. (10) of 2025.
This guide is written for compliance officers, finance directors, legal counsel, and business owners across financial services, real estate, virtual assets, legal practice, and designated non-financial businesses. It explains who supervises what, what powers each authority holds, and what misidentifying your supervisor costs in practice.
Who Are the AML Supervisory Authorities in the UAE?
The primary authorities are:
- Central Bank of the UAE (CBUAE),
- Ministry of Economy and Tourism (MoET)
- Ministry of Justice (MoJ),
- General Commercial Gaming Regulatory Authority (GCGRA)
- Capital Market Authority (CMA)
- Virtual Assets Regulatory Authority (VARA)
- Dubai Financial Services Authority (DFSA)
- Financial Services Regulatory Authority (FSRA)
- ADGM Registration Authority.
Two additional bodies operate alongside supervisory authorities, but hold distinct mandates:
UAE FIU: Receives all Suspicious Transaction Reports (STRs) via the goAML portal from every regulated entity, regardless of supervisory authority. It is not a supervisory body, it does not inspect, issue sector guidance, or impose penalties.
EOCN (Executive Office for Control and Non-Proliferation): Issues and administers Targeted Financial Sanctions (TFS) instructions across all sectors. It is not a supervisory body, but every regulated entity must comply with its TFS instructions immediately upon issuance.
The Legal Framework: Federal Decree-Law No. (10) of 2025
All nine AML/CFT supervisory authorities in the UAE operate within a single overarching legal framework.
Federal Decree-Law No. (10) of 2025 is the UAE’s primary AML/CFT statute. It establishes the criminal and regulatory framework for combating money laundering, terrorist financing, and proliferation financing across all sectors and jurisdictions.
Cabinet Resolution No. (134) of 2025 is the implementing instrument. It sets out detailed sector definitions, compliance obligations, thresholds, and the activities that bring entities within the regulated perimeter.
The Nine AML Supervisory Authorities
1. Central Bank of the UAE (CBUAE)
Regulated entities: Banks, exchange houses, insurance companies and agents, finance companies, payment service providers, registered hawala providers, and money or value transfer services.
Jurisdiction: Mainland UAE and commercial free zones.
Supervisory approach: The CBUAE applies a risk-based supervisory model, combining off-site data monitoring with on-site examinations and themed enforcement campaigns. In October 2025, it published updated guidance on KYC, customer due diligence, record-keeping, risk-based institutional assessments, and staff training — all carrying supervisory weight during inspections.
2. Ministry of Economy and Tourism (MoET)
Regulated entities: Real estate brokers and agents, dealers in precious metals and stones (DPMS), company and trust service providers (TCSPs), accountants and auditors not regulated by a separate professional body.
Jurisdiction: Mainland UAE.
Supervisory approach: MoET’s dedicated AML inspection function has expanded significantly since 2020. Following the UAE’s removal from the FATF grey list in February 2024, MoET intensified its inspection and enforcement activity as part of demonstrating a sustainable post-grey-list compliance culture.
3. Ministry of Justice (MoJ)
Regulated entities: Lawyers, notaries, and other independent legal professionals in the mainland UAE, when conducting specified activities under Article 3(4) of Cabinet Resolution No. (134) of 2025.
What do “specified activities” mean in practice:
A legal professional enters the DNFBP perimeter, and the MoJ’s AML supervisory jurisdiction, when they prepare, conduct, or execute financial transactions on behalf of clients in relation to:
- Buying or selling real estate.
- Managing client funds, securities, or other assets.
- Organising contributions for company formation or management.
- Establishing, operating, or managing legal arrangements such as trusts, foundations, or nominee structures.
4. General Commercial Gaming Regulatory Authority (GCGRA)
Regulated entities: All commercial gaming operators, land-based facilities, internet gaming platforms, sports wagering operators, and lottery operators.
Jurisdiction: Federal, all UAE.
Background:
The GCGRA was established by federal decree and publicly launched in September 2023. It holds sole federal authority to regulate, licence, and supervise all commercial gaming activities in the UAE.
AML trigger threshold:
Under Article 3(1) of Cabinet Resolution No. (134) of 2025, AML obligations apply when a gaming operator conducts single or linked financial transactions equal to or exceeding AED 11,000.
5. Capital Market Authority (CMA)
Regulated entities: Securities firms, fund managers, investment advisers, collective investment scheme managers, and virtual asset service providers (VASPs) operating outside Dubai and outside DIFC/ADGM.
Jurisdiction: Federal, all UAE.
Key clarification on VASP jurisdiction: The assumption that VARA has UAE-wide VASP jurisdiction is a common and commercially significant error. VARA’s mandate is geographically confined to Dubai outside the DIFC. The CMA supervises VASPs in Abu Dhabi, Sharjah, and all other mainland or commercial free zone locations, except within ADGM, where the FSRA holds that authority.
6. Virtual Assets Regulatory Authority (VARA)
Regulated entities: Virtual asset service providers (VASPs) operating within Dubai, excluding entities authorised within the DIFC.
Jurisdiction: Dubai (excluding DIFC).
Licensing requirement: Operating as a VASP in Dubai without a VARA licence is a criminal offence. Any entity conducting virtual asset activities, exchange, transfer, custody, issuance, or brokerage within Dubai must obtain the appropriate VARA licence before commencing business.
7. Dubai Financial Services Authority (DFSA)
Regulated entities: All entities authorised to conduct financial services within the Dubai International Financial Centre (DIFC), including banks, asset managers, brokers, and VASPs.
Jurisdiction: DIFC financial free zone.
Framework:
The DFSA operates its own comprehensive AML Module within its Rulebook, aligned with FATF Recommendations. DFSA-authorised firms follow this Rulebook, not the federal CBUAE framework, for AML/CFT compliance purposes within the DIFC.
8. Financial Services Regulatory Authority (FSRA)
Regulated entities: Banks, fund managers, insurance companies, VASPs, and other financial services firms within ADGM’s financial regulatory perimeter.
Jurisdiction: ADGM financial free zone.
Framework: The FSRA supervises firms within its perimeter under its Anti-Money Laundering and Sanctions Rules and Guidance (AML Rulebook), aligned with FATF Recommendations.
9. ADGM Registration Authority
Regulated entities: ADGM-licensed DNFBPs, entities engaged in designated non-financial business activities within ADGM, monitored under an agreement with the FSRA.
Jurisdiction: ADGM financial free zone.
Key distinction: An accountancy firm or law firm within ADGM providing services that bring it within the DNFBP perimeter is not supervised by the FSRA for AML purposes, it is monitored by the ADGM Registration Authority.
Frequently Asked Questions
1.Who supervises AML compliance for banks in the UAE?
The CBUAE supervises banks and financial institutions in the mainland UAE and commercial free zones. Banks within the DIFC are supervised by the DFSA. Banks within ADGM are supervised by the FSRA. All banks submit STRs to the UAE FIU via goAML regardless of their supervisory authority.
2.Who is the AML supervisory authority for real estate agents in the UAE?
The Ministry of Economy and Tourism (MoET) supervises real estate brokers and agents in the mainland UAE and commercial free zones. Real estate entities within the DIFC fall under the DFSA.
How Jitendra Chartered Accountants Can Help
Jitendra Chartered Accountants provides specialist AML/CFT compliance services across all regulated sectors in the UAE, including:
- Supervisory authority identification and regulatory mapping.
- Enterprise-wide AML/CFT risk assessments tailored to your sector and supervisor.
- AML policy and procedure drafting aligned to the applicable rulebook.
- goAML registration and STR escalation process design.
- Pre-inspection compliance reviews and gap analysis.
- Staff training programmes and annual compliance programme reviews.
Our team works with financial institutions, DNFBPs, virtual asset businesses, legal professionals, real estate operators, and companies in commercial and financial free zones, bringing sector-specific expertise.
If your AML programme has not been reviewed against the current supervisory framework, that review is overdue. Contact Jitendra Chartered Accountants today for a confidential compliance consultation.