Skip to content

United Arab Emirates

The UAE’s approach to white collar crime has come under particular scrutiny over the past year following scheduled reviews by international organisations and a number of high profile cases involving UAE companies. 

The UAE has continued to develop and bolster its efforts to tackle white collar crime, both within its “onshore” jurisdictions and within the various “offshore” free zones, most prominently the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM), which are subject to the same criminal law but which have their own compliance and regulatory regimes.

Recent legislation has expanded the remit of local regulators beyond financial institutions to cover other high risk sectors of the UAE economy. This has been the case for both onshore regulators (such as the UAE Central Bank) and offshore regulators, such as the DIFC’s Dubai Financial Services Authority (DFSA) and the ADGM’s Financial Services Regulatory Authority (FSRA).

The implementation and enforcement of this new legislative framework is likely to be a major policy focus for the UAE in the coming years. 


Investigations trends/developments

Financial Action Task Force– Mutual Evaluation Report

The trends expected to dominate the coming year are likely to be influenced by the contents of the Financial Action Task Force (FATF)’s UAE Mutual Evaluation Report (MER) of April 2020. The MER measures a country’s adherence to anti-money laundering (AML) best practice and serves as a critical barometer of security and sophistication in combatting financial crime.

UAE’s progress

The MER highlighted the significant improvements made by the UAE since FATF last assessed its AML framework in 2008, including:

  • the development of a National Risk Assessment of the money laundering threats faced by the UAE;
  • sweeping technical reform in legislation and regulation, notably through Federal Decree No. 20 of 2018 (the AML Law);
  • strengthening coordination mechanisms across the Emirates; and
  • strengthening the Central Bank’s Financial Intelligence Unit.

The UAE also received praise for its effectiveness in prosecuting instances of terrorist financing.

These measures are significant given the unique challenges faced by the UAE: its proximity to conflict zones and sanctioned regimes, its low-tax economic model and the high remittance rate among its population (88% of whom are foreign nationals). The UAE’s achievements in this regard are underscored by its favourable ranking in Transparency International’s most recent Corruption Perceptions Index, in which the UAE overtook both France and the United States. 

Policy goals

The MER identified several areas where further work is needed, including the following:

  1. improve the effectiveness of controls (at the regulatory and the firm level) for preventing money laundering activity;
  2. refine the understanding of money laundering risks, particularly regarding the deployment of professional money laundering networks;
  3. enhance money laundering investigations and prosecutions;
  4. centralise information related to ultimate beneficial ownership.
  5. formalise the approach to international cooperation; and
  6. better supervise industries outside the financial sector which are connected to money laundering activity.

Steps in achieving the MER goals

The above areas are likely to be the focus of the UAE’s efforts to combat money laundering over the coming years. The legislative framework for meeting these goals is already largely in place. 

There are likely to be increasing enforcement efforts, with a wider range of sanctions for non-compliant entities. Enforcement is unlikely to be limited to financial institutions as the most obvious targets: the authorities are likely to target Designated Non-Financial Businesses and Professions (DNFBPs).

Significant law reforms impacting corporate criminal liability

The AML Law

The AML Law remains the centrepiece of the UAE’s legislative framework in combatting financial crime, having introduced:

  • a “controlled delivery” operation: whereby the UAE authorities may permit a criminal transaction to proceed in order to trace the flow of money;
  • the concepts of:
    • “predicate offence” defined as “any act constituting a felony or misdemeanour under applicable laws of the UAE, whether the act is committed inside or outside of the UAE”; and
    • “perpetrator” which includes any person “gaining” or “possessing” illegal proceeds: a perpetrator’s offence under the AML Law is independent of the predicate offence;
  • AML and CFT customer due diligence and other compliance obligations incumbent on DNFBPs;
  • powers for the UAE Public Prosecutor to compel disclosure from a range of third parties and for the UAE Central Bank to freeze funds deposited at UAE financial institutions;
  • an increased cap of AED 50 million for corporate liability for money laundering offences; and
  • compulsory liquidation where an illegal activity is related to terrorist financing.

Recent legislation

Recent legislative developments have focused on expanding and implementing the AML Law:

  1. Federal Cabinet Resolution No. 10 of 2019 extended many of the AML Law’s provisions for financial institutions to cover the activities of DNFBPs;
  2. Federal Cabinet Resolution No. 74 of 2019 introduced procedures and parameters for designating targeted entities or individuals, fleshing out practical elements of the AML Law;
  3. Federal Cabinet Resolution No. 58 of 2020 introduced disclosure obligations regarding ultimate beneficial ownership;
  4. Ministry of Justice Decision No. 533 of 2019 issued the AML-CFT procedures applicable to DNFBPs; and
  5. Federal Law No. 14 of 2020 issued provisions regarding the protection of witnesses and whistle-blowers.

Circular of March 2020

The Circular issued by the UAE Ministry of the Economy in March 2020 (the Circular) clarified the interaction of the above legislation with the AML Law. As a result of this combined legislation, DNFBPs (as well as financial institutions) must:

  1. comply with their reporting obligations to the authorities, with only very limited allowance made for any duty of professional confidentiality;
  2. identify the crime risks within their scope of activity on a continuous basis;
  3. implement any necessary procedures relating to customer due diligence (having considered the risk factors outlined in the National Risk Assessment);
  4. refrain from conducting a commercial transaction under conditions of anonymity or on behalf of an alias;
  5. promptly apply those directives of the competent authorities which implement the decisions issued by the UN Security Council (regarding terrorist financing); and
  6. maintain all records relating to the above, and make these available to the competent authority on request.

Internal investigations – key developments

Expanded protection for whistle-blowers, both in onshore and offshore UAE jurisdictions, remains the major trend of which companies operating within the UAE should take note. The UAE authorities’ increased focus on whistle-blowing is evident both from new legislation and in the authorities’ efforts to make the process of whistle-blowing as accessible as possible, with simple, clear instructions prominently provided on regulator websites and with Abu Dhabi even having introduced an app to encourage whistle-blowing. 

In the onshore UAE, at the federal level, explicit legal protection for whistle-blowers has been introduced under Federal Law No. 14 of 2020 (the Witness Protection Law). The Witness Protection Law provides for the establishment of a witness protection programme aimed at protecting victims, witnesses and whistle-blowers in crimes related to AML and CFT and cybercrime (among others).

In onshore Dubai, Article 19 of Law No. 4 of 2016 on Financial Crimes introduced immunity from both prosecution and disciplinary action for individuals who disclose to the Dubai Centre for Economic Security (an agency specifically created to monitor and reduce financial crime) information that is true and which relates to activity that may affect the economic security of Dubai.

Increased protections for whistle-blowers are also evident in offshore UAE jurisdictions. For example, the DIFC has introduced whistle-blower protections by virtue of DIFC Law No. 7 of 2018 (the Operating Law). Article 62 of the Operating Law creates a positive obligation to report wrongdoing while Article 64(3) protects those who in good faith disclose a possible contravention of the Operating Law by a DIFC entity from:

  1. any legal or contractual liability for making the disclosure;
  2. any contractual, civil or other remedy for making the disclosure; and
  3. dismissal or victimisation from their place of employment.

The DIFC’s commitment to the Operating Law’s protections has been underlined by their incorporation into the DIFC’s employment code (DIFC Law No. 2 of 2019), but it is not yet clear how these protections will interact with UAE criminal law, particularly around areas such as confidentiality.

Sectors targeted by law reforms or enforcement action

Real estate

Real estate is identified throughout the MER as an area of particular concern from a money laundering perspective. A cash-driven sector, attractive to foreign investors seeking to store large sums, inevitably presents problems and is resulting in increased attention from the UAE authorities. This has been reflected by the inclusion of real estate brokers/agents as a DNFBP in Federal Cabinet Resolution No. 10 of 2019, bringing the sector within the purview of the AML Law.


The UAE authorities have signaled that cyber-crime will be an area of focus in the coming years. On 24 June 2020, the DFSA published a report, the Cyber Thematic Review, on the cyber risks faced by firms providing financial services in the DIFC. The report noted the increased frequency and severity of cyber-attacks and raised several concerns as to the resilience of DIFC firms, highlighting a lack of engagement at the board level and the limited use of cyber intelligence platforms by small and medium sized firms. 

This focus is crystallising into tangible measures, most notably with the establishment of the DFSA Cyber Threat Intelligence Platform (TIP) in January 2020, which is available to all DIFC companies and which serves as a platform for the quick sharing of information on current cyber-threats between those entities and the DFSA as regulator. The TIP is the first such regulator-led intelligence platform in the Middle East and draws upon the cyber-security expertise of both the public and private sectors, with contributors to its operation including the Dubai Electronic Security Centre and Kaspersky Laboratories.

Cross-border coordinated enforcement activity

Formalised international coordination was highlighted by the MER as an area for development. Notably, the UAE’s growing status as a major international financial hub will necessitate coordinating with foreign authorities, particularly those of the United Kingdom and the United States. 

While this will be a focus across the UAE’s offshore and onshore authorities, the offshore regulators in particular have recently expanded the scope of their international cooperation.

The DFSA has signed 109 bilateral and five multilateral memoranda of understanding with other regulators, with whom it frequently collaborates on cross-border matters: during the past year, the DFSA received 65 requests for regulatory information and assistance from other regulators, while the DFSA made 74 requests to fellow regulators for information. 

Although the FSRA does not report statistics with regard to its international regulatory collaboration or enforcement action, it has now signed 115 regulatory memoranda of understanding with both national and international regulatory bodies (including international financial centres). Most notably, in November 2020 the FSRA agreed a memorandum of understanding with the Israel Securities Authority providing for regulatory cooperation.

Financial crime issue predictions for 2021

Adapting to the UAE’s new focus on AML measures

Pressure for businesses in the UAE, both onshore and offshore, to adapt to the changed legislative landscape is likely to mount throughout 2021 and greater formal and informal contact with regulatory bodies should be anticipated. DNFBPs in particular are likely to be subject to more stringent oversight, with a real threat of corrective action where they are in breach of their compliance obligations.

Commensurately, in-house legal teams should expect to devote more time to developing, updating and implementing compliance procedures, particularly in enhanced due diligence and suspicious transaction reporting. They will also need to defend the robustness of these procedures to internal and external stakeholders, each of whom are likely to be more attentive to AML issues. 


Phishing attacks, impersonation of legitimate business partners and ransomware attacks are all likely to demand an increasing amount of attention from in-house IT and legal teams. The rapid growth in remote working during the Covid-19 pandemic has compounded the scope for such frauds, as highlighted in a recent FATF report. Collaboration between the UAE authorities and financial institutions to raise awareness of such frauds is likely to be a feature of 2021.

This article is part of the Allen & Overy Cross-border White collar Crime and Investigations Review. Please visit the review homepage for our overviews and insights in other jurisdictions. 


Download the Cross-Border White Collar Crime and Investigations Review

Silhouettes of people meeting

The 'Cross-Border White Collar Crime and Investigations Review' analyses the latest developments and trends, and highlights the most significant among the current and emerging issues that white collar crime and investigations in-house counsel should prioritise in the year ahead.