The Riffle
The Dubai Financial Services Authority (DFSA) has introduced comprehensive amendments to its Anti-Money Laundering, Counter-Terrorist Financing and Sanctions (AML) Module through Rule-making Instrument No. 435 of 2026. Effective from 2 March 2026, the changes align the DIFC framework with Federal Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025.
The key shifts include the formal integration of proliferation financing into the AML regime, enhanced oversight of Virtual Asset Service Providers (VASPs), stricter Customer Due Diligence (CDD) requirements, expanded sanctions screening obligations, and strengthened enforcement powers for the DFSA.
1. Federal Alignment Is Now Explicit
The DIFC regime operates alongside the Federal AML framework.
Failure to comply with Federal AML law can now directly evidence a breach under DFSA rules.
The message is clear: federal and DIFC compliance are inseparable.
2. Proliferation Financing Enters the Core AML Definition
“Money Laundering” now expressly includes:
Terrorist financing
Financing of illegal organisations
Proliferation financing
This aligns the DIFC with international standards and closes definitional gaps.
3. Governance & MLRO Accountability Strengthened
Relevant Persons must:
Obtain senior management approval of AML systems
Consider the UAE National Risk Assessment
Ensure MLROs explicitly review AML frameworks against both Federal and DFSA rules
Correspondent relationships with Shell Banks remain strictly prohibited.
Governance responsibility sits firmly at the top.
4. Enhanced CDD: More Data, More Substance
For individuals: nationality, domicile, and employer details must be verified.
For corporates: legal form, tax registration numbers, UAE legal representative details, and governing documents are required.
On beneficial ownership, the DFSA deliberately avoids fixed thresholds.
Instead, firms must apply a genuine risk-based approach and verify ownership substance — not just percentages.
5. Crypto & VASPs: Clearer Rules
VASPs are explicitly subject to Federal AML requirements.
Before executing Crypto Token Transfers of USD 1,000 or more, firms must conduct due diligence on the counterparty VASP.
Accurate sender and beneficiary information must be transmitted immediately and securely.
Crypto activity is now firmly embedded within mainstream AML supervision.
6. Sanctions & Enforcement: No Grey Areas
Firms must:
Screen against UN and relevant sanctions lists
Register with the Executive Office for Control and Non-Proliferation
File SARs with the FIU without delay
What This Means for DIFC Firms
The amendments signal a strategic shift toward:
Stronger federal alignment
Risk-based beneficial ownership transparency
Formal AML inclusion of proliferation financing
Crypto-sector accountability
Heightened sanctions vigilance
Tougher enforcement consequences
For Authorised Firms, DNFBPs, MLROs and senior management, this is not a cosmetic update, it is a structural reinforcement of the UAE’s financial crime framework.
