A Compliance Crisis: What the Enactment of Federal Decree-Law No. 10 of 2025 Means for Corporate Liability
I. The Unprecedented Increase
in Financial Risk
The New AML Law, fully enacted
in late 2025, introduces catastrophic financial penalties and zero-tolerance
enforcement:
- Maximum Fine Doubled:
Legal entities (companies) now face fines of up to AED 100 million
for offenses related to money laundering, terrorist financing, or
proliferation financing.
- VASP Penalties:
Unlicensed Virtual Asset Service Providers (VASPs), including
crypto companies, face fines up to AED 10 million and potential
criminal prosecution.
- Asset Freezes Without Warning:
Enforcement authorities (like the Financial Intelligence Unit) are
empowered to freeze assets for up to 30 days without prior
judicial notice—a massive operational risk for any business under
suspicion.
- Transaction Suspension:
Authorities can now suspend suspicious transactions for up to 10
working days to conduct initial investigations, immediately impacting
cash flow and business continuity.
- No Limitation Period:
Financial crime offenses (AML/CTF/PF) now have no statute of limitation,
meaning past non-compliance remains a perpetual risk.
II. Lowered Evidentiary
Threshold: Personal Liability is Real
The new law fundamentally
changes the standard of proof, directly increasing the risk of personal
criminal liability for directors and senior managers:
- The Shift to "Deemed Knowledge":
Previously, prosecutors often had to prove actual knowledge of
criminal funds. Under the New AML Law, knowledge can be "deemed"
or implied from circumstantial evidence, or if the crime occurred due
to a director's failure to perform their required duties.
- Liability Risk:
Directors and senior managers can be held personally liable if the
company's financial crime was committed due to their negligence, failure
to implement proper controls, or willful avoidance.
- Immediate Action Required:
Senior management must not only establish AML policies but actively
demonstrate proper supervision, training, and enforcement to mitigate
their personal liability risk.
III. Expanded Scope: Who is
Now Under the Microscope?
The regulatory net has been
cast wider, putting new sectors under the same scrutiny as traditional banks:
- Virtual Assets (VAs):
The law explicitly includes all providers of Virtual Asset services.
Compliance standards for VASPs must now align with those of traditional
financial institutions.
- Proliferation Financing (PF) is a
Standalone Offense: This extends compliance far beyond
financial services to include Designated Non-Financial Businesses and
Professions (DNFBPs) like:
- Manufacturers and Traders
dealing in dual-use goods or materials.
- Logistics and Shipping Companies
involved in cross-border trade.
- Anyone handling funds
that could potentially be linked to weapons of mass destruction (WMDs).
IV. Mandatory Action Checklist
(Before January 2026)
The time for planning is over;
the time for action is now. Senior leadership must verify the following is
complete:
- Immediate Risk Assessment:
Conduct a rapid, targeted risk assessment focusing specifically on the new
threats posed by Virtual Assets and Proliferation Financing as it relates
to your company's activities.
- Policy & Training Update:
Update all internal AML/CTF policies to reflect the new liability standard
("deemed knowledge") and run mandatory, documented training for
all relevant staff.
- CDD/EDD Enhancement:
Verify that Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
procedures are robust enough to spot and document suspicious activity
under the new evidentiary standards.
- Governance Documentation:
Formally document that the Board and Senior Management have approved and
resourced the updated AML compliance program, demonstrating due diligence
and mitigating personal liability.
This information is for
guidance only. Consult a UAE legal professional for advice specific to your
business.
