The CBUAE AML/CFT/CPF guidance update of April 2026 is the most significant regulatory communication from the Central Bank of the UAE this year. Issued on 16 April 2026, the package contains six new documents covering proliferation financing risk, trade-based money laundering (TBML), correspondent banking compliance, and customer due diligence (CDD) requirements. Every licensed financial institution (LFI) and registered hawala provider (RHP) in the UAE needs to assess its existing AML/CFT programme against these new expectations now.
Quick Answer
On 16 April 2026, the CBUAE released six updated guidance documents for LFIs and RHPs. The package covers four main areas: proliferation financing risk assessment, TBML and transshipment risks, correspondent banking compliance, and CDD/KYC record-keeping. Two new best practice manuals address the risk-based approach and role-based staff training. Institutions should review all six documents and identify gaps in their AML/CFT/CPF frameworks before the next supervisory cycle.
Key Takeaways
- The CBUAE issued six new AML/CFT/CPF guidance documents on 16 April 2026 for LFIs and RHPs.
- Proliferation financing (PF) is now a mandatory risk category requiring a formal institutional risk assessment.
- Trade-based money laundering (TBML) guidance requires enhanced monitoring of transshipment transactions.
- Correspondent banking controls must be tightened with documented risk assessments for all relationships.
- CDD and record-keeping standards have been updated to align with the latest FATF Recommendations.
- Two new best practice manuals cover the risk-based approach and role-based AML training for all staff levels.
- Non-compliance with CBUAE supervisory expectations can result in administrative fines ranging from AED 5 million to AED 100 million under Federal Decree-Law No. 10 of 2025.
What the April 2026 CBUAE Guidance Package Covers
The six-document package represents a coordinated response to the UAE’s commitment to FATF standards and the National AML/CFT/CPF Strategy 2024-2027. Each document targets a specific risk category where the CBUAE has identified supervisory gaps or evolving threats.
Guidance 1: Proliferation Financing Risk Assessment and Mitigation
Proliferation financing (PF) involves funding the development or acquisition of weapons of mass destruction. Until recently, most UAE institutions treated PF as a secondary risk category attached to their sanctions screening function. The April 2026 guidance makes clear this approach is no longer acceptable.
The CBUAE now requires LFIs and RHPs to conduct formal Proliferation Financing Institutional Risk Assessments (PF-IRAs). This means identifying business lines, customer segments, and geographic exposures that carry PF risk and implementing proportionate controls. The guidance aligns with FATF Immediate Outcome 11 requirements and the specific expectations set out in Cabinet Decision No. 134 of 2025.
Guidance 2: Trade-Based Money Laundering and Transshipment Risks
The UAE’s position as a major re-export hub makes TBML a structural risk. The April 2026 TBML guidance addresses transshipment transactions specifically — where goods move through the UAE before reaching a final destination outside the country.
Financial institutions are expected to develop transaction monitoring rules that flag unusual trade patterns: over- or under-invoicing, phantom shipments, misrepresentation of goods, and circular payment flows. For banks with active trade finance books, this guidance is a direct instruction to review existing monitoring controls.
For a detailed breakdown of TBML typologies in the UAE, read our guide on trade-based money laundering compliance in the UAE.
Guidance 3: Correspondent Banking Relationships
Correspondent banking relationships are a well-documented ML/TF risk channel. The CBUAE’s April 2026 guidance tightens expectations around how UAE banks manage these relationships. Key requirements include:
- Documented risk assessments for each correspondent relationship
- Enhanced due diligence for correspondents in high-risk jurisdictions
- Clear approval processes for establishing new correspondent relationships
- Ongoing monitoring of existing correspondent relationships
- Proportionate assessment of respondent institutions that use UAE banks to access the financial system
Guidance 4: Customer Due Diligence, KYC, and Record-Keeping
The CDD guidance updates align with revised FATF Recommendations and address common findings from CBUAE supervisory reviews. Key focus areas include beneficial ownership verification for legal persons and arrangements, enhanced due diligence (EDD) triggers and documentation standards, simplified due diligence conditions and approval requirements, and updated record retention periods and access procedures.
This guidance applies to all customer categories — retail, corporate, and institutional — and requires institutions to confirm that current CDD procedures meet the updated standard. For a full breakdown of UAE CDD requirements, see our complete guide to customer due diligence in the UAE.
Best Practice Manual 1: Risk-Based Approach to Financial Crime Prevention
This manual provides structured guidance on designing and calibrating AML/CFT/CPF controls proportionate to identified risks. It covers risk appetite statements, risk scoring methodologies, control effectiveness testing, and governance structures. Unlike the prescriptive guidance documents, this manual gives practical implementation frameworks that compliance teams can adapt to their specific business models.
Best Practice Manual 2: Role-Based AML/CFT/CPF Training
The second manual addresses a persistent finding from CBUAE inspections: generic compliance training that does not reflect the specific risks and responsibilities of each job function. The manual introduces a role-based training model covering three tiers: front-line staff (relationship managers, tellers, trade finance teams), the compliance function (MLROs, compliance officers, AML analysts), and senior management and board-level oversight roles.
Institutions whose training programmes have not been updated to reflect Federal Decree-Law No. 10 of 2025 should treat this manual as a priority remediation item. Read more about the AML training requirements for UAE employees.
Who Is Directly Affected by the April 2026 Guidance
Licensed Financial Institutions
All CBUAE-regulated banks, finance companies, money exchange houses, payment service providers, and insurance companies fall within the direct scope of this guidance. LFIs should conduct a gap assessment against each of the six documents and produce a remediation plan for areas of non-compliance. Given the CBUAE’s increased inspection intensity since the UAE’s exit from the FATF grey list in June 2024, a documented response is advisable.
Registered Hawala Providers
RHPs are specifically named in the guidance package alongside LFIs. The TBML monitoring and CDD standards are particularly relevant for informal value transfer businesses, given the volume of cross-border transactions they handle. RHPs with limited compliance infrastructure should prioritise the risk-based approach best practice manual as a foundation for upgrading their controls.
DNFBPs and the Downstream Implications
While the April 2026 package is formally addressed to LFIs and RHPs, designated non-financial businesses and professions (DNFBPs) regulated by the Ministry of Economy (MOE) should monitor its implications carefully. Strengthened CDD and correspondent banking requirements will affect the documentation standards banks expect from their DNFBP customers. Real estate agents, auditors, lawyers, dealers in precious metals and stones (DPMS), and corporate service providers (CSPs) may face more rigorous due diligence requests from their banking partners as a direct result.
Not sure whether your existing AML/CFT programme meets the April 2026 CBUAE guidance? Adil Zone’s compliance advisory team provides structured gap assessments and remediation planning for LFIs, DNFBPs, and RHPs operating in the UAE. Contact Adil Zone’s compliance team.
Proliferation Financing: What Your Institution Must Do Now
Understanding PF Risk in the UAE Context
Proliferation financing risk is elevated in the UAE due to the country’s geographic position, high-volume international trade, and diverse customer base spanning multiple higher-risk jurisdictions. The FATF Mutual Evaluation of the UAE, ongoing through 2026, will scrutinise how well financial institutions have embedded PF risk into their compliance frameworks.
The CBUAE’s guidance requires institutions to stop treating PF as an extension of their terrorist financing risk assessment. PF must be a standalone category with its own risk indicators, monitoring rules, and escalation procedures.
Practical Steps for PF Compliance
- Map your PF exposure. Identify customer segments, transaction types, and geographies with elevated PF risk based on UN Security Council sanctions designations and FATF guidance.
- Update your risk assessment. Add a dedicated PF risk section to your Enterprise-Wide Risk Assessment (EWRA) and product or service risk assessments.
- Expand transaction monitoring rules. Add PF-specific red flags to your monitoring system, including dual-use goods, sanctioned jurisdiction payments, and complex ownership structures.
- Train your staff on PF indicators. PF red flags differ from general AML red flags. Role-based training on PF is now an explicit CBUAE expectation.
- Document all PF risk decisions. The guidance places strong emphasis on audit trails for decisions made at each stage of the PF risk management process.
TBML: Raising the Bar on Trade Finance Monitoring
Why Transshipment Is a CBUAE Priority
The UAE processes a significant portion of global trade as a re-export hub. Jebel Ali Port is among the world’s busiest, and the country’s free zones handle hundreds of billions of dirhams in trade transactions annually. The CBUAE has identified transshipment — where goods arrive from one country and are re-exported to another — as a vehicle for TBML schemes, particularly those involving sanctioned or high-risk jurisdictions.
Banks with trade finance business lines (letters of credit, documentary collections, guarantees) should review their monitoring frameworks against the specific typologies listed in the CBUAE guidance.
Key TBML Red Flags Your Monitoring Must Cover
| Red Flag Category | Examples |
|---|---|
| Invoice anomalies | Prices significantly above or below market value for described goods |
| Payment routing | Payments routed through third countries with no obvious business rationale |
| Counterparty risk | Counterparties in jurisdictions with inadequate AML/CFT controls |
| Document inconsistencies | Mismatches between shipping documents, invoices, and payment instructions |
| Frequent amendments | Repeated amendments to trade finance instruments |
| Dual-use goods | Goods with both civilian and military application potential |
For the FATF’s guidance on trade-based money laundering and typologies, visit the FATF website directly.
First Compliance screens against 1,800+ sanction lists including the UAE Local Terrorist List, OFAC, UN, and EU designations, with automated transaction monitoring and goAML reporting built in. See how First Compliance works.
What This Means for Your AML Programme
Policy and Procedure Updates Required
The April 2026 guidance creates a clear obligation to review and update AML/CFT/CPF policies. At minimum, institutions should add a standalone PF risk section to all relevant policies, update TBML-specific procedures for trade finance operations, revise correspondent banking due diligence checklists, and update CDD and KYC procedures to reflect revised record-keeping standards.
All policy updates should be approved at board or senior management level and documented formally. See our guide on how to build an AML compliance programme in the UAE for the full programme framework.
Training Gaps to Address
The role-based training manual identifies specific knowledge requirements for each staff category. Common gaps found in CBUAE inspections include front-line staff unfamiliar with PF red flags, compliance analysts unable to articulate the institution’s current risk appetite, senior management still referencing Federal Decree-Law No. 20 of 2018 rather than the current Federal Decree-Law No. 10 of 2025, and no differentiated training content for trade finance versus retail versus corporate-facing teams.
Technology and Systems Considerations
Institutions that rely on manual processes for transaction monitoring will find it increasingly difficult to meet CBUAE supervisory expectations. The guidance implies that compliant systems must be capable of applying risk-based scoring to trade finance transactions, screening correspondent banks against sanctions lists, generating audit-ready documentation for CDD decisions, and producing STR/SAR reports with complete transaction histories for FIU submission via goAML.
Penalties for Non-Compliance
Failure to implement adequate AML/CFT/CPF controls exposes UAE financial institutions to administrative fines ranging from AED 5 million to AED 100 million under Federal Decree-Law No. 10 of 2025, which replaced the repealed Federal Decree-Law No. 20 of 2018. Senior individuals can face personal fines and imprisonment. Supervisory sanctions can also include restrictions on business activities, removal of senior management, and revocation of licences.
The CBUAE has increased its inspection intensity since the UAE’s FATF grey list exit in June 2024. Institutions that demonstrate a weak or undocumented response to the April 2026 guidance package risk enhanced supervisory attention in the near term.
For a full overview of how UAE AML/CFT obligations fit together, read our complete guide to AML/CFT compliance in the UAE for 2026.
Adil Zone conducts independent AML/CFT audits for CBUAE-regulated entities, including full programme evaluations, transaction monitoring reviews, and gap assessments against current regulatory guidance. Learn about Adil Zone’s AML audit services.
Frequently Asked Questions
Who does the CBUAE April 2026 AML guidance apply to?
The guidance applies directly to licensed financial institutions (LFIs) regulated by the CBUAE and registered hawala providers (RHPs). LFIs include banks, finance companies, money exchange businesses, payment service providers, and insurance companies. DNFBPs regulated by the Ministry of Economy are not directly addressed in this package but will be affected indirectly through their banking relationships and the higher CDD standards banks will apply.
What is the difference between AML, CFT, and CPF?
AML (anti-money laundering) addresses controls against proceeds of crime entering the financial system. CFT (countering the financing of terrorism) addresses fund flows to terrorist organisations. CPF (countering proliferation financing) addresses funding for weapons of mass destruction programmes. UAE law and FATF standards now require all three to be addressed in a single integrated compliance framework under Federal Decree-Law No. 10 of 2025 and Cabinet Decision No. 134 of 2025.
Is proliferation financing compliance a new requirement in the UAE?
No, but the requirement to formally assess PF risk as a standalone category is new in the April 2026 guidance. UAE institutions have been required to screen for UN Security Council sanctions designations since earlier AML legislation. What the April 2026 documents add is the requirement for a formal Proliferation Financing Institutional Risk Assessment (PF-IRA) and a documented PF risk management framework, not just name screening against sanctions lists.
What is trade-based money laundering and why does it matter for UAE businesses?
Trade-based money laundering involves using international trade transactions to disguise the movement of illicit funds. Common techniques include over- and under-invoicing, phantom shipments, and document falsification. The UAE’s role as a major re-export hub makes it a higher-risk jurisdiction for TBML. Banks with trade finance exposure and free zone companies involved in re-export operations should assess their TBML risk and controls against the CBUAE’s April 2026 guidance.
How does the April 2026 guidance relate to the FATF Mutual Evaluation of the UAE?
The UAE is undergoing a FATF Mutual Evaluation in 2026 that will assess the effectiveness of its AML/CFT/CPF framework against the FATF’s 40 Recommendations and 11 Immediate Outcomes. The April 2026 CBUAE guidance package is partly designed to strengthen institutional readiness before the evaluation findings are finalised. Strong institutional compliance across the financial sector will support a positive overall assessment of the UAE’s AML effectiveness.
Do DNFBPs need to update their AML programmes in response to this guidance?
Not directly, but the practical implications are real. Banks applying stricter CDD standards will require more thorough documentation from their DNFBP customers. DNFBPs should ensure their AML/CFT policies, beneficial ownership records, and risk documentation are current to avoid delays or restrictions in their banking relationships. Ministry of Economy-regulated DNFBPs should also monitor for any corresponding MOE guidance updates that may follow.
How quickly should institutions respond to the April 2026 CBUAE guidance?
Immediately. The CBUAE issued this guidance on 16 April 2026, and it reflects current supervisory expectations. There is no stated grace period. Institutions already under supervisory review should treat these documents as the operative standard. Others should initiate a gap assessment within 30 days and develop a remediation plan with defined target completion dates and responsible owners.
Where can I access the full CBUAE AML/CFT/CPF guidance documents?
The full text of all six guidance documents is available on the CBUAE’s official AML/CFT supervision page. Adil Zone’s compliance team can assist in interpreting the guidance and identifying what it means for your specific business model and risk profile.
Related Reading
- CBUAE AML/CFT Guidance 2026: New Requirements for UAE Banks
- Trade-Based Money Laundering in UAE: Compliance Guide
- Targeted Financial Sanctions in the UAE
- Build an AML Compliance Programme in UAE
- AML/CFT Compliance in the UAE: The Complete Guide for 2026
- AML Training Requirements for UAE Employees
- goAML Portal Registration Guide 2026
- AML Self-Assessment Guide for DNFBPs in UAE
The CBUAE April 2026 guidance package raises the bar for AML/CFT/CPF compliance across the UAE financial sector. Institutions that treat these six documents as a box-ticking exercise will find themselves poorly positioned when CBUAE inspectors assess their frameworks. The practical approach is a structured gap assessment, a clear remediation plan with ownership and deadlines, and a commitment to role-based training that reflects the specific risks in each team’s work. Adil Zone provides end-to-end compliance support, from gap assessment and policy development to independent audit and software implementation. Contact us for a free consultation and gap analysis.
Disclaimer: This article provides general information about UAE AML/CFT/CPF regulatory requirements. It does not constitute legal advice. Regulated entities should consult a qualified compliance professional for guidance specific to their business model and regulatory obligations.
