Trade-based money laundering (TBML) is one of the most persistent and technically complex financial crimes affecting the UAE’s trade and logistics sector. With the Central Bank of the UAE releasing updated AML/CFT/CPF guidance in April 2026 that includes a dedicated TBML framework, regulated entities operating in or through the UAE must now demonstrate structured, documented controls over their trade finance exposures.
This guide explains what TBML is, how it operates in the UAE context, what the new CBUAE guidance requires, and the practical steps your compliance team should take to build a defensible TBML risk framework.
Quick Answer
Trade-based money laundering involves manipulating international trade transactions to move illicit funds across borders. In the UAE, TBML is a high-priority risk because of the country’s position as a global trade hub. The CBUAE’s April 2026 guidance establishes specific TBML obligations for licensed financial institutions and Registered Hawala Providers, covering structured risk assessments, enhanced due diligence on trade counterparties, and documented monitoring of suspicious trade flows. DNFBPs involved in cross-border trade, precious metals, and corporate services face parallel obligations under Federal Decree-Law No. 10 of 2025 and Cabinet Decision No. 134 of 2025.
Key Takeaways
- TBML exploits trade documents — over-invoicing, under-invoicing, multiple invoicing, and falsely described goods are the primary schemes.
- CBUAE issued dedicated TBML guidance in April 2026 as part of its expanded AML/CFT/CPF framework, requiring a structured risk assessment and monitoring approach.
- Federal Decree-Law No. 10 of 2025 replaces the former AML law and introduces stricter obligations for both LFIs and DNFBPs.
- Dealers in Precious Metals and Stones (DPMS) face the highest TBML exposure among DNFBPs given the portability and value density of their products.
- Administrative fines and criminal prosecution apply to entities that fail to detect and report TBML activity via the goAML system.
- A risk-based approach requires mapping trade counterparties, jurisdictions, and product types — not simply relying on sanctions screening alone.
- Practical controls include counterparty due diligence, document verification, and transaction monitoring calibrated to trade finance flows.
What Is Trade-Based Money Laundering?
Trade-based money laundering is the process of disguising illicit proceeds through the manipulation of international trade transactions. Rather than moving money through the financial system directly, criminals use the complexity of cross-border trade flows — invoices, shipping documents, letters of credit, and commodity pricing — to obscure the origin, ownership, and destination of criminal funds.
The Financial Action Task Force (FATF) defines TBML as “the process of disguising the proceeds of crime and moving value through the use of trade transactions in an attempt to legitimise their illicit origins.” The UAE, as one of the world’s most active re-export and transshipment hubs, is a natural target for TBML networks operating across Asia, Africa, and the broader MENA region.
Why UAE Trade Is Particularly Exposed
The UAE processes hundreds of billions of dollars in cross-border trade annually. Dubai’s role as a transshipment hub for goods moving between Asia, Africa, and Europe means that the volume and speed of transactions creates structural opportunities for TBML actors to operate. Several factors amplify this risk:
- High volume of free zone trade with limited visibility into ultimate beneficial ownership
- Significant DPMS sector — gold, diamonds, and precious stones are ideal TBML vehicles due to their value density and portability
- Active hawala networks providing informal value transfer alongside formal trade channels
- Jurisdictional diversity in counterparty networks spanning high-risk countries
- Rapid transaction processing that can outpace manual document review
The Ministry of Economy (MOE) and the CBUAE have both identified TBML as a priority enforcement area in the UAE’s National AML/CFT Strategy (2024-2027).
CBUAE’s Updated TBML Guidance: April 2026
On April 16, 2026, the CBUAE released a comprehensive update to its AML/CFT/CPF guidance covering six areas, one of which is dedicated to trade-based money laundering and transshipment risks. This is the first time the CBUAE has published a standalone TBML framework for licensed financial institutions (LFIs) and Registered Hawala Providers (RHPs).
You can read our detailed breakdown of all six CBUAE guidance documents in our post on CBUAE AML CFT Guidance 2026: New Requirements for UAE Banks.
What the TBML Guidance Covers
The CBUAE’s April 2026 TBML framework establishes expectations across three areas:
| Area | Key Requirement |
|---|---|
| Risk Assessment | Identify and document TBML exposure by product type, trade corridor, and counterparty profile |
| Customer Due Diligence | Apply enhanced due diligence (EDD) to customers and counterparties involved in high-risk trade flows |
| Transaction Monitoring | Implement monitoring rules specific to trade finance, including invoice verification and pricing anomaly detection |
The guidance makes clear that static sanctions screening is not sufficient. Institutions must go beyond name-matching and build dynamic risk intelligence around the trade relationships they facilitate. See the CBUAE Rulebook AML/CFT section for the full regulatory text.
Who the TBML Guidance Applies To
The April 2026 CBUAE guidance directly applies to:
- Licensed Financial Institutions (LFIs) — banks, exchange houses, finance companies, and insurance entities
- Registered Hawala Providers (RHPs)
However, Federal Decree-Law No. 10 of 2025 and its executive regulations under Cabinet Decision No. 134 of 2025 extend TBML-relevant obligations to all regulated entities, including DNFBPs. Any DNFBP whose business model involves cross-border trade — real estate, DPMS, law firms, and accountants handling trade clients — should treat the CBUAE guidance as directional best practice for building their own TBML controls.
Need help mapping your TBML risk exposure? Adil Zone’s compliance advisory team works with LFIs, DNFBPs, and free zone companies to design risk-based TBML frameworks aligned with CBUAE expectations. Contact our advisory team for a gap analysis consultation.
How TBML Works: The Four Main Schemes
Understanding the mechanics of TBML is the starting point for building effective detection controls. The FATF and CBUAE both recognise four primary TBML typologies that compliance teams should know:
1. Over- and Under-Invoicing of Goods
The most common TBML technique. An exporter and importer agree to falsify the invoice value of a shipment. Over-invoicing allows the importer to transfer excess value to the exporter, which effectively moves money out of the importing country. Under-invoicing does the reverse. In the UAE context, this frequently involves commodities such as gold, electronics, and textiles, where market pricing is variable and hard to benchmark without specialist knowledge.
2. Multiple Invoicing
A single shipment is invoiced more than once, allowing multiple payments to flow through the financial system for the same goods. This scheme requires a complicit counterparty and typically involves correspondent banking relationships across multiple jurisdictions. Multiple invoicing is particularly difficult to detect without cross-referencing trade finance documentation against actual shipping records.
3. Falsely Described Goods and Services
Goods are described as something different from what is actually shipped, exploiting the gap between what a letter of credit states and what customs inspects. High-value, compact goods — diamonds, gold, and electronic components — are misclassified as lower-value bulk items to transfer value at a fraction of the declared price. Free zone transit flows are especially vulnerable because customs scrutiny may be reduced at intermediate points.
4. Short Shipment
Full payment is made, but only a partial shipment is delivered. The excess funds effectively transfer value from the paying party to the receiving party, disguised as a trade transaction. Short shipments are difficult to detect without documentation that compares invoiced quantities to shipping records and verified delivery confirmations.
Each of these schemes exploits the documentary gap between what a financial institution sees (invoices, letters of credit, payment instructions) and what physically happens at the port or border. Compliance teams without trade finance expertise are at a structural disadvantage in detecting these patterns.
TBML Red Flags for UAE Businesses
The CBUAE guidance and FATF’s TBML reference materials identify a set of red flags that should trigger enhanced scrutiny. These apply whether you are an LFI processing trade payments, a DPMS dealer, or a professional services firm advising clients on cross-border transactions.
Trade Documentation Red Flags
- Invoice prices significantly above or below market value for the commodity type
- Vague or inconsistent descriptions of goods across invoice, bill of lading, and packing list
- Mismatch between shipping documents and invoice descriptions
- Payments routed through third parties unconnected to the underlying trade transaction
- Multiple amendments to letters of credit after issuance without clear commercial justification
- Use of open accounts in situations where letters of credit would be standard practice
Counterparty Red Flags
- Counterparty is located in a jurisdiction on the FATF grey list or with known TBML vulnerabilities
- Beneficial ownership of the counterparty is unclear, offshore, or obscured through complex structures
- Business relationship cannot be verified through independent commercial registries or public records
- No apparent commercial rationale for the specific trade corridor or routing used
- Counterparty has recently changed its name, registered jurisdiction, or key personnel
Transaction Pattern Red Flags
- Unusual frequency or volume of transactions inconsistent with the customer’s stated business profile
- Round-number transactions or transactions structured just below reporting thresholds (structuring)
- Payments that do not align with the commercial terms agreed in the underlying contract
- Use of multiple correspondent banks across different jurisdictions without clear commercial purpose
- Transactions linked to high-risk free zones without adequate underlying business documentation
A single red flag is rarely sufficient to confirm TBML activity. Compliance teams should assess combinations of indicators and apply a documented, risk-based approach to escalation decisions. See our customer due diligence compliance guide for the EDD framework that should apply in high-risk scenarios.
DNFBP Obligations Under UAE Law
TBML obligations are not limited to financial institutions. Federal Decree-Law No. 10 of 2025 and Cabinet Decision No. 134 of 2025 establish a comprehensive compliance framework extending to all Designated Non-Financial Businesses and Professions (DNFBPs) operating in the UAE.
Federal Decree-Law No. 10 of 2025
Federal Decree-Law No. 10 of 2025 replaced Federal Decree-Law No. 20 of 2018 as the UAE’s primary AML legislation. It expanded the scope of regulated entities, strengthened the legal basis for administrative sanctions, and aligned UAE law with the 2012 FATF Recommendations. For TBML purposes, the key provisions include:
- Risk-Based Approach requirement: All regulated entities must implement a risk-based approach to identifying and managing TBML risks, proportionate to their business size and transaction profile.
- Enhanced Due Diligence triggers: Cross-border transactions involving high-risk jurisdictions, complex ownership structures, or unusual pricing patterns require EDD.
- Suspicious Transaction Reporting obligation: Any transaction suspected of being linked to TBML must be reported to the UAE Financial Intelligence Unit (FIU) via the goAML system. See our goAML portal registration guide for the reporting process.
Cabinet Decision No. 134 of 2025
Cabinet Decision No. 134 of 2025 implements the executive regulations of Decree-Law No. 10 and provides operational detail on how compliance programmes must be structured. For TBML, this includes requirements on:
- Risk assessment methodology — entities must score trade counterparties by jurisdiction, product type, and ownership transparency
- Customer due diligence records — documentation must be retained and made available to supervisors on request
- Internal policies and procedures — written procedures for identifying and escalating TBML red flags are mandatory for all regulated entities
Penalties for Non-Compliance
Failure to implement adequate TBML controls carries significant legal consequences under UAE law:
| Violation Type | Consequence |
|---|---|
| Failure to file a Suspicious Transaction Report (STR) | Administrative fine up to AED 5 million per violation |
| Tipping off the subject of a pending STR | Criminal prosecution — imprisonment up to 2 years and financial penalties |
| Proven money laundering offence | Imprisonment of 1 to 10 years and fines up to AED 5 million |
| Failure to maintain adequate AML policies | Regulatory action, licence suspension, or revocation by the competent supervisory authority |
The UAE’s FIU and the Ministry of Economy have both increased supervisory activity in the DPMS and real estate sectors given their TBML exposure profiles. See our post on targeted financial sanctions in the UAE for related sanctions compliance obligations that often accompany TBML risk frameworks.
Has your TBML risk framework been independently reviewed? Adil Zone conducts independent AML/CFT audits for CBUAE, DFSA, and VARA-regulated entities, including specific assessment of trade finance and cross-border transaction controls. Learn about our audit services.
Building a Practical TBML Risk Framework
Compliance teams regularly ask how to translate regulatory guidance into operational controls. The following framework reflects the risk-based approach required under UAE law and the CBUAE’s April 2026 guidance.
Step 1: Conduct a TBML Risk Assessment
Start by mapping your entity’s exposure to TBML risk. This requires answering four questions:
- What trade-related products and services does your business offer or facilitate? Letters of credit, commodity brokerage, DPMS transactions, and hawala transfers all carry different TBML risk profiles.
- Which trade corridors does your customer base use? Score corridors by jurisdiction risk using FATF grey list status, MENAFATF assessments, and the UAE’s own high-risk country designations.
- Who are your trade counterparties? Direct customers are one part of the picture. The beneficial owners of counterparty companies, the shipping agents used, and the correspondent banks involved all contribute to the overall risk profile.
- What does your transaction monitoring cover? Identify gaps between the transactions your system monitors and the TBML typologies described in the CBUAE guidance.
The output of this assessment should be a written TBML risk rating — high, medium, or low — with documented rationale. This feeds into your Enterprise-Wide Risk Assessment (EWRA) as required under Cabinet Decision No. 134 of 2025. See our AML self-assessment guide for DNFBPs for a structured approach to building your risk assessment.
Step 2: Apply Proportionate Customer Due Diligence
Not every trade transaction requires EDD. The CBUAE’s guidance supports a risk-based approach where the depth of CDD is calibrated to the risk score of the customer, counterparty, and transaction type.
| Risk Level | CDD Approach | Minimum Documentation |
|---|---|---|
| Low | Standard CDD | Identity verification, business registration, transaction purpose |
| Medium | Enhanced Standard CDD | Above plus UBO verification, source of funds declaration |
| High | Enhanced Due Diligence | All above plus ongoing monitoring, senior management approval, adverse media screening, physical goods verification where possible |
For DPMS transactions at or above AED 55,000, Dealers in Precious Metals and Stones have a mandatory DPMSR reporting obligation fulfilled through the goAML system. Adil Zone’s First Compliance software includes a dedicated DPMS reporting module that automates this process and maintains the required audit trail.
Step 3: Implement Trade-Specific Transaction Monitoring
Generic transaction monitoring rules that flag based on amount thresholds and geography alone will not catch sophisticated TBML schemes. Trade-specific monitoring requires alert rules designed to identify:
- Pricing anomalies — transactions where invoice values deviate significantly from commodity price benchmarks for the product type and corridor
- Document inconsistency — mismatches between the description of goods in invoices, bills of lading, and customs declarations
- Round-trip flows — payments that return to the originating jurisdiction within a short timeframe without clear commercial rationale
- Counterparty clustering — multiple transactions flowing through the same network of counterparties with thin business justification
Effective TBML monitoring requires data beyond what the payment system captures. Trade finance teams, account managers, and operations staff must feed intelligence into the compliance function on an ongoing basis. This is precisely why the CBUAE’s April 2026 guidance also covers enhanced AML/CFT training requirements — monitoring is only as effective as the people interpreting alerts and escalating suspicious patterns.
Does your team know how to identify TBML red flags? Compliance 360 by Adil Zone offers 32 specialized AML/CFT courses including dedicated modules on Trade-Based Money Laundering, FATF typologies, UAE reporting obligations, and practical detection techniques for compliance officers. Explore our training programmes.
Frequently Asked Questions
What is the FATF definition of trade-based money laundering?
The Financial Action Task Force (FATF) defines TBML as “the process of disguising the proceeds of crime and moving value through the use of trade transactions in an attempt to legitimise their illicit origins.” This includes manipulation of invoices, shipping documents, and commodity descriptions to transfer value across borders. The FATF first published dedicated TBML guidance in 2006, updated in 2020 to introduce sector-specific risk assessments for high-risk trade categories including gold, diamonds, and electronic components.
Which sectors in the UAE carry the highest TBML risk?
The highest-risk sectors are Dealers in Precious Metals and Stones (DPMS), real estate agents and brokers handling cross-border transactions, corporate service providers managing multi-jurisdictional structures, exchange houses processing trade-related remittances, and free zone companies involved in re-export or transshipment. Licensed financial institutions providing trade finance — including letters of credit and open account financing — also carry elevated TBML exposure and are the primary target of the CBUAE’s April 2026 guidance.
Does TBML compliance apply to free zone companies in the UAE?
Yes. Federal Decree-Law No. 10 of 2025 and Cabinet Decision No. 134 of 2025 apply to all regulated entities operating in the UAE, including those based in free zones such as DMCC, JAFZA, ADGM, and DIFC. The relevant supervisory authority varies by free zone — the DFSA supervises DIFC entities, ADGM’s FSRA supervises ADGM entities, and mainland and other free zone companies fall under CBUAE and MOE oversight. See our detailed guide on AML obligations for UAE free zone companies for a breakdown by jurisdiction.
What does the CBUAE’s April 2026 TBML guidance require?
The CBUAE’s April 2026 TBML guidance requires licensed financial institutions to conduct a structured TBML risk assessment that identifies exposure by trade product, corridor, and counterparty type. The assessment must be documented, reviewed regularly, and integrated into the institution’s Enterprise-Wide Risk Assessment (EWRA). Institutions must demonstrate that their transaction monitoring rules reflect the specific TBML typologies identified in their risk assessment — not generic alert logic applied uniformly across all transaction types.
When must a suspicious trade transaction be reported in the UAE?
Any transaction suspected of being linked to money laundering — including trade-based schemes — must be reported to the UAE Financial Intelligence Unit (FIU) via the goAML system as a Suspicious Transaction Report (STR). The report must be filed as soon as the suspicion arises. There is no minimum threshold amount. Filing an STR does not require certainty of criminal activity — reasonable grounds for suspicion are sufficient to trigger the reporting obligation. Failure to file is a criminal offence under Federal Decree-Law No. 10 of 2025 and carries administrative fines up to AED 5 million per violation.
What records must be kept for TBML compliance?
Under Cabinet Decision No. 134 of 2025, regulated entities must retain transaction records, customer due diligence files, and all TBML-related documentation for a minimum of five years from the date of the transaction or the end of the business relationship, whichever is later. Records must be available to the relevant supervisory authority on request, in a format that allows full reconstruction of individual transactions for audit purposes. Inadequate record-keeping is a standalone compliance breach regardless of whether TBML activity occurred.
How can UAE businesses build TBML controls without a dedicated trade compliance team?
Many UAE DNFBPs and SMEs do not have in-house trade finance expertise. The practical approach is to implement a risk-based framework with three components: a documented TBML risk assessment based on your business model and customer base, standard CDD procedures with clear EDD triggers for high-risk trade scenarios, and a defined escalation path to an outsourced compliance officer or advisory team when red flags arise. Adil Zone provides outsourced compliance officer services and risk assessment support specifically designed for entities without full in-house compliance functions.
Related Reading
- CBUAE AML CFT Guidance 2026: New Requirements for UAE Banks
- Customer Due Diligence (CDD) in the UAE: The Complete Compliance Guide
- Targeted Financial Sanctions (TFS) in the UAE
- goAML Portal Registration Guide 2026
- AML Self-Assessment Guide for DNFBPs in UAE
- Predicate Offences in the UAE: What Every Business Must Know
- AML Compliance Checklist for New UAE Businesses
Contact Adil Zone for a free consultation and gap analysis on your TBML risk framework. Our UAE-based compliance team has hands-on experience designing and testing TBML controls for LFIs, DNFBPs, and free zone entities. Request a free consultation.
Disclaimer: This article is for general informational purposes only and does not constitute legal or compliance advice. Regulatory requirements may change. Contact a qualified compliance professional for guidance specific to your business and regulatory environment.
