Breaking Down Cabinet Resolution No. 134 of 2025
- Cabinet Resolution No. 134 of 2025 provides the executive regulations for implementing the UAE’s AML framework, supporting Federal Decree Law No. 10 of 2025 and outlining practical compliance expectations.
- The resolution replaces the previous framework under Cabinet Resolution No. 10 of 2019, introducing stronger requirements for risk-based AML/CFT systems, governance oversight, and monitoring controls.
- It expands compliance focus to include proliferation financing (PF), enhanced CDD/EDD standards, and improved suspicious transaction reporting quality.
Why Cabinet Resolution No. 134 of 2025 Matters Now
If Federal Decree Law No. 10 of 2025 forms the legal foundation of the UAE’s new AML law, Cabinet Resolution No. 134 of 2025 functions as the operational rulebook.
In simple terms, the Decree Law defines “what must be done,” while Cabinet Resolution 134 defines “how it must be implemented.”
For compliance teams, the priority shifts from policy existence to control effectiveness. Regulators are increasingly focused on whether controls are proportionate, functional, and supported by evidence.
UAE Cabinet Resolution No. 134 of 2025 – At a Glance
Topic |
Practical takeaway for regulated entities |
|---|---|
What it is
| |
Effective date
|
In force from 14 December 2025
|
What it replaced
|
Repeals the older implementing framework under Cabinet Resolution No. 10 of 2019
|
Coverage
|
Applies across financial institutions, DNFBPs, and VASPs with expanded PF focus
|
Key compliance shift
|
Stronger expectations for risk-based AML/CFT systems, governance, monitoring, and reporting quality
|
Important expansion
|
Explicit inclusion of proliferation financing and broader sector application, including gaming-related DNFBP touchpoints in scope described by market commentary
|
Regulatory context
|
Must be implemented with jurisdiction-aware alignment for DIFC, ADGM, VARA, CMA, MOET, and MOJ environments
|
Relationship Between Federal Decree Law No. 10 of 2025 and Cabinet Resolution No. 134 of 2025
The structure of UAE AML legislation follows a clear hierarchy:
- Federal Decree Law No. 10 of 2025 establishes the principal AML/CFT/CPF legal obligations.
- Cabinet Resolution No. 134 of 2025 provides the executive regulations for practical application.
- The 2025 resolution supersedes the 2019 executive framework.
This creates direct accountability for boards and senior management to ensure AML/CFT operating models are fully updated end-to-end, not merely reworded.
Scope and Coverage Under Cabinet Resolution No. 134 of 2025
From a practical compliance perspective, the resolution applies broadly across:
- Financial Institutions
- Designated Non-Financial Businesses and Professions (DNFBPs)
- Virtual Asset Service Providers (VASPs)
Market-facing guidance also highlights expanded perimeter considerations, including proliferation-financing integration and DNFBP developments connected to gaming-related activities. Businesses should therefore conduct careful applicability assessments across licence classes and service lines.
Ready to schedule a consultation?
Most inspection findings trace back to execution gaps
Key Compliance Themes Reinforced by Cabinet Resolution No. 134 of 2025
Risk-Based AML/CFT and PF Control Design
The framework should be approached as a risk-based system, not a checklist. Control design must consider:
- Customer risk
- Product and service risk
- Transaction behaviour
- Delivery channel exposure
- Geographic and sanctions exposure
- Proliferation-financing vulnerabilities
Generic templates rarely meet supervisory expectations without sector-specific adaptation.
Governance, Accountability, and Senior Oversight
Accountability must be visible and documented. Senior management should evidence:
- Clear ownership of AML/CFT and PF controls
- Periodic control effectiveness reviews
- Risk-prioritised remediation decisions
- Timely escalation of high-risk findings
Stronger CDD, EDD, and Beneficial Ownership Defensibility
Institutions must demonstrate not only that checks occurred, but why conclusions were reached. UBO logic, customer risk scoring, and EDD triggers should be coherent, consistent, and auditable.
Ongoing Monitoring Focused on Quality Over Quantity
Firms are expected to move from alert-heavy systems to intelligence-led monitoring that delivers stronger detection outcomes and clearer investigative narratives.
STR Decision Quality and Documentation Discipline
Suspicious Transaction Reporting remains a primary regulatory outcome. Investigations should be:
- Chronology-driven
- Fact-based
- Supported by documented rationale and approval trails
Integration of PF and Sanctions into Daily Operations
Proliferation financing and sanctions screening are no longer peripheral controls. They must be embedded across:
- Onboarding
- Screening
- Transaction reviews
- Escalations
- Governance reporting
Regulatory Mapping Across UAE Jurisdictions
A common implementation mistake is assuming AML obligations are jurisdiction neutral. In practice, firms often operate under multiple regulatory environments, including:
- DIFC governance expectations
- ADGM rulebook-linked compliance requirements
- VARA obligations for virtual asset operations
- CMA standards for capital markets participants
- MOET supervisory roles for DNFBPs
- MOJ responsibilities for legal and professional services
Best practice involves a unified AML/CFT architecture with regulator-specific procedures and evidence standards.
Immediate Actions Under Cabinet Resolution No. 134 of 2025
Step 1: Legal-to-Control Mapping
Map each obligation to policy, procedure, system control, owner, and supporting evidence.
Step 2: AML/CFT/PF Gap Assessment
Evaluate EWRA, CDD/EDD, UBO, monitoring, sanctions, PF, and STR workflows.
Step 3: Monitoring and Screening Recalibration
Tune rules using real business behaviour and investigation outcomes.
Step 4: Investigation and Reporting Upgrades
Standardise case documentation, escalation logic, and approval frameworks.
Step 5: Strengthen Board and Senior Oversight
Provide concise dashboards covering risk concentration, control reliability, and remediation progress.
Step 6: Role-Based Training
Deliver practical, decision-focused AML/CFT training for frontline, operations, compliance, and leadership teams.
Ready to schedule a consultation?
Most inspection findings trace back to execution gaps
Common Implementation Errors and Practical Fixes
1. Treating implementation as legal drafting only
Fix: Approach it as a full control transformation programme.
2. Using generic procedures across all sectors
Fix: Tailor controls to business model and risk profile.
3. High alert volumes with weak analytical value
Fix: Continuously measure and tune monitoring performance.
4. Weak ownership of remediation actions
Fix: Assign accountable owners with defined timelines and escalation triggers.
5. Limited management visibility
Fix: Establish board-level reporting tied to risk trends and unresolved critical items.
Boardroom Readiness Questions
Senior leadership should regularly ask:
- Which AML/CFT and PF risks have increased since implementation?
- Which controls are least effective based on testing evidence?
- Are CDD, EDD, and UBO decisions consistent across units?
- Do STR investigations meet expected quality and timeliness?
- Are sanctions and PF controls fully integrated into operations?
- Can we evidence closure of high-risk findings with a clear audit trail?
Final Perspective on Cabinet Resolution No. 134 of 2025
Cabinet Resolution No. 134 of 2025 serves as the implementation engine of the UAE’s new AML law. Organisations that adopt structured, risk-based, and evidence-backed compliance frameworks will be better positioned from regulatory, operational, and reputational standpoints.
For firms operating across DIFC, ADGM, VARA, CMA, MOET, and MOJ environments, this is the appropriate moment to transition from fragmented compliance activities to a fully integrated AML/CFT/PF control architecture.
FAQs on UAE Cabinet Resolution No. 134 of 2025
What Is UAE Cabinet Resolution No. 134 of 2025?
Cabinet Resolution No. 134 of 2025 is the executive regulation that implements the UAE’s new AML law framework under Federal Decree Law No. 10 of 2025. It establishes practical AML/CFT and Proliferation Financing (PF) compliance expectations for regulated entities.
How Is Cabinet Resolution No. 134 of 2025 Connected to Federal Decree Law No. 10 of 2025?
Federal Decree Law No. 10 of 2025 defines the legal obligations, while Cabinet Resolution No. 134 of 2025 provides the operational guidance on how those obligations must be implemented in day-to-day compliance practice.
When Did Cabinet Resolution No. 134 of 2025 Come into Effect?
Cabinet Resolution No. 134 of 2025 came into force on 14 December 2025.
Did Cabinet Resolution No. 134 of 2025 Replace Earlier AML Executive Regulations?
Yes. It replaced the previous executive framework issued under Cabinet Resolution No. 10 of 2019, establishing an updated compliance baseline under the new UAE AML regime.
Which Entities Must Comply with Cabinet Resolution No. 134 of 2025?
The resolution applies to regulated entities within the UAE AML/CFT framework, including:
- Financial Institutions
- Designated Non-Financial Businesses and Professions (DNFBPs)
- Virtual Asset Service Providers (VASPs)
Applicability depends on the organisation’s licensing structure and business activities.
What Are the Primary Compliance Priorities Under Cabinet Resolution 134?
Key priorities include:
- Enterprise-wide risk assessment quality
- Risk-based CDD and EDD processes
- Beneficial ownership transparency
- Ongoing monitoring effectiveness
- Sanctions and proliferation-financing controls
- Suspicious transaction reporting quality
Does Cabinet Resolution No. 134 of 2025 Increase Emphasis on Proliferation Financing?
Yes. The framework introduces a stronger focus on PF risk integration, requiring firms to align sanctions screening, escalation procedures, monitoring logic, and governance reporting with PF considerations.
What Does a Risk-Based Approach Mean in Practice Under the New UAE AML Framework?
A risk-based approach requires controls to be proportionate to actual exposure. This includes evaluating:
- Customer type
- Products and services
- Geographic risk
- Delivery channels
- Transaction behaviour
A generic, one-size-fits-all framework is generally insufficient.
How Should Firms Approach CDD and EDD Under Cabinet Resolution 134?
CDD and EDD processes should be evidence-driven and clearly documented. Firms must demonstrate:
- Why a specific customer risk rating was assigned
- What enhanced checks were triggered
- How approval and escalation decisions were made
Why Does Beneficial Ownership Remain a Key Regulatory Focus?
Beneficial ownership opacity can conceal money laundering, terrorist financing, and proliferation financing risks. Firms must maintain defensible methods to identify and verify ultimate ownership and control, supported by documented rationale.
What Is Expected for Ongoing Monitoring Under Cabinet Resolution No. 134 of 2025?
Ongoing monitoring should produce meaningful intelligence rather than excessive alerts. Scenario design, calibration, investigation handling, and closure quality are all critical performance factors.
What Defines a High-Quality STR Process Under the New AML Law?
A high-quality STR process is:
- Fact-based
- Chronology-driven
- Timely
- Consistently documented
Case files should clearly reflect the trigger, analytical steps, decision rationale, reviewer challenge, and final reporting outcome.
How Should Firms Map Compliance Obligations Across DIFC, ADGM, VARA, CMA, MOET, and MOJ Jurisdictions?
Organisations should maintain a unified enterprise-level AML/CFT framework while tailoring procedures, governance pathways, and evidence standards to each applicable regulator, licence category, and supervisory environment.
What Common Implementation Mistakes Should Organisations Avoid?
Frequent errors include:
- Treating implementation as policy editing only
- Applying generic controls across different sectors
- Weak documentation and audit trails
- Unclear remediation ownership
- Limited board visibility on control effectiveness
What Questions Should Boards and Senior Management Ask to Assess Readiness?
Leadership should regularly assess:
- Where ML/TF/PF risk concentration is highest
- Which controls are weakest based on testing evidence
- Whether CDD and EDD decisions are consistent across units
- Whether STR quality is timely and robust
- Whether high-risk findings are remediated with supporting evidence
Expert Strategies, Industry Trends & Real Results
