Core AML Rules for TCSPs in the UAE
- TCSPs in the UAE are classified as DNFBPs and must comply with AML, CFT, and CPF regulations, focusing on transparency in company structures and ownership.
- Key obligations include identifying UBOs, conducting CDD/EDD, ongoing monitoring, sanctions screening, and reporting suspicious activities.
- The regulatory framework is driven by Federal Decree Law No. 10 of 2025 and related executive regulations, supported by national risk assessments and sector-specific guidance.
- Strong governance, risk-based controls, and continuous compliance monitoring are essential to manage complex structures and avoid regulatory risks.
Trust and Company Service Providers (TCSPs) help businesses set up companies, manage structures, and handle ownership arrangements in the UAE. Because these services involve creating and maintaining legal entities, TCSPs are classified as Designated Non-Financial Businesses and Professions (DNFBPs) and must follow the UAE’s Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) regulations.
Under this framework, TCSPs are required to identify their clients, understand who ultimately owns or controls a business, assess risk, and monitor relationships over time.
The goal is simple: to ensure that company structures remain transparent and are not used for illegal financial activities.
Who Qualifies as a TCSP in the UAE?
In the UAE, a Trust and Company Service Provider (TCSP) is any business that offers services related to the creation, management, or administration of legal entities. These services go beyond simple paperwork and include activities that shape how a company is structured and operated.
This typically includes:
- Company formation and registration services
- Acting as a director, secretary, or partner on behalf of another person
- Providing a registered office, business address, or correspondence address
- Arranging nominee shareholders or directors
- Assisting with trust or similar legal arrangements
If a business is involved in any of these activities, it is likely to fall within the TCSP category and must comply with UAE AML/CFT obligations.
Supervisory Authority for TCSPs in the UAE
TCSPs in the UAE are supervised by the Ministry of Economy. The Ministry is responsible for ensuring that TCSPs comply with AML/CFT regulations and maintain proper controls within their operations.
This includes:
- Conducting inspections and assessments
- Issuing guidance and regulatory updates
- Monitoring compliance with AML laws
- Taking enforcement action where required
TCSPs are expected to maintain clear policies, implement risk-based controls, and demonstrate ongoing compliance. The supervisory approach focuses not just on documentation, but on how effectively these measures are applied in practice.
Federal AML, CFT and CPF Legislative Framework in the UAE
Trust and Company Service Providers (TCSPs) in the UAE operate within a structured federal legal framework that governs Anti-Money Laundering (AML), Counter-Terrorism Financing (CFT), and Counter-Proliferation Financing (CPF) obligations. This framework establishes how businesses must identify risk, conduct due diligence, ensure transparency, and report suspicious activities.
The key legislative instruments include:
- Federal Decree Law No. (10) of 2025
Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing.
This is the primary AML law in the UAE. It defines the obligations of report ing entities, including customer due diligence, suspicious transaction reporting, record keeping, and internal compliance controls. - Cabinet Decision No. (134) of 2025
Regarding the Executive Regulations of Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing.
This decision provides the operational framework for implementing AML requirements. It formalises the risk-based approach, outlines enhanced due diligence measures, and clarifies supervisory and inspection powers.
These instruments define the core obligations applicable to all reporting entities, including TCSPs. They require firms to adopt a risk-based approach, conduct customer due diligence, identify and verify beneficial ownership, maintain records, and report suspicious transactions.
The Executive Regulations provide the operational layer, detailing how these obligations must be implemented. This includes expectations around enhanced due diligence, ongoing monitoring, internal controls, and supervisory engagement. For TCSPs, the emphasis is particularly strong on understanding ownership structures and ensuring that legal entities are not used to obscure control or facilitate illicit activity.
Simplify Your AML Compliance Process
From customer due diligence to ongoing monitoring, get practical support to manage AML requirements with confidence.
AML/CFT/CPF Guidance Applicable to All Reporting Entities
In addition to legislation, TCSPs must comply with federal guidance issued to all reporting entities. These documents translate regulatory expectations into actionable compliance measures and help firms respond to evolving financial crime risks.
Key guidance includes:
- Guidance on Targeted Financial Sanctions issued by the Executive Office for Control and Non-Proliferation (EOCN), which sets out requirements for screening, asset freezing, and compliance with United Nations sanctions
- Proliferation Financing Institutional Risk Assessment Guidance, which supports firms in identifying and assessing risks linked to proliferation financing
- Terrorist Financing and Proliferation Financing Red Flags Guidance, providing indicators that may signal suspicious behaviour
- Guidance on Counter Proliferation Financing, outlining control measures to mitigate proliferation-related risks
- Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE, addressing emerging risks linked to unregulated virtual asset activity
- Joint Guidance on Satisfactory and Unsatisfactory Practices, clarifying supervisory expectations through examples of compliant and non-compliant behaviour
- Financial Intelligence Unit (FIU) Strategic Analysis Reports, offering insight into typologies, trends, and evolving financial crime risks
For TCSPs, these documents are particularly relevant in identifying complex structuring risks, nominee arrangements, and cross-border exposure patterns.
NRA, SRA and Other Important Guidelines
The UAE’s National Risk Assessment (NRA) and Sectoral Risk Assessments (SRA) provide a macro-level view of financial crime risks and are central to how TCSPs are expected to design their compliance frameworks.
In this context:
- Circular No. (4) of 2025 requires TCSPs to understand and incorporate the findings of the UAE 2024 National Risk Assessment into their internal risk assessments. This means aligning Business Risk Assessments with national-level risk insights rather than relying on static or generic models.
Additional regulatory instruments further refine expectations:
- AML/CFT Guidelines for Designated Non-Financial Businesses and Professions – September 2025 establish baseline compliance standards for DNFBPs, including governance, risk management, and monitoring
- Circular No. (3) of 2025 emphasises the importance of screening against sanctions and terrorist lists, reinforcing the need for robust and continuous screening controls
- Circular No. (6) of 2025 focuses on implementing risk-based customer due diligence measures, including the appropriate use of simplified due diligence, and directly references the Implementation Guides on CRA and CDD (November 2024)
- Circular No. (7) of 2025 addresses the reimposition of United Nations sanctions related to Iran, requiring immediate alignment with updated sanctions obligations
- Circular No. (8) of 2025 updates the lists of high-risk countries and jurisdictions subject to increased monitoring, requiring TCSPs to adjust their risk classifications and due diligence measures accordingly
Supporting these requirements are:
- Implementation Guide for DNFBPs on Customer Risk Assessment (CRA) – November 2024, which provides structured guidance on identifying and assessing customer risk
- Implementation Guide for DNFBPs on Customer Due Diligence (CDD) – November 2024, which outlines how due diligence measures should be applied based on risk levels
Together, these guidelines ensure that TCSPs maintain a dynamic compliance framework that reflects current risk conditions, regulatory priorities, and evolving typologies.
Stay Ahead of AML Regulations
Keep your compliance framework updated with changing regulatory requirements and emerging risks.
Sector-Specific AML/CFT/CPF Guidelines for TCSPs
In addition to federal laws and DNFBP-wide guidance, Trust and Company Service Providers (TCSPs) in the UAE are subject to sector-specific regulatory expectations that reflect the unique risks associated with company formation, ownership structuring, and fiduciary services.
These guidelines focus on how TCSPs should manage risks that arise from the creation and administration of legal entities, particularly where ownership and control may be layered or indirect.
Key sector-specific guidance includes:
- Supplemental Guidance for Trust and Company Service Providers – May 2019
This guidance outlines risk areas specific to TCSPs, including complex ownership structures, nominee arrangements, use of intermediaries, and cross-border structuring. It highlights the importance of identifying the true beneficial owner and maintaining transparency across all layers of ownership and control. - Circular No. (4) of 2021
This circular reinforces regulatory expectations for TCSPs, particularly in relation to compliance controls, due diligence practices, and adherence to AML/CFT obligations within the sector.
These guidelines require TCSPs to go beyond standard compliance frameworks and apply enhanced scrutiny to the services they provide. Particular attention is expected in areas such as:
- Establishing and verifying Ultimate Beneficial Ownership (UBO)
- Monitoring nominee director and shareholder arrangements
- Assessing jurisdictional and cross-border risks
- Identifying structures that may be used to obscure ownership or control
For TCSPs, compliance is closely tied to how well they understand the structures they create and manage. Sector-specific guidance ensures that firms embed this understanding into their risk assessments, due diligence processes, and ongoing monitoring frameworks.
Core AML/CFT/CPF Obligations for TCSPs in the UAE
Trust and Company Service Providers (TCSPs) in the UAE are required to implement a risk-based AML, CFT, and CPF framework that ensures transparency in ownership structures and effective monitoring of client relationships. These obligations focus on both establishing controls and demonstrating that they operate effectively in practice.
The core requirements include:
- Business Risk Assessment (BRA)
Maintain a documented assessment of ML, TF, and PF risks, considering services offered, client profiles, and geographic exposure, with periodic updates. - Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
Identify and verify customers and Ultimate Beneficial Owners (UBOs), and apply enhanced scrutiny for high-risk relationships and complex structures. - Ongoing Monitoring
Continuously review client relationships to ensure activities remain consistent with the risk profile and identify unusual patterns. - Suspicious Transaction Reporting (STRs)
Report suspicions promptly through the goAML system, including cases involving unclear ownership or unusual structuring. - Targeted Financial Sanctions (TFS) Compliance
Conduct sanctions screening, implement asset freezing where required, and comply with reporting obligations. - Record Keeping
Maintain accurate records of due diligence, transactions, and reports in line with regulatory timelines. - Governance and Internal Controls
Establish policies, appoint an AML Compliance Officer, and ensure ongoing training and oversight.
These obligations require TCSPs to move beyond procedural compliance and maintain clear visibility over the structures they create and manage.
Implement Risk-Based AML Policies
Need Help with AML Compliance?
Get clear, practical answers to your AML questions and understand the next steps for your business.
Key AML/CFT/CPF Challenges for TCSPs in the UAE
Trust and Company Service Providers (TCSPs) operate at the structural core of business formation, which makes their AML exposure less about transactions and more about who sits behind the structure. This creates a distinct set of compliance challenges.
The key issues include:
- Identifying Ultimate Beneficial Ownership (UBO)
Complex and layered ownership structures, often spanning multiple jurisdictions, make it difficult to determine who ultimately owns or controls an entity. - Managing Nominee Arrangements
The use of nominee directors and shareholders can obscure control, requiring deeper scrutiny to ensure transparency is not compromised. - Cross-Border Risk Exposure
TCSPs frequently deal with international clients and structures, increasing exposure to high-risk jurisdictions and varying regulatory standards. - Assessing True Purpose of Structures
Distinguishing between legitimate structuring and arrangements designed to conceal ownership or move funds requires judgment beyond standard due diligence. - Keeping Risk Assessments Dynamic
Static risk models fail to capture evolving typologies. Regulators expect alignment with National Risk Assessments, FIU insights, and updated circulars. - Sanctions and High-Risk Jurisdiction Screening
Ensuring accurate and ongoing screening against sanctions lists and monitoring exposure to high-risk countries requires robust systems and controls. - Balancing Efficiency with Compliance Depth
TCSPs are often expected to deliver quick incorporation and structuring services, but regulatory expectations require detailed due diligence and verification. - Regulatory Scrutiny on Governance and Controls
Supervisory authorities increasingly focus on how well controls are implemented in practice, not just documented.
In essence, the challenge for TCSPs lies in maintaining visibility within complexity. The more sophisticated the structure, the stronger the expectation to understand, verify, and monitor it.
AML/CFT/CPF Best Practices for TCSPs in the UAE
Trust and Company Service Providers (TCSPs) are expected to implement robust and risk-based compliance frameworks that reflect the nature of their services and the complexity of the structures they manage. The following best practices align with regulatory expectations and support effective AML, CFT, and CPF compliance.
1. Strengthening Beneficial Ownership Transparency
TCSPs should ensure accurate identification and verification of Ultimate Beneficial Owners (UBOs), including a clear understanding of ownership and control structures. Enhanced scrutiny is required where ownership is layered or involves multiple jurisdictions.
2. Implementing a Risk-Based Approach
Business Risk Assessments should be tailored to the firm’s actual exposure, taking into account services offered, customer profiles, and geographic risks. These assessments should be reviewed and updated periodically.
3. Applying Enhanced Due Diligence Where Required
Enhanced Due Diligence (EDD) measures should be applied to high-risk relationships, including those involving complex structures, nominee arrangements, or high-risk jurisdictions. The focus should be on understanding the purpose and legitimacy of the structure.
4. Ensuring Effective Ongoing Monitoring
TCSPs should maintain continuous monitoring of business relationships, including reviewing changes in ownership, control, and activity to ensure consistency with the customer’s risk profile.
5. Strengthening Sanctions Compliance Controls
Robust sanctions screening processes should be implemented, covering customers, UBOs, and related parties. Screening should be ongoing and aligned with updates to sanctions lists and high-risk jurisdictions.
6. Integrating Compliance into Operational Processes
AML/CFT controls should be embedded within onboarding and service delivery processes to ensure consistency, accountability, and timely risk identification.
7. Maintaining Comprehensive Documentation
All due diligence measures, risk assessments, and decisions should be clearly documented. Records should be complete, accurate, and readily available for regulatory review.
8. Establishing Strong Governance and Oversight
TCSPs should appoint a qualified AML Compliance Officer, implement clear internal policies and procedures, and ensure regular training for staff. Independent review of compliance frameworks should also be conducted where appropriate.
9. Keeping Compliance Frameworks Updated
Policies and procedures should be regularly reviewed and updated to reflect changes in regulations, emerging risks, and updated guidance from supervisory authorities.
These practices support a structured and consistent approach to compliance, enabling TCSPs to effectively manage risk while meeting regulatory expectations in the UAE.
Final Observations
AML compliance for TCSPs in the UAE is fundamentally about maintaining visibility in environments where complexity is part of the service offering. The regulatory framework is designed to ensure that, even as structures become more layered and cross-border in nature, accountability and transparency remain intact.
For TCSPs, the expectation is clear. It is not sufficient to facilitate the creation of legal entities. There must be a clear and ongoing understanding of who owns, who controls, and why the structure exists. This requires a compliance approach that is risk-based, well-governed, and consistently applied. ZFC UAE works closely with businesses to design and strengthen AML frameworks that are not just documented, but operationally effective and aligned with supervisory expectations in the UAE.
As regulatory expectations continue to evolve, TCSPs that invest in strong controls, informed risk assessments, and practical implementation of guidance will be better positioned to meet supervisory standards. More importantly, they contribute to preserving the integrity of the corporate and financial ecosystem in which they operate.
Get Started with AML Compliance Today
Whether you are building or improving your AML framework, take the next step toward stronger compliance.
Expert Strategies, Industry Trends & Real Results
