FSRA AML Rulebook (ADGM)

What is the FSRA AML Rulebook?

The FSRA AML Rulebook is the anti-money-laundering and counter-terrorist-financing rulebook issued by the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM). It sets out the binding obligations that every Authorised Person, Designated Non-Financial Business or Profession (DNFBP), and other Relevant Person operating in ADGM must follow to detect, deter, and report money-laundering, terrorist-financing, and proliferation-financing risks.

The rulebook implements the UAE Federal AML/CFT framework — anchored in Federal Decree-Law No. (20) of 2018 and its subsequent amendments — within the ADGM free-zone jurisdiction. It also aligns ADGM firms with FATF 40 Recommendations, UN sanctions regimes, and the UAE Cabinet's targeted financial sanctions framework. For a broader compliance-architecture view, see our AML compliance complete guide.

Who must comply with the FSRA AML Rulebook

The rulebook applies to all Relevant Persons authorised, registered, or recognised by the FSRA in ADGM, including:

• Authorised Persons — banks, asset managers, brokers, custodians, payment service providers, and other licensed financial firms.
• DNFBPs — independent legal professionals, accountants, auditors, dealers in precious metals and stones, real-estate brokers, trust and corporate service providers.
• Registered Auditors of Authorised Persons.
• Recognised Bodies and other entities the FSRA designates by notice.

Compliance responsibility sits with the firm's senior management, but day-to-day oversight is exercised by a designated Money Laundering Reporting Officer (MLRO). New entrants can review our walkthrough of AML registration in the UAE for the end-to-end onboarding process.

MLRO requirements under the FSRA AML Rulebook

Every Relevant Person must appoint a Money Laundering Reporting Officer (MLRO) based in the UAE. The MLRO must be of sufficient seniority to act independently, have direct access to the governing body, and hold the authority to file STRs without management approval. The rulebook also requires firms to designate a Deputy MLRO to ensure continuity during absences. The MLRO produces an annual AML/CFT report for the firm's senior management — an artifact the FSRA reviews during supervisory engagement.

Customer due diligence (CDD) and enhanced due diligence (EDD)

Standard CDD under the rulebook requires identifying and verifying the customer, identifying any beneficial owner (typically the natural person owning or controlling 25% or more of the entity), and understanding the nature and purpose of the relationship. EDD applies whenever risk is elevated — for example, politically exposed persons (PEPs), customers from FATF high-risk or jurisdictions under increased monitoring, non-face-to-face onboarding without strong identity assurance, or unusually complex ownership structures. EDD measures include senior-management approval, source-of-funds and source-of-wealth checks, and intensified ongoing monitoring. Many ADGM firms use automated AML screening tools to operationalise these checks at scale, alongside dedicated UAE business verification APIs for legal-entity onboarding.

Sanctions screening and targeted financial sanctions

The rulebook obliges Relevant Persons to comply with UN Security Council sanctions and the UAE Local Terrorist List maintained by the UAE Cabinet. Firms must screen all customers, beneficial owners, and counterparties at onboarding, periodically thereafter, and immediately when sanctions lists are updated. Any positive match must be frozen without delay and reported to the UAE Executive Office for Control and Non-Proliferation. Failure to maintain effective sanctions controls is one of the most heavily penalised areas of FSRA enforcement. For a deeper primer on screening logic, list coverage, and false-positive handling, see our sanctions screening AML guide and our roundup of best AML watchlist screening tools.

Suspicious transaction reporting (STR/SAR)

When a Relevant Person knows, suspects, or has reasonable grounds to suspect money laundering, terrorism financing, or a predicate offence, the MLRO must file an STR with the UAE Financial Intelligence Unit through the goAML reporting platform. Filing must be made as soon as practicable after the suspicion arises. Firms are also subject to strict tipping-off prohibitions — they must not disclose the existence or content of an STR to the customer or any unauthorised third party.

How the FSRA AML Rulebook compares to other UAE AML frameworks

The UAE has a layered AML/CFT architecture. Broadly:

• FSRA AML Rulebook governs ADGM-licensed Relevant Persons.
• DFSA AML Rulebook governs Dubai International Financial Centre (DIFC) firms — see DFSA AML Rulebook (DIFC) for the parallel regime.
• CBUAE AML guidance governs onshore (mainland) banks, exchange houses, and payment firms.
• UAE Federal Decree-Law No. (20) of 2018 is the umbrella federal AML law all three regimes implement.

ADGM and DIFC rulebooks are structurally similar but differ in scope, fees, supervisory style, and certain procedural requirements. Firms operating across free zones and onshore must reconcile all three layers.

Recordkeeping and documentation

Relevant Persons must maintain comprehensive AML/CFT records for at least six years, including:

• CDD and EDD documentation
• Transaction records and monitoring outputs
• STR filings and supporting analysis
• Risk assessments and methodology
• MLRO annual reports and training records
• Sanctions screening logs and match dispositions

These records must be made available to the FSRA promptly on request.