Compliance requirements across the Middle East continue to expand in scope and complexity for banks and financial services firms. Emerging regulations in markets including the UAE, Saudi Arabia, and Kuwait are raising expectations around governance, accountability, standards of conduct and risk management for organisations of all sizes.
Whether based in the Middle East or in an outside jurisdiction and looking to capitalize on opportunities for growth, banks and financial services firms doing business in the region must navigate multiple regulators and adapt their compliance programs to meet rapidly changing legislation.
Regulatory oversight across Middle Eastern markets involves multiple authorities within each country, each maintaining distinct supervisory frameworks and legislation.
How Well Do You Really Know Your Business Partners?
The UAE operates a complex regulatory structure designed to address the unique challenges of its multi-zone financial system. Each regulatory authority maintains distinct oversight responsibilities across the Federal jurisdiction and the two financial free zones of the UAE.
The Central Bank of the UAE oversees the banking sector, payment service providers and credit institutions.
The Securities and Commodities Authority regulates securities and capital markets.
The Dubai Financial Services Authority serves as the independent regulator for the Dubai International Financial Centre (DIFC), with a focus on capital markets, asset management, and licensing.
The Virtual Assets Regulatory Authority regulates virtual assets and related activities in Dubai.
Fitness & Propriety Standards found in the CBUAE Rulebook (CBUAE Circular C 4/2024) establish a mandatory framework for assessing the integrity, qualifications, independence and time commitment of senior management and risk-sensitive roles. The standards also establish Continuous Professional Development (CPD) requirements for all relevant staff.
The SCA Corporate Governance Code mandates enhanced board independence, diversity, committee structure, risk management, and mandatory annual board evaluations.
Cabinet Resolution No. (40) of 2024 requires federal boards to implement systematic internal controls and conduct annual effectiveness reviews.
The CBUAE Business Conduct requirements are binding rules for all licensed financial institutions in the UAE, ensuring ethical behavior, consumer protection, and responsible business practices. They cover staff conduct, fair treatment of customers, product suitability, transparency in marketing, and mandatory documentation and consent processes.
The National Strategy for Anti-Money Laundering, Countering the Financing of Terrorism and Proliferation Financing for 2024-27 focuses on risk-based AML, continuous monitoring, enhanced beneficial ownership (UBO) transparency, crypto and KYC, and tightening of third-party requirements.
Article 14 of UAE Federal Decree-Law No. 20 of 2018 sets out administrative penalties for violations of the Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) law. The law empowers the supervisory authority to impose fines between AED 50,000 and AED 5,000,000, issue warnings, ban violators from the relevant sector, suspend board or management members or even cancel licenses.
The Dubai Financial Services Authority (DFSA) is the independent regulator of financial services conducted in or from the Dubai International Financial Centre (DIFC). It oversees banking, securities, asset management, and market conduct to ensure transparency, integrity, and adherence to international standards.
Read About Smarter Ethics and Conduct Risk Management for UAE Banks and Financial Services Firms
Saudi Arabia operates a functionally divided regulatory system where supervisory responsibilities are allocated by financial sector segments rather than geographical zones. This structure supports the Kingdom's Vision 2030 economic diversification objectives.
The Saudi Central Bank, formerly known as the Saudi Arabian Monetary Agency, oversees the banking and payments sector.
The Capital Market Authority regulates securities, asset managers, investment banks, and brokerage firms.
The Insurance Authority regulates the insurance sector.
The Ministry of Investment enforces foreign investment and FDI compliance.
The SAMA Rulebook covers requirements for financial institutions (banks, money exchangers, foreign bank branches) to perform customer due diligence (KYC), report suspicious transactions, maintain records, and comply with confidentiality and information-sharing obligations.
The Capital Market Law establishes the legal framework for the Saudi capital markets: licensing, supervision of securities business, disclosure obligations, investor protection, and oversight of authorized persons.
The Capital Market Institutions Regulations specify rules for capital market institutions, including incorporation, prudential requirements, controllers, notification of changes (e.g., controllers, business profile), record-keeping, and governance obligations.
Ultimate Beneficial Ownership Rules require most companies in Saudi Arabia to formally disclose their ultimate beneficial owners to the Ministry of Commerce, maintain a UBO register, report changes within 15 days, and confirm UBOs annually.
The Executive Regulations of the Investment Law implement the Investment Law, including requirements around investor protections, transparency, documentation, and rights & obligations of foreign investors.
Read How Growth Drives Risk and Compliance Challenges in the UAE and Saudi Arabia
Kuwait maintains a centralized regulatory structure that contrasts with the multi-tiered frameworks of neighboring GCC countries. The approach emphasizes specialized oversight authorities for specific market segments while maintaining unified supervision standards.
The Central Bank of Kuwait oversees the prudential regulation of banks and financial institutions.
The Capital Markets Authority regulates securities, investment management and Islamic finance products.
The Ministry of Commerce & Industry is responsible for Ultimate Beneficial Ownership (UBO) compliance for all entities, including regulatory oversight on Anti-Money Laundering (AML).
Boursa Kuwait sets rules for exchange-listed entities.
The Kuwait Financial Intelligence Unit handles the receipt, analysis, and dissemination of intelligence related to suspicious transactions.
Kuwait Law No. 106 of 2013 is the primary national law criminalizing money-laundering and terrorist financing, setting out core obligations for customer due diligence, suspicious transaction reporting, record keeping and sanctions.
The AML Chapter of the Central Bank of Kuwait Rulebook provides binding instructions to supervised financial institutions on anti-money laundering & combating the financing of terrorism, covering AML/CFT measures, KYC requirements, ongoing monitoring and reporting procedures.
The Capital Markets Authority Corporate Governance Regulations (Resolution No. 25 of 2013) establishes corporate governance requirements for entities regulated by the CMA, including board responsibilities, oversight, disclosure, and fitness-and-propriety expectations for licensed persons and key officers.
The Boursa Kuwait Rulebook Exchange Rulebook & Listing Rules govern listed issuers and market participants, covering conduct of business disclosure obligations, insider dealing rules and obligations for exchange-listed entities to ensure appropriate market conduct and investor protection.
Watch an On-Demand Webinar on Building a Culture of Compliance
Regulatory enforcement across the Gulf region has intensified in recent years, with authorities in the UAE, Saudi Arabia, and Kuwait increasing scrutiny of financial institutions and invoking penalties including larger fines and revocation of licenses. Regulators are targeting breaches related to AML/CFT, governance, disclosure and conduct risk, signaling a shift toward more proactive supervision and harsher enforcement. This trend highlights the importance of firms maintaining robust governance frameworks, supported by effective compliance technology, to prevent penalties and reputational damage.
Firms seeking to operate successfully across these markets must develop compliance strategies that address the specific requirements of each jurisdiction and that can keep pace with change as these requirements continue to evolve.
MCO's single-platform approach is purpose-built to manage compliance across jurisdictions and the core areas of compliance with a single data source, 30+ products and configurable capabilities to meet the bespoke needs of financial services firms.
MyComplianceOffice enables firms to establish robust, jurisdiction-specific compliance frameworks to be better positioned to avoid enforcement actions, maintain operational efficiency and capitalize on the region's opportunity for growth with solutions including: