The anti-money laundering (AML) laws in the Gulf Cooperation Council (GCC) represent a collective regional effort to provide robust safeguards against illicit financial activities and terrorist financing. GCC member states—Saudi Arabia, United Arab Emirates (UAE), Qatar, Kuwait, Oman, and Bahrain—have all enacted national AML regimes. These frameworks
“reflect a blend of local legislation and global standards, adapting to regional needs while aligning with best practices from international bodies like the Financial Action Task Force (FATF)”.
AML laws in the GCC set out
“strict requirements for financial institutions and designated non-financial businesses and professions (DNFBPs) to implement customer due diligence (CDD), maintain comprehensive records, and report suspicious transactions”.
In addition, the expansion of these laws to newer sectors—including crypto-asset providers, real estate, precious metals dealers, and legal professionals—demonstrates the region’s commitment to combating financial crime in all forms.
Regional Coordination and International Alignment
Although each GCC country maintains its own AML legislation, there is
“increasing harmonization in accordance with FATF’s forty recommendations”.
For instance, Saudi Arabia, as a full member of FATF since 2019, serves as a benchmark for regional reforms. The UAE, Qatar, and Oman model their regulations after global expectations and actively participate in FATF-style mutual evaluations.
Historical Development and Key Legislation
Early Efforts and Legislative Evolution
The GCC’s AML history began with foundational laws in the early 2000s, prompted by rising awareness of transnational threats such as corruption, terrorism, and organized crime. Over time,
“successive legislative reforms have strengthened enforcement powers and closed regulatory gaps”.
Notable Examples by Country
- Saudi Arabia: The Anti-Money Laundering Law (AML Law) and updates administered by the Saudi Arabian Monetary Authority (SAMA) and the Capital Market Authority (CMA). These require CDD, transaction monitoring, and reporting obligations for all financial institutions and DNFBPs.
- United Arab Emirates: The current structure is based on Federal Decree-Law No.20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations, alongside the 2019 implementing regulations. Further amendments in 2024 centered AML enforcement at the highest government levels, reflecting a strategic focus on national and virtual finance risks.
- Oman: The Anti-Money Laundering Law (Royal Decree 34 of 2002) and subsequent regulatory amendments, with supervision shared between the Central Bank and Financial Intelligence Unit (FIU).
- Qatar, Kuwait, Bahrain: Each country operates under its own AML/CFT law, overseen by respective central banks and FIUs, requiring adherence to FATF and MENAFATF principles.
“All countries in the GCC have statutory obligations to implement the FATF’s recommendations, moving steadily toward best-in-class compliance”.
Regulatory Authorities
Every GCC member state designates a primary supervisory authority for AML matters. These bodies oversee enforcement and drive compliance improvements:
- Saudi Arabia: SAMA, CMA, and Saudi FIU.
- UAE: Central Bank of the UAE (CBUAE), Dubai Financial Services Authority (DFSA), and UAE FIU.
- Oman: Central Bank of Oman and FIU.
- Bahrain: Central Bank of Bahrain.
- Qatar: Qatar Central Bank and Qatar FIU.
- Kuwait: Central Bank of Kuwait.
Key Requirements and Implementation
Customer Due Diligence and KYC
“Customer due diligence is the cornerstone of GCC AML regimes.”
Financial institutions and DNFBPs are obliged to verify identities, assess risks, and monitor ongoing relationships. This encompasses basic identity verification, beneficial ownership checks, and ongoing risk re-assessment. Enhanced due diligence applies to high-risk clients, such as politically exposed persons (PEPs), non-residents, and those in high-risk sectors or countries.
Transaction Monitoring and Reporting
All financial institutions and reporting entities
“must monitor transactions for suspicious activity and immediately file Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs) with their national FIU”.
Many nations have digital platforms (e.g., UAE’s goAML portal) to standardize and streamline reporting across thousands of entities.
Record-Keeping and Document Retention
There is a statutory expectation to
“maintain transaction and customer records for at least five years,”
enabling audits, investigations, and regulatory reviews. These requirements extend to both financial activities and designated non-financial sectors.
Internal Controls and Governance
Each organization must have documented AML programs,
“appoint a compliance officer, conduct regular risk assessments, provide staff training, and maintain a robust internal control structure”.
Senior management bears direct responsibility for compliance.
Sanctions and Penalties
GCC AML statutes impose
” severe administrative and criminal penalties for non-compliance,”
including business suspensions, heavy fines, license revocation, and imprisonment. Penalties are enforced on both corporate entities and individual professionals found culpable.
Expansion of AML Obligations Beyond Banks
Recent reforms in all six states have brought a wider range of non-financial sectors under AML scrutiny, such as:
- Real estate agents and brokers.
- Dealers in precious metals, precious stones, and luxury goods.
- Law firms, independent accountants, notaries, and trust service providers.
- Crypto-asset service providers and virtual asset exchanges.
Adapting to New Risks: Technology & Virtual Assets
“AML regimes in the GCC have evolved to address the risks of digital banking, fintech, and virtual assets.”
Technology-driven KYC (digital onboarding, biometric verification), AML screening tools, and AI-powered transaction monitoring are now widely used. Virtual asset service providers (VASPs) face AML rules comparable to traditional banking, especially in the UAE and Bahrain.
Coordination and Cross-Border Cooperation
GCC countries increasingly work together and with international partners to
“facilitate intelligence sharing, joint investigations, and capacity-building”.
Memoranda of Understanding (MoUs), as illustrated by recent Saudi-Kuwaiti collaboration, further strengthen the cross-border fight against money laundering.
Ongoing Challenges
Despite strong legal structures,
“challenges remain in consistent enforcement, coordination between multiple agencies, and dealing with complex cross-border finance schemes”.
Evolving geopolitical risks and emerging technologies require continual upgrades to legal and compliance frameworks.
The Path Forward: Greater Compliance and Global Integration
The GCC is committed to aligning more closely with FATF standards.
“Frequent regulatory updates, risk-based compliance frameworks, and periodic mutual evaluations help to address loopholes and reinforce integrity across financial and non-financial industries.”
This trend supports both regional stability and global business integration.