Trust and Company Service Providers (TCSPs) occupy a distinctive position within the UAE’s financial crime compliance landscape. They work around forming companies, structuring ownership arrangements, and administering legal entities, which sit at the intersection of corporate transparency and financial integrity.
Because TCSPs are directly involved in the creation and management of legal entities, they are classified as Designated Non-Financial Businesses and Professions (DNFBPs) under UAE law. This classification brings with it a defined set of Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Counter-Proliferation Financing (CPF) obligations that govern how these firms identify risk, verify clients, and report suspicious activity.
This guide sets out the applicable laws, guidance, and compliance expectations for TCSPs operating in the UAE.
What Defines a TCSP in the UAE?
A Trust and Company Service Provider is any business or professional that offers services related to the formation, operation, or administration of legal entities. The scope extends well beyond basic incorporation work and covers a range of activities that influence how a company is structured, represented, and governed.
Activities that typically bring a firm within the TCSP classification include:
- Forming and registering companies or other legal entities
- Acting in a directorial, secretarial, or partner capacity on behalf of a client
- Providing a registered office, business address, or communication address
- Arranging or acting as a nominee shareholder or director
- Establishing or administering trusts and similar legal arrangements
If a business offers any of these services, it is likely to fall within the TCSP category and must meet the UAE’s AML/CFT/CPF obligations accordingly.
Supervisory Oversight of TCSPs
The Ministry of Economy serves as the supervisory authority for TCSPs in the UAE. Its role is to ensure that firms within this sector maintain effective AML/CFT/CPF controls and operate in line with applicable laws and regulations.
The Ministry’s supervisory functions include:
- Conducting on-site and off-site inspections and compliance assessments
- Publishing regulatory guidance and sector-specific updates
- Monitoring adherence to AML/CFT obligations across the TCSP sector
- Exercising enforcement authority where compliance failings are identified
TCSPs should be prepared to demonstrate that their policies are not merely documented but are actively implemented and consistently followed. Supervisory assessments increasingly focus on the practical effectiveness of controls, not just their existence on paper.
Federal AML, CFT, and CPF Legal Framework
TCSPs in the UAE operate under a federal legal framework that sets out comprehensive obligations covering AML, CTF, and CPF. The framework is built around two primary instruments:
Federal Decree Law No. 10 of 2025
Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing
This is the primary legislative instrument governing financial crime compliance in the UAE. It establishes the core obligations applicable to all reporting entities, including TCSPs. These obligations cover customer identification, beneficial ownership verification, suspicious transaction reporting, record keeping, and internal compliance governance.
Cabinet Resolution No. 134 of 2025
Concerning the Executive Regulations of Federal Decree-Law No. (10) of 2025 Concerning Combating Money Laundering, Terrorist Financing, and the Financing of the Proliferation of Weapons
This decision provides the operational layer of the AML framework. It formalises the risk-based approach, specifies enhanced due diligence requirements, and clarifies the scope of supervisory and inspection powers. For TCSPs, the Executive Regulations reinforce expectations around ownership transparency and the detection of structures that may be used to conceal control or facilitate illicit financial activity.
AML/CFT/CPF Guidance Applicable to All Reporting Entities
Beyond legislation, TCSPs are expected to comply with federal guidance issued to reporting entities across all sectors. These documents translate regulatory requirements into practical compliance measures and reflect the UAE’s evolving approach to financial crime risk management.
Key guidance documents include:
- Guidance on Targeted Financial Sanctions issued by the Executive Office for Control and Non-Proliferation (EOCN), addressing screening obligations, asset freezing requirements, and compliance with United Nations sanctions
- Proliferation Financing Institutional Risk Assessment Guidance for FIs, DNFBPs, and VASPs supporting firms in assessing their exposure to proliferation financing risks
- Terrorist Financing and Proliferation Financing Red Flags Guidance identifying behavioural and structural indicators that may signal suspicious activity
- Guidance on Counter Proliferation Financing for FIs, DNFBPs, and VASPs, outlining the control measures firms should implement to mitigate CPF risks
- Joint Guidance on Combating the Use of Unlicensed Virtual Asset Providers in the UAE, addressing risks arising from unregulated virtual asset activity
- Joint Guidance on Satisfactory and Unsatisfactory Practices, providing sector-wide examples of compliant and non-compliant conduct
- Financial Intelligence Unit (FIU) Strategic Analysis Reports offering intelligence on financial crime typologies, trends, and emerging risks
For TCSPs, these documents are particularly relevant when assessing risks associated with complex ownership structures, nominee arrangements, and cross-border client relationships.
National and Sectoral Risk Assessments and Supporting Regulations
The UAE’s National Risk Assessment (NRA) and Sectoral Risk Assessments (SRA) form a critical part of how TCSPs are expected to calibrate their compliance frameworks. Regulators expect firms to design their internal risk assessments with reference to these macro-level insights rather than generic or static models.
Key Circular: No. (4) of 2025
This circular requires TCSPs to actively incorporate the findings of the UAE 2024 National Risk Assessment into their Business Risk Assessments (BRAs). This creates a direct link between national-level risk intelligence and firm-level compliance design.
Additional Regulatory Instruments
Several further instruments refine compliance expectations for TCSPs:
- AML/CFT Guidelines for Designated Non-Financial Businesses and Professions, September 2025: Establishes baseline compliance standards for DNFBPs, covering governance, risk management, and transaction monitoring
- Circular No. (3) of 2025: Reinforces obligations around screening against sanctions and terrorist designation lists, underscoring the need for robust, continuous screening procedures
- Circular No. (6) of 2025: Addresses risk-based customer due diligence measures, including appropriate use of simplified due diligence, with direct reference to the November 2024 Implementation Guides on CRA and CDD
- Circular No. (7) of 2025: Covers the reimposition of United Nations sanctions related to Iran, requiring TCSPs to ensure immediate alignment with updated obligations
- Circular No. (8) of 2025: Updates the lists of high-risk countries and jurisdictions subject to enhanced monitoring, requiring firms to adjust risk classifications and due diligence processes accordingly
Supporting these circulars are two practical implementation guides:
- Implementation Guide for DNFBPs on Customer Risk Assessment (CRA), November 2024
- Implementation Guide for DNFBPs on Customer Due Diligence (CDD), November 2024
Together, these instruments require TCSPs to maintain compliance frameworks that are responsive, current, and aligned with the regulatory landscape as it develops.
Sector-Specific Guidance for TCSPs
In addition to the laws and DNFBP-wide guidance that apply broadly, TCSPs are subject to sector-specific regulatory expectations that reflect the particular risks inherent in company formation, fiduciary services, and ownership structuring.
Supplemental Guidance for Trust and Company Service Providers, May 2019
This guidance addresses the risk areas that are most pronounced within the TCSP sector. It focuses on the complexity of ownership structures, the risks associated with nominee arrangements, the use of intermediaries, and the implications of cross-border structuring. A central theme is the importance of identifying the true beneficial owner and maintaining transparency across every layer of ownership and control.
This circular reinforces compliance expectations specific to TCSPs, with particular emphasis on due diligence practices, adherence to AML/CFT obligations, and the adequacy of internal controls within the sector.
These sector-specific instruments require TCSPs to apply heightened scrutiny in several areas:
- Establishing and verifying Ultimate Beneficial Ownership (UBO) across complex structures
- Scrutinising nominee director and shareholder arrangements
- Assessing cross-border and jurisdictional risk exposures
- Identifying structures that may be used to obscure ownership, control, or the origin of funds
Compliance within this sector is ultimately tied to how well a firm understands the structures it creates and maintains. Sector-specific guidance exists to ensure that this understanding is embedded into risk assessments, due diligence processes, and monitoring activities.
Core AML/CFT/CPF Obligations for TCSPs
The AML/CFT/CPF framework applicable to TCSPs requires the implementation of risk-based controls that support ownership transparency and the ongoing management of client risk. These obligations require firms to maintain genuine visibility over the structures they administer.
Business Risk Assessment (BRA)
TCSPs must maintain a documented, up-to-date assessment of their exposure to money laundering, terrorism financing, and proliferation financing risks. This assessment should reflect the firm’s service offering, client base, and geographic exposure, and must be reviewed on a regular basis.
Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
Firms must identify and verify customers and Ultimate Beneficial Owners, with enhanced scrutiny applied to high-risk relationships, complex ownership structures, and clients from high-risk jurisdictions.
Ongoing Monitoring
TCSPs must continuously review client relationships to detect activity that is inconsistent with the established risk profile. This includes monitoring for changes in ownership, control, and transactional behaviour.
Suspicious Transaction Reporting (STRs)
Suspicions must be reported promptly through the goAML system. This includes cases involving unclear ownership structures, unexplained changes in beneficial ownership, or patterns of unusual structuring.
Targeted Financial Sanctions (TFS) Compliance
TCSPs must screen clients, UBOs, and related parties against sanctions lists, freeze assets where required, and maintain compliance with all relevant reporting obligations.
Record Keeping
Accurate records of due diligence activities, client documentation, transactions, and reports must be maintained in line with regulatory retention timelines.
Governance and Internal Controls
Firms must establish written AML policies and procedures, appoint a qualified AML Compliance Officer, and ensure that staff receive regular, role-appropriate training.
Key AML/CFT/CPF Challenges Facing TCSPs
TCSPs face a distinctive compliance challenge. Unlike banks and financial institutions, where risk is primarily transaction-based, the risk within TCSPs is structural. It arises from who sits behind a legal entity and how that entity is configured. This creates a specific set of challenges that standard compliance models may not adequately address.
- Identifying Ultimate Beneficial Ownership: Layered or multi-jurisdictional ownership structures can make it difficult to determine who truly owns or controls an entity, particularly where holding companies or intermediaries are involved.
- Managing Nominee Arrangements: Nominee directors and shareholders can mask the identity of the real controller, requiring deeper investigation and ongoing vigilance.
- Cross-Border Risk Exposure: International clients and structures increase exposure to high-risk jurisdictions, varying regulatory standards, and complex legal arrangements.
- Assessing the Purpose Behind Structures: Distinguishing between legitimate tax or estate planning structures and arrangements designed to obscure ownership requires expert judgment that goes beyond standard due diligence.
- Maintaining Dynamic Risk Assessments: Static compliance models quickly become outdated. Firms must align their assessments with the NRA, FIU insights, and updated circulars as they are issued.
- Sanctions and High-Risk Jurisdiction Screening: Effective and continuous screening against updated lists requires robust systems and well-trained staff.
- Balancing Speed and Compliance Depth: Clients often expect rapid incorporation turnaround, but regulatory obligations require thorough verification and documentation.
- Demonstrating Effective Controls: Supervisory authorities are increasingly focused on whether controls work in practice, not just whether they exist on paper.
The overarching challenge for TCSPs is maintaining visibility within complexity. The more sophisticated the structure, the more rigorous the compliance expectation.
AML/CFT/CPF Best Practices for TCSPs
The following practices represent a framework for effective, risk-based compliance within the TCSP sector, aligned with regulatory expectations and current supervisory guidance.
- Prioritise Beneficial Ownership Transparency
Accurately identify and verify UBOs across all layers of ownership. Where structures are complex or multi-jurisdictional, apply enhanced scrutiny and document the basis for all conclusions drawn.
- Build and Maintain Tailored Risk Assessments
Business Risk Assessments should reflect the firm’s actual service exposure, not generic risk categories. These should be periodically reviewed and updated to incorporate national risk intelligence and new regulatory guidance.
- Apply Enhanced Due Diligence Proportionately
EDD should be triggered by actual risk indicators, including complex structures, high-risk jurisdictions, nominee arrangements, and politically exposed persons, and should focus on understanding the legitimacy and purpose of the structure.
- Maintain Active Ongoing Monitoring
Client relationships should be monitored continuously, with particular attention to changes in ownership, unusual activity, and inconsistencies between declared purpose and observed behaviour.
- Implement Robust Sanctions Screening
Screening must cover customers, UBOs, beneficial controllers, and related parties. Systems should be updated in line with changes to sanctions lists, including UN designations and high-risk country updates.
- Embed Compliance into Service Delivery
AML/CFT controls should be integrated into onboarding workflows and ongoing service processes, not treated as a separate administrative layer. This supports consistency and accountability at every stage of the client relationship.
- Maintain Clear and Comprehensive Records
Document all due diligence measures, risk assessments, decisions, and reports. Records should be accurate, complete, and accessible for regulatory review at any time.
- Invest in Governance and Training
Appoint a qualified AML Compliance Officer with appropriate seniority and authority. Ensure that staff training is ongoing, relevant to their roles, and reflects current regulatory expectations.
- Keep the Compliance Framework Current
Policies and procedures must be regularly reviewed against changes in legislation, new guidance circulars, and evolving risk typologies. Compliance frameworks that are not kept current quickly become inadequate.
Closing Observations
AML compliance for TCSPs is not simply a matter of following a checklist. It is about maintaining real and sustained visibility over the legal entities a firm creates and administers, understanding who owns them, who controls them, and why they exist.
The UAE’s regulatory framework is designed with this in mind. It places a premium on transparency, risk intelligence, and the practical effectiveness of controls. For TCSPs, this means that compliance must be embedded in the way they work, not bolted onto the side of their operations.
As the regulatory environment continues to develop with new circulars, updated guidance, and revised risk classifications, TCSPs that invest in strong governance, informed risk assessments, and well-trained staff will be better positioned to meet supervisory expectations and contribute to the integrity of the UAE’s corporate and financial ecosystem.
