Financial crime risks continue to drive regulatory action across the UAE, with the Central Bank of the United Arab Emirates (CBUAE) making headlines by revoking the licence of Sundus Exchange and issuing a steep 10 million dirham financial penalty. This decisive move is not only a critical development for the local remittance sector but also a warning to all financial services providers operating in high-risk jurisdictions. The Sundus Exchange enforcement action signals an aggressive stance on anti-money laundering (AML) failures, reinforcing the importance of robust compliance programs and transparent financial operations across the region.

Sundus Exchange Licence Revoked for AML Compliance Failures

Sundus Exchange, formerly a licensed money services business in the UAE, has come under intense regulatory scrutiny as the CBUAE revoked its operating licence and erased the company from the official registry. This rare and high-profile enforcement follows the findings of a regulatory examination that exposed major deficiencies and breaches of the UAE’s strict anti-money laundering (AML) and counter-terrorist financing (CFT) regime.

At the heart of the case lies Federal Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations. This law is one of the cornerstones of the UAE’s modern financial crime framework, setting rigorous requirements for all entities operating in the sector. Sundus Exchange was found to have violated several core provisions of this legislation, including lapses in:

• Customer due diligence and verification procedures
• Ongoing transaction monitoring
• Suspicious activity reporting to authorities
• Implementation of internal policies and staff training
• Record-keeping obligations for traceable and auditable transactions

The magnitude of these violations suggests not only systemic weaknesses within the exchange but also a failure to adapt to an increasingly sophisticated regulatory landscape. Regulatory findings concluded that Sundus Exchange had not adequately implemented the risk-based approach required by both federal law and CBUAE guidance, resulting in significant exposure to illicit financial flows and associated reputational risks.

By revoking the licence and imposing a 10 million dirham penalty, the CBUAE is making it clear that zero tolerance applies to any business falling short of national and international AML/CFT standards.

CBUAE Enforcement and the Broader Context of AML Compliance in the UAE

The Central Bank of the UAE is responsible for the licensing, supervision, and enforcement of all entities conducting financial activities within the country. Its authority includes overseeing exchange houses, banks, and fintech providers, ensuring strict adherence to the country’s evolving AML/CFT requirements.

The Sundus Exchange action is notable in several respects:

• The penalty of 10 million dirhams is among the highest ever imposed by the CBUAE on a single exchange house, reflecting the seriousness of the infractions.
• The complete removal of the business from the licences register is a rare and severe sanction, used only when remediation is considered impossible or the risks are deemed unmanageable.
• The enforcement was conducted under Article (14) of Federal Decree Law No. (20) of 2018, which grants the CBUAE sweeping powers to take corrective action where AML/CFT controls are found wanting.

The timing of this enforcement is also significant, coming at a moment when the UAE is striving to demonstrate the effectiveness of its AML regime to both the Financial Action Task Force (FATF) and international partners. The country has faced intense scrutiny over the last few years, with FATF recommendations prompting widespread reforms in supervision, reporting, and risk management. Regulators have focused on exchange houses in particular, which are considered vulnerable points for money laundering, terrorist financing, and the movement of illicit capital.

This action also underscores the UAE’s intent to clamp down on unregulated remittance flows, informal value transfer systems, and businesses that lack the internal controls to identify and prevent financial crime. For compliance professionals, the Sundus Exchange case reinforces the expectation of continuous improvement and rigorous oversight.

The Regulatory Landscape: Laws and Standards Shaping AML in the UAE

The UAE’s fight against financial crime is anchored in a robust legal and regulatory infrastructure. The primary law governing AML/CFT is Federal Decree Law No. (20) of 2018, complemented by:

• Cabinet Decision No. (10) of 2019, which establishes the implementing regulations for AML/CFT controls
• Regular guidance circulars from the CBUAE providing updates, clarifications, and technical requirements
• Sector-specific rules for exchange houses, fintechs, and other non-bank financial institutions
• Requirements for suspicious transaction reporting (STR), customer due diligence (CDD), enhanced due diligence (EDD) for high-risk clients, and periodic internal reviews

These measures are reinforced by the CBUAE’s risk-based supervisory approach. Inspections and thematic reviews target high-risk businesses, seeking to uncover systemic weaknesses before they can be exploited by criminals or terrorists.

In the case of Sundus Exchange, the regulatory findings highlighted fundamental gaps in:

• Effective risk assessment and client categorization
• Proper identification and verification of customers, especially for higher-risk individuals and entities
• Ongoing monitoring of customer relationships and patterns of activity
• Timely reporting of suspicious activities to the Financial Intelligence Unit (FIU)
• Regular AML/CFT training for all levels of staff, from the board down to the front line

Where businesses fail to address such gaps despite repeated warnings or guidance, the CBUAE can escalate from fines and warnings to licence suspension or complete revocation, as seen here.

Consequences for the Remittance Sector and Wider Implications

The revocation of Sundus Exchange’s licence is not just a blow to one company; it reverberates across the UAE’s vast remittance and exchange market. The country hosts a large expatriate population, and exchange houses play a vital role in the economy, channeling billions of dirhams in remittances to destinations across Asia, Africa, and beyond. Regulatory action against a single exchange signals:

• Heightened scrutiny for all money service businesses (MSBs) and non-bank financial institutions (NBFIs)
• Stronger expectation of compliance, including immediate remediation where deficiencies are found
• Pressure on exchange houses to upgrade their AML/CFT frameworks, invest in new technology, and adopt a proactive risk culture
• Greater willingness from regulators to make examples of firms that do not keep pace with international standards

Customers and correspondent banks are also affected. The removal of Sundus Exchange from the market may reduce competition and choice, while also prompting counterparties to conduct more rigorous due diligence on their UAE partners. For other exchange houses, the message is clear: regulatory tolerance is limited, and a business-as-usual approach to AML/CFT is no longer viable.

Internationally, this enforcement serves as a showcase of the UAE’s commitment to implementing the FATF’s 40 Recommendations and addressing legacy weaknesses identified in previous mutual evaluations. The government’s willingness to revoke licences and impose multimillion-dirham penalties reinforces the perception of the UAE as a jurisdiction taking financial crime risks seriously.

Lessons for Compliance Professionals and Exchange Operators

For AML and compliance specialists working in the UAE or similar environments, the Sundus Exchange case provides several critical takeaways:

• Regulatory readiness is paramount: Inspections can be triggered at any time. Only a strong, risk-based compliance framework will satisfy examiners.
• Continuous improvement is non-negotiable: AML laws and typologies evolve rapidly. Businesses must adapt by regularly updating internal controls and training.
• Documentation and auditability are essential: Inadequate record-keeping is a common finding in enforcement actions. Every decision and transaction must be traceable.
• Senior management accountability: Board members and executives must demonstrate ownership of AML/CFT obligations, not just delegate compliance to lower levels.
• Technology and data analytics: Manual approaches are increasingly viewed as insufficient. Investment in transaction monitoring, screening, and automation is crucial for risk detection and timely reporting.

As regulators increase their sophistication, so too must compliance teams. The days of minimal compliance as a cost-saving measure are ending; reputational and financial risks are now existential.

Conclusion: The Future of AML Compliance After Sundus Exchange

The CBUAE’s decisive action against Sundus Exchange sets a powerful precedent for all financial service providers in the UAE. It underlines the growing costs of non-compliance, both in monetary and reputational terms, and makes clear that weak controls will not be tolerated—regardless of a business’s size or standing.

Looking ahead, the financial sector should expect even more rigorous enforcement, increased collaboration between local and international regulators, and a steady tightening of AML/CFT requirements. The landscape is shifting rapidly, and those who cannot keep pace face the very real prospect of losing their licence and their ability to operate.

For compliance professionals and business leaders alike, the Sundus Exchange case is a wake-up call to review, strengthen, and future-proof their AML programs. As the regulatory net tightens, there will be little room for error.

---

Related Links

• CBUAE Official AML/CFT Guidance
• Federal Decree Law No. (20) of 2018 (Official Text)
• FATF Mutual Evaluation Report: United Arab Emirates
• CBUAE Register of Licensed Exchange Houses
• Cabinet Decision No. (10) of 2019 Implementing Regulation

Other FinCrime Central Articles About CBUAE’s Crackdowns

• UAE AML Crackdown: More Fines Signal Aggressive Push to Secure Financial Sector
• UAE’s Landmark USD 54M AML Enforcement Delivers Unmistakable Regulatory Impact
• Al-Razouki Exchange Shut Down in Dubai for AML Failures

Source: CBUAE

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand with us or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.