The Central Bank of the UAE’s Notice 3075, issued in May 2026, reinforces the importance of maintaining an effective, updated and risk-based sanctions compliance framework across Financial Institutions operating in the UAE.
The notice reminds Licensed Financial Institutions to review their sanctions risk appetite, update relevant policies and procedures, and ensure that sanctions screening systems remain aligned with current sanctions programme developments. It also draws attention to sanctions programmes with extra-territorial implications, highlighting the need for Financial Institutions to consider not only domestic regulatory expectations but also wider international sanctions exposure.
Why Notice 3075 Is Important
Sanctions risk continues to evolve rapidly due to the increasing use of complex structures and alternative payment channels. Front companies, layered ownership arrangements, maritime trade routes, digital assets, shadow banking networks and cross-border intermediaries are often used to disguise the involvement of sanctioned parties or restricted jurisdictions. In this environment, basic name screening alone may not be sufficient. Financial Institutions are expected to understand the sanctions risks arising from their customers, counterparties, products, services, delivery channels, geographies and transaction patterns.
Notice 3075 therefore serves as an important reminder that sanctions compliance should be dynamic, evidence-based and supported by strong governance.
Key Areas Requiring Attention
1. Sanctions Risk Appetite
A sanctions risk appetite statement defines the level and type of sanctions risk that a Financial Institution is willing to accept. It should clearly identify activities, relationships and transactions that are prohibited, restricted or subject to enhanced review.
Financial Institutions should reassess their exposure to high-risk sanctions themes, including:
- Iran-related activity;
- IRGC-linked exposure;
- Oil, petrochemical and maritime trade;
- Vessel-related payments and shipping activity;
- General trading companies and front-company structures;
- Exchange-house layering and informal value transfer channels;
- Digital asset and stablecoin-related exposure;
- High-risk countries, corridors and counterparties.
A well-defined sanctions risk appetite should be approved by senior management or the Board, communicated to relevant business units and reflected in policies, procedures, onboarding controls, transaction monitoring rules and escalation workflows.
2. Policies and Procedures
Sanctions policies and procedures should be reviewed to ensure they reflect current regulatory expectations and sanctions programme developments. The documentation should clearly explain how the institution identifies, assesses, monitors and escalates sanctions-related risks.
Important areas to update include:
- Sanctions governance and responsibilities;
- Applicable sanctions lists and regimes;
- Customer and counterparty screening requirements;
- Beneficial ownership and control assessment;
- Treatment of potential and confirmed matches;
- Escalation and approval requirements;
- Record-keeping and audit trail expectations;
- Handling of rejected, frozen or blocked transactions;
- Ongoing monitoring and periodic review requirements.
Procedures should also include practical guidance for frontline staff, compliance teams, operations teams and investigators so that sanctions risks are identified and escalated consistently.
3. Screening Systems and List Management
Financial Institutions should ensure that their screening systems are updated, properly configured and capable of identifying relevant sanctions risks. This includes review of list coverage, fuzzy matching thresholds, alias handling, country filters, vessel-related screening and ownership/control indicators.
Effective screening controls should include:
- Timely update of sanctions lists;
- Screening of customers, beneficial owners, authorised signatories and related parties;
- Screening of counterparties, beneficiaries and remitters;
- Screening of vessels, ports, shipping companies and trade-related parties where applicable;
- Maker-checker review of true or potential matches;
- Clear false-positive closure rationale;
- Periodic quality assurance of alert decisions;
- Audit trail for list updates, overrides and approvals.
Screening effectiveness should be tested periodically to confirm that the system is operating as intended and that relevant matches are not being missed.
4. Transaction Monitoring and Red Flag Indicators
Sanctions risk may not always be identified through list screening. Many sanctions evasion methods involve indirect routing, false documentation, front companies, third-party payments or unusual transaction behaviour.
- Financial Institutions should update transaction monitoring scenarios and investigation procedures to include relevant sanctions typologies. These may include:
- Payments involving high-risk jurisdictions without clear economic rationale;
- Use of recently incorporated companies with limited business history;
- Large round-value payments inconsistent with the customer profile;
- Trade payments involving unclear goods description or incomplete documentation;
- Payments routed through multiple intermediaries without business justification;
- Transactions involving general trading companies with opaque ownership;
- Use of exchange houses or informal channels to obscure fund flows;
- Unusual references to shipping, vessel, oil, petrochemical or maritime activity;
- Digital asset-related payments inconsistent with the customer’s business profile.
Monitoring rules should be supported by clear investigation standards, escalation triggers and documentation requirements.
5. Maritime, Trade and Vessel-Related Risks
Recent sanctions alerts have highlighted the use of maritime trade, vessel activity and shipping networks for sanctions evasion. Financial Institutions involved in trade finance, marine insurance, correspondent banking or commercial remittances should pay particular attention to vessel-related red flags.
Relevant risk indicators may include:
- Vessels with frequent name, flag or ownership changes;
- Missing, altered or inconsistent shipping documents;
- Unusual ship-to-ship transfers;
- Transactions involving ports or routes associated with sanctions evasion;
- Involvement of shipping companies, brokers or intermediaries with limited transparency;
- Trade documents that do not match the customer’s normal business activity;
- Oil or petrochemical transactions with unclear origin or destination.
Where relevant, customer due diligence and enhanced due diligence processes should include review of trade documents, vessel details, ownership information, source of funds, counterparties and adverse media.
6. Digital Asset and Alternative Payment Risks
Digital assets and stablecoins can be used to move value outside traditional banking channels. Even where a Financial Institution does not directly provide virtual asset services, exposure may arise through customers, counterparties or transaction references.
Financial Institutions should consider whether their sanctions risk assessment and customer due diligence processes capture digital asset exposure. This may include identifying customers involved in virtual asset activities, payments linked to digital asset service providers, transactions involving high-risk jurisdictions, or unexplained stablecoin-related activity.
Where digital asset exposure is identified, institutions should apply enhanced review based on the nature of the customer, transaction purpose, source of funds, jurisdictional exposure and counterparty risk.
Sector-Specific Implications
Banks
Banks should review sanctions exposure across correspondent banking, trade finance, corporate banking, maritime payments, non-resident accounts and high-risk jurisdictions. Trade finance controls should consider vessel screening, port information, shipping documents, beneficial ownership, source of funds and the legitimacy of commercial activity.
Exchange Houses
Exchange houses should review remittance and foreign exchange monitoring rules to identify unusual commercial remittance patterns, high-risk corridors, third-party payments, front-company activity and transactions involving opaque sources of funds. Branch staff and compliance teams should be trained to identify sanctions-related red flags during customer interaction and transaction review.
Insurance Companies
Insurance companies should assess sanctions risks across policyholders, beneficiaries, premium payments, refunds, claims, marine insurance, cargo insurance and travel-related products. Particular attention should be given to claims, refunds or policy relationships involving high-risk jurisdictions, vessels, shipping activity or complex ownership structures.
Practical Steps for Financial Institutions
Financial Institutions should consider the following actions in response to Notice 3075:
- Review the sanctions risk appetite statement and update it where necessary;
- Assess exposure to high-risk sanctions themes, jurisdictions and customer segments;
- Update sanctions policies, procedures and escalation standards;
- Review screening system configuration, list coverage and matching logic;
- Test screening thresholds and alert closure quality;
- Update transaction monitoring rules to include current sanctions typologies;
- Strengthen enhanced due diligence checklists for high-risk customers and counterparties;
- Train relevant staff on sanctions red flags and escalation requirements;
- Maintain evidence of review, approval, implementation and ongoing monitoring;
- Perform independent validation of design and operating effectiveness.
CBUAE Notice 3075 highlights the need for Financial Institutions to maintain a current, risk-based and well-documented sanctions compliance framework. In the current environment, sanctions risk is no longer limited to direct name matches against sanctions lists. It may arise through complex ownership structures, maritime trade, front companies, high-risk jurisdictions, alternative payment methods and unusual transaction behaviour.
Financial Institutions should therefore ensure that sanctions risk appetite, policies, screening systems, transaction monitoring rules and staff awareness are regularly updated and supported by strong governance. A proactive and well-evidenced response will help institutions strengthen regulatory readiness, reduce exposure to sanctions breaches and enhance the overall effectiveness of their financial crime compliance framework.
