UAE gaming operators, as DNFBPs, are required under Article 19(b) of Federal Decree-Law No. (10) of 2025 to retain all AML-related records for a minimum of five (5) years from the date of the last transaction or the end of the business relationship, whichever is later.
Records that must be retained include:
- Customer identification documents — copies of passports, Emirates IDs, or equivalent documents collected during CDD
- Beneficial ownership records — documentation of UBO identification for corporate customers
- Transaction records — details of all transactions above CDD thresholds, including date, amount, payment method, and player identity
- CDD and EDD files — all due diligence records, risk assessments, and supporting documentation for each customer
- STR documentation — records of all STRs filed, including the analysis that led to the filing (noting that STR contents are confidential)
- Training records — logs of AML training delivered to staff
Records must be stored securely with controlled access and be retrievable promptly upon request by the GCGRA or other competent authorities. Electronic storage is acceptable provided records are protected against alteration and backed up.
Legal Reference (UAE):
- Federal Decree-Law No. (10) of 2025, Article 19(b) — five-year record retention for DNFBPs
- Cabinet Resolution No. (134) of 2025 — detailed record-keeping obligations
- Commercial Gaming Policy Paper (NAMLCFTPC, 2025) — gaming sector record-keeping guidance
Records should be organised and indexed to allow rapid retrieval during regulatory inspections or law enforcement requests.
Further reading: Commercial Games in AML — AML UAE