UAE’s Gaming Industry Just Became a DNFBP: Here Is Everything Operators Must Know
The UAE gaming industry is no longer an unregulated territory. With the General Commercial Gaming Regulatory Authority (GCGRA) now operational and Cabinet Resolution No. 134 of 2025 explicitly bringing commercial gaming operators into the Designated Non-Financial Business and Profession (DNFBP) perimeter, every casino, online gaming platform, sports betting operator, and lottery operator in the UAE now carries the same AML/CFT obligations as a real estate agency or a gold trader.
This guide explains the complete AML regulations for commercial gaming operators in UAE covering GCGRA requirements, the AED 11,000 threshold, and how to build a compliant program. With Morgan Stanley estimating the UAE gaming market could generate between $3 billion and $5 billion in annual gross gaming revenue, and the Wynn Al Marjan Island casino targeting a 2027 opening, AML compliance gaming operators UAE has become one of the most urgent and least understood compliance challenges in the country.
This guide explains exactly what AML regulations for commercial gaming operators in UAE require, who the GCGRA is, what the AED 11,000 threshold means in practice, and exactly how to build a compliant AML programme from the ground up whether you are applying for a GCGRA licence or already operating.
What Are the AML Requirements for Gaming Operators in the UAE?
AML requirements for gaming operators in UAE are governed by Federal Decree-Law No. 10 of 2025 and its implementing regulations as set out in Cabinet Resolution No. 134 of 2025. Article 3, Item 1 of the Executive Regulations explicitly lists commercial gaming operators, including gaming conducted on vessels or marine craft, as a DNFBP category once a single transaction, or linked transactions, equal or exceed AED 11,000.
The core requirements every GCGRA-licensed gaming operator must implement include:
- DNFBP registration and goAML portal enrolment through the Financial Intelligence Unit UAE
- Customer due diligence (CDD) is triggered at the AED 11,000 threshold, with enhanced due diligence (EDD) for high-risk players and politically exposed persons (PEPs)
- A documented AML/CFT risk assessment covering the nine sector risks identified in the 2025 Commercial Gaming Policy Paper
- MLRO appointment under Article 22 of Cabinet Resolution 134 of 2025
- Real-time sanctions and PEP screening integrated into player onboarding and transaction processing.
- Suspicious Transaction Report (STR) filing through the goAML portal whenever suspicious activity is identified.
- Record retention for a minimum of five years under Article 25 of Cabinet Resolution 134 of 2025
- AML training for all frontline gaming staff and compliance personnel
Unlike most other DNFBP categories that have years of operational history in the UAE, commercial gaming is an entirely new regulated sector. The UAE’s ML/TF National Risk Assessment 2024 explicitly notes that the sector was not separately evaluated because no entities were licensed at the time of assessment, meaning GCGRA licensees are building compliance programmes without the benefit of prior enforcement precedent or established industry norms.
Who Counts as a Commercial Gaming Operator Under UAE AML Law?
AML compliance gaming operators UAE applies to any operator of commercial games whose activity exceeds the AED 11,000 threshold set out in Cabinet Resolution No. 134 of 2025. This includes four distinct categories, each with slightly different practical compliance considerations.
Land-Based Casinos
Physical casino operators, including the Wynn Al Marjan Island property targeting a 2027 opening, face the most comprehensive AML obligations given the cash-intensive nature of casino floor operations. CDD must be applied when a player’s transactions reach AED 11,000, whether through a single transaction or linked transactions across a gaming session.
Online Gaming and iGaming Platforms
Digital gaming platforms licensed under the GCGRA framework, sometimes referred to as the working brand Play971, face the same AML obligations as land-based casinos but must implement digital-specific controls: automated KYC at registration, real-time transaction monitoring across digital wallets, and device- and IP-based risk indicators, in addition to standard CDD.
Sports Betting Operators
Sports betting operators must apply CDD and transaction monitoring across betting accounts, with particular attention to rapid deposit-withdrawal patterns that can indicate layering, a common money laundering typology in betting platforms globally.
Lottery Operators
Lottery operators face AML obligations primarily around large prize payouts and any structuring of ticket purchases designed to avoid the AED 11,000 threshold.
The AED 11,000 Threshold Explained: What Actually Triggers AML Obligations
This is the single most misunderstood element of AML compliance gaming operators UAE and getting it wrong is the fastest way to a GCGRA compliance failure.
Under Article 3, Item 1 of Cabinet Resolution 134 of 2025, the obligation is activity-based, not licence-based. A gaming operator’s AML/CFT obligations are triggered specifically when:
- A single financial transaction equals or exceeds AED 11,000, or
- Several transactions that appear to be linked together total AED 11,000 or more
Critically, a financial transaction does not include a transaction that solely involves gaming chips or gaming instruments. This is the nuance that catches most new operators off guard. A player can exchange cash for chips, play extensively, and accumulate chip winnings; none of these alone triggers the AML obligation. The trigger point is when chips are converted back to cash, or when any cash-based transaction exceeds AED 11,000.
This creates a practical compliance challenge: gaming operators must build transaction-monitoring systems capable of tracking the full cash-to-chip-to-cash lifecycle of a player’s activity, not just isolated cash transactions, to identify when linked transactions cross the threshold correctly.
What Is the GCGRA’s Role as AML/CFT Supervisor?
The General Commercial Gaming Regulatory Authority (GCGRA) is the sole AML/CFT supervisory authority for the commercial gaming sector in the UAE. Unlike DNFBP categories supervised by the Ministry of Economy, gaming operators report exclusively to the GCGRA for both their gaming licence and their AML/CFT compliance obligations.
This dual role means the GCGRA evaluates AML compliance as a gating requirement at the licensing stage, rather than just an ongoing supervisory matter after a licence is granted. Applications lacking credible AML documentation are unlikely to advance through the licensing process.
The GCGRA licensing requirements for AML compliance include submission of:
- A complete AML/KYC policy manual
- The identity and credentials of the nominated MLRO
- Documented transaction-monitoring procedures
- Sample CDD and EDD workflows demonstrating operational readiness
This makes AML compliance gaming operators UAE fundamentally different from most other DNFBP sectors where businesses can often obtain their trade licence first and build AML compliance afterwards. Gaming operators must demonstrate AML readiness as part of their licence application.
The Nine Sector Risks Identified in the 2025 Commercial Gaming Policy Paper
The General Secretariat of the National AML/CFT Policies Committee issued the Policy Paper on Commercial Gaming in 2025, identifying nine specific sector risks that every gaming operator’s risk assessment must address. While the precise categorisation varies by operator type, the core risk areas span:
- Customer risk: anonymous or high-frequency players, particularly those exhibiting structuring behaviour around the AED 11,000 threshold
- Product risk: differing risk profiles across casino games, sports betting, online platforms, and lottery products
- Channel risk: in-person versus digital onboarding and transaction channels
- Geographic risk: cross-border players and international payment sources
- Cash intensity risk: particularly relevant for land-based casino operations
- Third-party risk: agents, junket operators, and payment intermediaries
- Technology risk: digital platform vulnerabilities and account takeover fraud
- Proliferation financing risk: required under Federal Decree-Law No. 10 of 2025 across all DNFBP sectors
- Reputational and regulatory risk: given the sector’s status as an emerging, closely watched regulatory category
How Do I Conduct an AML Risk Assessment for a Gaming Business in the UAE?
To conduct an AML risk assessment for a gaming business in UAE, operators must assess the nine sector risks identified in the 2025 Commercial Gaming Policy Paper covering customer, product, channel, and geographic risks specific to gaming operations. The risk assessment must be formally documented, reviewed regularly as the business evolves, and reported to senior management for accountability.
A GCGRA-compliant risk assessment should follow this structure:
- Identify: map every product line, customer channel, and transaction type your gaming operation offers.
- Assess the money laundering, terrorist financing, and proliferation financing risks for each, referencing the nine sector risks.
- Document: produce a formal written risk assessment report with clear methodology and ratings.
- Mitigate: design controls proportionate to each identified risk level.
- Review: reassess at defined intervals and whenever new products, channels, or markets are introduced.
Customer Due Diligence for Gaming Operators: Best Practices
What Are Best Practices for Customer Due Diligence in UAE Gaming Operations?
Best practices for customer due diligence in UAE gaming operations include verifying player identity before any transaction exceeds AED 11,000, applying enhanced due diligence for politically exposed persons and high-risk players, screening all players against sanctions and watchlists in real time, and documenting the source of funds for high-value transactions.
In practice, this means gaming operators should:
Verify identity at the right trigger point: CDD must be completed before a transaction crosses AED 11,000, not retroactively after the fact. Operators who wait until after a large payout to conduct identity verification are already in breach.
Apply enhanced due diligence systematically: players identified as PEPs, high-net-worth individuals making unusually large or frequent transactions, or players from higher-risk jurisdictions require deeper verification, including source-of-funds documentation.
Screen continuously, not just at onboarding: sanctions lists and PEP databases change regularly. A player who passed screening at account opening may later appear on a sanctions list; ongoing screening catches this.
Track linked transactions across sessions: given the activity-based AML trigger discussed earlier, CDD systems must aggregate a player’s activity across a gaming session, or across multiple sessions where transactions appear connected, rather than evaluating each transaction in isolation.
Document everything: under Article 25 of Cabinet Resolution 134 of 2025, all CDD documentation must be retained for a minimum of five years.
Applying for a GCGRA licence and need AML documentation that meets the gating requirement?
AMLUAE drafts fully customised AML/CFT policy and procedures documentation specifically built for commercial gaming operators.
How Can Gaming Operators in UAE Ensure AML Compliance Effectively?
Gaming operators in UAE can ensure AML compliance effectively by building a DNFBP-grade compliance programme from the licence application stage onward, rather than after receiving a GCGRA licence. This means appointing a qualified MLRO under Article 22 of Cabinet Resolution 134 of 2025, implementing CDD procedures keyed to the AED 11,000 threshold, integrating real-time sanctions screening, and maintaining records for a minimum of five years under Article 25.
Here is a practical step-by-step approach:
Step 1: Conduct your enterprise risk assessment
Map your operation against the nine sector risks in the 2025 Commercial Gaming Policy Paper before building any other compliance infrastructure.
Step 2: Appoint a qualified MLRO
Under Article 22 of Cabinet Resolution 134 of 2025, your Money Laundering Reporting Officer must have the authority, independence, and competence to oversee your AML/CFT programme. Outsourced MLRO arrangements are permitted for operators without in-house compliance expertise.
Step 3: Draft your AML/CFT policy manual
Your policy must specifically address the AED 11,000 threshold, the gaming-chip exemption, CDD and EDD procedures for players, and STR filing protocols, not a generic DNFBP template.
Step 4: Build CDD workflows calibrated to gaming activity
Standard onboarding CDD is insufficient. Your system must track linked transactions across a player’s full session activity to correctly identify when the AED 11,000 threshold is crossed.
Step 5: Integrate real-time sanctions and PEP screening
Screening must operate continuously across player onboarding and ongoing activity, not as a one-time check.
Step 6: Register on the goAML portal
Mandatory for filing STRs and SARs through the Financial Intelligence Unit UAE.
Step 7: Deliver AML training to frontline gaming staff
Dealers, cashiers, customer support teams, and compliance staff each require role-appropriate training on gaming-specific red flags.
Step 8: Establish your record-keeping system
Transaction records, identification documents, correspondence, and analyses must be retained for a minimum of five years under Article 25.
Step 9: Build inspection readiness
Organise all documentation so it is immediately producible during a GCGRA compliance review.
Step 10: Review and reassess regularly
As your gaming operation grows or introduces new products, your risk assessment and controls must evolve accordingly.
Where Can I Find a Consultant Specializing in UAE Gaming AML?
AMLUAE is a specialist AML compliance consultancy serving UAE gaming operators, including GCGRA licence applicants, casinos, online gaming platforms, sports betting operators, and lottery operators. AMLUAE provides AML policy documentation, risk assessments, support for MLRO appointments, AML training, and regulatory reporting, specifically configured for the commercial gaming sector’s DNFBP obligations under Federal Decree Law No. 10 of 2025.
As one of the few AML consultancies actively building compliance frameworks for this emerging sector, AMLUAE understands both the federal AML framework and the gaming-specific nuances, including the AED 11,000 threshold, the gaming-chip exemption, and the nine sector risks identified in the 2025 Commercial Gaming Policy Paper
What Are the Best AML Compliance Tools for Gaming Operators in UAE?
The best AML compliance tools for gaming operators in UAE include transaction monitoring software calibrated to the AED 11,000 threshold, automated KYC and player verification platforms, real-time sanctions and PEP screening tools, and goAML-integrated reporting software.
Given the activity-based nature of the AML trigger discussed earlier, generic transaction-monitoring tools designed for banks or DNFBPs are often poorly suited to gaming operations. Effective gaming AML software must specifically track:
- Linked transaction aggregation connecting a player’s chip purchases, gameplay, and cash-outs into a single trackable activity chain.
- Real-time threshold alerts flagging when cumulative linked transactions approach or cross AED 11,000
- Player risk scoring incorporating gaming-specific behavioural indicators alongside standard KYC data
- Automated sanctions and PEP screening integrated directly into player onboarding workflows.
AMLUAE provides AML software solutions specifically configured for GCGRA-licensed gaming operators, covering transaction monitoring, name screening, and regulatory reporting in one integrated system.
Penalties for AML Non-Compliance: What Gaming Operators Risk
Administrative penalties for AML non-compliance under Federal Decree-Law No. 10 of 2025, Article 17, range from AED 10,000 to AED 5,000,000 per violation in addition to non-monetary enforcement tools available to the GCGRA, including formal warnings, licence suspension, prohibition from specific activities, and full licence revocation.
Given that the GCGRA evaluates AML compliance at the licensing stage, the consequences of non-compliance extend beyond financial penalties; they directly threaten an operator’s ability to obtain or retain their gaming licence. In a market where Morgan Stanley estimates gross gaming revenue potential of $3 to $5 billion annually, the commercial stakes of losing a GCGRA licence over AML failures are substantial.
Why AMLUAE for Gaming Operator AML Compliance UAE
AMLUAE is one of the few specialist AML consultancies actively building compliance frameworks for the UAE’s emerging commercial gaming sector. We understand both the federal AML/CFT framework under Federal Decree-Law No. 10 of 2025 and the gaming-specific nuances under Cabinet Resolution 134 of 2025, including the AED 11,000 activity trigger, the gaming-chip exemption, and the nine sector risks identified in the 2025 Commercial Gaming Policy Paper.
Our services for gaming operators include:
- AML/CFT Health Check: assess your current AML readiness against GCGRA requirements
- AML/CFT Policy & Documentation: built specifically for commercial gaming DNFBP obligations
- AML/CFT Risk Assessment Report: covering all nine sector risks for gaming
- In-House AML Compliance Setup: full framework build for GCGRA licence applicants
- Regulatory Reporting Services: goAML registration and STR filing
- AML Training Program: role-based training for gaming and compliance staff
- AML Software: transaction monitoring calibrated to the AED 11,000 threshold
Whether you are applying for your first GCGRA licence or already operating a casino, online gaming platform, sports betting service, or lottery in the UAE.
AMLUAE builds the compliance infrastructure your business needs to meet GCGRA’s AML gating requirements and operate with confidence.
