Horizon Scanning: Risk and regulation in the GCC
This report outlines 2026 financial crime and regulatory risks in the GCC, focusing on AI-enabled fraud, digital assets, cybercrime, beneficial ownership, supply chains, sanctions, and tougher AML/CFT oversight linked to upcoming FATF evaluations and recent legal reforms in the UAE, Bahrain and Saudi Arabia.
Please login or join for free to read more.
OVERVIEW
Introduction
Financial crime risk in the GCC is becoming more complex due to interactions between technology, regulation, and sophisticated criminal networks. Rapid digitalisation, cross-border flows, and market growth heighten exposure and compress response times. Regulators are increasing enforcement and aligning with FATF standards, raising expectations for governance, due diligence, and risk management.
Key financial crime and regulatory trends for the GCC in 2026
AI, digital assets, and automation are enabling scalable fraud and money laundering, requiring firms to adopt advanced monitoring tools combining AI and human oversight. Criminal networks are increasingly coordinated, while geopolitical tensions elevate sanctions and supply chain risks. Regulatory oversight is intensifying, with fines rising significantly (e.g. global fines reached $1.23 billion in H1 2025, up 417%).
Exploring the 2026 financial crime threat landscape
AI-driven fraud, including deepfakes and synthetic identities, is expected to increase, with nearly 90% of GCC firms using generative AI in 2025. Digital assets are expanding risk exposure, with crypto fraud rising 79% in the Middle East. Cybercrime is becoming industrialised, with global costs projected at $12.2 trillion annually by 2031. Businesses should strengthen due diligence, adopt advanced analytics, and integrate cyber and AML controls.
Beneficial ownership opacity remains a key risk despite reforms, requiring improved verification and monitoring. Supply chains face heightened scrutiny due to sanctions, human rights concerns, and complex global networks. Sanctions risks are increasing as firms engage in cross-border trade, requiring enhanced compliance with overlapping regimes and improved transparency in counterparties and transactions.
2026 Regulatory scanning
Regulation is becoming more fragmented and outcome-focused, with greater emphasis on effectiveness rather than formal compliance. GCC countries are strengthening cooperation, investing in AI-driven compliance tools, and preparing for FATF mutual evaluations. Businesses are expected to adopt real-time risk analytics, automated reporting, and risk-based governance aligned with international standards.
Regional regulatory trends and FATF evaluations
FATF evaluations in 2026 will focus on effectiveness of AML/CFT frameworks, increasing scrutiny on private sector implementation. Businesses may face more frequent regulatory engagement, evidence requests, and pressure to close compliance gaps quickly. Regional cooperation initiatives and MENAFATF leadership aim to enhance coordination, training, and alignment with global standards.
The United Arab Emirates
The UAE has intensified enforcement, issuing AED 370 million in fines in 2025. Federal Decree-Law No.10 of 2025 expands AML scope to include proliferation financing, increases penalties up to AED 100 million, and introduces liability for management. It also regulates virtual assets and strengthens beneficial ownership requirements. Firms must enhance governance, monitoring, and compliance controls to meet stricter expectations.
Bahrain
Bahrain has strengthened its AML framework ahead of evaluation through Decree-Law No.36 of 2025, introducing broader definitions of criminal proceeds, mandatory risk-based approaches, and stronger corporate accountability. Its 2025–2027 strategy emphasises beneficial ownership transparency, supervision of high-risk sectors, and international cooperation. Businesses should maintain updated risk assessments and governance frameworks.
Saudi Arabia
Saudi Arabia is enhancing AML/CFT oversight through new UBO rules requiring annual disclosure and confirmation. Regulatory reforms include risk-based supervision, updated anti-fraud requirements, and integration of cybercrime controls. Businesses must strengthen governance, fraud detection, and compliance systems while preparing for FATF evaluation scrutiny.
Conclusion
Financial crime regulation in the GCC is entering a more assertive phase, with stronger enforcement and higher expectations for effectiveness. Businesses should embed proactive risk management, strengthen due diligence, and integrate technology into compliance to manage emerging threats and maintain regulatory alignment.
