Table of Contents
- • The Monumental 2026 Regulatory Shifts
- • The Three-Pillar Regulatory Structure
- • CMA: Mainland Securities & Market Conduct
- - Licensing and Fit & Proper Status
- - Corporate Governance
- - Conduct of Business (COB) Standards
- • Anti-Money Laundering (AML/CFT/CPF) Standards
- • Market Conduct & Abuse Prevention
- • Summary of Mainland Exchanges: DFM & ADX
The United Arab Emirates has rapidly established itself as a global financial powerhouse, attracting financial institutions and investment professionals from across the globe. However, its regulatory landscape is uniquely dynamic and complex—featuring multiple jurisdictions, independent free zones, and frequent updates that reflect international standards.
Whether you are preparing for the CISI UAE Financial Rules and Regulations licensing exam or executing compliance operations, this guide provides a structured breakdown of the monumental 2026 regulatory framework.
The Monumental 2026 Regulatory Shifts
Two major legislative decrees have completely transformed the financial regulatory environment in the UAE:
- Reconstitution of SCA to the Capital Market Authority (CMA): Effective January 1, 2026, the Securities and Commodities Authority (SCA) was formally reconstituted as the Capital Market Authority (CMA) under Federal Decree-Law No. 32 of 2025. This establishes a modern, highly focused regulator for securities, derivatives, and corporate capital markets.
- CBUAE Consolidation (Decree-Law No. 6 of 2025): This landmark law consolidated banking, insurance, and fintech regulation under the Central Bank of the UAE (CBUAE). The official one-year transition window for regulated firms to adapt and comply with these consolidated regulations expires on September 16, 2026.
The Three-Pillar Regulatory Structure
The UAE operates a multi-jurisdictional financial regulatory architecture:
- The CMA (Capital Market Authority): Formerly the SCA, the CMA regulates the mainland securities exchanges—Dubai Financial Market (DFM) and Abu Dhabi Securities Exchange (ADX)—as well as mainland brokerage, fund promotions, and public joint stock companies.
- The DFSA (Dubai Financial Services Authority): Independent regulator for the Dubai International Financial Centre (DIFC) free zone, operating on a common law framework.
- The FSRA (Financial Services Regulatory Authority): Independent regulator for the Abu Dhabi Global Market (ADGM) free zone, operating on a common law framework.
Each authority has its own licensing requirements, rulebooks, and enforcement mechanisms. A firm operating in DIFC answers to the DFSA, not the CMA, even though both are physically located in Dubai.
CMA: Mainland Securities & Market Conduct
The CMA rules form the absolute core of the CISI UAE licensing exam. Key areas of study include:
Licensing and Fit & Proper Status
Under CMA rules, individuals performing “Controlled Functions” (such as Compliance Officers, MLROs, Advisors, and Brokers) must hold active licenses and meet ongoing “Fit and Proper” standards covering technical competence, honesty, and financial stability.
Corporate Governance
Public Joint Stock Companies (PJSCs) listed on the DFM or ADX must comply with the CMA’s Corporate Governance Code. This includes related-party transaction rules, where any transaction exceeding a 5% threshold requires board and shareholder approval, and companies must maintain strict “Insider Lists” with a 15-day blackout period before financial results.
Conduct of Business (COB) Standards
Licensed firms must adhere to strict business conduct rules:
- Client Categorization: Distinguishing between Retail Clients and Professional Clients (who must meet a net worth threshold of AED 3.67 million / USD 1 million or be a regulated institution).
- Suitability & Appropriateness: Ensuring financial recommendations align perfectly with a client’s objectives and risk appetite.
- Best Execution: Taking all reasonable steps to obtain the best possible price and execution terms for client trades.
Interactive Knowledge Check
CMA Mainland Regulations Check
Score
0 / 1
Question 1 of 1
Prompt
Anti-Money Laundering (AML/CFT/CPF) Standards
AML compliance is a matter of critical priority in the UAE, governed by Federal Decree-Law No. 20 of 2018 and augmented by CBUAE’s updated transaction monitoring rules in April 2026:
- Customer Due Diligence (CDD): Mandatory at onboarding and periodically reviewed. Firms must identify the Ultimate Beneficial Owner (UBO) at a 25% ownership threshold or higher.
- Enhanced Due Diligence (EDD): Required for Politically Exposed Persons (PEPs), high-risk jurisdictions, and complex or unusually large transactions.
- goAML Reporting: Suspicious transactions must be immediately filed as Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs) via the Financial Intelligence Unit’s (FIU) goAML portal.
- 5-Year Record Keeping: All KYC, transaction, and compliance records must be preserved for a minimum of 5 years following the transaction date or termination of the business relationship.
Market Conduct & Abuse Prevention
CMA actively monitors and prosecutes market abuse:
- Insider Trading: Trading on, or tipping others about, non-public material information is a criminal offense carrying hefty fines and imprisonment.
- Market Manipulation: Practices like wash trading (creating artificial volume), spoofing (submitting orders with intent to cancel), and layering are strictly prohibited.
- Disclosure Timelines: Material developments must be disclosed to the public and the exchange immediately, ensuring fair access to market-moving information.
Summary of Mainland Exchanges: DFM & ADX
Mainland exchanges operate under standard market microstructures:
- Trading Priority: Matching is strictly executed on a Price/Time (PT) priority basis.
- Settlement Cycle: Standard settlement is executed on a T+2 Delivery versus Payment (DVP) cycle.
- Shariah Governance: The DFM in particular integrates Shariah-compliant financial instruments, governed by the exchange’s dedicated Shariah Board.
Staying completely abreast of these regulatory shifts is essential for career advancement and operational compliance in the UAE. As the 2026 transitions consolidate, certified professionals will remain in extremely high demand.
Frequently Asked Questions
1 What is the new CMA and what does it regulate?
Effective January 1, 2026, the Securities and Commodities Authority (SCA) was officially reconstituted as the Capital Market Authority (CMA) under Federal Decree-Law No. 32 of 2025. It regulates securities exchanges (DFM and ADX), investment funds, corporate governance, and market conduct across mainland UAE.
2 What is Federal Decree-Law No. 6 of 2025?
It is the consolidated legal framework governing the Central Bank of the UAE (CBUAE), banking, insurance, and fintech regulation. The 1-year transition period for firms to achieve full compliance expires on September 16, 2026.
3 Do I need a CISI qualification to work in UAE finance?
Yes, the CMA requires professionals performing key regulated functions—such as advising, dealing, or managing investments—to hold certified qualifications. The CISI UAE Financial Rules and Regulations exam is the industry standard certification.
4 What are the core AML requirements in the UAE?
Under Federal Law 20 of 2018 and CBUAE's April 2026 guidelines, requirements include Customer Due Diligence (CDD) with a 25% UBO threshold, Enhanced Due Diligence (EDD) for PEPs, filing Suspicious Transaction Reports (STRs) on the goAML portal, and keeping records for 5 years.
5 What is the difference between DFSA and ADGM regulation?
The DFSA (Dubai Financial Services Authority) regulates the DIFC free zone in Dubai, while the FSRA (Financial Services Regulatory Authority) regulates the ADGM free zone in Abu Dhabi. Both operate separate, English common law jurisdictions distinct from the mainland CMA.
Ready to Ace Your CISI Exam?
Join thousands of finance professionals who passed their exams on the first attempt with our AI-powered study platform.
Explore Our CISI Trainers