What is the new CMA and what does it regulate?

Effective January 1, 2026, the Securities and Commodities Authority (SCA) was officially reconstituted as the Capital Market Authority (CMA) under Federal Decree-Law No. 32 of 2025. It regulates securities exchanges (DFM and ADX), investment funds, corporate governance, and market conduct across mainland UAE.

What is Federal Decree-Law No. 6 of 2025?

It is the consolidated legal framework governing the Central Bank of the UAE (CBUAE), banking, insurance, and fintech regulation. The 1-year transition period for firms to achieve full compliance expires on September 16, 2026.

Do I need a CISI qualification to work in UAE finance?

Yes, the CMA requires professionals performing key regulated functions—such as advising, dealing, or managing investments—to hold certified qualifications. The CISI UAE Financial Rules and Regulations exam is the industry standard certification.

What are the core AML requirements in the UAE?

Under Federal Law 20 of 2018 and CBUAE's April 2026 guidelines, requirements include Customer Due Diligence (CDD) with a 25% UBO threshold, Enhanced Due Diligence (EDD) for PEPs, filing Suspicious Transaction Reports (STRs) on the goAML portal, and keeping records for 5 years.

What is the difference between DFSA and ADGM regulation?

The DFSA (Dubai Financial Services Authority) regulates the DIFC free zone in Dubai, while the FSRA (Financial Services Regulatory Authority) regulates the ADGM free zone in Abu Dhabi. Both operate separate, English common law jurisdictions distinct from the mainland CMA.

Which principle requires a licensed firm to take all reasonable steps to obtain the most favorable terms for client trades?

Conflict of Interest Management

Which authority regulates the mainland securities exchanges (DFM and ADX)?

The Capital Market Authority (CMA), formerly known as the SCA.

Which authority regulates banking, insurance, and fintech in the UAE?

The Central Bank of the UAE (CBUAE), under Decree-Law No. 6 of 2025.

What is the regulatory authority for the DIFC free zone?

The Dubai Financial Services Authority (DFSA).

What is the regulatory authority for the ADGM free zone?

The Financial Services Regulatory Authority (FSRA).

CISI UAE Financial Rules and Regulations: Complete Study & Exam Guide

Table of Contents

• The Monumental 2026 Regulatory Shifts
• The Three-Pillar Regulatory Structure
• CMA: Mainland Securities & Market Conduct
- Licensing and Fit & Proper Status
- Corporate Governance
- Conduct of Business (COB) Standards
• Anti-Money Laundering (AML/CFT/CPF) Standards
• Market Conduct & Abuse Prevention
• Exam Preparation Strategy

CISI UAE Financial Rules and Regulations: Complete Study & Exam Guide

The United Arab Emirates has rapidly established itself as a global financial powerhouse, attracting financial institutions and investment professionals from across the globe. However, its regulatory landscape is uniquely dynamic and complex—featuring multiple jurisdictions, independent free zones, and frequent updates that reflect international standards.

Whether you are preparing for the CISI UAE Financial Rules and Regulations exam or executing compliance operations, this complete study guide provides a structured breakdown of the monumental 2026 regulatory framework.

[!IMPORTANT] Taking the UAE FRR exam? Don’t fail the mandatory regulatory test. Prepare with our UAE FRR 2026 Mock Exams & Study Guide featuring updated SCA/DFSA questions.

The Monumental 2026 Regulatory Shifts

Two major legislative decrees have completely transformed the financial regulatory environment in the UAE:

Reconstitution of SCA to the Capital Market Authority (CMA): Effective January 1, 2026, the Securities and Commodities Authority (SCA) was formally reconstituted as the Capital Market Authority (CMA) under Federal Decree-Law No. 32 of 2025. This establishes a modern, highly focused regulator for securities, derivatives, and corporate capital markets.
CBUAE Consolidation (Decree-Law No. 6 of 2025): This landmark law consolidated banking, insurance, and fintech regulation under the Central Bank of the UAE (CBUAE). The official one-year transition window for regulated firms to adapt and comply with these consolidated regulations expires on September 16, 2026.

The Three-Pillar Regulatory Structure

The UAE operates a multi-jurisdictional financial regulatory architecture:

The CMA (Capital Market Authority): Formerly the SCA, the CMA regulates the mainland securities exchanges—Dubai Financial Market (DFM) and Abu Dhabi Securities Exchange (ADX)—as well as mainland brokerage (including the minimum capital requirements for SCA/CMA licensing), fund promotions, and public joint stock companies.
The DFSA (Dubai Financial Services Authority): Independent regulator for the Dubai International Financial Centre (DIFC) free zone, operating on a common law framework.
The FSRA (Financial Services Regulatory Authority): Independent regulator for the Abu Dhabi Global Market (ADGM) free zone, operating on a common law framework.

Each authority has its own licensing requirements, rulebooks, and enforcement mechanisms. A firm operating in DIFC answers to the DFSA, not the CMA, even though both are physically located in Dubai.

Try Before You Buy

Experience our interactive learning tools — right here, right now

Sample Question 1 of 4

Under the new 2026 CMA rules (formerly SCA), what is the threshold above which a related-party transaction in a Public Joint Stock Company requires mandatory disclosure and corporate approval?

This is just a taste — the full course includes far more

CMA: Mainland Securities & Market Conduct

The CMA rules form the absolute core of the CISI UAE licensing exam. Key areas of study include:

Licensing and Fit & Proper Status

Under CMA rules, individuals performing “Controlled Functions” (such as Compliance Officers, MLROs, Advisors, and Brokers) must hold active licenses and meet ongoing “Fit and Proper” standards covering technical competence, honesty, and financial stability.

Corporate Governance

Public Joint Stock Companies (PJSCs) listed on the DFM or ADX must comply with the CMA’s Corporate Governance Code. This includes related-party transaction rules, where any transaction exceeding a 5% threshold requires board and shareholder approval, and companies must maintain strict “Insider Lists” with a 15-day blackout period before financial results.

Conduct of Business (COB) Standards

Licensed firms must adhere to strict business conduct rules:

Client Categorization: Distinguishing between Retail Clients and Professional Clients (who must meet a net worth threshold of AED 3.67 million / USD 1 million or be a regulated institution).
Suitability & Appropriateness: Ensuring financial recommendations align perfectly with a client’s objectives and risk appetite.
Best Execution: Taking all reasonable steps to obtain the best possible price and execution terms for client trades.

Anti-Money Laundering (AML/CFT/CPF) Standards

AML compliance is a matter of critical priority in the UAE, governed by Federal Decree-Law No. 20 of 2018 and augmented by CBUAE’s updated transaction monitoring rules in April 2026:

Customer Due Diligence (CDD): Mandatory at onboarding and periodically reviewed. Firms must identify the Ultimate Beneficial Owner (UBO) at a 25% ownership threshold or higher.
Enhanced Due Diligence (EDD): Required for Politically Exposed Persons (PEPs), high-risk jurisdictions, and complex or unusually large transactions.
goAML Reporting: Suspicious transactions must be immediately filed as Suspicious Transaction Reports (STRs) or Suspicious Activity Reports (SARs) via the Financial Intelligence Unit’s (FIU) goAML portal.
5-Year Record Keeping: All KYC, transaction, and compliance records must be preserved for a minimum of 5 years following the transaction date or termination of the business relationship.

Market Conduct & Abuse Prevention

CMA actively monitors and prosecutes market abuse:

Insider Trading: Trading on, or tipping others about, non-public material information is a criminal offense carrying hefty fines and imprisonment.
Market Manipulation: Practices like wash trading (creating artificial volume), spoofing (submitting orders with intent to cancel), and layering are strictly prohibited.
Disclosure Timelines: Material developments must be disclosed to the public and the exchange immediately, ensuring fair access to market-moving information.

Exam Preparation Strategy

Staying completely abreast of these regulatory shifts is essential for career advancement and operational compliance in the UAE. To ensure you are fully prepared for the CISI UAE FRR exam:

Master the Multi-Jurisdictional Model: Clearly distinguish between the regulatory scopes of the CMA (mainland), DFSA (DIFC), and FSRA (ADGM). Know which authority governs which zone.
Internalize AML/CFT Thresholds: Ensure you know the 25% UBO threshold, the 5-year record-keeping requirement, and the goAML reporting process.
Review Corporate Governance Rules: Focus on the 5% related-party transaction threshold and the 15-day insider trading blackout period for PJSCs.
Take Scenario-Based Mock Exams: Practice applying the Conduct of Business (COB) rules to realistic client scenarios to test your understanding of Suitability and Best Execution.