Who is responsible for FATCA and CRS in the UAE?

At federal level, the UAE Ministry of Finance (MoF) is the competent authority for FATCA and CRS: it issues guidance, operates registration and reporting channels for reporting financial institutions and exchanges information with the IRS and partner jurisdictions. The Federal Tax Authority (FTA) supports tax administration and enforcement. The Central Bank of the UAE, the Securities and Commodities Authority (SCA), and the regulators in the financial free zones (DFSA in DIFC and FSRA in ADGM) supervise prudential and AML/CFT aspects that underpin FATCA/CRS compliance.

How is FATCA implemented in the UAE?

The UAE implements FATCA through a non-reciprocal Model 1B intergovernmental agreement with the United States, signed on 17 June 2015 and ratified by Federal Law No. 9 of 2016. UAE reporting financial institutions identify U.S. reportable accounts under the IGA and local regulations, then report the required information to the UAE Ministry of Finance in prescribed XML format. The MoF subsequently transmits the data to the IRS under the IGA framework.

How do FATCA, CRS and the QI regime interact for UAE institutions?

For UAE financial institutions, FATCA and CRS drive due diligence and reporting to the UAE Ministry of Finance under the FATCA IGA, the Multilateral Competent Authority Agreement and the UAE CRS Regulations, while the QI regime governs U.S. withholding tax documentation and liability under an agreement with the IRS. Core data points such as tax residency, U.S. indicia, U.S. TINs, GIINs and beneficial-owner information should be consistent across all three regimes. UAE AML/CFT rules, which are recognised as approved KYC in the UAE and DIFC QI attachments, provide a common foundation that institutions can leverage for FATCA/CRS and QI compliance.

United Arab Emirates — Regulatory framework (FATCA, CRS & QI)

Last updated: 24 Nov 2025

United Arab Emirates — Regulatory framework

Overview of the key legal sources, competent authorities and technical standards in the United Arab Emirates (UAE) for FATCA (Model 1B IGA), the Common Reporting Standard (CRS) and the U.S. Qualified Intermediary (QI) regime – including practical interfaces for banks and other financial institutions operating onshore and in financial free zones.

Key takeaways

FATCA is implemented via a Model 1B IGA: UAE Reporting Financial Institutions (RFIs) report to the UAE Ministry of Finance (MoF), which transmits data to the IRS.
CRS is implemented through Federal Decree-Law No. 48 of 2018 and Cabinet Resolution No. 93 of 2021 (UAE CRS Regulations), with annual AEOI exchanges.
QI remains a U.S. regime (IRS); UAE and DIFC QI Attachments recognise local AML/KYC rules as approved KYC for QI purposes.

Who is in scope?

Onshore banks and branches supervised by the Central Bank of the UAE
Financial institutions in free zones (e.g. DIFC, ADGM) including banks, custodians and investment firms
Investment funds, asset managers and other collective investment vehicles
Insurance companies offering cash-value or annuity-type products
Other entities that qualify as Reporting Financial Institutions under FATCA/CRS definitions

1) Legal sources (selected)

Area	Source	Content / focus
FATCA (treaty level)	UAE–U.S. Model 1B Intergovernmental Agreement (IGA) to Improve International Tax Compliance and to Implement FATCA (signed 17 June 2015; effective from 1 July 2014)	Provides the overall FATCA framework for the UAE as a non-reciprocal Model 1B jurisdiction: defines UAE Reporting Financial Institutions and U.S. Reportable Accounts, sets due-diligence and reporting rules, and establishes the basis for automatic exchange of FATCA information between the UAE MoF and the IRS.
FATCA (domestic implementation)	Federal Law No. 9 of 2016 ratifying the UAE–U.S. FATCA IGA; UAE FATCA Regulations and related MoF / Central Bank / free-zone guidance	Transposes FATCA obligations into UAE law: reporting obligations of UAE RFIs, the role of the MoF as competent authority, penalties for non-compliance and confidentiality safeguards for information shared with the IRS.
CRS / AEOI	OECD Common Reporting Standard (CRS) and Multilateral Competent Authority Agreement (MCAA); Federal Decree-Law No. 48 of 2018 ratifying the MCAA; Cabinet Resolution No. 93 of 2021 (UAE CRS Regulations) and subsequent MoF guidance	Requires UAE RFIs to identify non-resident account holders and controlling persons, obtain self-certifications, and file annual CRS reports to the MoF for automatic exchange of financial account information with partner jurisdictions.
QI	IRS QI Agreement (most recent version); Attachment for the United Arab Emirates (approved KYC rules); Attachment for the Dubai International Financial Centre (DIFC)	U.S. withholding tax and documentation regime for U.S.-source income paid via UAE intermediaries. The UAE and DIFC attachments list local AML/KYC rules (e.g. Central Bank circulars, AML legislation) that the IRS recognises as approved KYC for QI purposes, subject to additional QI-specific conditions.
AML / KYC	Federal Decree-Law on Anti-Money Laundering and Combatting the Financing of Terrorism (replacing and building on Federal Decree-Law No. 20 of 2018) and its Implementing Regulations; Central Bank AML Rulebook and notices; DFSA and ADGM FSRA AML Rulebooks for free-zone firms	Customer due diligence, beneficial-owner identification, ongoing monitoring and record-keeping requirements that form the basis of FATCA/CRS due diligence and QI reason-to-know assessments; also underpin the approved KYC status in the QI attachments.
Data protection & confidentiality	UAE Federal Data Protection Law and executive regulations; DIFC and ADGM data protection regimes; banking secrecy provisions in the Central Bank Law and sector-specific regulations	Legal basis and safeguards for collecting, using and disclosing customer and tax information, including information exchanged under FATCA and CRS; rules on consent, purpose limitation, security measures, retention and data-subject rights.

2) Responsibilities and competent authorities

UAE Ministry of Finance (MoF) – acts as the competent authority for FATCA and CRS at federal level: issues FATCA/CRS guidance, maintains registration processes and reporting portals for UAE RFIs, receives and validates FATCA/CRS XML files, and exchanges information with the IRS and partner jurisdictions.
Federal Tax Authority (FTA) – supports the MoF on tax administration and may be involved in enforcement and follow-up on FATCA/CRS non-compliance.
Central Bank of the UAE – prudential supervisor of onshore banks and other licensed financial institutions; its regulations on governance, risk management and AML/CFT shape the control environment for FATCA/CRS and QI compliance.
Securities and Commodities Authority (SCA) – supervises securities and capital-markets intermediaries outside the financial free zones, including certain RFIs in scope of FATCA/CRS and the QI regime.
DIFC (DFSA) and ADGM (FSRA) – financial free-zone authorities with their own regulatory frameworks, AML rulebooks and FATCA/CRS guidance; both are integrated into the UAE’s overall AEOI framework and are referenced in QI attachments.
UAE Financial Intelligence Unit (FIU) – receives and analyses suspicious transaction reports (STRs) and other AML/CFT-related information; its expectations on CDD and beneficial-owner data influence the quality of FATCA/CRS/QI documentation.
Internal Revenue Service (IRS, U.S.) – primary authority for FATCA registration and the QI regime: assigns GIINs, enters into QI/WP/WT agreements, receives and analyses FATCA and QI reports and reviews QI periodic certifications.

3) Interfaces: FATCA ↔ CRS ↔ QI

Consistent classifications and identifiers. Client classifications (individual/entity, FI/NFE), tax residencies, U.S. indicia, GIINs, U.S. TINs and beneficial-owner data should be consistent across FATCA, CRS and QI documentation and systems to avoid discrepancies between MoF/FTA and IRS records.
Onshore vs. free-zone considerations. UAE RFIs include institutions regulated onshore (Central Bank, SCA) and in free zones (DIFC, ADGM). FATCA/CRS classification and reporting obligations apply across all, but practical implementation may differ depending on local regulators and QI Attachment references (e.g. separate DIFC attachment).
Exempt entities and products. Annex II of the UAE IGA lists exempt beneficial owners and deemed-compliant financial institutions and accounts. Their status under CRS may not be identical, so UAE-specific products (e.g. certain government or pension schemes) need to be classified separately for FATCA vs. CRS purposes.
Leveraging AML/CFT KYC. AML legislation and AML rulebooks from the Central Bank, DFSA and ADGM FSRA provide a common KYC framework. Institutions typically “build on” this baseline by layering FATCA/CRS-specific indicia checks, self-certifications, tax residency management and QI documentation requirements on top of existing KYC processes.
Withholding vs. reporting. FATCA and CRS in the UAE mainly drive due diligence and reporting to the MoF (and, indirectly, to foreign tax authorities), whereas QI governs U.S. withholding tax, treaty-benefit documentation and liability allocation along chains of intermediaries. Clear allocation of responsibilities between tax, operations, front office and compliance functions is essential.

4) Technical and operational standards (high level)

File formats and channels. FATCA and CRS returns must be filed in prescribed XML formats based on OECD/IRS schemas and UAE-specific technical specifications, via MoF electronic filing portals (and, for some free-zone entities, via local portals that feed into the federal system).
Validation, corrections and penalties. RFIs should implement processes to handle UAE validation rules, file-level rejections and record-level errors, and to submit corrected or amended reports within statutory deadlines. Cabinet Resolution No. 93 of 2021 sets out an administrative penalties framework for CRS violations; similar expectations apply in practice to FATCA reporting.
Change management. Updates to CRS (including CRS 2.0), MoF guidance, AML legislation, and IRS QI/FATCA rules require structured impact assessments, system changes, user acceptance testing and staff training before go-live.
Governance and documentation. Policies, procedures, business requirement documents, control testing results, reconciliations and audit trails should be retained to evidence compliance in MoF/FTA reviews, Central Bank/DFSA/FSRA inspections and IRS QI periodic reviews.

5) Helpful internal references

UAE hub: US tax for banks in the United Arab Emirates
Reporting & technical implementation (UAE): Reporting & technology
Supervision & enforcement (UAE): Supervision, reviews & sanctions

Talk to us Back to UAE hub

Note: This page provides a practice-oriented overview. The binding sources are the most recent official texts and guidance (UAE–U.S. FATCA IGA and Federal Law No. 9 of 2016, Federal Decree-Law No. 48 of 2018 and Cabinet Resolution No. 93 of 2021 on CRS, OECD materials, the IRS QI Agreement and UAE/DIFC attachments, as well as UAE AML/CFT laws and data-protection legislation).