Focus Gaming News spoke with Marie Chowdhry, Partner at Pinsent Masons, about the UAE\u2019s new commercial gaming framework, financial regulation, and player protection requirements.<\/p>\n\n\n\n\n\n\n\n
Exclusive interview.- As the General Commercial Gaming Regulatory Authority (GCGRA) continues to shape one of the most closely watched new regulatory frameworks in global gaming, the United Arab Emirates is positioning itself as a jurisdiction that prioritises structure, compliance, and long-term credibility from the outset. Unlike legacy markets that evolved over decades, the UAE is attempting to build a fully formed ecosystem before large-scale operations even begin, a strategy that brings both strategic advantages and operational complexity.<\/p>\n\n\n\n
In this exclusive interview with Focus Gaming News, Marie Chowdhry<\/strong>, Partner in Financial Regulation and Fintech at Pinsent Masons<\/strong>, provides a detailed legal and compliance perspective on how the UAE\u2019s commercial gaming framework is being constructed. Drawing on her expertise advising international operators, she breaks down the core pillars of the regime \u2014 from federal oversight and controlled market entry to the deep integration of anti-money laundering obligations and player protection standards.<\/p>\n\n\n\n Chowdhry also explores the practical implications of the UAE\u2019s decision to classify gaming operators as Designated Non-Financial Businesses and Professions (DNFBPs), placing them under the same stringent AML\/CFT expectations as financial institutions. From onboarding architecture and transaction monitoring to regulatory engagement and corporate governance, the interview outlines the critical building blocks operators must get right to enter the UAE\u2019s newly regulated market without friction.<\/p>\n\n\n\n From your perspective, what are the key pillars of the UAE\u2019s new commercial gaming framework, and how does it differ from more mature jurisdictions such as the UK or Malta?<\/strong><\/p>\n\n\n\n Based on my understanding of the GCGRA framework and the UAE’s approach, the framework rests on several foundational pillars:<\/p>\n\n\n\n (i) Federal Executive Authority<\/strong> – The GCGRA was established as a federal executive agency, meaning the regulatory mandate is national in scope rather than emirate-specific. This structural choice is significant in that it signals that the UAE will operate as a unified, coherent licensing regime rather than a patchwork of emirate-level concessions. The GCGRA has authority over licensing, supervision, enforcement, and standard-setting for all commercial gaming operators in the UAE.<\/p>\n\n\n\n (ii) Controlled Market Entry <\/strong>– The framework is deliberately restrictive at the outset. Rather than opening the market broadly, the UAE has adopted a concession-based or limited-licence model. The first major operator, Island 3 AMI FZ-LLC (the joint venture developing Wynn Al Marjan Island, a partnership between Wynn Resorts, Marjan LLC, and RAK Hospitality Holding), holds the first regulated casino licence. I would suggest that this phased and controlled approach is characteristic of new regulatory markets seeking to establish credibility before scaling.<\/p>\n\n\n\n (iii) Integration with Federal AML\/CFT Architecture<\/strong> – From inception, the framework has been designed with financial crime compliance embedded at its core. As you\u2019ve noted below, Cabinet Resolution No. 134 of 2025 formalises gaming operators as DNFBPs under the UAE’s AML\/CFT regime.<\/p>\n\n\n\n (iv) Player Protection as a Founding Principle<\/strong> – The GCGRA has emphasised responsible gaming and player protection as central pillars of its framework. This includes self-exclusion mechanisms, spend limits, and operator obligations around identifying problem gambling, amongst other mechanisms.<\/p>\n\n\n\n With regard to the comparisons against other jurisdictions, I\u2019m not an expert on Malta, or even the UK\u2019s regime, but I would suggest that the most fundamental distinction is one of philosophy: the UK and Malta evolved their frameworks over decades<\/strong> in response to the market, whereas <\/strong>the<\/span> UAE is attempting to build a sophisticated framework before the market is operational at scale. This is both an opportunity and a challenge; the opportunity being that best practices can be designed in from the outset, and the challenge being that untested frameworks inevitably encounter implementation friction.<\/p>\n\n\n\n “The<\/span> UAE is attempting to build a sophisticated framework before the market is operational at scale. This is both an opportunity and a challenge.”<\/p>\n\n\n\n Marie Chowdhry, partner, financial regulation and fintech, at Pinsent Masons.<\/p>\n<\/blockquote>\n\n\n\n Cabinet Resolution No. 134 of 2025 brought commercial gaming operators within the scope of the UAE\u2019s updated AML\/CFT framework as DNFBPs. How transformative is this step in practice for the sector?<\/strong><\/p>\n\n\n\n I would suggest that this was a pretty bold move and pretty significant. The GCGRA is signalling that financial crime considerations need to be front and centre of the whole ecosystem. <\/p>\n\n\n\n In practical terms, this means gaming operators now carry the same legal obligations as banks, lawyers, and real estate agents in relation to:<\/p>\n\n\n\n The implications of being designated as a DNFBP suggest to me that the GCGRA now has a formal mandate to supervise and examine gaming operators’ AML\/CFT compliance<\/strong>. This means on-site inspections, documentary audits, and formal enforcement actions.<\/p>\n\n\n\n Operators must register on the UAE\u2019s goAML platform and submit STRs and suspicious activity reports (SARs) in real time. This is a significant operational step as it requires systems integration, trained analysts, and a functioning compliance function from the moment operations commence.<\/p>\n\n\n\n Finally, by formally bringing gaming into the DNFBP regime, the UAE is directly addressing a historically noted gap in its FATF compliance posture. This has real consequences for the UAE’s status and its ambition to be removed from enhanced monitoring (noting of course that 2026 is a FATF evaluation year here in the UAE).<\/p>\n\n\n\n The AML obligations are triggered at a transaction threshold of AED11,000, with potential fines of up to AED100m for non-compliance. What does this mean for how gaming operators must design their onboarding, monitoring and reporting systems from day one?<\/strong><\/p>\n\n\n\n If I am correct, the AED11,000 threshold (approximately US$3,000) aligns broadly with international FATF guidance for casino operators, which recommends a USD\/EUR 3,000 trigger for CDD obligations. In practice, AED11,000 is a relatively low threshold in a high-value gaming environment. A patron buying chips, placing a sports bet, or participating in a poker tournament can quickly cross this threshold in a single session or even a single transaction. This means that<\/span> CDD obligations will be triggered frequently<\/strong>, not occasionally.<\/p>\n\n\n\n Operators must build CDD into their customer experience from the outset, not as a compliance check that occurs in a back-office after the customer has already started playing. Specifically, we are advising clients to think about:<\/p>\n\n\n\n Pre-play identification<\/strong>: Customers who are likely to meet or exceed the threshold within a session should be identified and verified before they receive chips or access gaming facilities. This requires an integrated customer management system (CMS) that tracks cumulative spend in real time.<\/p>\n\n\n\n Possible tiered onboarding<\/strong> – to apply a risk-tiered approach. A patron spending AED5,000 in a single visit may require standard CDD; a patron spending AED50,000 may require EDD including source of funds documentation. The system must be capable of escalating automatically.<\/p>\n\n\n\n Documentation requirements<\/strong>: At minimum, passport or Emirates ID, address verification, and for higher-risk patrons, source of wealth\/funds documentation. For PEPs (politically exposed persons), EDD is mandatory regardless of spend level. <\/p>\n\n\n\n Database screening<\/strong>: All customers must be screened against sanctions lists (UN, UAE local lists, OFAC as a matter of best practice), PEP databases, and adverse media. This screening must be ongoing, not one-off.<\/p>\n\n\n\n What this means for monitoring systems:<\/p>\n\n\n\n Transaction monitoring<\/strong>: A real-time or near-real-time transaction monitoring system capable of aggregating purchases across different points (chips, sports betting terminals, online accounts if applicable). The AED11,000 threshold must be tracked on a cumulative basis per session and potentially per rolling period.<\/p>\n\n\n\n Behavioural analytics<\/strong>: Beyond simple threshold monitoring, operators will need systems capable of identifying suspicious behavioural patterns, e.g., a patron who buys chips and immediately cashes out with minimal play (a classic layering pattern), or one whose play pattern is inconsistent with their stated income.<\/p>\n\n\n\n Structuring detection<\/strong>: Systems must flag potential structuring, i.e., where a patron makes multiple transactions just below AED 11,000 to avoid triggering CDD. This itself could be a reportable suspicious activity.<\/p>\n\n\n\n “Operators must build CDD into their customer experience from the outset, not as a compliance check that occurs in a back-office after the customer has already started playing.”<\/p>\n\n\n\n Marie Chowdhry, partner, financial regulation and fintech, at Pinsent Masons. <\/p>\n<\/blockquote>\n\n\n\n In your work with clients, what are the most common misconceptions you see among international operators looking to enter the UAE regarding the regulatory and AML expectations?<\/strong><\/p>\n\n\n\n A few of these here to be honest: <\/p>\n\n\n\n (i) “Our existing compliance framework will transfer across with minimal adaptation.” This is perhaps the most dangerous misconception. An operator licensed in the UK, Malta, or Gibraltar will have a sophisticated compliance framework, but it will be calibrated to their home jurisdiction’s specific requirements, risk appetite, and regulatory expectations. The UAE has a distinct legal system (civil law with Islamic law influences), a unique sanctions landscape (UAE local lists sit alongside UN and OFAC lists), a specific goAML reporting architecture, and cultural considerations around player protection that differ from European norms. A transplanted UK or Maltese compliance manual will not be fit for purpose without substantial localisation.<\/p>\n\n\n\n (ii) “The AML obligations are primarily about the casino cage and not the whole operation.” International operators sometimes treat AML as a \u2018cage and cash-handling\u2019 issue<\/strong> rather than a whole-of-business obligation. In reality, the UAE DNFBP framework requires AML\/CFT controls to extend across all touchpoints: hotel\/gaming integration, VIP programmes, credit facilities, junkets (if applicable), and any ancillary financial services. The entire customer relationship is in scope.<\/p>\n\n\n\n (iii) “Regulatory engagement can wait until closer to opening.” As I\u2019m sure you are aware, regulators in mature jurisdictions expect operators to demonstrate compliance capability before licensing, not just compliance intent. I would suggest that the GCGRA, as a new but sophisticated regulator, is likely to take a similar approach. Operators who engage with the regulator early, transparently, and with well-developed compliance documentation will be better positioned than those who treat regulatory engagement as a late-stage formality.<\/p>\n\n\n\n (iv) “Player protection is a soft obligation; the hard regulatory risk is financial crime.” I really challenge this view given the cultural background against which this framework has been formed. I would instead argue that responsible gaming obligations are a primary licensing condition, not a secondary consideration. Operators who demonstrate weak responsible gaming controls risk licence conditions, suspension, or revocation, independent of their AML compliance posture.<\/p>\n\n\n\n The GCGRA has emphasised player protection and responsible gaming in its emerging regime. In legal and compliance terms, what will \u201cgood practice\u201d look like for operators in the UAE over the next few years?<\/strong><\/p>\n\n\n\n The UAE’s responsible gaming framework is still developing, but the GCGRA has signalled clearly that player protection will be a central regulatory priority<\/strong>. Drawing on best practice from mature jurisdictions, “good practice” in the UAE context over the next few years will likely encompass self-exclusion principles, spend and time limits as well as possible cooling-off limits. I would also anticipate seeing vulnerability identification markers based on the local population, safer gambling checks, and staff training requirements. <\/p>\n\n\n\n For an international operator considering applying for a UAE licence, what are the three most important compliance and risk-management building blocks they should have in place before even engaging with the regulator?<\/strong><\/p>\n\n\n\n I would most likely suggest that an operator has in place: <\/p>\n\n\n\n Looking ahead, what does a \u201csuccessful\u201d UAE commercial gaming market look like from a regulatory standpoint, and what role do you expect law firms and compliance advisers to play in getting there?<\/strong><\/p>\n\n\n\n From a regulatory standpoint, a successful UAE commercial gaming market would exhibit the following characteristics over the next five to ten years:<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Focus Gaming News spoke with Marie Chowdhry, Partner at Pinsent Masons, about the UAE\u2019s new commercial gaming framework, financial regulation, and player protection requirements.<\/p>\n","protected":false},"author":176,"featured_media":681,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"is_press_release":false,"is_interview":true,"is_opinion":false,"focusai_summary":"","focusai_entities":"","focusai_location":"","focusai_target_profile":"","focusai_suggestions":[],"footnotes":""},"categories":[149,156],"tags":[],"class_list":["post-565","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dubai","category-interviews"],"_links":{"self":[{"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/posts\/565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/users\/176"}],"replies":[{"embeddable":true,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/comments?post=565"}],"version-history":[{"count":8,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/posts\/565\/revisions"}],"predecessor-version":[{"id":773,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/posts\/565\/revisions\/773"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/media\/681"}],"wp:attachment":[{"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/media?parent=565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/categories?post=565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/focusgn.com\/uae\/wp-json\/wp\/v2\/tags?post=565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n
\n