Introduction

Cyber-enabled financial crime - where digital technologies intersect with illicit financial activity - is rapidly emerging as one of the most significant global threats to nations, businesses and communities. Each year, criminals launder more than US$2 trillion and steal over US$1 trillion through fraud, increasingly using cyber capabilities to operate at unprecedented scale and speed.

For the UAE - one of the world’s most dynamic financial and technological gateways - this threat is especially acute. The rapid growth of fintech, virtual assets, AI and e-commerce, combined with high volumes of cross-border digital transactions, is expanding both opportunity and exposure to cyber-enabled money laundering, terrorist financing, proliferation financing and sophisticated predicate crime.

This report examines how criminals are exploiting virtual assets, synthetic identities, deepfakes, fraud-as-a-service platforms and AI-powered automation to move illicit funds, scale scams and evade detection. It also highlights the growing convergence between cybercrime, financial crime and national security risk; and the urgency for regulatory vigilance, private-sector controls and continuous upskilling to ensure innovation does not outpace safeguards.  

What’s inside

This white paper provides a detailed examination of the UAE’s exposure to cyber-enabled financial crime across three interconnected threat areas: money laundering, terrorist and proliferation financing and cyber-enabled predicate crimes. It covers:

• Cyber-enabled money laundering: how criminals exploit cryptocurrencies, fintech platforms, digital wallets and e-commerce ecosystems to conceal the origins, ownership and destination of illicit funds, including the rise of Money Laundering-as-a-Service (MLaaS) and AI-driven laundering techniques.

• The role of virtual assets: how mixers, privacy coins, decentralised exchanges and OTC brokers are used to layer and integrate illicit funds, alongside regulatory developments across VARA, CBUAE, SCA, ADGM and DIFC.

• Cyber-enabled terrorist and proliferation financing: how extremist groups and state-linked actors exploit digital channels and virtual assets to move funds covertly, evade sanctions and finance operations, including the US$1.46 billion ByBit cryptocurrency theft linked to DPRK actors.

• Cyber-enabled predicate crimes: how fraud and drug trafficking (the UAE’s most significant predicate threats) are being amplified through social media, encrypted communications, darknet markets and cryptocurrency payments.

• ‘Fraud-as-a-service’ and AI-driven scams: how pre-built fraud toolkits, deepfake voice cloning and AI-powered phishing are fuelling a sharp rise in automated scams, with 50% of UAE residents reporting exposure to AI-driven scam attempts in the past 12 months.

• Transnational criminal infrastructure: how organised crime groups blend shell companies, front businesses, payment platforms and crypto exchanges to professionalise laundering and fraud operations at an industrial scale.

• Red flag indicators and practical risk signals: key warning signs for VASPs and financial institutions linked to money laundering, terrorist financing and crypto-enabled illicit activity.

• The UAE’s national risk context: how the 2024 National Risk Assessment identifies virtual assets, cyber-enabled finance and digital platforms as growing national vulnerabilities requiring proactive, risk-based supervision.