Corporate & Regulatory

From SCA to CMA: The UAE's New Market Abuse and Insider Trading Regime

Corporate & Regulatory

What this guide covers

  1. The Legislative Architecture: FDL 32/2025 and FDL 33/2025 Explained
  2. The Capital Markets Authority: Institutional Powers and Supervisory Reach
  3. Insider Dealing Under FDL 33/2025: Offence Elements and Exposure
  4. Market Manipulation and Front-Running: The FDL 33/2025 Prohibition Landscape
  5. Continuous Disclosure, Inside Lists, and MAR-Equivalent Controls for Listed Issuers
  6. CMA Investigation Procedure, Criminal Referral, and the Role of the Public Prosecution
  7. Building a FDL 33/2025-Compliant Market Abuse Framework: Strategic Priorities
  8. Practical checklist
  9. What we'd typically advise
  10. Frequently asked questions

The UAE's capital markets enter 2026 under a fundamentally restructured legal order. Federal Decree-Laws 32 and 33 of 2025 abolish the SCA, establish the Capital Markets Authority, and codify insider dealing and manipulation offences carrying penalties up to AED 200 million.

The UAE's capital markets regulatory landscape was comprehensively redrawn by two federal instruments operative from 1 January 2026. Federal Decree-Law 32/2025 dissolves the Securities and Commodities Authority (SCA) and transfers its functions, assets, and regulatory mandate to the newly constituted Capital Markets Authority (CMA). Federal Decree-Law 33/2025 operates as a standalone criminal and administrative statute codifying market abuse offences — insider dealing, market manipulation, front-running, and disclosure violations — with penalties scaling to AED 200 million. Both laws repeal Federal Law 4/2000, which had formed the foundation of UAE securities regulation for over two decades. Any practitioner or compliance officer still relying on FL 4/2000 or SCA Board Decisions issued solely under that authority must urgently reassess their frameworks.

FDL 32/2025 vests the CMA with broad supervisory, investigative, and sanctioning powers over listed issuers, exchanges, clearing houses, investment firms, and asset managers operating in the onshore UAE market. Crucially, the CMA's jurisdiction is defined to cover conduct affecting securities or derivatives listed or traded on UAE-licensed markets regardless of where the offending conduct originates — a meaningful extraterritorial reach that closes a gap previously exploited by offshore structuring. The law also creates a formal cooperation mechanism between the CMA and the UAE Central Bank (regulated under CBUAE Law No. 6/2025), the DIFC Authority, and the ADGM Financial Services Regulatory Authority, enabling cross-platform information sharing on a statutory basis for the first time.

FDL 33/2025 is the operative penal instrument and should be read alongside Federal Decree-Law 31/2021 (the Penal Code, in force 2 January 2022, as amended by FDL 36/2022), which supplies general criminal law principles — mens rea standards, complicity rules, and sentencing modifiers — applicable to market abuse prosecutions brought before onshore courts. Practitioners should note that FDL 33/2025 creates specific standalone offences; the Penal Code's general fraud and deception provisions under FDL 31/2021 remain available as alternative or cumulative charges where the facts support them, materially widening prosecutorial discretion.

The procedural framework for investigating and prosecuting FDL 33/2025 offences is governed by Federal Decree-Law 38/2022 (the Criminal Procedure Law, in force 1 March 2023, as amended by FDL 45/2023). This is a critical point: several competitor commentaries incorrectly cite Federal Decree-Law 35/2022 as the criminal procedure law — that instrument is in fact the Evidence Law. Counsel advising on search powers, electronic evidence gathering, and pre-trial detention in market abuse investigations must work from FDL 38/2022 and its 2023 amendments, not from the repealed 1992 code.

The Capital Markets Authority: Institutional Powers and Supervisory Reach

The CMA established under FDL 32/2025 represents a meaningful institutional upgrade from its SCA predecessor. The Authority is structured as a financially and administratively independent federal body, insulated from day-to-day ministerial direction in its supervisory and enforcement decisions — a design intended to signal credibility to international counterparties and to underpin the UAE's ambition of removal from the EU's high-risk third-country list (achieved in 2025 following the FATF grey-list exit in February 2024). The CMA's Board is vested with rule-making authority to issue binding decisions, circulars, and standards, and those instruments will progressively replace the body of SCA Board Decisions that governed markets under FL 4/2000.

Of particular practical significance for listed issuers and financial institutions is the CMA's on-site inspection and dawn-raid power codified in FDL 32/2025. CMA inspectors may — with appropriate prosecutorial authorisation under FDL 38/2022 — enter premises, image electronic systems, compel production of trading records and communications, and interview personnel under caution. The standard for compelling production is lower than the criminal search-warrant threshold: it is sufficient that the CMA has reasonable grounds to believe records are relevant to a supervisory inquiry, not that a criminal offence has necessarily been committed. Compliance officers and general counsel should therefore treat a CMA supervisory visit with the same degree of legal privilege caution as a criminal investigation.

The CMA also inherits and expands the SCA's transaction reporting and suspicious transaction reporting (STR) obligations. Under the interlocking regime created by FDL 32/2025 and the AML/CFT framework under Federal Decree-Law 10/2025 (which entered into force 14 October 2025 and repealed FDL 20/2018), regulated entities must file STRs with both the CMA and the UAE Financial Intelligence Unit where a transaction raises market abuse and money laundering concerns simultaneously — a scenario that will be common in insider dealing cases given that trading profits derived from inside information constitute proceeds of crime under FDL 10/2025. Cabinet Resolution 134/2025 (the AML/CFT Executive Regulations, effective 14 December 2025) provides the operational detail on STR filing timelines and content requirements.

For asset managers, the CMA's jurisdiction over fund administration, discretionary mandates, and investment advisory services means that conduct previously regulated only lightly at the SCA level — such as cherry-picking allocations across client accounts or front-running institutional orders — now sits squarely within FDL 33/2025's manipulation and front-running provisions and attracts both administrative and criminal sanctions. Firms that structured their UAE-facing activities through DIFC or ADGM entities to access onshore markets should take specific advice on whether the CMA's extended conduct perimeter captures their trading activity.

Insider Dealing Under FDL 33/2025: Offence Elements and Exposure

Federal Decree-Law 33/2025 codifies insider dealing with considerably greater technical precision than FL 4/2000. The offence is constituted by three cumulative elements: (i) possession of inside information, defined as material non-public information relating to a listed issuer or a financial instrument that, if disclosed, would be likely to have a significant effect on the price of that instrument; (ii) dealing in, or procuring another to deal in, the affected instrument while in possession of that information; and (iii) knowledge — actual or constructive — that the information is inside information. The constructive knowledge limb is significant: a trader who deliberately avoided confirmation of the nature of information received cannot shelter behind claimed ignorance.

The statute expressly captures tipping as a primary offence, not merely an ancillary one. A person who discloses inside information to another in circumstances where dealing is foreseeable — including informal communications between corporate executives and portfolio managers, or between investment bankers and hedge fund counterparties — commits the tipping offence irrespective of whether the recipient actually trades. This closes the tipping-chain ambiguity that existed under FL 4/2000 and aligns UAE law with the EU's Market Abuse Regulation standard. Boards and senior management of listed issuers should treat all pre-announcement communications about material transactions — M&A, earnings, regulatory decisions — as presumptively inside information and apply wall-crossing protocols accordingly.

The personal criminal liability exposure for natural persons under FDL 33/2025, read with the Penal Code FDL 31/2021, includes custodial sentences alongside the administrative financial penalties. The AED 200 million ceiling applies to administrative fines imposed by the CMA; custodial penalties are determined by the criminal courts applying FDL 33/2025's sentencing provisions cross-referenced to FDL 31/2021. Critically, corporate officers, directors, and compliance personnel who fail to prevent insider dealing within their organisation may face personal liability under FDL 33/2025's manager-liability provisions — a structure that mirrors the personal liability mechanism now embedded in the AML framework under FDL 10/2025. General counsel and compliance officers of listed issuers should not assume that liability is quarantined at the trading-desk level.

From a defence standpoint, FDL 33/2025 recognises a market information defence (where information is simultaneously available to the market through conventional research), a Chinese Wall defence (where robust information barriers demonstrably prevented transmission of inside information to the dealing side), and a statutory trading plan defence for pre-scheduled transactions evidenced by written plans predating the relevant information event. These defences must be established affirmatively and require contemporaneous documentation; a compliance programme assembled after a CMA inquiry commences will carry little persuasive weight.

Market Manipulation and Front-Running: The FDL 33/2025 Prohibition Landscape

FDL 33/2025 addresses market manipulation through two broad limbs. The first — transaction-based manipulation — captures wash trading, matched orders, layering, spoofing, and any series of transactions designed to create a false or misleading appearance of active trading or to establish an artificial price. The second — information-based manipulation — captures the dissemination of false or misleading information likely to influence the price of a financial instrument, including through social media, analyst reports, research publications, and investor roadshows. The convergence of these two limbs is particularly acute in the context of UAE-listed SPACs and newly floated real estate investment trusts, where thin liquidity amplifies the price-moving effect of coordinated posting or off-market block activity.

Front-running is codified as a standalone offence under FDL 33/2025 rather than as a sub-species of manipulation — a deliberate legislative choice that removes any argument that front-running requires proof of an artificial price. The offence is committed by any person who, having knowledge of a pending client order or a forthcoming publication likely to move the market, deals in the relevant instrument for their own account or for a connected account before executing or facilitating the client's transaction. Asset managers running both proprietary and client portfolios, and sell-side firms with integrated research and trading functions, face the most acute front-running risk and should review order management system controls, personal account dealing policies, and Chinese Wall architecture against the FDL 33/2025 standard immediately.

The AED 200 million administrative fine is the headline figure, but it is not a simple flat penalty. FDL 33/2025 structures the fine on a tiered basis taking account of: the profit made or loss avoided; the degree of harm to market integrity and investors; the duration and sophistication of the conduct; and whether the respondent cooperated with the CMA. The law also provides for disgorgement of profits as a separate order, meaning that a firm may face both the administrative fine and full disgorgement — the two remedies are cumulative, not alternative. For a large asset manager running a systematic manipulation over an extended period, total financial exposure could therefore substantially exceed AED 200 million when disgorgement is factored in. Boards should model both heads of exposure when conducting internal risk assessments.

The interplay with AML law deserves specific attention. Under FDL 10/2025, proceeds derived from market manipulation or insider dealing are predicate proceeds of crime, and any subsequent handling of those proceeds — including transferring trading profits to offshore accounts, reinvesting in real property, or distributing to fund investors — can constitute a money laundering offence. There is no statute of limitations for money laundering under FDL 10/2025, meaning that even historical market abuse whose direct limitation period has expired may generate surviving ML exposure for those who handled the proceeds. This is a material consideration in due diligence on acquisition targets and in regulatory settlements.

Continuous Disclosure, Inside Lists, and MAR-Equivalent Controls for Listed Issuers

FDL 32/2025 imposes a statutory continuous disclosure obligation on listed issuers requiring prompt public announcement of any inside information — defined consistently with FDL 33/2025 — that relates to the issuer or its securities. The standard is objective: disclosure is required as soon as the information reaches sufficient certainty to have a significant price effect, not when the issuer's management has concluded an internal approval process or concluded a transaction. Boards that routinely delay market announcements pending board sign-off, legal review, or commercial sensitivity assessments must re-examine their disclosure procedures against this standard. Delay without a formal delayed disclosure request submitted to the CMA — available only where immediate disclosure would harm legitimate interests and where confidentiality can be maintained — is itself an administrative and potentially criminal offence under FDL 33/2025.

The requirement to maintain insider lists — records of all persons with access to inside information relating to a specific event — is carried forward and strengthened under FDL 32/2025. Issuers must record each insider's identity, the date they obtained access, and the nature of the inside information, and must update the list in real time as new persons are brought inside. The insider list must be produced to the CMA on request without delay; failure to maintain it or to produce it constitutes a separate regulatory breach independent of any underlying market abuse. Legal counsel managing transaction processes for listed UAE issuers should build insider list maintenance into their standard deal execution checklist as a non-negotiable procedural step, not an afterthought.

For asset managers, FDL 32/2025 requires the establishment and periodic CMA review of written policies on: conflicts of interest identification and management; personal account dealing by staff; gifts and entertainment; and communication controls between research and portfolio management functions. These are not new concepts, but FDL 32/2025 elevates them from SCA guidance to binding regulatory requirements backed by CMA sanctioning powers. Firms that have been operating under policies designed for DFSA or FCA compliance should audit those policies for UAE-specific requirements, paying particular attention to local disclosure timing rules and CMA notification protocols, which differ from their DIFC and ADGM equivalents.

CMA Investigation Procedure, Criminal Referral, and the Role of the Public Prosecution

A CMA market abuse investigation proceeds in two potential tracks that may run concurrently. The administrative track under FDL 32/2025 allows the CMA to investigate, charge, and impose financial penalties, trading bans, and licence revocations through its internal disciplinary committees without involving the courts. This track offers speed and, in practice, a degree of negotiated resolution — the CMA has the power to accept undertakings and to reduce penalties in exchange for cooperation and remediation. The criminal track under FDL 33/2025 requires referral to the competent Public Prosecution, which then investigates and prosecutes before the criminal courts applying FDL 38/2022 (the Criminal Procedure Law) as the procedural framework.

Critically, the two tracks are not mutually exclusive under UAE law. A respondent can face simultaneous administrative proceedings before the CMA and criminal prosecution before the courts, with the criminal process subject to evidentiary standards of proof beyond reasonable doubt but the administrative process applying a lower civil standard. Evidence obtained through CMA supervisory powers — which do not require a criminal warrant — is admissible in CMA administrative proceedings and can be passed to the Public Prosecution for use in the criminal track. There is therefore a significant risk that cooperation with a CMA supervisory inquiry, absent careful legal privilege management, generates evidence that fuels a criminal prosecution. Experienced criminal defence counsel should be retained from the moment a CMA enquiry is received, not after a criminal referral is made.

The freezing and asset preservation tools available in market abuse cases have been substantially strengthened by recent developments. Onshore UAE courts can issue precautionary attachment orders over assets of suspects under FDL 38/2022. In cross-border cases involving offshore assets, the DIFC Court Law 2/2025 now enables the DIFC Courts to grant worldwide freezing orders in support of foreign or onshore proceedings without requiring a local-asset nexus — a power confirmed in principle by ADGM's approach in ADGM A17 v B17 [2025]. Where market abuse proceeds have been moved offshore, coordinated applications across DIFC and onshore courts, and potentially through mutual legal assistance channels under Federal Law 39/2006 as amended by FDL 38/2023, represent the most effective asset-preservation strategy.

Voluntary disclosure and cooperation remain the most effective tools for mitigating both administrative and criminal exposure under the new regime. FDL 33/2025 explicitly recognises cooperation with the CMA as a mitigating factor in penalty determination. Firms and individuals who identify potential market abuse internally, self-report to the CMA before an investigation commences, and implement demonstrable remediation can expect materially different outcomes than those investigated reactively. Legal teams should establish clear internal escalation protocols — including privilege-protected investigation channels — that allow self-reporting decisions to be made promptly and on a fully informed basis.

Building a FDL 33/2025-Compliant Market Abuse Framework: Strategic Priorities

The transition from an SCA-supervised regime to a CMA-supervised regime under FDL 32/2025 is not a cosmetic rebrand. It represents a structural shift in regulatory philosophy toward rules-based, conduct-focused supervision with materially higher financial consequences and personal liability for senior individuals. Listed issuers should prioritise three immediate actions: first, a comprehensive gap analysis of existing market abuse policies against FDL 33/2025's specific offence definitions and FDL 32/2025's disclosure requirements; second, a review and revalidation of all insider lists for current live transactions; and third, a board-level briefing on personal director liability under FDL 33/2025's manager-liability provisions and FDL 10/2025's AML personal liability framework.

Asset managers face a parallel but distinct set of priorities. The codification of front-running as a standalone offence requires a careful review of order management workflows, particularly in firms running proprietary capital alongside client mandates. The FDL 33/2025 Chinese Wall defence is only available where barriers are documented, tested, and demonstrably effective — a standard that requires regular penetration testing of information controls and documented evidence of wall-crossing protocols operating correctly. Firms should treat their Chinese Wall documentation as a prospective legal defence, not an administrative formality, and retain that documentation for a minimum period consistent with any applicable limitation periods.

The AML intersection demands particular attention given that FDL 10/2025 adds tax evasion as a predicate offence and imposes personal manager liability for AML compliance failures. An asset manager or listed issuer whose market abuse generates trading profits that are then distributed, reinvested, or transferred faces concurrent exposure under FDL 33/2025 (market abuse), FDL 10/2025 (money laundering of proceeds), and potentially FDL 47/2022 (corporate tax, if profits are mischaracterised or unreported). The absence of a statute of limitations for money laundering under FDL 10/2025 means that remediation programmes must address the full history of potentially tainted transactions, not merely recent conduct. Legal and compliance teams should coordinate across capital markets, AML, and tax workstreams rather than treating each as a siloed exercise.

Finally, the UAE's forthcoming FATF mutual evaluation in 2026 will scrutinise the effectiveness of the CMA's enforcement of FDL 33/2025 as part of the assessment of UAE market integrity controls. Regulators operating under mutual evaluation scrutiny historically increase enforcement activity to demonstrate operational effectiveness. The period from 2025 to 2026 should therefore be treated as a period of heightened enforcement risk. Firms and issuers that have deferred compliance upgrades pending clarity on the new CMA framework no longer have that luxury — the CMA is operational, its legislative toolkit is in force, and its enforcement mandate is explicit.

Practical checklist

  • Audit all market abuse policies against FDL 33/2025 offence definitions before Q1 2026.
  • Validate and update insider lists for every live material transaction immediately.
  • Brief the board on personal director liability under FDL 33/2025's manager provisions.
  • Review order management system controls for front-running risk under FDL 33/2025.
  • Map trading profit flows to assess cumulative AML exposure under FDL 10/2025.
  • Establish documented Chinese Wall testing records usable as an affirmative defence.
  • Implement a privilege-protected internal escalation protocol for self-reporting decisions.
  • Retain experienced criminal counsel at the first indication of CMA supervisory interest.

What we'd typically advise

Our standard advice to listed issuers and asset managers at this regulatory inflection point is unequivocal: treat the CMA's activation under FDL 32/2025 as a hard legal deadline, not a soft transition. The AED 200 million penalty ceiling in FDL 33/2025 is not a negotiating number — it is a statutory maximum that the CMA has explicit authority to approach, cumulated with disgorgement, in cases involving sustained or sophisticated conduct.

We advise engaging experienced UAE capital markets and criminal counsel jointly from the outset of any CMA inquiry. The administrative and criminal tracks can run simultaneously, evidence flows between them, and cooperation decisions made in the administrative track have direct consequences in criminal proceedings. Privilege management from the first contact is non-negotiable. Where market abuse exposure also touches AML or corporate tax frameworks — which it frequently does — a coordinated multi-practice legal response is materially more protective than sequential single-practice advice.

Frequently asked questions

Does FDL 33/2025 apply to trades executed offshore on UAE-listed securities?

Yes. FDL 33/2025 and FDL 32/2025 define the CMA's conduct jurisdiction by reference to the instrument affected — securities or derivatives listed or traded on UAE-licensed markets — not by reference to where the order is placed or executed. An offshore hedge fund trading UAE-listed equities through a prime broker outside the UAE is within scope if the conduct affects the UAE market. The CMA's cooperation mechanisms with foreign regulators, operating through channels established under Federal Law 39/2006 as amended by FDL 38/2023, support cross-border evidence gathering to enforce this perimeter.

Can a director be personally liable for insider dealing by a subordinate trader?

Yes, under FDL 33/2025's manager-liability provisions. A director or senior officer who knew of, facilitated, or failed to prevent insider dealing within their organisation — including through inadequate supervision or deficient compliance systems — faces personal administrative and potentially criminal liability. This mirrors the personal liability structure in FDL 10/2025 for AML failures. The defence requires demonstrating that adequate systems existed and were operating effectively, supported by contemporaneous documentation.

What is the difference between the CMA administrative penalty and a criminal court fine?

The AED 200 million ceiling under FDL 33/2025 is an administrative penalty imposed by the CMA through its internal disciplinary process. Criminal fines are determined separately by the courts applying FDL 33/2025's sentencing provisions read with the Penal Code FDL 31/2021. The two tracks can run simultaneously and the financial consequences are cumulative. Additionally, disgorgement of profits is available as a separate CMA order, independent of and in addition to the administrative fine.

Does providing confidential M&A information to a financial advisor constitute illegal tipping?

Not automatically. FDL 33/2025 requires that the disclosure be made in circumstances where dealing is foreseeable. Disclosure to advisors subject to formal confidentiality obligations and wall-crossing protocols, properly documented and maintained, is generally protected by the Chinese Wall defence. However, informal or undocumented communications with advisors who subsequently trade — even where the issuer did not intend to enable trading — are likely to constitute the tipping offence. Documentation of all wall-crossing events and confidentiality commitments is therefore legally critical, not merely best practice.

How does FDL 10/2025's AML law interact with a market abuse investigation?

Directly and significantly. Under FDL 10/2025, profits derived from insider dealing or market manipulation are proceeds of crime, and any handling of those profits — reinvestment, distribution to investors, offshore transfer — constitutes a potential money laundering offence. There is no statute of limitations for ML under FDL 10/2025, so even conduct whose primary market abuse limitation period has expired may still carry live ML exposure. Regulated entities are also required to file STRs with both the CMA and the Financial Intelligence Unit where both market abuse and ML indicators are present, creating parallel regulatory reporting obligations.

Can a DIFC or ADGM-based firm receive a worldwide freezing order in a UAE market abuse case?

Yes. DIFC Court Law 2/2025 expressly enables the DIFC Courts to grant worldwide freezing orders in support of onshore or foreign proceedings without requiring the target assets to be located in the DIFC. The ADGM courts have demonstrated a comparable willingness, as evidenced by the approach in ADGM A17 v B17 [2025]. In a CMA-initiated market abuse case involving offshore assets, coordinated applications to both the DIFC Courts and the onshore courts under FDL 38/2022 represent the most effective asset-preservation strategy, particularly where proceeds have been moved through multiple jurisdictions.

What is the delayed disclosure mechanism and when can issuers use it?

FDL 32/2025 permits an issuer to delay public disclosure of inside information — avoiding immediate market announcement — where three conditions are met: immediate disclosure would harm the issuer's legitimate interests (for example, disrupting an ongoing M&A negotiation); confidentiality can be maintained; and the delay does not mislead the public. The issuer must submit a formal delayed disclosure request to the CMA at the point the decision to delay is made, not retrospectively. If confidentiality is subsequently breached, immediate announcement is required. Failure to use the formal mechanism and instead simply delaying disclosure without CMA notification is a breach of FDL 32/2025 and a potential FDL 33/2025 offence.

We received a CMA information request this week. Should we respond directly or involve lawyers first?

Involve experienced UAE capital markets and criminal counsel before responding. A CMA information request — whether framed as a supervisory inquiry or an investigation notice — can lead simultaneously to administrative proceedings under FDL 32/2025 and criminal referral under FDL 33/2025 applying FDL 38/2022. Documents and communications produced in response to a supervisory request may be passed to the Public Prosecution. Legal professional privilege, properly established at the outset, protects candid internal investigation communications. Responses provided without privilege architecture in place cannot be un-provided. The cost of early legal involvement is materially lower than the cost of managing disclosures made without it.

Related guides


Published 15 July 2026. General information only — not legal advice. Contact us for matter-specific advice.

Need this matter handled?

A partner can review the specifics and respond with a scoped engagement note within one working day.

Speak to us →