A cross-border business with a UAE-registered counterparty receives a payment instruction. The beneficiary's name returns a potential match on the UAE sanctions list. The correspondent bank flags the wire. Operations pause. Is the payment blocked outright, or can it proceed under an authorisation? These questions are not hypothetical. In our experience, they arrive in compliance inboxes with urgency and without clear internal answers.
The UAE operates its own autonomous sanctions regime, administered primarily through the Executive Office for Control and Non-Proliferation (EOCN) and the UAE Central Bank. Restricted payments may, in defined circumstances, proceed under a specific authorisation granted by the competent authority. The test turns on the category of the payment, the identity of the parties, and whether humanitarian or other licensed grounds are met. As of June 2026, the UAE regime continues to align with UN Security Council obligations while maintaining a set of autonomous measures that differ from those of OFAC, OFSI, and the EU Council.
This guide explains the governing authority and legal basis, the step-by-step authorisation process, how the UAE approach compares with the major Western regimes, the practical risk flags, and when to involve sanctions counsel.
Who administers payment authorisations under the UAE regime?
The UAE's sanctions regime rests on two pillars: implementation of UN Security Council measures and a body of autonomous national measures. The EOCN – formally the Executive Office of the Committee for Goods and Materials Subjected to Import and Export Control – serves as the principal authority for designations and authorisation decisions. The UAE Central Bank issues separate guidance binding on licensed financial institutions operating within the UAE financial system, and the Financial Intelligence Unit (FIU) sits alongside both as the reporting and intelligence body.
This two-track structure matters for payment authorisations. A payment blocked by reason of a UN Security Council designation follows a different authorisation route than one blocked by an autonomous UAE measure. For UN-listed parties, the relevant Security Council committee (and, for the ISIL/Al-Qaida list, the Ombudsperson or the Focal Point) is the ultimate gateway. For autonomously designated parties, the EOCN and the Central Bank are the decision-makers within the UAE system. Practitioners must identify which list grounds the block before they can determine the correct authorisation channel.
We regularly advise financial institutions and corporates on how to route these inquiries correctly. Sending an authorisation request to the wrong body costs time and can be read as a procedural deficiency if the matter later attracts regulatory scrutiny.
What is the legal basis for refusing or authorising a payment?
The UAE's primary legislative instrument governing financial sanctions and asset freezes is the relevant federal cabinet resolution and the associated implementing decisions, which are updated periodically as new designations are added. These instruments prohibit dealing in funds or economic resources of designated persons and entities without prior authorisation. "Dealing" is defined broadly and covers receiving, transferring, and processing payments, not only sending them.
The prohibition attaches to a UAE nexus: entities incorporated or licensed in the UAE, financial institutions regulated by the Central Bank, and transactions cleared or settled through UAE systems. Where a payment merely transits the UAE financial system – a common point of confusion – the question is whether UAE-regulated intermediaries are involved. If they are, the prohibition and the authorisation requirement apply to those intermediaries even if neither the payer nor the payee is UAE-based.
The UN Security Council's relevant resolutions, implemented domestically through the cabinet instruments, also create obligations. The Security Council regime allows Member States to authorise certain payments for basic expenses, extraordinary expenses, and other purposes set out in the applicable resolution. These humanitarian and maintenance carve-outs are not automatic; they require prior notification or approval from the relevant committee. The UAE domestic instruments replicate these carve-outs. A payment that qualifies under a UN-level carve-out will generally also qualify under the UAE domestic route, but the procedural steps are separate.
Step by step: how to apply for a UAE payment authorisation
The authorisation process for a restricted payment under the UAE regime involves five sequential phases. Each phase has its own documentation requirement, and moving to the next before completing the current one is a consistent source of delay in the matters we handle.
- Screen and classify the block. Confirm the identity of the designated party and whether the block arises from the UN Consolidated List, a UAE autonomous designation, or both. This determines the competent authority and the applicable carve-out categories. Use the UAE local list published and maintained by the EOCN alongside the UN Consolidated List. Do not assume a UN designation automatically appears on the UAE list in the same form; discrepancies occur.
- Identify the applicable carve-out or exception category. The main licensed categories across both the UN and UAE autonomous measures include basic expenses (food, rent, medical, legal representation), extraordinary expenses (with committee approval), contractual payments predating the designation, and certain humanitarian payments. Each category has its own evidential threshold. Basic-expense payments require supporting documentation; extraordinary-expense payments require advance committee approval. Identify the precise category before drafting any request.
- Prepare the authorisation request. Address the request to the EOCN for autonomous UAE measures, or to the relevant UN Security Council sanctions committee for UN-list measures (routed through the UAE Permanent Mission or directly, depending on the committee's procedure). The request must identify the parties, the nature and amount of the payment, the carve-out category relied upon, and the supporting evidence. Incomplete requests are routinely returned, resetting the clock.
- File with the UAE Central Bank (financial-institution route). If the payment is being processed by a UAE-licensed financial institution, the institution must also notify or obtain clearance from the Central Bank, which has its own reporting and authorisation pathway running in parallel. Dual filing – to the EOCN and to the Central Bank – is frequently required. Missing the Central Bank channel is one of the most common procedural errors we see.
- Await decision and retain records. The competent authority issues a written authorisation (or refusal). Keep the authorisation, the supporting documents, and all correspondence for the applicable record-keeping period under UAE law. The UAE Central Bank's guidance references multi-year record-keeping requirements for sanctions-related decisions. Verify the current retention period with the applicable instrument before relying on any period stated here.
The position above covers the standard authorisation path. Your facts – the counterparty, the payment type, the route, the lists in play – change the analysis materially.
For an assessment of your exposure under the UAE regime, contact Calder & Vance at info@caldervance.com.
How does the UAE payment authorisation process compare with OFAC, OFSI, and the EU?
The UAE regime shares structural features with the major Western regimes – a prohibition, a list, a licensing mechanism – but the procedural and substantive differences are significant enough to cause problems for teams used to operating under OFAC, OFSI, or EU rules.
Under OFAC, a specific licence (a case-by-case authorisation to conduct an otherwise prohibited transaction) is required where no general licence (a standing authorisation that permits a defined category of transactions without a separate application) covers the payment. OFAC processes specific-licence applications with a formal acknowledgement and a reviewing timeline that, while it can extend to many months, is documented and publicly described. The OFAC SDN List is the primary screening reference. Ownership aggregation under the 50 percent rule (OFAC's rule treating entities owned 50 percent or more by blocked persons as themselves blocked) applies regardless of whether the owned entity appears on the list by name.
Under OFSI, the equivalent mechanism is a specific licence under the relevant thematic sanctions regulations made under SAMLA. OFSI publishes licensing grounds and a guidance document for applicants. The processing timescale and the grounds available differ from OFAC's, and the UK ownership and control (the UK and EU test for whether a non-listed entity is caught through a listed person) test means that a payment to an unlisted entity can still be prohibited if a designated person controls it – a test that is not purely mechanical, unlike the OFAC 50 percent rule.
Under the EU Council regulations, the equivalent authorisation is obtained from the competent national authority of the relevant Member State. There is no single EU-level licensing body; the French DGSI, Germany's BAFA, and similar bodies each handle applications for their jurisdiction's persons. The EU ownership and control test mirrors the UK approach and looks beyond bare ownership percentages to effective control. EU general authorisations for categories of payments exist in some regime-specific regulations, but specific authorisations are more common for payment-level decisions.
The UAE regime differs from all three in a key respect: the dual-authority structure (EOCN for autonomous measures, Central Bank for financial-institution obligations) requires concurrent engagement with two regulators rather than one. Teams applying OFAC or OFSI workflows without adapting them to the UAE dual channel routinely miss the Central Bank filing. The UN-level channel adds a third dimension for UN-listed parties.
A further divergence: OFAC and OFSI publish detailed guidance on the factors they weigh when assessing licence applications. The UAE's published guidance is less granular, which means practitioners must derive the applicable standard from the instrument itself and from experience of how the EOCN handles requests in practice. In our cross-border practice, this opacity makes the quality of the initial application more consequential: a poorly framed request is less likely to receive a request for additional information and more likely to be refused outright.
One cross-cutting principle applies across all regimes: where two regimes are simultaneously engaged – for instance, a UAE-nexus payment by a US-owned entity – the stricter prohibition governs. Satisfying the UAE authorisation does not resolve the OFAC position, and vice versa. Multi-regime transactions require separate authorisation tracks to proceed.
What are the main risk flags for payment authorisation applications?
Authorisation requests fail or are delayed most often for identifiable, avoidable reasons. Knowing the failure modes in advance reduces the risk materially.
Unclear counterparty identity. A request cannot succeed if the competent authority cannot verify that the designated party and the payment beneficiary are the same person or entity. Where transliteration variants, name changes, or complex corporate structures obscure the link, the application must resolve the identity question explicitly. Submitting with unresolved identity ambiguity is a common cause of outright refusal.
Misclassified carve-out category. Applying under the basic-expenses category for a payment that is more accurately an extraordinary expense (and therefore requires advance committee approval rather than notification) results in a procedurally defective request. The distinction between the categories is not always obvious. Legal review of the carve-out categorisation before filing avoids this.
Missing the Central Bank channel. As described above, UAE-licensed financial institutions have a parallel regulatory obligation to the Central Bank. Filing with the EOCN but not with the Central Bank leaves the financial institution exposed and, in practice, means the payment cannot be released through the banking channel even if the EOCN issues an authorisation.
Timing the application incorrectly. Some carve-out categories – notably extraordinary expenses – require advance approval before the payment is made. Seeking authorisation after a payment has already been processed, or after funds have been sent, converts the original breach into a more serious matter and limits the available remediation options. Act before the transaction, not after it is flagged.
Inadequate documentation. Supporting documents must be contemporaneous, in the required form, and must correspond precisely to the facts stated in the request. Discrepancies between the request narrative and the supporting invoices, contracts, or medical certificates are among the most common deficiencies we review when brought in to remedy a failed application.
If a payment has already been flagged, or an application has been refused, an early review can preserve options that narrow with time. Contact Calder & Vance at info@caldervance.com to discuss the position.
A myth in practice: "UAE sanctions are less strict than OFAC or EU measures"
A persistent assumption among compliance teams at multinational businesses is that the UAE regime is lighter-touch than OFAC or EU sanctions and that UAE-nexus transactions therefore require less rigorous authorisation work. This assumption is wrong in two important respects.
First, the UAE regime implements all binding UN Security Council measures. For payments involving UN-listed parties, the obligations are as strict as those in any jurisdiction that implements Security Council resolutions – and the penalty for non-compliance sits at the same level of seriousness. The UAE is not a gap in the UN sanctions architecture.
Second, the UAE's autonomous measures cover a set of designated parties and prohibited activities that may not be replicated in OFAC or EU lists. A counterparty not on the SDN List or the EU Consolidated List can still be designated under UAE autonomous measures. Compliance programmes that screen only against OFAC and EU lists and treat a clean return as clearance for UAE-nexus transactions are systematically underscreening. We have acted for businesses that discovered this exposure only after a correspondent bank flagged the transaction at the payment stage – precisely the scenario described at the outset of this guide. Have you tested whether your screening tool queries the UAE EOCN list as a distinct source?
When should a business involve sanctions counsel for UAE payment authorisations?
Not every payment question requires counsel from the outset. But several situations call for legal involvement before – not after – a decision is made.
Involve counsel early where:
- The designated party or the payment beneficiary is identified through a complex ownership chain rather than a direct name match. The ownership and control analysis under UAE law requires careful tracing, and errors in that analysis have direct legal consequences.
- The payment touches multiple regimes simultaneously – for instance, a cross-border wire that passes through a US correspondent bank and involves a UAE-nexus party. As noted above, multi-regime transactions require separate authorisation tracks, and the OFAC position cannot be resolved by reference to the UAE authorisation alone.
- A previous application has been refused or returned for further information. Refusals create a record; a second application that does not clearly address the deficiency in the first is at a structural disadvantage.
- The business is a UAE-licensed financial institution assessing a payment for a corporate client. The institution's own regulatory obligations to the Central Bank, and the separate question of the client's authorisation position, require distinct legal analysis.
- The transaction has already been processed and the business is assessing its exposure. In this situation, the timing, the facts, and the available remediation routes all interact, and the business needs an accurate picture of its position before it decides whether to make a voluntary report.
Where the position is straightforward – the payment clearly falls within a published carve-out, the counterparty identity is unambiguous, and both the EOCN and Central Bank channels are well understood internally – a compliance team with UAE-specific training may handle the application without outside counsel. The difficulty is that the cases that appear straightforward at first review often reveal complications on closer analysis. In our experience, a short legal review at the classification stage is almost always faster and cheaper than remediation after a refusal or a regulatory inquiry.
Related practices
- Frozen account management under BIS/EAR – advice on releasing blocked accounts and assets under US export-control rules
- Payment authorisations under UN sanctions – a parallel guide to the UN Security Council authorisation channels
- Payment authorisations under UN: advanced issues – further analysis of the Ombudsperson route and committee procedures