AML in Oman: legal requirements, compliance rules, and penalties
- azakaw
- 2 days ago
- 13 min read
Oman has significantly strengthened its anti-money laundering (AML) regime over the past decade through Royal Decree No. 30/2016 and enhanced supervision by regulators.
Today, Oman AML compliance is mandatory for banks, real estate professionals, lawyers, accountants, fintech companies, and certain crypto-related businesses.
This guide explains Oman’s AML legal framework, who must comply, what regulators expect in practice, and how businesses can build compliance programs that withstand regulatory scrutiny.
AML Compliance in Oman - Key Takeaways |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
What is Oman's AML legal framework?
Oman’s AML framework is primarily governed by Royal Decree No. 30/2016 on Combating Money Laundering and Terrorism Financing, supported by sector regulators and the national Financial Intelligence Unit.
The framework is enforced by:
Central Bank of Oman (CBO)
National Centre for Financial Information (NCFI)
Capital Market Authority (CMA)
Oman Anti-Money Laundering and Terrorist Financing Committee
Royal Decree No. 30/2016: The foundation of AML law in Oman
Royal Decree No. 30/2016 is Oman's major law dealing with anti-money laundering and counter-terrorism financing. It:
defines money laundering
outlines the obligations of regulated entities
establishes the National Centre for Financial Information (NCFI) as Oman's financial intelligence unit
provides for administrative and criminal actions in case of non-compliance
The Decree covers a wide range of predicate offenses, the underlying crimes used to launder money. Crimes such as drug trafficking, fraud, bribery, corruption, and human trafficking are covered under this decree.
Any transaction linked to these crimes will lead to criminal liability, regardless of whether one is involved directly in committing the underlying offense.
Which regulators enforce AML compliance in Oman?
AML supervision in Oman operates through multiple authorities depending on sector activity, namely: the Central Bank of Oman (CBO), the National Centre for Financial Intelligence (NCFI), the Capital Market Authority (CMA), and the Oman Anti-Money Laundering and Terrorist Financing Committee.
The Central Bank of Oman regulates banks, exchange houses, and financial institutions. CBO issues strict guidelines for implementing AML measures, conducts regular on-site inspections, and takes stringent action against licensed financial institutions found deficient in their duty of fighting money laundering.
The National Centre for Financial Intelligence (NCFI) acts as Oman’s Financial Intelligence Unit (FIU). All Suspicious Transaction Reports (STRs) are forwarded to NCFI. NCFI analyses these reports, shares necessary information with law enforcement agencies and relevant authorities. It also ensures country-wide coordination in implementing AML/ CFT measures.
The Capital Market Authority (CMA) is responsible for regulating investment companies and securities businesses under its own framework for combating money laundering, in line with CBO requirements.
The Oman Anti-Money Laundering and Terrorist Financing Committee acts as the nodal body to coordinate efforts for the effective implementation of various anti-money laundering laws.
How does Oman align with FATF requirements?
Oman is a member of MENAFATF (Middle East and North Africa Financial Action Task Force).
Its domestic AML legislation incorporates the FATF 40 Recommendations, including:
risk-based compliance approaches
beneficial ownership transparency
STR reporting obligations
enhanced due diligence for high-risk clients
sanctions screening expectations
MENAFATF mutual evaluations have driven ongoing reforms that strengthen enforcement capability and institutional coordination.
Full Compliance Across Jurisdictions
Centralise, simplify, and scale your compliance efforts across jurisdictions and regulators. Use regulator specific templates or create your own rules and workflows.
Who must comply with AML laws in Oman?
Financial institutions, DNFBPs, and virtual asset providers must all comply with Oman’s AML regulations.
Financial institutions (banks, insurers, fintechs)
All banks licensed by the Central Bank of Oman (CBO), Islamic banks, and foreign bank branches have full AML responsibilities. Insurance companies, exchange houses, and payment service providers are also covered.
Fintechs operating under the auspices of the CBO face similar challenges to conventional financial institutions, including:
Customer Due Diligence (CDD)
Transaction Monitoring,
Submitting Suspicious Transactions Reports (STRs).
There is no softer touch regime for new arrivals.
DNFBPs
Given Oman's AML framework, Designated Non-Financial Businesses and Professions (DNFBPs) have to comply with the country's anti-money laundering laws. The list of such professions includes:
Law firms and legal consultants engaged in financial transactions or transferring assets
Accounting firms and auditors dealing with clients' money or advising them on creating complex corporate structures
Real estate agents and brokers dealing in properties that exceed the set limits
Dealers in valuable metals, jewels, and high-value items
AML supervision of DNFBPs continues to expand, but compliance obligations already apply.
Real Estate Compliance Solution
Manage multi-party property transactions, complex legal documents, and stakeholder verifications from a single, intuitive, and end-to-end AI-driven platform.
Virtual asset providers
No specific regulatory framework exists in Oman for providing crypto services and managing virtual assets. However, financial services law applies to all those involved in activities governed by existing financial laws and regulations.
Any platform conducting transactions related to existing financial services will be required to adhere to AML Crypto Compliance based on FATF guidelines on virtual assets. This includes those related to crypto transactions, such as the "Travel Rule" for transferring crypto-assets.
Keeping track of FATF’s anti-money laundering guidelines for Virtual Asset Providers can serve as a strong base until Oman introduces dedicated legislation on cryptocurrencies.
What are the AML compliance requirements in Oman?
The exact AML compliance requirements in Oman are following KYC and CDD rules, ongoing monitoring, STR submission to NCFI, having a compliance officer, and consistent staff training.
We’ll go over each of these requirements:
KYC and CDD
Know Your Customer (KYC) and Customer Due Diligence (CDD) form the backbone of any AML program.
In Oman, the following rules apply to all regulated companies:
Verify the customer's details prior to creating a business relationship. Use official identification documents and, when necessary, biometric data.
Identify and validate beneficial ownership of any company customers: i. e., identify the individual(s) with significant control over it ( generally exceeding 25 % ownership)
Implement Enhanced Due Diligence (EDD) procedures for high-risk clients. This should include Politically Exposed Persons and entities coming from countries identified as high-risk.
Update customer due diligence information: this is an ongoing task, and merely carrying out KYC/CDD at the time of onboarding does not complete your AML obligations.
Safeguard Your Business
Onboard global customers with ease, while reducing fraud risk. Create customised onboarding flows and verify individual customers or legal entities with ease.
Ongoing monitoring and record-keeping
Ongoing transaction monitoring involves keeping an eye out for unusual transactions through customer information maintained by the business. This helps identify suspicious financial transactions/transactions indicating the laundering of ill-gotten funds.
Any unusual activity, such as a rise in volume of transactions, payment trails unrelated to the existing pattern of dealings, or changes in behavior, should lead to deeper investigations.
Keeping records of our activities is necessary to comply with our record-keeping duties. CDD documentation must be retained for at least five years after the business relationship ends.
This includes identification documents, risk assessment reports, and results of screenings conducted.
STR submission to NCFI
In case of suspicious transactions or activities indicating attempts at money laundering or terrorist financing, you must submit a Suspicious Transaction Report (STR) to the NCFI promptly, accurately, and discreetly.
Entities must maintain internal escalation procedures for suspicious activity reporting.
Related content: How to report money laundering anonymously
IMPORTANT: It is a criminal offence to disclose to the customer that an STR has been filed (tipping-off).
Appointing a compliance officer
All financial institutions operating in Oman need to appoint a qualified AML Compliance Officer. This person will be responsible for:
overseeing the entity's AML/CFT programme
managing communication with the regulators
analyzing elevated alerts
overseeing STR submissions
ensuring policy implementation
The regulator expects Compliance Officers to have genuine powers of control, and not mere titles without real duties or resources.
Staff training and internal controls
Ongoing AML training must be role-specific and documented. Employees at all levels should know what money laundering looks like in their specific jobs, understand their reporting obligations, and know how to report suspicious activities.
Entities need to establish strong internal controls, including independent audit functions, detailed risk assessments, and regular reviews of their AML/CFT programs.
Effective internal controls are necessary to prevent financial crimes. Good internal controls include having independent audit functions, conducting thorough risk assessments, and carrying out regular AML/CFT program reviews.
Read also: What are the best AML & KYC certifications?
How AML enforcement works in Oman
AML enforcement generally follows a structured escalation pathway:
suspicious activity detected internally
STR submitted to NCFI
intelligence analysis conducted
referral to the sector regulator or law enforcement
administrative penalties or criminal prosecution initiated
This multi-layered approach strengthens early detection and enforcement efficiency.
Sector-specific AML triggers in Oman
Real estate sector triggers
Risk indicator | Why it matters |
Large cash property payments | Cash transactions increase laundering risk |
Use of intermediaries without transparency | May conceal beneficial ownership |
Offshore ownership structures | Higher jurisdictional AML risk |
Politically exposed persons involved | Requires enhanced due diligence |
Read also: Real estate AML compliance
Legal and accounting sector triggers
Risk indicator | Why it matters |
Nominee shareholder arrangements | May obscure beneficial ownership |
Unexplained asset transfers | Possible layering activity |
Shell company formation requests | Potential misuse of corporate vehicles |
Cross-border structuring without economic rationale | Higher AML exposure |
Financial institution triggers
Risk indicator | Why it matters |
Rapid account layering activity | Typical laundering behaviour pattern |
Unusual foreign transfers | Possible cross-border laundering channel |
Inconsistent transaction behaviour | Indicates deviation from the customer profile |
Unclear source-of-funds documentation | Triggers enhanced due diligence |
What are the penalties for violating AML laws in Oman?
Penalties under Royal Decree No. 30/2016 include:
administrative fines
imprisonment
asset seizure
licence revocation
restrictions on operations
senior management liability
Violation type | Penalty | Who it applies to |
Failure to file STR | Administrative fine | All regulated entities |
Inadequate KYC/CDD | Fine + mandatory remediation | Financial institutions, DNFBPs |
Active money laundering | Imprisonment + asset seizure | Individuals and entities |
Terrorist financing | Severe custodial sentence | Individuals and entities |
Systemic compliance failure | License revocation | Licensed businesses |
Administrative fines
Regulatory bodies, including the Central Bank of Oman (CBO) and the Capital Market Authority (CMA), can impose administrative fines for any non-compliance issues:
inadequate customer due diligence (CDD)
poor recordkeeping
failure to submit STRs
weak monitoring systems
Fine amounts depend on the level of severity and duration of the violation.
Oman has increased its fines in line with FATF recommendations for stricter action on AML/CFT violations, moving beyond deterrence towards a stronger deterrent effect.
Criminal charges
Individuals found guilty of money laundering offenses in Oman may face:
imprisonment (up to approximately 10 years, depending on offence severity)
fines potentially reaching twice the value of illicit proceeds
confiscation of assets
Senior officers may also face liability where governance failures contributed to misconduct.
License suspension or revocation
In case of serious instances of money laundering, Oman's financial sector regulators can cancel the operating license of an entity.
Besides license revocation, they can:
impose restrictions on certain services or activities
appoint external compliance officers
replace senior officials.
Such actions are severe but are taken in cases where entities have engaged in severe money laundering and terrorist financing activities.
Boost Business Safety & Efficiency
azakaw is the regulatory corporate compliance software designed for ease & efficiency that will protect your business from penalties, and licenses suspensions, and revocations.
Common AML compliance mistakes businesses make in Oman
Frequent weaknesses identified during inspections include:
treating KYC as a one-time onboarding exercise
failing to update beneficial ownership information
delayed STR submissions
insufficient independent AML audits
inadequate DNFBP training documentation
reliance on manual monitoring instead of automated systems
Addressing these weaknesses significantly reduces enforcement risk.
AML implementation challenges in Oman
The anti-money laundering framework in Oman looks strong on paper, but the challenge of implementing it needs to be addressed.
Let’s go over the challenges very quickly:
Limited availability of trained AML / CFT staff
There is a scarcity of trained AML/CFT professionals in Oman, with fewer such trained staff available outside of big financial institutions.
Many regulated entities, including smaller banks, currency exchange centers, and designated non-financial businesses and professions (DNFBPs), are finding challenges to employ or retain experienced AML/CFT officers who can meet the high standards set by the regulators.
To deal with this challenge, you can use in-house training programs to build your own compliance capacity, where required skills and expertise are lacking.
Technology gaps and transaction monitoring automation
Manual monitoring systems cannot reliably detect behavioural anomalies. Several financial institutions in Oman, particularly DNFBPs and small banks, continue to use manual methods to monitor and keep records of financial transactions.
Implementation of AML software providing features such as flagging alerts, transaction monitoring, Know Your Customer (KYC) checks, and other Transaction monitoring tools is expected by the regulators.
A reliable system links clients' level of risk with the current transaction data, detects any unusual transactions in real time, provides means to track all transactions, and creates an audit trail for evidence during any financial investigation.
Stay Ahead of Risks
Learn how azakaw’s AI-powered AML solution detects, prevents, and resolves suspicious activities in real-time. Automate transaction monitoring and reduce compliance costs with us!
Compliance cost pressures on smaller entities
Small regulated entities bear a higher compliance cost relative to their low risk profile.
Adopting a Risk-Based Approach to comply with AML/CFT regulations, while catering to your client base, range of financial products, and geographical presence, is a legal requirement and proves to be an economically viable alternative to a rigid one-size-fits-all approach.
Now that we’ve gone over the issues, let’s take a look at how this can be strengthened.
How businesses can strengthen AML compliance in Oman
Conducting a risk assessment and developing an AML/CTF policy
The first step towards an effective AML/CFT regime is to conduct a detailed AML risk assessment focusing on clients, distribution channels, financial products, and the geographical area of operation.
Based on the outcome of this assessment, you can set Client Due Diligence (CDD) limits, Enhanced Customer Due Diligence (EDD) triggers, and devise transaction monitoring strategies.
Our experience says that effective AML/CFT policies must reflect the institution's risk profile rather than adopting a generic template used by other jurisdictions or large financial institutions.
Utilizing digital tools for monitoring and verification
In addition to transaction monitoring tools, digital solutions to screen sanctions lists, the Politically Exposed Persons (PEPs) database, and adverse media are an integral part of Oman’s compliance landscape.
Real-time screening of clients on onboarding as well as regularly, conforming to the Risk-Based Approach, is necessary.
End-to-End Compliance Solution
Streamline compliance from identity and business verification to corporate compliance and AML transaction monitoring, reducing costs and complexity so you can scale with confidence.
Recognizing red flags and seeking legal help
Staff should be able to identify any AML red flags and suspicious activities relevant to your specific business situation.
Some common indicators of possible money laundering activities in Oman are:
Refusal by customers to provide information about their source of income
Cash transactions are carried out just below the reporting threshold.
Large amounts of money are being moved quickly between several bank accounts without any proper business reason.
Any unusual cash transactions related to Real Estate or High-Value Goods Businesses
If suspicious circumstances arise and internal channels point towards possible contraventions of laws, seeking help from an experienced AML legal adviser at an early stage can contribute significantly to dealing with the consequences effectively.
Recent AML enforcement trends in Oman
Recent regulatory developments indicate increasing enforcement activity across Oman’s AML framework, particularly in areas involving customer due diligence failures, corruption-linked asset tracing, and higher-risk transaction monitoring.
Authorities have taken action in cases involving:
inadequate source-of-funds verification by financial institutions
corruption and asset-freezing proceedings involving public officials and state-linked entities
enhanced scrutiny of cryptocurrency-related transactions despite the absence of a dedicated virtual-asset regulatory regime
The National Centre for Financial Information (NCFI) has also emphasized the importance of timely and high-quality Suspicious Transaction Reports (STRs), warning that delayed or incomplete reporting may trigger supervisory attention.
MENAFATF mutual evaluation findings further confirm that Oman has strengthened its ability to detect and respond to money-laundering risks, while continuing to develop investigative capacity for complex financial crime cases.
FAQs
Is AML compliance mandatory in Oman?
Yes. AML compliance is mandatory for financial institutions and designated non-financial businesses under Royal Decree No. 30/2016. Covered entities must implement customer due diligence (CDD), transaction monitoring, suspicious transaction reporting, and internal AML controls.
How do I report a suspicious transaction in Oman?
File a Suspicious Transaction Report (STR) directly to the National Centre for Financial Information (NCFI). All reporting should be done via the NCFI's designated reporting channels as soon as grounds for suspicion arise.
Is AML compliance mandatory for all businesses in Oman?
Not all Businesses, but the list of required ones is extensive under Royal Decree No. 30/2016:
banks and exchange houses regulated by the Central Bank of Oman
investment firms supervised by the Capital Market Authority
insurers and payment providers
real estate agents
lawyers and accountants involved in financial structuring
dealers in precious metals and jewellery
certain crypto-related service providers
If your industry deals with a large amount of financial transactions or is considered vulnerable to Money Laundering activities, then it comes under the purview of AML rules.
How long must AML records be retained in Oman?
Regulated entities must retain customer due diligence and transaction records for at least five years after the business relationship ends, in accordance with Oman’s AML framework.
What is the role of NCFI in enforcing AML regulations?
NCFI receives, examines all Suspicious Transaction Reports (STRs) submitted by regulated entities, shares relevant information with law enforcement and relevant authorities, and implements national AML measures.
NCFI provides guidelines to all financial institutions on enhancing the quality of STRs submitted and meeting AML requirements.
Can directors or senior managers be personally liable for AML violations?
Yes. Senior officers may face personal liability where governance failures contribute to money-laundering breaches or where institutions fail to implement adequate AML controls.
What happens if a company fails to submit an STR in Oman?
Failure to submit a Suspicious Transaction Report may result in administrative penalties imposed by sector regulators and may trigger enhanced supervisory inspections.
Are crypto businesses regulated under AML law in Oman?
Although Oman does not yet have a dedicated virtual-asset regulatory regime, crypto-related activities may still fall within AML obligations where they intersect with regulated financial services or risk-based compliance expectations aligned with Financial Action Task Force guidance.
Which regulator supervises banks for AML compliance in Oman?
Banks and exchange houses are supervised by the Central Bank of Oman, which conducts inspections and enforces AML compliance requirements.
Read also: AML Banking compliance
Does Oman follow international AML standards?
Yes. Oman is a member of MENAFATF and aligns its domestic framework with the Financial Action Task Force (FATF) 40 Recommendations on combating money laundering and terrorist financing.
Conclusion
Oman has adopted a zero-tolerance stance towards financial crimes, and this strategy is backed by good legal provisions with strong enforcement powers.
The Royal Decree No. 30/2016 outlines strict AML measures that apply to banks, financial technology companies, Designated Non-Financial Businesses and Professions (DNFBPs), and businesses engaged in cryptocurrencies.
Breaches of Oman AML laws can lead to administrative fines, imprisonment, and cancellation of business licenses.
Adopting Oman AML laws contributes to more than just avoiding legal penalties. In Oman’s well-regulated financial system, effective AML measures are essential for running successful businesses, accessing institutional investors, and building goodwill with the regulatory bodies and other financial institutions.
Companies prioritizing AML as part of their operations, rather than just going through the motions to meet the requirements, can create solid financial foundations.
Whether you run a business in Oman and have concerns about the effectiveness of your existing AML system, azakaw can assist.
Built by local AML experts
Discover how we support banks, fintechs, DNFBPs, and international investors to establish and ensure AML compliance with the Oman-based financial regulatory framework.
AML Compliance in Oman Video Overview
Related articles
![What is KYC? Meaning, requirements, and how it works [Video]](https://static.wixstatic.com/media/de7c06_ef23febf19b94eeebceaaad4fdb76759~mv2.webp/v1/fill/w_980,h_551,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/de7c06_ef23febf19b94eeebceaaad4fdb76759~mv2.webp)
