Anti-Money Laundering Laws in Oman Regulation & Best Practices

Oman has significantly advanced its Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) infrastructure in recent years, building a framework that aligns with global best practices while addressing local risks and vulnerabilities

With increasing scrutiny from international bodies like the Financial Action Task Force (FATF) and the Middle East and North Africa Financial Action Task Force (MENAFATF), compliance professionals in Oman face a dual challenge: ensuring their institutions meet evolving regulatory requirements and maintaining operational efficiency.

Legal and Regulatory Foundations

The cornerstone of AML/CFT regulation in Oman is Royal Decree No. 30/2016, which promulgates the Law on Combating Money Laundering and Terrorism Financing. This law repealed the earlier Law No. 79/2010 and expanded the scope of obligations for financial institutions, designated non-financial businesses and professions (DNFBPs), and regulatory bodies.

Key Provisions Include:

• Definition and criminalization of money laundering and terrorist financing.
  

• Obligations for customer due diligence (CDD), record keeping, and internal controls.

• Mandatory suspicious transaction reporting (STR) to the National Center for Financial Information (NCFI).

• Provisions for confiscation of illicit assets and international cooperation.

1. The Central Bank of Oman (CBO) AML Regulations

The Central Bank of Oman, under its regulatory authority, has issued binding guidelines and circulars that interpret and operationalize the provisions of RD 30/2016 for licensed financial institutions. The CBO’s AML/CFT framework includes:

• AML/CFT Compliance Charter requirements.
  

• Mandatory appointment of a Money Laundering Reporting Officer (MLRO).

• Periodic AML risk assessments and internal audits.

• Guidelines on onboarding, transaction monitoring, and sanctions screening.

As the prudential and AML supervisor for Oman’s banking and financial sector, the CBO also evaluates institutional compliance through on-site inspections and risk-based supervision.

2. The National Center for Financial Information (NCFI) – Oman’s FIU

The NCFI, established under Article 6 of RD 30/2016, functions as Oman’s Financial Intelligence Unit (FIU). Operating under the umbrella of the ROP, its primary responsibilities include:

• Receiving and analyzing STRs/SARs from reporting entities.
  

• Collaborating with domestic regulators and foreign FIUs.

• Maintaining strategic and operational independence to protect sensitive information.

NCFI also contributes to the Egmont Group, enabling Oman to share intelligence securely with over 160 FIUs globally.

Core Components of AML/CFT Compliance in Oman

Oman’s AML/CFT compliance model is grounded in a risk-based approach, supported by robust due diligence, monitoring, and reporting mechanisms. These components are not just regulatory requirements, but critical risk management tools that institutions must tailor to their specific exposure levels.

1. Risk-Based Approach (RBA)

Under Article 12 of RD 30/2016 and CBO AML guidelines, all financial institutions in Oman are required to implement a risk-based approach. This principle requires entities to:

• Identify, assess, and understand ML/TF risks.
  

• Allocate resources proportionate to the level of risk.
  

• Prioritize high-risk areas such as cross-border transactions, high-net-worth clients, and politically exposed persons (PEPs).
  

The RBA must be documented, reviewed periodically, and integrated into the institution’s overall risk management framework.

2. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

As outlined in Articles 14–16 of RD 30/2016, CDD is mandatory at the onboarding stage and during ongoing relationships. Key CDD obligations include:

• Verifying customer identity using reliable, independent documents.
  

• Identifying and verifying beneficial ownership.

• Understanding the nature and purpose of the business relationship.

Read more: AML Risk Assessment in the UAE: Laws, Compliance & Risks

When higher risks are identified, Enhanced Due Diligence (EDD) must be applied. This includes:

• Obtaining senior management approval to establish or continue the relationship.
  

• Enhanced scrutiny of source of funds and wealth.

• Ongoing monitoring of transactions that appear inconsistent with known profiles.
  

CDD must also be applied in specific scenarios such as occasional transactions over OMR 4,000 (~10K USD), wire transfers, and where there is suspicion of ML/TF.

3. Suspicious Transaction Reporting (STR)

Financial institutions are required to submit Suspicious Transaction Reports (STRs) to the NCFI without delay when transactions are suspected to involve:

• Proceeds of criminal activity.

• Funds linked to terrorism or proliferation financing.

• Unusual patterns inconsistent with customer profiles.

STRs must be filed regardless of the amount involved and should not alert the customer (i.e., “tipping off” is strictly prohibited under RD 30/2016, Article 18).

Institutions must establish clear internal reporting mechanisms that escalate suspicions to the MLRO, who is then responsible for filing with the NCFI.

4. Record Keeping

Oman’s AML Law mandates that all records relevant to CDD and transactions be kept for at least 10 years. This includes:

• Copies of identification documents.

• Account files and business correspondence.

• STR records and compliance logs.
  

Records must be readily accessible for supervisory authorities and should allow for reconstruction of transactions in a manner that supports investigative processes.

5. Ongoing Training and Internal Controls

Financial institutions must maintain continuous AML/CFT training programs for employees, especially those in compliance, customer service, and high-risk business units. According to the CBO, training must cover:

• Legal obligations and internal policies.

• Red flags and emerging typologies.

• Reporting responsibilities and escalation paths.

Training is complemented by a system of internal controls, including:

• Appointment of an independent and empowered MLRO.

• Periodic internal audits of the AML function.

• Regular updates to policies based on changing risks and regulatory expectations

Sectoral Supervision and Regulatory Authorities

In Oman, AML/CFT obligations extend beyond traditional banking to include a wide range of financial and non-financial sectors, as stipulated in Article 3 of RD 30/2016. These include:

1. Financial Institutions (FIs)

• Commercial and Islamic banks

• Insurance and reinsurance companies

• Money exchange businesses and remittance providers

• Securities brokers and investment firms

2. Designated Non-Financial Businesses and Professions (DNFBPs)

• Law firms, notaries, and legal consultants

• Auditors and accounting firms

• Real estate brokers

• Dealers in precious metals and stones

• Trust and company service providers

Enforcement Mechanisms and Penalties for Non-Compliance

Under Articles 25–32 of Royal Decree No. 30/2016, Oman’s authorities impose a combination of criminal, civil, and administrative penalties for breaches of AML/CFT laws. These apply to both individuals and legal entities, depending on the severity and nature of the violation.

Types of Sanctions Include:

• Administrative fines up to OMR 500,000 for regulatory breaches.

• Criminal penalties including imprisonment up to 10 years and/or fines for willful money laundering or terrorist financing.

• Freezing or confiscation of assets derived from illegal activities.

• Revocation of licenses or deregistration of non-compliant entities.

• Reputational consequences through public announcements or regulatory notices.

Penalties may also extend to employees, directors, and compliance officers found negligent in fulfilling their duties under the law.

Strategic Priorities for Financial Institutions in Oman

The following strategic priorities reflect both Oman’s regulatory expectations and global compliance best practices:

1. Institutionalizing a Culture of Compliance

• Promote tone-at-the-top leadership engagement.

• Ensure AML policies are embedded in all levels of operations.

• Encourage whistleblowing and anonymous internal reporting mechanisms.

2. Leveraging Technology for AML Compliance

• Implement advanced transaction monitoring systems capable of detecting real-time red flags.

• Use AI and machine learning to improve anomaly detection and reduce false positives.

• Integrate e-KYC platforms for customer onboarding and verification.

3. Strengthening Beneficial Ownership Transparency

• Maintain accurate and up-to-date UBO registers as required under international guidance.

• Cross-check information provided by customers with public registries or databases.

4. Preparing for Risk-Based Supervision

• Conduct independent AML audits and risk assessments.

• Document and justify your risk appetite and controls in line with the Central Bank of Oman’s supervisory framework.

5. Engaging in Regional and Global Knowledge-Sharing

• Participate in AML/CFT forums, workshops, and consultations facilitated by MENAFATF, the Egmont Group, and local regulators.
  

• Align with cross-border compliance expectations, particularly when dealing with correspondent banking or international trade finance.

Achieve AML Compliance with FOCAL

FOCAL AI empowers financial institutions to enhance their AML compliance efforts through advanced, AI-powered solutions. With transaction monitoring, you can detect suspicious activities in real time, reducing false positives while ensuring that you receive accurate and timely alerts.

FOCAL's customer due diligence (CDD) and identity verification tools automate the verification of customer information, streamlining the onboarding process and ensuring compliance with global standards. The platform’s customer risk scoring capabilities allow you to assess and categorize clients based on their risk profiles, ensuring that compliance efforts are both efficient and targeted.

Additionally, FOCAL’s case management system helps you track, manage, and report suspicious transactions, making it easier to adhere to regulatory requirements and submit reports in a timely manner. By leveraging FOCAL AI’s comprehensive AML solutions, you can strengthen your compliance framework, improve operational efficiency, and safeguard your institution against financial crime.

Final Thought

Oman holds a strategically significant position in the Gulf region, serving as a vital gateway for trade and financial flows between Asia, Africa, and the Middle East. This geographic prominence makes its financial system an attractive target for illicit financial activities such as money laundering and terrorist financing.

Recognizing these inherent risks, Omani regulators have intensified efforts to fortify the country’s AML/CFT framework. With the implementation of Royal Decree No. 30/2016 and the active oversight of institutions like the Central Bank of Oman and the National Center for Financial Information (NCFI), Oman has demonstrated a clear commitment to aligning with international standards, particularly the Financial Action Task Force (FATF) recommendations. As regulatory scrutiny deepens and enforcement capabilities grow, financial institutions operating in Oman are expected to adopt more robust, risk-based compliance programs to mitigate exposure to cross-border financial crime.