This week's Middle East RegWatch
 

Covers five developments across sanctions enforcement, cybersecurity, and global health regulation
A week dominated by OFAC action against Iranian petroleum networks.

• OFAC reached a $275 million settlement with Adani Enterprises Limited resolving 32 apparent violations involving liquefied petroleum gas shipments linked to Iran processed through US financial institutions. As part of the settlement Adani will implement remedial measures and cooperate fully with the ongoing OFAC investigation.
• OFAC separately designated Amin Exchange and 19 associated vessels under Executive Order 13902 for Iranian petroleum and petrochemical shipments — requiring US persons to block and report all property interests immediately. Transactions involving designated parties are prohibited unless authorised or exempt.
• The SDN List was further expanded under Executive Order 13224 adding individuals, entities, and vessels supporting Hamas — requiring immediate screening updates, blocking of dealings, and compliance system updates across all affected organisations.
• In the UAE, a critical cybersecurity vulnerability was identified in the Drupal Date iCal module — CVE-2026-8495 — allowing anonymous unauthorised access to sensitive data through improper access control and input sanitisation failures. Organisations must update to Drupal version 4.0.15 or later immediately. The UAE Cyber Security Council recommends circulating the advisory to all subsidiaries and partners.
• The 79th World Health Assembly update covers entry into force of 2024 International Health Regulations amendments and ongoing negotiations on the Pathogen Access and Benefit Sharing Annex relevant to UAE and regional member state obligations.
• Essential listening for CCOs, sanctions compliance officers, heads of AML, CISOs, and legal counsel operating across the Middle East with exposure to Iran-linked counterparties or US financial institutions.

Carver RegWatch delivers weekly regulatory intelligence across jurisdictions. Published May 24, 2026

For more information, visit the Carver Agents website.

Also from Carver RegWatch this week:

• This Week in AI Regulations — EU AI Act high-risk classification guidelines, CNIL €487M record fines, China AI deepfake enforcement
• ASEAN RegWatch — Bank Indonesia 50bps rate hike to 5.25%, MAS revokes Bsquared payment licence, Singapore insider trading convictions
• USA Regulatory Updates — SEC novel ETF regulatory review, California Hermes Bitcoin kiosk enforcement, IOSCO AI supervisory toolkit
• EU Regulatory Updates — EU AI Act consultation deadline June 23, CNIL cybersecurity enforcement priorities 2026, EU Solidarity Fund climate allocation
• India Regulatory Updates — RBI restricts Nagar Sahakari Bank, RBI cancels Yashwant Co-operative Bank licence, SEBI Investor Onboarding Regulatory Sandbox
• Global Regulatory Briefing — Bank of England CCP resolution paper, Malta tokenisation consultation, ASIC sustainability reporting focus 2026-27

Find all series at The Carver Agent Podcast 

Articles mentioned:

1. Settlement Agreement between the U.S. Department of the Treasury's Office of Foreign Assets Control and Adani Enterprises Limited
2. Seventy-ninth World Health Assembly – Daily update: 19 May 2026
3. Economic Fury Targets Networks Generating Billions for Iran’s Terrorist Regime
4. Counter Terrorism Designations; Iran-related Designations
5. 432318977 - Critical Vulnerability in Drupal Date iCal Module.pdf
6. NEWS BRIEF 18-05-26