April 23, 2026
The Central Bank of the UAE has introduced a major regulatory shift by prohibiting banks and licensed financial institutions from using instant messaging platforms مثل WhatsApp for financial services and customer data handling. The move is aimed at enhancing consumer protection and reinforcing data security standards across the country’s financial sector.
Rising Concerns Over Data Residency
A key factor behind this decision is data residency. The regulator highlighted that information shared عبر messaging platforms may be stored or processed outside the UAE, potentially breaching local laws that require customer and transaction data to remain within national borders.
Strict Deadline for Compliance
The directive, issued through a supervisory notice, requires all financial institutions to comply by April 30, 2026. Banks that fail to meet the deadline may face regulatory action, including penalties and enforcement measures.
What the New Rules Prohibit
Under the updated framework, banks are no longer allowed to use messaging apps for:
- Customer communication related to financial services
- Transaction initiation or confirmation
- Sharing or requesting customer information
- Sending sensitive data such as passwords or one-time passwords
- Exchanging documents containing personal or financial details
These restrictions effectively eliminate the operational use of consumer messaging apps in banking workflows.
Addressing Growing Security Risks
The central bank emphasized that the increased use of informal communication channels exposes both customers and institutions to serious risks. These include fraud, impersonation, account takeovers, social engineering attacks, and unauthorized disclosure of sensitive data.
Transition to Secure Channels
To align with the new regulations, banks are required to shift all services to approved and secure channels. These include mobile banking applications, official online platforms, call centers, and physical branches.
Additionally, institutions must strengthen internal controls by improving staff training and implementing monitoring systems to prevent the use of unregulated communication tools.
Regulatory Enforcement and Next Steps
Financial institutions must confirm compliance and outline corrective actions by the end of April 2026. Failure to comply could result in supervisory intervention, financial penalties, or other regulatory consequences.
A Step Toward a Safer Digital Banking Ecosystem
This directive reflects the UAE’s ongoing efforts to build a secure and resilient financial ecosystem. By tightening control over data handling and communication channels, the regulator aims to ensure higher standards of trust, transparency, and protection in an increasingly digital banking landscape.
