Financial institutions have been instructed to provide updates on their compliance by April 30.
The Central Bank of the UAE (CBUAE) has directed all licensed financial institutions to discontinue the use of instant messaging platforms, including WhatsApp, for communicating with customers, citing concerns over customer protection and data security.
In a circular issued to banks, insurers, exchange houses, and finance companies, the regulator said the measure is intended to safeguard customers and protect the reputation of the UAE’s financial sector. Institutions have been instructed to submit updates on their compliance by Thursday, April 30.
Banks have already begun informing customers through SMS, email, and mobile app notifications that messaging platforms will no longer be used for correspondence or service requests.
The central bank said it had identified several risks associated with the use of such platforms, including fraud, identity theft, account takeovers, and social engineering attacks, along with concerns around authentication, transaction integrity, and data confidentiality.
It also highlighted risks linked to cross-border data processing and storage, noting that customer information could be accessed or held outside the UAE, which raises regulatory and audit-related challenges.
Under the directive, financial institutions are prohibited from using messaging apps to request or share customer data, process or initiate transactions, or carry out authentication processes such as one-time passwords or verification codes.
The central bank added that institutions must ensure all customer data and transaction records are securely stored within the UAE, and that no new customer interactions relying on instant messaging platforms are initiated.
