The UAE Central Bank’s latest notice on the use of instant messaging applications is a significant step toward strengthening consumer data protection and operational governance across the financial sector.

Under Notice No. CBUAE/MCS/2026/2058, licensed financial institutions are required to immediately discontinue the use of platforms such as WhatsApp and similar messaging applications for conducting financial services, sharing customer data, transaction processing, authentication, or customer verification activities.

The regulation highlights critical concerns including:
• Customer data privacy and confidentiality
• Fraud, impersonation, and social engineering risks
• Cross-border data storage and processing concerns
• Governance, auditability, and compliance challenges

For the InsurTech and broader financial ecosystem, this is more than a compliance update — it is a strong reminder that secure, regulated, and controlled communication infrastructure is now a strategic necessity.

As digital financial services continue to evolve, organizations must prioritize:
✔ Secure customer engagement channels
✔ UAE-compliant data residency frameworks
✔ Strong authentication and governance controls
✔ End-to-end auditability and monitoring

This move will likely accelerate investment in compliant digital platforms, secure customer portals, AI-enabled servicing environments, and regulated communication ecosystems across the UAE financial sector.
At its core, the regulation reinforces a simple but critical principle: customer trust and data security must remain at the center of digital transformation.#InsurTech #FinTech #UAE #CBUAE #DigitalTransformation #DataPrivacy #CyberSecurity #ConsumerProtection #InsuranceInnovation #RegTech #FinancialServices #Compliance

Brief Information About the Regulation
UAE Central Bank Notice – Instant Messaging Applications (April 2026)
The Central Bank of the UAE (CBUAE) issued Notice No. CBUAE/MCS/2026/2058 directing all licensed financial institutions to stop using instant messaging applications (such as WhatsApp) for delivering financial services or handling customer information.

Key Prohibited Activities:
Financial institutions must not use messaging apps to:
• Share or receive customer information
• Process or confirm transactions
• Send OTPs, passwords, PINs, or verification codes
• Exchange customer documents, IDs, or statements
• Conduct activities that may store/process data outside the UAE

Main Risks Identified by CBUAE:
• Fraud and impersonation
• Data leakage and unauthorized sharing
• Cross-border data processing
• Weak governance and audit controls

Required Actions:
Institutions must:
• Stop prohibited communication flows immediately
• Move customers to approved secure channels
• Implement internal controls and monitoring
• Submit remediation updates to CBUAE

At BM Labs, we help insurers, brokers, and financial institutions modernize their customer engagement ecosystems through secure, compliant, and scalable digital solutions tailored for the UAE market. From regulated communication workflows and secure customer onboarding journeys to compliant data handling and digital servicing infrastructure, our focus is to support organizations in aligning innovation with evolving regulatory expectations.

We are also happy to connect with industry leaders across the insurance and financial services ecosystem to discuss digital transformation strategies, regulatory readiness, and the future of compliant customer engagement in the UAE market.