uaelaw.ai
Sign in

Banking

Central Bank in UAE

Last updated 5/4/20268 min read0 viewsProvisionalUAE federal
a large body of water next to a large city
Photo by SHUJA OFFICIAL on Unsplash

In short: If you're opening a bank account, applying for a loan, running a fintech, or just wondering why your overseas transfer got flagged, the Central Bank in UAE sits behind almost every answer. It's the regulator banks fear, the rule-maker fintechs read at 2am, and — frankly — the ins

Central Bank in UAE: What It Regulates and Why It Matters

If you're opening a bank account, applying for a loan, running a fintech, or just wondering why your overseas transfer got flagged, the Central Bank in UAE sits behind almost every answer. It's the regulator banks fear, the rule-maker fintechs read at 2am, and — frankly — the institution most clients underestimate until something goes wrong.

Quick answer

The Central Bank of the UAE (CBUAE) is the federal financial regulator. It issues the dirham, supervises all licensed banks, finance companies, exchange houses, insurers, and now most payment service providers and stored-value issuers. It enforces anti-money-laundering rules, sets interest-rate benchmarks, and runs the consumer-protection regime under Decretal Federal Law No. (14) of 2018. If you bank, borrow, send money, or sell financial products in the UAE outside DIFC and ADGM, the central bank in UAE is your regulator. Full stop.

What the Central Bank actually does

Most people think "central bank" and picture interest rates. That's about 5% of the job here.

The CBUAE was reorganised under Decretal Federal Law No. (14) of 2018 on the Central Bank & Organisation of Financial Institutions and Activities. That law — usually shortened to the CBUAE Law — gave it a much wider mandate than the 1980 statute it replaced. It now covers monetary policy, financial stability, payment systems, licensing, supervision, consumer protection, and AML/CFT enforcement across the onshore UAE.[1]

A few concrete things it runs day-to-day:

  • The UAE Funds Transfer System (UAEFTS) and the Image Cheque Clearing System. Every salary, every cheque, every interbank transfer goes through infrastructure the central bank operates.
  • The dirham peg. The AED has been pegged at 3.6725 to the US dollar since 1997, and the CBUAE defends it.
  • The EIBOR benchmark — the rate your variable mortgage tracks.
  • The licensing register for banks, finance companies, exchange houses, payment providers, and insurers.

If you operate in DIFC or ADGM, your day-to-day prudential regulator is the DFSA (Dubai Financial Services Authority) or FSRA (Financial Services Regulatory Authority) instead. The CBUAE still touches you through AML supervision and dirham settlement.

The takeaway: assume the central bank in UAE has a view on whatever financial activity you're planning, and check before you build.

Who needs a CBUAE licence

This is where most founders get tripped up — and where I've seen genuinely good fintech ideas die because the team assumed they could "launch first, license later."

Under Article 65 of the CBUAE Law, you cannot carry on a "Licensed Financial Activity" in the UAE without a CBUAE licence. The list is broad. It includes:

  • Taking deposits
  • Providing credit (including BNPL — yes, really)
  • Money exchange and remittances
  • Stored-value facilities and digital wallets
  • Payment services and card issuing
  • Virtual asset services that touch fiat (subject to overlap with VARA in Dubai and SCA federally)
  • Insurance and reinsurance (the Insurance Authority was merged into CBUAE in 2020)

The Retail Payment Services and Card Schemes Regulation (Circular No. 15/2021) is the one most fintechs end up reading. It carved payment activity into categories — Retail Payment Services, Money Remittance, Stored Value Facilities — each with its own capital floor and conduct rules.[2]

Minimum paid-up capital varies. A Stored Value Facility provider needs AED 15 million minimum. A Retail Payment Services provider's floor depends on category and volume. A full bank? AED 300 million for a national bank under the licensing regulations, often more in practice.

Watch out: operating without a licence is a criminal offence under Article 137 of the CBUAE Law. Penalties include fines up to AED 10 million per violation and imprisonment. The CBUAE has used these powers — public enforcement notices appear on its website regularly.

Watch out
"Sandbox" and "no objection" letters are not licences. A FinTech Office letter lets you test with limited customers; it doesn't authorise a public launch. I've seen this confusion cost a startup 18 months and a funding round.

Consumer protection — the part banks don't advertise

The CBUAE issued the Consumer Protection Regulation (Circular No. 8/2020) and its accompanying Standards in 2021. Honestly, this is the most underused tool retail customers have.[3]

A few rights it gives you:

  • A bank must give you 60 calendar days' written notice before changing fees, interest rates, or material terms on a personal product. You then have the right to exit without penalty.
  • Complaints must be acknowledged within 2 business days and resolved within 30 calendar days.
  • Selling you a product you didn't ask for and didn't sign explicit consent for is prohibited. That includes the credit-card-with-the-account "bundle" so many relationship managers push.
  • Early settlement charges on personal loans are capped at 1% of outstanding balance or AED 10,000, whichever is lower.

If your bank refuses to fix a problem, you escalate to Sanadak — the independent Financial and Insurance Ombudsman established by CBUAE in 2024. It replaced the older internal complaints unit. Filing is free for consumers, and Sanadak decisions up to AED 50,000 are binding on the bank if the consumer accepts.[4]

Most clients get this wrong: they argue with the branch for months instead of escalating after day 30. Don't.

AML, sanctions and why your transfer got blocked

The central bank in UAE is the prudential AML supervisor for banks, exchange houses, finance companies, payment providers, and insurers. The framework sits under Federal Decree-Law No. (20) of 2018 on AML/CFT and its Executive Regulation (Cabinet Decision No. 10 of 2019).[5]

What this means in practice:

Your bank is legally required to ask intrusive questions. Source of funds, source of wealth, beneficial ownership, purpose of transaction. When a relationship manager keeps emailing for "one more document," that's not bureaucracy — they're being audited on it.

The UAE exited the FATF grey list in February 2024 after a two-year compliance push. The CBUAE imposed record fines during that period — AED 200 million on a single exchange house in 2023, multi-million-dirham penalties on banks for sanctions-screening failures. Enforcement has not relaxed post-greylist. If anything, it's institutionalised.

Costs to know (2024)
- CBUAE administrative fines: up to AED 5 million per AML violation, doubled for repeat offences
- Stored Value Facility licence application fee: AED 100,000 (non-refundable)
- Annual supervision fee for SVFs: AED 60,000+
- Sanadak complaint filing: free for consumers

Quick tip if your transfer is stuck: ask the bank in writing to specify whether the hold is sanctions-related, AML-related, or operational. They must respond. Sanctions holds can take weeks; operational ones should clear in days.

Digital dirham, open finance, and where this is going

The CBUAE's Financial Infrastructure Transformation (FIT) Programme, launched in February 2023, is the roadmap. Nine initiatives. Open Finance is one. The Digital Dirham — a retail and wholesale CBDC — is another.[6]

The Open Finance Regulation (Circular No. 4/2024) came into force in 2024 and requires licensed institutions to share customer data and enable payment initiation through licensed third parties, subject to customer consent. If you're building a personal finance app, account aggregator, or embedded-credit product, this is the rulebook.

The Digital Dirham wholesale pilot ran successfully in 2023-2024 via Project mBridge with the BIS, China, Hong Kong and Thailand. Retail launch is signposted but not dated; expect a phased rollout with licensed wallet providers rather than a big-bang.

For lawyers and founders, the practical signal is this: the regulatory perimeter is widening, not narrowing. Activities that were unregulated five years ago — BNPL, crypto on/off-ramps, account aggregation, cross-border stablecoin payments — now sit squarely inside the central bank's remit or are being pulled in.

Build your compliance assumption around that direction of travel, not last year's rulebook.

How to actually deal with the CBUAE

A few practical pointers from experience:

Read the source. The CBUAE publishes regulations, standards, and circulars in English on centralbank.ae. Most disputes I see start because someone read a third-party summary instead of the actual text.

Use the right channel. Licensing queries go through the Licensing & Authorisation department. Consumer complaints go through your bank first, then Sanadak. Sanctions queries go through the Executive Office for Control & Non-Proliferation, not the CBUAE directly.

Document everything in writing. Verbal assurances from a supervisor mean nothing if the file changes hands.

Don't ignore correspondence. CBUAE letters have deadlines. Missing one, even by a day, can escalate a routine query into an enforcement matter.

The central bank in UAE isn't trying to make your life difficult. But it's a serious regulator with serious powers, and treating it like a paperwork exercise is how good businesses end up with bad outcomes.

Citations

[1] Decretal Federal Law No. (14) of 2018 on the Central Bank & Organisation of Financial Institutions and Activities. CBUAE Legal Framework — centralbank.ae/en/cbuae-legal-framework [2] CBUAE Retail Payment Services and Card Schemes Regulation (Circular No. 15/2021) — centralbank.ae [3] CBUAE Consumer Protection Regulation (Circular No. 8/2020) and Consumer Protection Standards (2021) — centralbank.ae/en/consumer-protection [4] Sanadak — UAE Financial and Insurance Ombudsman Unit, established 2024 — sanadak.gov.ae [5] Federal Decree-Law No. (20) of 2018 on AML/CFT; Cabinet Decision No. 10 of 2019 (Executive Regulation) — uaeiec.gov.ae [6] CBUAE Financial Infrastructure Transformation (FIT) Programme, launched February 2023 — centralbank.ae

Need this checked for your situation? Talk to a UAE-licensed lawyer →

Citations

  1. [1] Decretal Federal Law No. (14) of 2018 on the Central Bank & Organisation of Financial Institutions and Activities. CBUAE Legal Framework — centralbank.ae/en/cbuae-legal-framework
  2. [2] CBUAE Retail Payment Services and Card Schemes Regulation (Circular No. 15/2021) — centralbank.ae
  3. [3] CBUAE Consumer Protection Regulation (Circular No. 8/2020) and Consumer Protection Standards (2021) — centralbank.ae/en/consumer-protection
  4. [4] Sanadak — UAE Financial and Insurance Ombudsman Unit, established 2024 — sanadak.gov.ae
  5. [5] Federal Decree-Law No. (20) of 2018 on AML/CFT; Cabinet Decision No. 10 of 2019 (Executive Regulation) — uaeiec.gov.ae
  6. [6] CBUAE Financial Infrastructure Transformation (FIT) Programme, launched February 2023 — centralbank.ae

Need this checked for your situation? Talk to a UAE-licensed lawyer →