UAE bans banks from using WhatsApp for financial services and customer data
The Central Bank of the UAE (CBUAE) has ordered all banks and licensed financial institutions in the country to stop using WhatsApp and other instant messaging platforms to deliver financial services or collect customer information, with a hard compliance deadline of 30 April 2026.
The directive, issued in April 2026, prohibits banks from carrying out a wide range of activities through messaging apps. That includes requesting or sharing customer data, initiating or confirming transactions such as transfers, payments and credit instructions, sending authentication details like passwords, PINs and one-time passwords, and exchanging any documents containing personal or financial information.
The regulator cited multiple security and regulatory concerns behind the move. CBUAE pointed to well-documented risks tied to consumer messaging platforms, including fraud, impersonation, account takeovers and social engineering attacks. It also raised the prospect of confidentiality breaches and unauthorised disclosure of sensitive information.
Data residency was a further driver. The Central Bank of the UAE flagged that customer information shared via platforms such as WhatsApp could be processed or stored outside the UAE, potentially breaching domestic rules that require consumer and transaction data to remain within the country. The regulator was explicit that the use of a VPN does not exempt institutions from these requirements.
Banks must now stop launching any new messaging app-based services, identify and shut down existing use cases, and migrate customers to approved channels. Those approved channels include mobile banking apps, online banking platforms, call centres and physical branches.
Institutions have been instructed to confirm compliance and outline corrective actions by the end of April 2026. Failure to meet the deadline could trigger supervisory action, financial penalties or other regulatory measures.
The intervention reflects a broader regulatory shift across the Gulf, where central banks have been tightening rules on how customer data is handled and where it sits. For UAE banks, the practical effect is an immediate rethink of relationship manager workflows, customer onboarding processes and document collection, all of which had drifted onto WhatsApp in recent years as a matter of convenience.
