The Central Bank of the United Arab Emirates (CBUAE) is preparing to issue a regulatory framework governing telemarketing of banking products and financial services, according to a draft circulated to banks and financial institutions, according to local reports.
The draft sets rules aimed at protecting customers from unsolicited marketing and increasing transparency across the sector.
It covers licensed banks, finance companies, insurance companies and related professions, and follows a Cabinet Resolution issued in 2023 that came into force in August 2024 assigning oversight of telemarketing practices to the central bank.
UAE Central Bank to mandate prior consent, Do Not Call requirements in new mandate
Under the draft, entities must obtain written approval from their boards of directors before launching telemarketing activity. The central bank may also require prior approval from the authority before campaigns are conducted.
Financial institutions would be required to secure explicit prior consent before contacting customers by phone for marketing purposes. Firms must maintain an updated ‘Do Not Call Register’ of clients who do not wish to receive calls and ensure systems respect customer preferences, including any designated contact times.
Consent must be documented through approved channels such as online applications, email confirmations, checkboxes on digital forms, SMS messages or other officially sanctioned methods.
For paper forms, written signatures are required. If a customer requests information by phone, institutions must record the verbal consent and retain the audio file. Firms must also provide dedicated channels for customers who voluntarily seek product information.
Calling windows in the UAE and holidays
According to the reports, telemarketing calls would be permitted only within set hours: Monday to Friday from 9 a.m. to 6 p.m., and Saturday and Sunday from 12PM to 5PM Calls would be prohibited during official holidays.
Licensed institutions must ensure telemarketing staff receive at least 15 hours of training before making calls, covering customer privacy, professional conduct and the use of the “Do Not Call Register.”
When products are added or changed, comprehensive retraining would be required. Institutions must provide standardized scripts for telemarketing communications to support clarity and legal compliance.
The draft also requires robust cybersecurity and data protection measures to safeguard customer information. Institutions would face penalties for breaches in line with prevailing laws.
Compliance and enforcement
Compliance units within each institution would be responsible for ensuring adherence to the regulation. Violations could result in administrative measures, regulatory sanctions or financial penalties determined by the central bank.
The measures position the UAE alongside other Gulf markets that are refining rules for outbound marketing and data use in financial services, as regional authorities focus on customer consent, data privacy and responsible sales practices.
