UAE Central Bank plans comprehensive regulation for telemarketing financial products and services

Dubai: The Central Bank of the United Arab Emirates (CBUAE) is preparing to issue a comprehensive regulatory framework governing the telemarketing of banking products and financial services, Emarat Al Youm reported. 

The new system will introduce strict requirements designed to protect consumers from unsolicited or unethical marketing practices and ensure greater transparency across the financial sector.

According to a draft of the regulation distributed to banks and financial institutions for consultation, entities will be required to secure written approval from their boards of directors before launching any telemarketing activities. 

In addition, the CBUAE reserves the right, at its sole discretion, to require prior approval from the central authority itself before such campaigns are conducted.

Most notably, the regulation mandates obtaining explicit prior consent from customers before they are contacted by phone for marketing purposes. 

Financial institutions must also maintain an updated list of clients who do not wish to receive calls, known as the “Do Not Call Register”, to ensure compliance and respect for customer preferences.

The draft regulation comes in implementation of a Cabinet Resolution issued in 2023, which entered into force in August 2024. The decision assigned the CBUAE oversight and enforcement responsibilities for telemarketing practices conducted by licensed banks, financial institutions, insurance companies, and related professions.

The draft system emphasises that all licensed financial institutions must ensure their telemarketing staff are adequately trained and well-versed in the institution’s products, services, and ethical standards. 

Each employee must complete a minimum of 15 hours of training on topics including customer privacy, professional conduct, and the use of the “Do Not Call Register” before being authorized to make calls.

When new or updated products are introduced, comprehensive retraining must be conducted to guarantee employees’ full understanding of the offerings. 

Institutions must also provide standardised scripts for telemarketing communications to ensure clarity, transparency, and compliance with the law.

The CBUAE stipulates that institutions must secure customers’ consent through clearly documented channels. This can be done via online applications, email confirmation, checkboxes on digital forms, SMS messages, or any other officially approved method. In the case of physical forms, written signatures are required.

If a customer requests information about a product via phone, the institution must record the verbal consent and retain the audio file. 

Additionally, dedicated communication channels must be established for customers who voluntarily seek product information.

Telemarketing calls will only be permitted within specific hours:

• Monday to Friday: 9 a.m. – 6 p.m.

• Saturday and Sunday: 12 p.m. – 5 p.m.
  Calls are strictly prohibited during official holidays, and institutions must respect any preferred contact times designated by customers.

Financial institutions will also be required to implement robust cybersecurity and data protection policies to safeguard customer information. Any breach will subject the institution to penalties in accordance with prevailing laws.

Compliance units within each institution will be directly responsible for ensuring full adherence to the new regulation. Violations could result in administrative measures, regulatory sanctions, or financial penalties as determined by the Central Bank.