Financial Crime World

UAE Financial Institutions Must Implement Robust Security Measures to Protect Consumers’ Data

In a move to enhance financial stability and consumer trust, the United Arab Emirates has issued new regulations requiring licensed financial institutions to implement robust security measures to protect consumers’ data and assets.

New Regulations for Licensed Financial Institutions

According to Article 120 of the Federal Decree Law No. (14) 2018, licensed financial institutions must:

  • Establish a function responsible for data management and protection
    • Develop policies and procedures to prevent misuse, unauthorized access, and undue processing and analysis of consumer personal data
  • Have appropriate security and monitoring measures in place to detect and track unauthorized internal access or use of consumer information
  • Record and report any breach of access, misuse, or unauthorized release to the Central Bank
    • Notify consumers where a breach may pose a risk to their financial and personal security

Liability for Breaches

Licensed financial institutions are liable for reimbursing any direct costs incurred by consumers as a result of a breach.

Protecting Consumers’ Information Relationships and Business Affairs

The regulations emphasize the importance of treating consumers’ information relationships and business affairs as private and confidential, with strict internal controls in place to protect consumer deposits, savings, funds held by stored value facilities, and other assets. Financial institutions must also:

  • Compensate consumers in a timely manner for financial losses and expenses resulting from financial crimes, misappropriation, cyber-attacks, and misuse of assets and information
  • Ensure their security and protection systems are updated and have the capacity to develop and adopt new approaches to cybersecurity as required

Consumer Awareness

The regulations require licensed financial institutions to demonstrate that they have carried out sufficient consumer awareness activities related to educating consumers on the need to protect themselves from financial crime.

By implementing these robust security measures, UAE financial institutions can enhance financial stability and consumer trust, while also demonstrating their commitment to protecting consumers’ data and assets.