Sri Lanka
USA
Canada
India
UK
UAE
The Central Bank of the UAE has directed all licensed financial institutions to discontinue the use of instant messaging platforms, including WhatsApp, for customer communications, citing concerns over data protection and security.
In a circular issued to banks, insurers, exchange houses, and finance companies, the regulator said the decision is intended to enhance customer safety and uphold the integrity of the UAE’s financial system. Institutions were asked to confirm their compliance with the directive by April 30. In response, many banks have already started informing customers through official channels such as SMS, email, and mobile app notifications that messaging platforms will no longer be used for communication or service-related requests.
According to the central bank, the use of such apps exposes customers and institutions to a range of risks, including fraud, identity theft, account breaches, and social engineering attacks. Additional concerns were raised around weak authentication processes, potential compromise of transaction integrity, and lack of data confidentiality.
The regulator also highlighted issues linked to cross-border data handling, warning that sensitive customer information may be stored or accessed outside the UAE, creating regulatory, compliance, and auditing challenges.
Under the new rules, financial institutions are strictly prohibited from using messaging apps to request or share customer information, process transactions, or carry out verification procedures such as one-time passwords or security codes.
The central bank further instructed institutions to ensure that all customer data and transaction records are securely maintained within the UAE, and to avoid initiating any new customer interactions through instant messaging platforms moving forward.
