December 18th, 2025 Legal Updates

New CBUAE Law No. 6 of 2025: A Consolidated Overhaul of the UAE Financial Regulatory Framework

The UAE has enacted Federal Decree-Law No. 6 of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business (the New CBUAE Law), issued on 8 September 2025, published on 15 September 2025, and effective the day following publication. The New CBUAE Law repeals and replaces Decretal Federal Law No. 14 of 2018 concerning the Central Bank and the Organization of Financial Institutions and Activities, and Federal Decree-Law No. 48 of 2023 regulating Insurance Activities. In addition, Article 185 repeals any provisions in force that conflict with the new regime, while Article 183 preserves the continuity of existing regulations, standards, circulars, and guidelines until replaced.

This reform consolidates banking and insurance oversight within a single statute, widens the licensing perimeter to capture emerging technologies, strengthens enforcement and early intervention powers, and introduces explicit consumer protection measures around fraud and cybersecurity, all while aligning with international prudential and market infrastructure standards.

Scope and application

The New CBUAE Law applies to the Central Bank, financial institutions, financial activities, and insurance business subject to the Central Bank’s jurisdiction. As under the prior framework, the Law does not apply within the financial free zones or to financial institutions regulated by their authorities. Article 184 provides a one-year transitional period for all in-scope persons to reconcile their status and operations with the new law.

Strategic objectives and governance updates

The statute affirms the Central Bank’s independence and updates its objectives. Notably, Article 5 embeds an objective to foster sustainable finance and integrate environmental, social, and governance (ESG) principles into the Central Bank’s business and operations. Governance provisions clarify the composition, appointment, and powers of the Board and Governor, and preserve the Higher Shari’ah Authority (HSA) with enhanced remit. The HSA’s resolutions and fatwas bind internal Shari’ah supervisory committees, strengthening Shari’ah consistency across Islamic financial institutions.

Licensing perimeter and emerging technologies

Article 61 enumerates licensed financial activities spanning deposit-taking, credit and funding, currency exchange and transfers, payment services using virtual assets, stored value, retail and digital money services, acting as principal in specified financial products, and insurance and insurance-related professions, including Takaful and Re-Takaful. Article 62 expressly extends the licensing requirement to any person who, by any medium or technology, issues, carries out, offers, or facilitates a licensed financial activity. This captures virtual asset payment tokens, decentralized finance (DeFi), dApps, and other platforms or protocols that facilitate payments, credit, deposits, exchange, remittances, or investment services.

The law distinguishes the official currency (including its digital form) from virtual assets. Article 187 clarifies that references in legislation to “currency,” “cash,” or the “dirham” include the Central Bank’s digital currency, while virtual assets are not “currency” for these purposes. Where virtual assets or digital currencies are used as payment instruments, Central Bank regulations and standards govern.

Consolidation of insurance into the Central Bank’s remit

Insurance is fully integrated into the Central Bank’s supervisory scope. The Law addresses licensing, solvency and technical provisions, actuarial oversight, pools, motor insurance obligations, disclosure and transparency vis-à-vis policyholders and beneficiaries, Takaful operating models, and the establishment of independent Takaful funds. Consumer-facing protections apply to both banking and insurance businesses, and prudential, enforcement, resolution, and market infrastructure powers extend mutatis mutandis to (re)insurers and insurance-related professions.

Prudential oversight, early intervention, and resolution

The law codifies a graduated framework of prudential oversight consistent with Basel-aligned Central Bank standards:

  • Early intervention (Article 142) empowers the Central Bank to act pre-emptively when a licensed institution breaches, or is likely to breach, capital or liquidity requirements or faces significant deterioration. Measures include requiring recovery-plan actions, capital reinforcement, heightened liquidity buffers, strategic or structural changes, temporary moratoria on activities, appointment of interim management, removal of board members or Authorized Individuals, and direct Central Bank management for a specified period.

  • Resolution authority (Article 143) vests the Central Bank with broad powers to restructure or wind down institutions, including removing and appointing management, appointing resolution administrators, terminating or novating contracts, writing down or converting liabilities, maintaining continuity of critical services intra-group or via third parties, and, for insurers, transferring portfolios, establishing asset management vehicles, and suspending contractual payment obligations subject to safeguards. Article 144 sets creditor hierarchy, prioritizing secured creditors, employment-related claims, resolution costs and Central Bank advances, customers (including insureds and beneficiaries), other creditors, and shareholders.

  • Consolidated supervision, governance, related-party exposures, prudential ratios, examination and information powers are broadly reinforced, aligning with existing Central Bank standards on capital adequacy, liquidity, operational risk, and market risk, and preserving anti-money laundering and counter-terrorist financing obligations under separate federal law and Cabinet decisions.

Consumer protection, confidentiality, and data

The law strengthens statutory confidentiality of banking and insurance customer information while defining permitted disclosures, including supervisory requests, court orders, AML/CFT compliance, cheque-related duties under the Commercial Transactions Law, legal disputes with customers, and approved transfers or mergers. In a notable enhancement, Article 149 mandates robust fraud prevention and detection mechanisms, prompt customer notification of security breaches or fraud incidents, and cooperation with Central Bank investigations, including reporting of fraud data and patterns on request. Licensed institutions must also ensure transparent, accessible disclosures of fees, terms, and risks.

The Central Bank is authorized to expand the mandate of its consumer dispute unit and committees. The grievance and appeals architecture is consolidated and broadened to cover decisions, procedures, and measures across the Central Bank’s remit. Where applicable, thresholds for finality of committee decisions and appeal routes are adjusted, with committee-imposable fines and finality thresholds calibrated in the new framework.

Enforcement powers and penalties

Enforcement tools are significantly sharpened. Administratively, Article 168 authorizes a spectrum of measures, including restrictions on activities, corrective directives, deposit requirements with the Central Bank, fines tied to base rates on reserve or guarantee shortfalls, disgorgement and unjust enrichment multipliers, substantial administrative fines of up to AED 1,000,000,000 for institutions, publication of enforcement actions (including names), de-linking from market infrastructures, and revocation of licenses. Criminal provisions address unlicensed activities, breaches of license conditions, violations of early intervention or resolution directions, misuse of restricted designations (e.g., “Bank” or “Masraf”), confidentiality breaches, mutilation or unlawful issuance of currency, obstruction of examinations, and infractions relating to financial market infrastructures, with sanctions scaled to severity.

Financial market infrastructures and payment systems

Part Four centralizes the establishment, licensing, designation, and oversight of financial market infrastructures (FMIs) for funds transfer, securities settlement, central securities depositories, and trade repositories. The Central Bank may operate FMIs directly, via subsidiaries, in partnership, or through outsourcing, and link with domestic and foreign systems. Systemically important infrastructures may be designated and become subject to enhanced oversight in collaboration with other regulators. The Central Bank has exclusive authority over wholesale and retail payment systems, digital banking operations, digital money and tokenization, and stored value facilities, and may mandate risk mitigants to safeguard systemic stability. Violations are subject to targeted administrative and criminal sanctions.

Market conduct, governance, and sector development

The law establishes a governance framework for licensed institutions, including fit-and-proper standards for board members and Authorized Individuals, Central Bank pre-approval for appointments and renewals, and power to refuse or remove candidates where required to protect the public interest. It restricts related-party transactions and imposes reporting obligations, sets limits on activities of deposit-taking institutions (including restrictions on commercial businesses, real estate holdings, and own shares), and preserves the Central Bank’s capacity to set sector-wide limits on exposures, concentrations, and asset classes.

The statute also embeds mechanisms for market development and stability, including the capacity to provide special liquidity support in systemic stress, act as market maker of last resort in exceptional circumstances, establish specialized protection and stabilization funds financed by sector levies, and coordinate monetary and fiscal policy with the Ministry of Finance.

Transitional and continuity provisions

Article 183 ensures that regulations, standards, circulars, and guidance issued under the repealed Central Bank and Insurance laws remain in force until expressly replaced. Article 184 provides a one-year reconciliation period from entry into force during which institutions and professionals must align their licensing, governance, prudential, operational, and consumer protection frameworks with the New CBUAE Law and forthcoming implementing instruments. Article 188 provides that the law takes effect the day following publication in the Official Gazette.

Practical implications and next steps

  • Institutions operating within or adjacent to the licensed perimeter should reassess their business models and technology stacks in light of Article 62’s technology-neutral licensing trigger and Article 61’s expanded activity list, particularly where virtual asset-based payment services, tokenized money, or DeFi-enabled functions are present.

  • Banks and insurers should review recovery and resolution planning, governance, and related-party controls to ensure alignment with early intervention, resolution, and governance powers, as well as sectoral capital, liquidity, and reporting standards.

  • Consumer protection, cybersecurity, and fraud controls should be updated to meet Article 149 obligations, including incident notification procedures, transaction monitoring, and cooperation protocols with the Central Bank.

  • Islamic financial institutions should ensure HSA model alignment, with internal Shari’ah supervisory committees’ charters and processes reflecting the binding nature of HSA resolutions and fatwas.

  • Existing Central Bank standards, including capital adequacy, AML/CFT guidelines, outsourcing, and consumer protection standards, continue to apply and should be read together with the new statutory framework until superseded.

This consolidated legislation represents a comprehensive modernization of the UAE’s prudential and conduct architecture across banking, payments, market infrastructures, and insurance. It strengthens the Central Bank’s toolkit to pre‑empt and manage institutional stress, enhances consumer protections, and squarely addresses the regulatory perimeter challenges posed by digital and tokenized finance, while providing transitional certainty and continuity for current regulations.

Authors: Ashraf Hendi, Partner and Head of Banking & Finance and Maryam Tarek, Associate

Categories

Local RepresentationGlobal Reach

Connect Today For Help

Please fill out the form below & our team will contact you as soon as possible.

Stay Updated

Stay ahead of the curve with our comprehensive Monthly Newsletter designed to keep you informed about the latest industry developments and trends, as well as access to our comparative Practice guides. We've got you and the MENA Region covered, Subscribe now!

Subscribe Now