What Changed and Why
The circular targets customer protection and data security. WhatsApp and similar platforms — while convenient — lack the audit trails, data residency controls and regulatory oversight that formal banking communication channels provide. For a financial sector managing trillions in assets and serving millions of customers, the Central Bank judged that convenience could no longer override security.
The prohibition applies to outbound contact initiated by the institution. Customers may still contact their bank through any channel, but the institution's response must route through approved channels — email, official banking apps, SMS, telephone or in-branch communication.
Impact on Business Banking Relationships
For corporate clients — particularly those managing company formation and banking relationships through Polaris — the practical impact is procedural rather than substantive. Banks that previously communicated KYC requests, account updates or transaction confirmations via WhatsApp must now use formal channels. This may slow response times marginally but improves documentation and reduces the risk of impersonation or social engineering attacks.
For AML compliance purposes, the change is positive: formal communication channels create better audit trails, which simplifies compliance documentation during regulatory reviews and annual audits.
What Businesses Should Do
Update internal contact protocols. Ensure all bank communication goes through official channels. Review how your team shares sensitive financial information — if WhatsApp was the default for banking queries, it should no longer be used for initiating contact with financial institutions. This is also an opportunity to review your broader data security practices and ensure they align with the UAE's evolving regulatory expectations.
Related Insights
UAE Banking Sector in 2026: Stability, Innovation and What It Means for Business BankingThe UAE banking sector enters 2026 well-capitalised, increasingly digital and more accessible than ever. We examine sect... UAE Corporate Tax: The Second Filing Season and the Compliance Traps That Catch BusinessesFTA audit capacity increased 135% in 2024. QFZP mandatory audits now apply to all free zone entities. The penalty framew... DIFC and ADGM Regulatory Developments: What Changed in 2025Both DIFC and ADGM introduced notable regulatory updates in 2025 affecting company administration, beneficial ownership ...What the CBUAE Notice Actually Says
The Central Bank of the UAE's May 2026 supervisory notice clarifies — rather than introducing — restrictions on financial institutions' use of consumer messaging applications (WhatsApp, Telegram, Signal, WeChat) for customer-facing financial communications. Licensed banks, insurance companies, exchange houses and DFSA/FSRA-regulated financial firms cannot conduct binding financial communications, give investment advice, confirm transactions or accept onboarding documents via these channels. The notice is consistent with global regulator positions (FCA, SEC) and reflects the UAE's alignment with global financial-services conduct standards.
| Activity | Permitted via WhatsApp/Telegram | Required channel |
|---|---|---|
| Marketing / general information | Yes (within Personal Data Protection Law) | — |
| Appointment scheduling | Yes | — |
| Customer onboarding / KYC | No | Bank's official app/portal with audit trail |
| Investment advice | No | Recorded line or licensed digital advisory platform |
| Transaction confirmation | No | Bank-issued statement/receipt |
| Complaint handling | Limited intake only | Formal channel with case-management |
Why This Matters — and Why It Doesn't Surprise
The 2021–2024 wave of global regulator actions against banks (in the US, UK, Switzerland) for staff use of WhatsApp on personal devices was the predicate for tightening across major financial jurisdictions. Penalties exceeded USD 2 billion across the bigger settlements. The UAE's alignment in 2026 is unsurprising and brings the local framework into harmony with parent-bank conduct standards. For UAE-based clients, the practical implication is to expect more interactions on the bank's official channels and fewer via WhatsApp.
The Implications for Non-Financial Businesses
The restriction is specifically on regulated financial institutions. For non-financial businesses — including TCSPs like Polaris, professional-services firms, and trading companies — communication via WhatsApp remains permissible subject to the broader Personal Data Protection Law (Federal Decree-Law 45 of 2021), commercial-confidentiality obligations and the firm's own retention/recording policies. The prudent posture for any business handling sensitive client information is to use secure messaging only for non-substantive communications and to escalate substantive matters to a recorded channel (email, official portal). Polaris's engagement framework reflects this.
- CBUAE May 2026 notice restricts use of WhatsApp/Telegram for binding financial communications by regulated financial institutions.
- Restriction applies to advice, transaction confirmation, onboarding, complaint handling — not to general marketing.
- Aligns UAE framework with FCA/SEC global standards following 2021–2024 enforcement waves.
- Non-financial businesses are not directly captured but should adopt similar discipline for sensitive client communications.
- For Polaris and similar professional firms: use messaging for scheduling, route substantive matters to recorded channels.
Polaris Perspective
Polaris manages banking relationships on behalf of corporate clients — from account opening and KYC coordination to ongoing relationship management. We ensure all communications with financial institutions comply with current CBUAE requirements.
Arrange a Consultation →