The Central Bank of the United Arab Emirates has directed all banks and financial institutions to stop using messaging platforms like WhatsApp for customer services.
Institutions have until the end of April to comply, as the regulator has flagged such platforms as high-risk due to concerns over fraud, impersonation, and account takeovers. It also warned that confidentiality can be compromised, as sensitive information can be easily shared through forwards or screenshots, while data storage controls remain limited.
Under UAE regulations, all customer and transaction data must be stored within the country, something that cannot be guaranteed when using external messaging apps, where data may be routed or stored خارج the UAE.
The new rules prohibit banks from using these apps to request or share customer data, carry out transactions, or perform services such as opening or closing accounts, setting PINs, or sending verification codes. Sharing personal documents, statements, or IDs عبر these platforms is also banned.
The directive applies even when using VPNs or similar tools and follows recent regulatory changes, including the earlier ban on one-time passwords for banking services.
