Skip to main content
Home

Learn GCC BDI

Contact Us

Member Login

Enter the terms you wish to search for.
  • About Us
    • About GCC BDI
      • Who We Are
      • GCC BDI 15th Anniversary
      • Chief Executive Officer
      • GCC BDI Team
      • Brochures
    • Governance
      • Board of Governors
      • Committees
      • Policies
      • History
    • Supporters
      • Strategic Partners and Affiliates
      • Preferred Suppliers
    • Media Room
      • Press Releases
      • Awards
    • Contact Us
  • Membership
    • About Membership
    • Log in to the Members Platform
    • Membership Benefits
    • Membership Categories
    • Corporate Membership
    • Board and Executive Opportunities
      • For Corporates
      • For Members
    • Chapters
  • Events
    • Events Calendar
      • Book here
    • Forums
      • Board Secretary Forum
    • Board Chair Summit
      • 2024
      • 2022
      • 2019
      • 2018
    • Testimonials
  • Director Development
    • Developing Directors
    • Learn GCC BDI
    • Certifications
      • Certificate in Board Directorship
      • Diploma in Board Directorship
      • Chartered Director
      • Certified Board Secretary
    • Graduation Ceremony
      • Graduation Ceremony 2025
      • Graduation Ceremony 2024
      • Graduation Ceremony 2023
      • Graduation Ceremony 2022
      • Graduation Ceremony 2020
      • Chartered Directors
      • Diploma Award Graduates
      • Certified Board Directors
      • Certified Board Secretaries
      • Women Certified Board Directors
    • Online Tutorial Series
      • Risk Tutorials
      • Strategy & Scenario Planning
      • Finance for Non-Finance Professionals
    • Training Partners & Faculty
  • Services
    • Our Services
    • Board Evaluations
    • Tailored Workshops
    • Board Opportunities
    • Project Work
    • Assessments & Scorecards
    • Online Board Services
    • Request Quotation
  • Resources
    • Governance & Director Information
    • KSA Corporate Governance Index
    • Nasdaq
    • Articles & Reports
    • Surveys & Publications
    • GCC BDI Newsletter
    • Legal Updates

Member Login

Contact Us

Learn GCC BDI

Home
  • About Us
    • About GCC BDI
      • Who We Are
      • GCC BDI 15th Anniversary
      • Chief Executive Officer
      • GCC BDI Team
      • Brochures
    • Governance
      • Board of Governors
      • Committees
      • Policies
      • History
    • Supporters
      • Strategic Partners and Affiliates
      • Preferred Suppliers
    • Media Room
      • Press Releases
      • Awards
    • Contact Us
  • Membership
    • About Membership
    • Log in to the Members Platform
    • Membership Benefits
    • Membership Categories
    • Corporate Membership
    • Board and Executive Opportunities
      • For Corporates
      • For Members
    • Chapters
  • Events
    • Events Calendar
      • Book here
    • Forums
      • Board Secretary Forum
    • Board Chair Summit
      • 2024
      • 2022
      • 2019
      • 2018
    • Testimonials
  • Director Development
    • Developing Directors
    • Learn GCC BDI
    • Certifications
      • Certificate in Board Directorship
      • Diploma in Board Directorship
      • Chartered Director
      • Certified Board Secretary
    • Graduation Ceremony
      • Graduation Ceremony 2025
      • Graduation Ceremony 2024
      • Graduation Ceremony 2023
      • Graduation Ceremony 2022
      • Graduation Ceremony 2020
      • Chartered Directors
      • Diploma Award Graduates
      • Certified Board Directors
      • Certified Board Secretaries
      • Women Certified Board Directors
    • Online Tutorial Series
      • Risk Tutorials
      • Strategy & Scenario Planning
      • Finance for Non-Finance Professionals
    • Training Partners & Faculty
  • Services
    • Our Services
    • Board Evaluations
    • Tailored Workshops
    • Board Opportunities
    • Project Work
    • Assessments & Scorecards
    • Online Board Services
    • Request Quotation
  • Resources
    • Governance & Director Information
    • KSA Corporate Governance Index
    • Nasdaq
    • Articles & Reports
    • Surveys & Publications
    • GCC BDI Newsletter
    • Legal Updates
  • About Us
    • About GCC BDI
      • Who We Are
      • GCC BDI 15th Anniversary
      • Chief Executive Officer
      • GCC BDI Team
      • Brochures
    • Governance
      • Board of Governors
      • Committees
      • Policies
      • History
    • Supporters
      • Strategic Partners and Affiliates
      • Preferred Suppliers
    • Media Room
      • Press Releases
      • Awards
    • Contact Us
  • Membership
    • About Membership
    • Log in to the Members Platform
    • Membership Benefits
    • Membership Categories
    • Corporate Membership
    • Board and Executive Opportunities
      • For Corporates
      • For Members
    • Chapters
  • Events
    • Events Calendar
      • Book here
    • Forums
      • Board Secretary Forum
    • Board Chair Summit
      • 2024
      • 2022
      • 2019
      • 2018
    • Testimonials
  • Director Development
    • Developing Directors
    • Learn GCC BDI
    • Certifications
      • Certificate in Board Directorship
      • Diploma in Board Directorship
      • Chartered Director
      • Certified Board Secretary
    • Graduation Ceremony
      • Graduation Ceremony 2025
      • Graduation Ceremony 2024
      • Graduation Ceremony 2023
      • Graduation Ceremony 2022
      • Graduation Ceremony 2020
      • Chartered Directors
      • Diploma Award Graduates
      • Certified Board Directors
      • Certified Board Secretaries
      • Women Certified Board Directors
    • Online Tutorial Series
      • Risk Tutorials
      • Strategy & Scenario Planning
      • Finance for Non-Finance Professionals
    • Training Partners & Faculty
  • Services
    • Our Services
    • Board Evaluations
    • Tailored Workshops
    • Board Opportunities
    • Project Work
    • Assessments & Scorecards
    • Online Board Services
    • Request Quotation
  • Resources
    • Governance & Director Information
    • KSA Corporate Governance Index
    • Nasdaq
    • Articles & Reports
    • Surveys & Publications
    • GCC BDI Newsletter
    • Legal Updates
  1. Home
  2. legal updates
  3. uae financial regulatory round cma central bank and vara announce regulatory updates

UAE Financial Regulatory Round-Up: CMA, Central Bank and VARA Announce Regulatory Updates (United Arab Emirates)

Release Date
April 2026

The United Arab Emirates (“UAE”) has recently seen several significant regulatory developments in the financial services space, including the following:

(i) The Capital Market Authority (“CMA”) has issued a new regulatory framework governing virtual assets services (the “CMA Regulation”);
(ii) The Virtual Assets Regulatory Authority (“VARA”) has amended its Exchange Services Rulebook, introducing regulations for Exchange Traded Derivatives Services;
(iii) The Central Bank of the UAE (“CBUAE”) has issued Small to Medium Sized Enterprises (SME) Customer Protection Regulation (the “SME Customer Protection Regulation”); and
(iv) The CBUAE has issued Telemarketing Regulation (the “Telemarketing Regulation”).

 

1. The introduction of a new regulatory framework for VASPs by the CMA

The CMA has overhauled its regulatory framework for Virtual Asset Service Providers (“VASPs”) and Alternative Trading Systems Operator (“ATS”) through the issuance of Chairman Resolution No. (04/Chairman) of 2026 (“CMA Regulation”) , which replaces Decision No. (26/Chairman) of 2023 concerning the regulation of Virtual Asset Platform Operators.

The CMA Regulation is structured across three modules: (i) a General Framework Module; (ii) a Business Regulation Module; and (iii) an ATS Module, and introduces a significantly more prescriptive and comprehensive regime for virtual asset activities carried out in the UAE.

The CMA Regulation applies to any person conducting, or intending to conduct, regulated virtual asset activities or operating an ATS in or from the UAE. This includes, among others, entities dealing in virtual assets as principal or agent, custody providers, investment advisers, portfolio managers, operators of Multilateral Trading Facilities (“MTFs”), and persons arranging virtual asset transactions.

 

Key Takeaways

Licensing and capital requirements

Eight regulated activities are mapped across six licence categories, with minimum capital thresholds ranging from AED 500,000 to AED 4 million. In practice, capital requirements will be driven by expenses-based and risk-based thresholds rather than the minimum floor.

Trading venue framework

Virtual asset trading is permitted only through MTFs. Organised Trading Facilities (“OTFs”) cannot be used for virtual asset trading or settlement. The ATS Module (101 Articles and four Annexes) forms the core framework for MTF operators.

Governance and key personnel

Licensed entities must maintain a full governance apparatus, with mandatory key personnel functions (seven for VASPs, eight for ATS operators), specified UAE residency requirements, and detailed rules on role combinations.

Token restrictions

Privacy tokens and algorithmic tokens are prohibited. Utility tokens and NFTs are restricted, subject to limited approval-based exceptions.

Each virtual asset must be registered with the CMA.

Governance and compliance

The framework introduces enhanced governance, key personnel, and market conduct requirements, including public consultation obligations for trading rules and strengthened market surveillance. Compliance must be implemented holistically across all three modules.

DLT requirements

Distributed ledger must operate on a permissioned basis with the licensed entity maintaining sufficient control over access and record updates.

Two-stage licensing

A two-step process applies: in-principle approval followed by a full licence application, with prescribed decision periods and a six-month window between stages to satisfy all ongoing requirements.

MTF and OTF framework

The ATS Module governs MTFs (non-discretionary matching) and OTFs (discretionary matching), with OTFs prohibited from trading virtual assets. MTF operators must maintain publicly available business rules, subject to public consultation and CMA approval before amendment.

Existing licensees are granted a transitional period of one year from the effective date to align with, and obtain approval under, the CMA Regulation. Any applications pending as at the effective date that had not received initial approval will be deemed void and must be resubmitted in accordance with the new requirements.

 

2. VARA Updated Exchange Services Rulebook

VARA has updated its Exchange Services Rulebook (“Rulebook”) to introduce a new Part V, establishing a dedicated regulatory framework for the provision of Exchange Traded Derivatives (“ETD”) Services.

The amendments represent a significant development in VARA’s regulatory regime, emphasizing oversight to more complex virtual asset derivative products.

Only VASPs licensed for Exchange Services may offer ETD Services.

Scope of ETD Services

ETD Services covers the following:

  • matching orders between buyers and sellers and conducting the purchase, sale or any other transaction between ETDs and Virtual Asset;
  • maintaining an order book in furtherance thereof.

Matching orders between buyers and sellers and conducting the purchase, sale or any other transaction between ETDs and fiat currency is not permitted.

ETDs are defined as derivatives whose value is derived from, or fluctuates based on, the price of one or more underlying virtual assets (or other approved assets), and whose pricing and/or settlement is denominated in a virtual asset.

The framework covers:

  • contracts for difference (CFDs);
  • futures;
  • options; and
  • any other instruments designated by VARA from time to time.

 

Key Takeaways

Client Suitability

VASPs must conduct a comprehensive suitability assessment prior to onboarding clients for ETD services. Access to ETD products must be restricted to clients who have been assessed and approved as suitable.

Retail Investor Protections

Retail clients are subject to a maximum leverage cap of 5:1, corresponding to a minimum initial margin requirement of 20% of the notional exposure.

Institutional and qualified investors may benefit from more flexible leverage arrangements, subject to VARA’s supervisory discretion.

Account Segregation

VASPs must ensure strict segregation of ETD trading accounts from all other client accounts. Non-ETD clients must not be exposed to losses arising from ETD activities, including through any form of loss mutualisation.

Price Feed Integrity

VASPs are required to implement robust price validation mechanisms, including the use of multiple independent and diversified pricing sources. Reliance on a single price feed is not permitted.

Perpetual ETDs

Derivatives without a fixed maturity (i.e. perpetual contracts) are subject to additional requirements, including:

  • funding rates must be calculated at least three times per day; and
  • funding payments must be exchanged between counterparties on a regular intra-day basis.

The introduction of a formal ETD Services framework signals VARA’s continued development of a comprehensive regulatory regime for sophisticated virtual asset products. Qualified VASPs seeking to offer ETD Services will be required to obtain specific authorisation from VARA on their license. As part of the application process, firms should expect to demonstrate, amongst others:

  • appropriate systems and controls;
  • detailed product terms and risk disclosures;
  • client agreements; and
  • arrangements relating to insurance funds and close-out procedures.

VASPs considering the provision of ETD Services should engage early in assessing readiness, particularly in relation to services related documentation, client suitability frameworks, risk management systems, and governance arrangements.

 

3. CBUAE Telemarketing Regulation

The CBUAE has issued the Telemarketing Regulation, establishing a comprehensive framework governing telemarketing activity conducted by Licensed Financial Institutions (“LFIs”) in the UAE. The Telemarketing Regulation is issued as part of the efforts to comply with the requirements of UAE Cabinet Resolution No.(56) of 2024 Concerning the Telemarketing Regulations.

The Telemarketing Regulation introduces minimum standards aimed at strengthening customer protection, enhancing market conduct, and addressing concerns relating to unwanted telemarketing practices.

Scope

The Telemarketing Regulation applies to all LFIs conducting telemarketing activities in the UAE.

Importantly, LFIs that are part of a group structure (including subsidiaries, affiliates, and foreign branches) are required to ensure compliance with the Telemarketing Regulation on both a solo and group-wide basis, reflecting the CBUAE’s increasing focus on consolidated supervision and conduct risk.

Certain key requirements under the Telemarketing Regulation are explained below:

 

Board Approval and Regulatory Oversight

LFIs must obtain prior written approval from their Board of Directors before undertaking telemarketing activities. The CBUAE may, at its discretion, require LFIs (or categories of LFIs) to obtain prior regulatory approval.

Governance and Internal Controls

LFIs are required to establish and maintain appropriate internal policies and procedures governing telemarketing activities. These must clearly set out controls applicable to telemarketers and align with applicable legal and regulatory requirements, including those relating to customer protection and data privacy

Training

Telemarketers must complete at least fifteen (15) hours of appropriate training before being authorised to conduct telemarketing, with comprehensive training when products are new or updated, and additional training-related courses and programmes at least once per year covering recent legal updates, including customer privacy and data protection laws.

Scripts and authorised channels

LFIs must use standardised scripts (in relevant languages), maintain an updated list of authorised telemarketers and channels, and clearly display their registered name with the designation “Telemarketing” in all communications. LFIs must use standardised scripts (in relevant languages), maintain an updated list of authorised telemarketers and channels, and clearly display their registered name with the designation “Telemarketing” in all communications.

Customer consent and Do Not Call Registry

Prior express customer consent is required through prescribed methods. Telemarketing is prohibited where customers have opted out or are listed on the Do Not Call Registry maintained by the Telecommunications and Digital Government Regulatory Authority.

Time and frequency restrictions

Calls may only be made between 9:00 AM and 6:00 PM (UAE time), limited to once per day and twice per week, and must not target customers who have previously rejected or not responded to similar offers.

Automated systems and AI

Specific requirements apply to automated dialling systems and AI, including call handling parameters and compliance monitoring capabilities.

Records and reporting

LFIs must maintain telemarketing logs for at least five years and submit annual reports to the CBUAE, with potential for additional reporting requirements.

The Telemarketing Regulation represents a significant strengthening of the conduct and consumer protection framework applicable to telemarketing activities in the UAE and reflects the CBUAE’s continued focus on addressing customer harm and enhancing market discipline.

LFIs should undertake a comprehensive review of their telemarketing frameworks, including governance arrangements, consent mechanisms, scripts, training programmes and monitoring systems, to ensure alignment with the Telemarketing Regulation. Particular attention should be given to group-wide implementation, Do Not Call compliance, and record-keeping and reporting obligations.

Given the prescriptive nature of the Telemarketing Regulation, early remediation and implementation will be critical to mitigating regulatory risk and ensuring compliance.

Representative offices

The applicability of the Telemarketing Regulation to CBUAE-licensed representative offices warrants particular consideration. Marketing the parent entity’s products and services is among the principal permitted activities of such offices, and the Regulation expressly applies to “All Licensed Financial Institutions” — a formulation that, on its face, extends to representative offices. Representative offices should therefore assess their marketing activities against the Regulation’s requirements and take steps to ensure compliance.

 

4. CBUAE SME Customer Protection Regulation

The CBUAE has issued the SME Customer Protection Regulation (Circular No. 2/2026), replacing the 2021 SME Market Conduct Regulation and forming part of its broader consumer protection framework. This development aims to support other CBUAE efforts to allow alternative financing tools to SMEs including expected amendments to the Finance Companies Regulation to add an additional category targeting SMEs.

The SME Customer Protection Regulation applies to all CBUAE-licensed banks and finance companies (including those operating in accordance with Islamic Shari’ah principles) and will come into force six months following publication in the Official Gazette.

Building on the earlier SME regime, the SME Customer Protection Regulation strengthens governance, transparency and responsible financing standards applicable to financial institutions dealing with SMEs.

Scope and SME definition

The SME Customer Protection Regulation introduces a clearer and more comprehensive definition of SMEs, expressly capturing sole proprietors and aligning SME protections more closely with the broader consumer protection framework.

Governance and accountability

Boards retain ultimate responsibility for ensuring fair treatment of SME customers, with senior management required to embed a strong conduct culture and ensure effective oversight of SME-related business practices.

Enhanced transparency and disclosures

Financial institutions must provide clear, plain-language disclosures in both Arabic and English across the full customer lifecycle. A Key Facts Statement must be provided prior to offering any product, and at least 60 calendar days’ prior notice is required for changes to terms or fees.

Responsible financing and credit assessment

Credit must be extended in a manner consistent with the SME’s repayment capacity, supported by robust solvency assessments. This reflects the CBUAE’s broader focus on preventing over-indebtedness and ensuring responsible lending practices.

Financial institutions are also encouraged to leverage government-backed credit guarantee schemes to support SME access to financing.

Bank account opening timelines

Low-risk SME accounts must be opened within three business days, subject to appropriate financial crime checks, with any delays capped at two weeks. Institutions are required to report periodically to the Board on account opening timelines and delays.

Customers in financial difficulty

Institutions must proactively identify SMEs exhibiting signs of financial stress and provide appropriate support, including restructuring, rescheduling or revised repayment arrangements.

Complaints handling framework

A free, independent complaints process must be maintained, with acknowledgment within two business days and final resolution within 30 business days. Unresolved complaints may be escalated to Sanadak.

Enforcement

Non-compliance may result in supervisory action, financial penalties and restrictions on individuals operating within the financial sector.

The SME Customer Protection Regulation represents a material strengthening of the conduct and consumer protection framework applicable to SME banking in the UAE. It aligns SME protections more closely with retail consumer standards while introducing more prescriptive requirements on governance, disclosures and lending practices.

  • matching orders between buyers and sellers and conducting the purchase, sale or any other transaction between ETDs and Virtual Asset;
  • maintaining an order book in furtherance thereof.

Financial institutions should undertake a comprehensive review of their SME onboarding, consumer protection, client agreement, disclosures and complaints frameworks to ensure alignment with the SME Customer Protection Regulation.

 

How can Al Tamimi help?

At Al Tamimi & Company, they assist their clients in assessing the impact of the recent regulatory developments across the UAE financial services landscape, including those introduced by the Capital Market Authority UAE, Virtual Assets Regulatory Authority and the Central Bank of the UAE.

In particular, they support clients with reviewing their existing frameworks, identifying gaps against the new requirements, and implementing the necessary updates. This includes, among other things, enhancements to governance structures, customer-facing documentation and disclosures, onboarding processes, telemarketing practices (including scripts and consent flows), complaints handling frameworks, and broader compliance and risk management arrangements.

 

Key Contacts

Ali Awad, Partner, a.awad@tamimi.com
Divya Abrol Gambhir, Partner, d.abrol@tamimi.com

 

Country
United Arab Emirates
Sign up to GCC BDI updates
Please enter a valid email
Sign Up

Navigate

  • Join GCC BDI
  • Become a Corporate Member
  • Workshops
  • Certification Programmes
  • Become a Corporate Affiliate
  • Privacy Policy
  • Website Terms and Conditions

Connect With Us

Contact Information

GCC Board Directors Institute
DUBAI OFFICE
Emirates Financial Towers,
Office 2201,
South Tower Dubai,
UAE, P.O. Box 507007
+971 4 554 7967

KSA OFFICE
Offices Zone, 6629 King Abdul Aziz Branch Rd,
King Salman Neighbourhood,
RHDA 6629, 2668, Riyadh 12432
+966112738024/ Ext:124
Email: getinvolved@gccbdi.org
©GCC Board Directors Institute 2026. All Rights Reserved.
Powered by Glueup Logo