CBUAE issues new outsourcing law to protect Emirate’s banking sector

By Ashika Rajan, Trainee Reporter
  • Follow author on
Representational Image

The Central Bank of the UAE (CBUAE) has issued a new outsourcing regulation and associated standards for banks operating in the UAE, as part of a continuous effort to introduce solid regulatory frameworks that properly govern and secure the Emirate’s banking sector.

The regulation, which takes effect one month after it is published in the Official Gazette, aims to ensure that banks are appropriately managing the risks when outsourcing certain functions. This includes the necessity for mandatory inclusion of board-approved policies and procedures for outsourcing activity in banks’ governance frameworks.

CBUAE further seeks that by introducing this regulation to ensure that banks’ approaches to managing the risks inherent in outsourcing arrangements are consistent with leading international wise practices, thereby contributing to financial stability.

Apart from this under the regulation, banks operating in the UAE must obtain a notice of non-objection from CBUAE prior to outsourcing any material activity.

Mr. Khaled Mohamed Balama, Governor of the CBUAE remarked that “our introduction of the Outsourcing Regulation and accompanying Standards is testament to CBUAE’s robust efforts to ensure the integrity of banks’ risk management frameworks and operational stability. The Central Bank prioritizes the utmost importance to data protection and risk management by issuing directives that govern and safeguard banks and their consumers, in line with international standards and best practices. We are confident that this regulation will amplify the ability of banks operating within the UAE to mitigate potential threats from outsourcing activities, ultimately ensuring the continued security of their institutions and consumers.”

A key principle underlying this regulation is that a bank’s outsourcing agreements should not impair its capacity to meet its obligations to its customers and CBUAE, nor interfere with CBUAE’s supervisory provisions.

As stipulated by the regulation and accompanying standards, it must be ensured that banks’ customers’ confidential information must not be shared outside the UAE without prior approval from both CBUAE and the concerned consumer.

Related: CBUAE joins with SWIFT to improve cross-border payments