Telemarketing Regulation

CBUAE Classification: Public Telemarketing Regulation

CONTENTS

Page Subject Introduction 4 Objective 5 Scope of Application 6 Definitions (Article 1) 6 PART (1): TELEMARKETING REQUIREMENTS Approval Requirement (Article 2) 14 Training Requirements (Article 3) 14 Procedures and Policies for Telemarketers (Article 4) 16 Telemarketing Scripts (Article 5) 16 List of Telemarketers and Authorised Telemarketing Channels (Article 6) 17 Consent Obtaining (Article 7) 18 Methods of Obtaining Consent (Article 8) 19 Do Not Call Registry (DNCR) (Article 9) 21 Telemarketing Log and Records (Article 10) 22 Reporting Requirements (Article 11) 24 PART (2): TELEMARKETING CONTROLS Ethical Telemarketing (Article 12) 24 Telemarketing Information (Article 13) 25 Telemarketing Termination (Article 14) 27 Telemarketing Time and Frequency (Article 15) 27 Automated Communication Systems (robocalls) and Artificial Intelligence (AI-generated communications) (Article 16) 28 Unwanted Telemarketing Communications (Article 17) 29 PART (3): GENERAL PROVISIONS Data Privacy and Data Protection (Article 18) 30 Compliance Requirements (Article 19) 31 Violations and Enforcement (Article 20) 31 Conflict with Other Regulations (Article 21) 32 Cancellation of Previous Notices (Article 22) 32 Regulation Interpretation (Article 23) 33 Application and Publication (Article 24) 33

Circular No. 3 /2026 Date: 19/02/2026 To: All Licensed Financial Institutions Subject: Telemarketing Regulation

INTRODUCTION

The Central Bank aims to enhance the framework for protection of Customers of Licensed Financial Institutions.

In introducing the Telemarketing Regulation (this Regulation), the Central Bank seeks to ensure: a. Licensed Financial Institutions’ approach to Customer protection is in line with applicable laws and Regulations; and b. the protection of Customers’ interests when Licensed Financial Institutions market and advertise their financial products and/or services.

This Regulation is issued pursuant to the powers vested in the Central Bank under the Federal Decree-Law No. (6) of 2025 Regarding the Central Bank Regulation of Financial Institutions and Activities and Insurance Business, and to fulfil the requirements of Cabinet Resolution No. (56) of 2024 Concerning the Telemarketing Regulations.

Where this Regulation includes a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements, which are additional to those provided for in the relevant Article.

This Regulation should be read in conjunction with applicable laws and Regulations, in particular: a. Cabinet Resolution No. (56) of 2024 Concerning the Telemarketing Regulations; b. Cabinet Resolution No. (57) of 2024 Concerning the Administrative Violations and Penalties for Acts Violating the provisions of Cabinet Resolution No. (56) of 2024 Concerning the Telemarketing Regulations; c. the Consumer Protection Regulation (Circular 8/2020, dated 25/11/2020), and its accompanying Standards (as amended from time to time); and d. the Establishment of an Ombudsman Unit for the United Arab Emirates Regulation (Notice No. CBUAE/BIS/2023/1659, dated 29/3/2023).

OBJECTIVE

The objective of this Regulation is to establish the regulatory framework, including the minimum standards which Licensed Financial institutions must comply with when conducting Telemarketing activity with a view to: a. ensuring that Telemarketing is conducted in compliance with applicable laws and Regulations; b. ensuring the protection of Customers, and the promotion of Customer confidence; and c. eliminating Unwanted Telemarketing Communications to ensure that customers are not unduly disturbed and avoid violating Customers’ privacy.

SCOPE OF APPLICATION

Without prejudice to any requirements established in the applicable laws and Regulations, the requirements of this Regulation apply to all Licensed Financial Institutions. This Regulation applies to Licensed Financial Institutions specifically in the conduct of Telemarketing, as defined in Article 1.30 of this Regulation.

Licensed Financial Institutions established in the UAE with Group relationships, including Subsidiaries, Affiliates, or foreign branches, must ensure that this Regulation is adhered to on a solo and Group-wide basis.

The requirements within this Regulation shall also apply to a Licensed Financial Institution in cases where the Telemarketing function is outsourced. Any Third-Party Service Provider engaged by the Licensed Financial Institution must fully comply with all requirements set in this Regulation.

Article 1: Definitions

The following terms shall have the meaning assigned to them below for the purposes of this Regulation:

1.1 Affiliate: an entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term control as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity.

1.2 Banks: Any juridical person licensed in accordance with the provisions of the Central Bank Law and the regulations issued in implementation thereof, to primarily carry on the activity of taking deposits in addition to any of the other Licensed Financial Activities.

1.3 Board: the board of directors of the Licensed Financial Institution. In the case of branches of foreign Licensed Financial Institution, Board refers to the highest decision making body of the Licensed Financial Institution within the State, for example, the Senior Management committee.

1.4 Central Bank: the Central Bank of the United Arab Emirates.

1.5 Central Bank Law: Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business.

1.6 Chief Executive Officer: the most senior executive appointed by the Board.

1.7 Complaint: an expression of dissatisfaction by a Customer with a product, service, policy, procedure or actions by the Licensed Financial Institution that is presented to an employee of the Licensed Financial Institution in writing or verbally.

1.8 Consumer Protection Regulation: The Central Bank’s regulation (Circular No. 8/2020, dated 25/11/2020) and its accompanying Standards.

1.9 Customer: a Person who obtains or may prospectively obtain Products and/or Services for personal use, and who is contacted by Telemarketers for the purpose of Telemarketing.

1.10 Do Not Call Registry (DNCR): the unified national Agency registry supervised by Telecommunications and Digital Government Regulatory Authority to protect Customers from Unwanted Telemarketing Communications.

1.11 Financial Free Zones: free zones subject to the provisions of Federal Law No 8 of 2004, regarding Financial Free Zones, and amending laws.

1.12 Financial Products and/or Services: products and/or services (including stored value facilities) provided by Licensed Financial Institutions, with or without charge, through their Licensed Financial Activities. It will be referenced to as Products and/or Services in this Regulation.

1.13 Group: a group of entities that includes an entity (the ‘first entity’) and: a. any Parent of the first entity; b. any Subsidiary of the first entity or of any Parent of the first entity; and c. any Affiliate.

1.14 Insurance Company (Insurer): Any juridical person, licensed in accordance with the provisions of the Central Bank Law and the regulations issued in implementation thereof to carry on insurance business and activities in the State.

1.15 Licensed Financial Activities: the financial activities subject to Central Bank licensing and supervision, which are specified in Article (61) of the Central Bank Law.

1.16 Licensed Financial Institutions: Banks, Insurance Companies and/or Reinsurance Companies, and Other Financial Institutions licensed in accordance with the provisions of the Central Bank Law and the Regulations issued in implementation thereof, to carry on a Licensed Financial Activity or more, including those which carry on the whole or a part of their activities and business in accordance with the rules and principles of Islamic Shari`ah. These institutions shall be either incorporated inside the State or a branch or subsidiary inside the State of a financial institution incorporated outside the State or in Financial Free Zones.

1.17 Ombudsman Unit: an independent Ombudsman Unit that enjoys independent legal personality, and is conferred powers and functions to provide for a Complaint process and resolutions mechanism.

1.18 Other Financial Institutions: any Person, except Banks, Insurance Companies and/or Reinsurance Companies, licensed in accordance with the provisions of the Central Bank Law and the regulations issued in implementation thereof, to carry on a Licensed Financial Activity or more.

1.19 Outsourcing: an agreement between a Licensed Financial Institution and a Third-Party Service Provider whereby that Third-Party Service Provider performs a process, service, or activity that would otherwise be undertaken by the Licensed Financial Institution itself.

1.20 Parent: an entity (the ‘first entity’) which: a. holds a majority of the voting rights in another entity (the ‘second entity’); b. is a shareholder of the second entity and has the right to appoint or remove a majority of the board of directors or managers of the second entity; or c. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity; Or d. if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity.

1.21 People of Determination: any Person suffering from a temporary or permanent, full or partial deficiency or infirmity in his physical, sensory, mental, communicational, educational or psychological abilities to an extent that limits his possibility of performing the ordinary requirements.

1.22 People of Legal Defective Capacity: any Person who has attained the age of discretion but not the age of legal majority, and whoever has attained the age of legal majority but is prodigal or of unsound mind, as per the applicable laws.

1.23 Person: a natural person.

1.24 Regulations: any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.

1.25 Reinsurance Company: Any juridical person licensed in accordance with the provisions of the Central Bank Law and the regulations issued in implementation thereof to carry on reinsurance business and activities.

1.26 Senior Management: the executive management of the Licensed Financial Institution responsible and accountable to the Board for the sound and prudent day-to-day management of the Licensed Financial Institution, generally including, but not limited to, the Chief Executive Officer, chief financial officer, chief risk officer, heads of the compliance and internal audit functions.

1.27 State: the United Arab Emirates.

1.28 Subsidiary: an entity (the ‘first entity’) is a subsidiary of another entity (the ‘second entity’) if the second entity: a. holds a majority of the voting rights in the first entity; b. is a shareholder of the first entity and has the right to appoint or remove a majority of the board of directors or managers of the first entity; c. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity; Or d. if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.

1.29 Telemarketer: a Person who is duly authorised by the Licensed Financial Institution to engage, on behalf of that Licensed Financial Institution, in the practice of Telemarketing. Where applicable the term may include using automated communication systems and artificial intelligence.

1.30 Telemarketing: any activity carried out by a Telemarketer for the purpose of marketing Financial Products and/or Services to Customers, including but not limited to making calls, sending messages, or using automated systems.

1.31 Third-Party Service Provider: any entity or person, other than the Licensed Financial Institution or its employees, that provides services to the Licensed Financial Institution.

1.32 Unwanted Telemarketing Communications: any telemarketing communication made to a Customer who has not consented to receive such communications, or who has opted out via the Do Not Call Registry or other means.

PART (1): TELEMARKETING REQUIREMENTS

Article 2: Approval Requirement

Licensed Financial Institutions must obtain prior written approval from the Central Bank before commencing any Telemarketing activity. Such approval shall be subject to the submission of all required documents and policies as specified by the Central Bank.

Article 3: Training Requirements

Licensed Financial Institutions must ensure that all Telemarketers undergo comprehensive training on applicable laws, Regulations, ethical standards, and customer protection principles before engaging in Telemarketing activities. Training records must be maintained and made available to the Central Bank upon request.

Article 4: Procedures and Policies for Telemarketers

Licensed Financial Institutions must establish and implement written procedures and policies governing Telemarketing activities. These procedures must include guidelines on script usage, customer interaction, handling complaints, and ensuring compliance with this Regulation.

Article 5: Telemarketing Scripts

All telemarketing scripts must be clear, accurate, and not misleading. They must clearly identify the Licensed Financial Institution, the nature of the product or service, and any associated costs or risks. Scripts must be reviewed and approved by the Compliance function before use.

Article 6: List of Telemarketers and Authorised Telemarketing Channels

Licensed Financial Institutions must maintain a list of all authorised Telemarketers and the specific channels (e.g., phone numbers, email addresses) used for Telemarketing. This list must be updated regularly and submitted to the Central Bank upon request.

Article 7: Consent Obtaining

Licensed Financial Institutions must obtain explicit consent from Customers before initiating Telemarketing communications. Consent must be freely given, specific, informed, and unambiguous. Customers must be provided with clear information about how their data will be used.

Article 8: Methods of Obtaining Consent

Consent may be obtained through written forms, electronic means, or verbal confirmation, provided that the method used ensures a clear record of the Customer’s agreement. For vulnerable customers, additional safeguards must be implemented to ensure understanding and voluntary consent.

Article 9: Do Not Call Registry (DNCR)

Licensed Financial Institutions must regularly check the Do Not Call Registry (DNCR) maintained by the Telecommunications and Digital Government Regulatory Authority. They must not contact Customers whose numbers are listed on the DNCR, unless such Customers have provided specific consent to be contacted.

Article 10: Telemarketing Log and Records

Licensed Financial Institutions must maintain detailed logs and records of all Telemarketing activities, including the date, time, content of communication, and the identity of the Telemarketer. These records must be retained for a minimum period as specified by the Central Bank and made available for inspection.

Article 11: Reporting Requirements

Licensed Financial Institutions must report any breaches of this Regulation, customer complaints related to Telemarketing, and other significant incidents to the Central Bank within the timeframe specified by the Central Bank.

PART (2): TELEMARKETING CONTROLS

Article 12: Ethical Telemarketing

Telemarketing activities must be conducted ethically and with respect for Customer dignity. Telemarketers must not use aggressive, coercive, or deceptive tactics. They must respect Customer preferences and stop communication immediately upon request.

Article 13: Telemarketing Information

All Telemarketing communications must include clear and conspicuous information about the Licensed Financial Institution, the purpose of the call, and how Customers can opt out of future communications. Misrepresentation of identity or product features is strictly prohibited.

Article 14: Telemarketing Termination

Customers have the right to terminate Telemarketing communications at any time. Licensed Financial Institutions must have efficient mechanisms in place to process opt-out requests promptly and ensure that the Customer’s number is removed from active calling lists.

Article 15: Telemarketing Time and Frequency

Telemarketing communications must be conducted during reasonable hours, as defined by the Central Bank. The frequency of communications must not be excessive or harassing. Licensed Financial Institutions must define and adhere to internal limits on call frequency per Customer.

Article 16: Automated Communication Systems (robocalls) and Artificial Intelligence (AI-generated communications)

The use of automated communication systems and AI-generated communications is subject to strict regulations. Prior consent must be obtained for such communications. Customers must be informed that they are interacting with an automated system or AI. Easy and immediate opt-out mechanisms must be provided.

Article 17: Unwanted Telemarketing Communications

Licensed Financial Institutions must take all necessary measures to prevent Unwanted Telemarketing Communications. This includes implementing robust filtering systems, monitoring Telemarketer activities, and promptly addressing any reports of unwanted communications.

PART (3): GENERAL PROVISIONS

Article 18: Data Privacy and Data Protection

Licensed Financial Institutions must comply with all applicable data privacy and protection laws when collecting, storing, and using Customer data for Telemarketing purposes. Customer data must be secured against unauthorized access, use, or disclosure.

Article 19: Compliance Requirements

Licensed Financial Institutions must establish a compliance function responsible for monitoring and ensuring adherence to this Regulation. The Compliance function must conduct regular audits and risk assessments related to Telemarketing activities.

Article 20: Violations and Enforcement

Violations of this Regulation may result in administrative penalties, fines, or other enforcement actions as per Cabinet Resolution No. (57) of 2024. The Central Bank reserves the right to take corrective actions against non-compliant institutions.

Article 21: Conflict with Other Regulations

In the event of a conflict between this Regulation and other applicable laws or Regulations, the provisions of this Regulation shall prevail in matters specifically governed by Telemarketing, unless otherwise specified by law.

Article 22: Cancellation of Previous Notices

This Regulation cancels and replaces any previous notices or circulars issued by the Central Bank regarding Telemarketing, to the extent that they are inconsistent with this Regulation.

Article 23: Regulation Interpretation

The Central Bank reserves the right to interpret the provisions of this Regulation. Any ambiguities shall be resolved in favor of Customer protection and regulatory compliance.

Article 24: Application and Publication

This Regulation shall come into effect on the date of its publication in the Official Gazette. It shall apply to all Licensed Financial Institutions immediately upon effect.