New UAE Central Bank Law: Financial Sector Regulation & Fintech/Insurance
December 29 2025
The United Arab Emirates enacted Federal Decree-Law No. 6 of 2025 in September 2025 (the “New CBUAE Law”), delivering the most substantial overhaul of the nation's financial sector regulation in years. This new framework, which replaces the 2018 Central Bank Law and the 2023 Insurance Law, effectively consolidates the entire regulatory architecture for banking, payments, and fintech and insurance businesses under a single legislative umbrella. This landmark UAE Central Bank Law marks a significant strategic step toward modernizing the financial landscape.
Expanded Regulatory Perimeter for Digital Finance and Fintech
A central feature of this new financial sector regulation is the expansion of the Central Bank’s supervisory perimeter. CBUAE now regulates a much broader set of financial activities, including payment services, and a wide range of fintech-enabled financial services.
The law explicitly allows the Central Bank to license and supervise firms operating in:
- Open finance
- Digital payments
- Services involving virtual assets, including stablecoin issuance
- Web3 financial infrastructure
- Digital wallets
- Certain forms of decentralised finance (DeFi) where they amount to financial services offered in or into the UAE
This expansion means that many actors previously outside traditional regulatory scope must now consider licensing and compliance obligations.
Strengthened Supervisory and Enforcement Powers
The New CBUAE Law substantially increases the Central Bank’s ability to intervene early and decisively in regulated entities. It grants the regulator greater authority to:
- Conduct on-site inspections
- Impose remedial measures
- Appoint administrators, restructure institutions, or initiate liquidation if necessary
Administrative penalties have also increased significantly, reaching up to ten times the value of the violation, and can be collected directly from a firm’s accounts even prior to final judicial determination. The law additionally allows the publication of enforcement decisions, which heightens transparency and reputational exposure for non-compliant entities.
Integrated Consumer-Protection and Complaint-Resolution Mechanisms
The reform establishes a unified consumer-protection framework encompassing both financial and insurance services. Complaints are now channeled through a streamlined and centralised system designed to ensure consistent and timely resolution.
This includes:
- Enhanced protections for retail clients
- More transparent disclosure requirements
- A harmonised dispute-resolution process covering loans, payments, insurance products, and related financial services
Compliance Impact for Financial Institutions and Fintech
For banks, insurers, payment providers, fintech companies, and digital-asset businesses, the new law increases regulatory expectations and compliance burdens.
Firms must be proactive:
- Reassess whether their activities fall within the expanded licensing perimeter
- Update their internal governance and AML/CFT frameworks
- Strengthening risk-management systems
- Review of contractual and operational documentation to align with the Central Bank’s new powers
Given the enhanced enforcement tools available to the CBUAE, the cost of non-compliance, both financial and reputational, is now substantially higher.
In conclusion, the 2025 Central Bank reform under the new UAE Central Bank Law represents a major step in the UAE’s strategy to modernise its financial system, integrate digital-finance activities into formal regulation, and reinforce financial stability and consumer protection. Its broad scope and strengthened enforcement mechanisms mean that regulated entities, as well as fintech and virtual-asset providers, must proactively adapt their compliance and licensing strategies to the new framework.
MIS Legal can assist organisations in assessing their regulatory exposure under the new law, updating compliance programmes, reviewing and drafting contractual documents, and preparing tailored regulatory-risk assessments to ensure alignment with the updated CBUAE requirements.
