On 16 September 2025 a new Central Bank law – Federal Decree-Law No. 6 of 2025 – came into force, replacing both the 2018 Central Bank law and the 2023 insurance law and consolidating the regulation of banking, finance companies, exchange houses, payments and insurance under the Central Bank of the UAE (CBUAE). Affected entities have a one-year transition (to 16 September 2026) to come into compliance. The CBUAE licenses and supervises the UAE’s onshore financial institutions, hosts the country’s Financial Intelligence Unit and the goAML reporting portal, runs the federal payments framework, and is rolling out the Digital Dirham. The financial free zones – the DIFC (DFSA) and ADGM (FSRA) – have their own financial-services regulators, though the CBUAE remains the UAE’s federal monetary authority. The framework is new and still bedding in – confirm the current law and rulebooks at the time of use.
How the UAE’s central bank regulates banks, payment providers, exchange houses and insurers onshore.
At a glance
- Regulator: The Central Bank of the UAE (CBUAE) – the federal monetary authority and prudential regulator
- Law: Federal Decree-Law No. 6 of 2025, in force 16 September 2025; one-year transition to 16 September 2026
- Replaces: The 2018 Central Bank law and the 2023 insurance law – banking, payments and insurance now consolidated
- Perimeter: Banks, finance companies, exchange houses, payment-service providers, insurers – and, under Art. 62, certain technology enablers
- Also: Hosts the UAE Financial Intelligence Unit and the goAML portal; rolling out the Digital Dirham
- Free zones: DIFC (DFSA) and ADGM (FSRA) firms have their own regulators; the CBUAE remains the federal monetary authority
1. The Central Bank and its 2025 law
The CBUAE is the UAE’s central bank – the federal monetary authority responsible for the dirham, monetary stability, and the licensing and prudential supervision of the country’s onshore financial institutions. Its governing framework was comprehensively overhauled by Federal Decree-Law No. 6 of 2025, issued on 8 September 2025, published on 15 September 2025 and in force from 16 September 2025. The new law repeals and replaces both the previous Central Bank law (Federal Decree-Law No. 14 of 2018) and the 2023 insurance decree-law, consolidating banking, payments and insurance regulation into a single, unified statute. Affected entities have been given a one-year transition – to 16 September 2026 – to bring their operations into compliance. Subordinate regulations made under the 2018 law generally continue in force until replaced, so the practical position is a new primary statute sitting over a body of existing rulebooks that the CBUAE is progressively updating.
2. What the CBUAE regulates – the onshore perimeter
The CBUAE’s perimeter is broad. It licenses and supervises banks (national and foreign), finance companies, exchange houses and money-transfer businesses, payment-service providers and card schemes, and – following the consolidation described below – insurers, reinsurers and insurance intermediaries. Across these sectors the CBUAE sets prudential, conduct and governance standards; authorises new entrants and significant changes of control; and supervises ongoing compliance through its rulebook, inspections and enforcement. The common thread is that institutions taking deposits, extending credit, moving money, issuing payment instruments or underwriting insurance onshore in the UAE operate within the CBUAE’s remit. As with the onshore securities regime, the first question for any financial business is whether its activity falls inside that perimeter – and, if so, which licence and rulebook apply.
3. Insurance under the Central Bank
Insurance regulation in the UAE was for many years the responsibility of a standalone Insurance Authority. That authority was merged into the CBUAE under Federal Decree-Law No. 25 of 2020 (approved by the Cabinet in October 2020), and since then the CBUAE has held the regulatory, supervisory, licensing and enforcement functions for the insurance sector. The 2025 Central Bank law completes the consolidation by absorbing the 2023 insurance decree-law into the unified statute, so that banking, payments and insurance now share a single primary framework and a single regulator. For insurers, brokers and other intermediaries this means their authorisations, conduct standards and reporting all sit with the CBUAE. Insurance-specific rules continue to apply within that structure, and – given the 2025 consolidation – the current treatment of a particular insurance activity should be confirmed against the CBUAE’s live rulebook.
4. Payments, fintech and the new technology-enablement rule
Payments and fintech are a focus of the modern CBUAE framework. The federal regime is built principally on two instruments made under the previous law and preserved under the 2025 law until replaced: the Stored Value Facilities (SVF) Regulation (2020) and the Retail Payment Services and Card Schemes (RPSCS) Regulation (in force from 15 July 2021), which together license and supervise payment-service providers, e-money issuers and card schemes. The 2025 law adds an important and broadly drawn provision – commonly referred to by its article on technology enablement – under which platforms, applications and infrastructure that facilitate or enable financial services (payments, credit, deposits, currency exchange, remittances or investment) can require CBUAE licensing even where the provider is not itself a bank, insurer or payment-service provider. This materially widens the perimeter for fintech and infrastructure businesses, and any platform touching UAE financial flows should assess whether it is now caught.
5. The Central Bank’s AML role and goAML
The CBUAE is the AML/CFT supervisor for the institutions it licenses, and it sits at the centre of the UAE’s financial-crime architecture. It established a dedicated AML/CFT supervision function and hosts the country’s Financial Intelligence Unit (FIU), which operates the federal goAML portal through which financial institutions and designated non-financial businesses file suspicious-activity and suspicious-transaction reports. Registration on goAML is mandatory for reporting entities across the UAE, and the CBUAE’s supervised institutions must meet the federal AML obligations – customer due diligence, sanctions screening, monitoring and reporting – alongside the CBUAE’s own standards. The substantive AML law is federal and applies across the country; we set out the onshore AML regime in detail on our dedicated UAE AML page, and the free-zone regimes on the DIFC and ADGM AML pages.
6. The Digital Dirham (central bank digital currency)
The CBUAE is developing a central bank digital currency (CBDC) – the Digital Dirham. A retail pilot launched in November 2025, marking the UAE’s first central-bank digital-currency transactions, with a phased expansion through 2026 across person-to-person, commercial and cross-border use cases, and distribution intended through licensed banks, exchange houses and fintechs. The Digital Dirham is being progressed alongside the CBUAE’s wider work on instant payments and digital infrastructure. Because the rollout is in progress rather than complete, references to timing and functionality should be treated as current plans that may evolve; the position should be checked against the CBUAE’s latest announcements. For businesses, the practical significance is the direction of travel – a regulated digital-currency rail sitting beneath the UAE payments system – rather than any single launch date.
7. The India–UAE dimension
The UAE–India financial relationship is one of the world’s largest, and much of it runs through CBUAE-regulated channels. The corridor is among the biggest remittance routes globally, carried in significant part by CBUAE-licensed exchange houses and money-transfer businesses. Payment connectivity is deepening: UPI has been available in the UAE since 2021, and the CBUAE and the Reserve Bank of India have been working to link their instant-payment systems and to explore a CBDC bridge between the Digital Dirham and India’s e-rupee for faster, cheaper cross-border transfers. These initiatives are at the cooperation and pilot stage rather than fully live, so they should be described as work in progress. For India-facing payment, remittance and fintech businesses, the consequence is that market access onshore depends on CBUAE licensing and on compliance with its payments and AML frameworks.
8. The free-zone interface
As with the onshore securities regime, it is important not to assume that the CBUAE regulates everything financial in the UAE. Financial firms established in the DIFC or the ADGM are regulated by those zones’ own authorities – the DFSA and the FSRA respectively – for the activities they carry on within the zone. The CBUAE remains the federal monetary authority for the whole of the UAE and the regulator of onshore institutions, and certain federal matters (notably the federal AML architecture and the national payments and currency system) operate across the country. The practical points are that a banking, payments or insurance business must identify whether it is operating onshore (CBUAE) or within a free zone (DFSA or FSRA), and that a group operating in more than one of these will need to satisfy each relevant regulator. Perimeter analysis at the outset avoids costly mis-licensing later.
Key points at a glance
| Topic | Position |
|---|---|
| Regulator | The CBUAE – federal monetary authority and prudential regulator |
| Governing law | Federal Decree-Law No. 6 of 2025, in force 16 Sep 2025 |
| Replaces | The 2018 Central Bank law and the 2023 insurance law |
| Transition | One year – to 16 September 2026 |
| Perimeter | Banks, finance companies, exchange houses, payments, insurance; tech enablers (Art. 62) |
| Payments rails | SVF Regulation (2020); RPSCS Regulation (in force 15 Jul 2021) |
| Financial crime | Hosts the UAE FIU and the goAML portal |
| Free zones | DIFC (DFSA) and ADGM (FSRA) firms have their own regulators |
Frequently asked questions
What law governs the UAE Central Bank now?
Federal Decree-Law No. 6 of 2025, in force from 16 September 2025. It replaced the 2018 Central Bank law and the 2023 insurance law, consolidating banking, payments and insurance regulation under the CBUAE. Affected entities have until 16 September 2026 to comply.
Does the CBUAE regulate insurance?
Yes. The standalone Insurance Authority was merged into the CBUAE in 2020, and the 2025 law consolidates insurance regulation into the unified Central Bank statute. Insurers, reinsurers and intermediaries are licensed and supervised by the CBUAE.
Who needs a CBUAE licence?
Onshore banks, finance companies, exchange houses and money-transfer businesses, payment-service providers and card schemes, and insurers – and, under the new technology-enablement provision, certain platforms and infrastructure that enable financial services even if the provider is not itself a bank, insurer or PSP.
What is the Article 62 technology-enablement provision?
A broadly drawn rule in the 2025 law under which platforms, applications and infrastructure that facilitate financial services can require CBUAE licensing even where the operator is not a traditional financial institution. Fintech and infrastructure businesses touching UAE financial flows should assess whether they are caught.
How are payment services regulated?
Principally through the Stored Value Facilities Regulation (2020) and the Retail Payment Services and Card Schemes Regulation (in force 15 July 2021), which are preserved under the 2025 law until replaced. They license and supervise PSPs, e-money issuers and card schemes.
Does the CBUAE regulate DIFC or ADGM firms?
Financial firms within those free zones are regulated by the DFSA (DIFC) and the FSRA (ADGM) for their in-zone activities. The CBUAE remains the federal monetary authority and the regulator of onshore institutions.
What is the Digital Dirham?
The CBUAE’s central bank digital currency. A retail pilot launched in November 2025, with a phased rollout through 2026 across person-to-person, commercial and cross-border use cases. The programme is in progress, so timing and functionality may evolve.
What is the CBUAE’s role in anti-money laundering?
The CBUAE supervises AML/CFT for the institutions it licenses and hosts the UAE Financial Intelligence Unit, which operates the goAML reporting portal. Its supervised institutions must meet the federal AML obligations alongside the CBUAE’s own standards.
We run remittances between the UAE and India – who regulates us?
Exchange houses and money-transfer providers operating onshore are licensed and supervised by the CBUAE, and must comply with its payments and AML frameworks. The UAE–India corridor is one of the largest in the world and a particular focus of AML supervision.
Is the 2025 framework fully in force?
The primary law is in force, but affected entities have until 16 September 2026 to comply, and the CBUAE is updating its subordinate rulebooks. Cite the live law and rulebooks and verify the current position at the time of use.