CBUAE sets out responsible AI rules for UAE finance
The Central Bank of the UAE has issued guidance for the consumer-safe, responsible use of artificial intelligence and machine learning by licensed financial institutions. The goal is straightforward: deploy AI in ways that protect customers, strengthen governance and transparency, and keep practices fair and sustainable.
This guidance reflects a proactive supervisory stance and provides a clear framework for banks and other CBUAE-supervised entities to use AI without compromising financial stability or consumer trust.
Who this applies to
All licensed financial institutions under the Central Bank's supervision in the UAE. If your teams build, buy, or operate AI/ML systems that affect customers, risk, or financial soundness, this is meant for you.
The core principles you'll be measured against
- Governance and accountability: Clear roles, board and senior management oversight, model inventory, and end-to-end accountability across the AI lifecycle.
- Fairness and non-discrimination: Identify, test, and mitigate bias before launch and on an ongoing basis-especially for credit, pricing, claims, and collections.
- Transparency and explainability: Provide understandable reasons for decisions, document model design and data, and inform customers when AI is used in consequential outcomes.
- Effective human oversight: Define when humans review, approve, and override models. High-impact decisions must have clear escalation and recourse paths.
- Data management and privacy: Data quality, lineage, security, access controls, and privacy by design. Collect only what's necessary and respect consent and retention limits.
What finance leaders should do next (next 90 days)
- Assign ownership: Nominate accountable executives for AI risk, with board-level reporting and KPIs.
- Map your AI estate: Build a live inventory of all AI/ML use cases, including third-party and embedded vendor models.
- Classify risk: Rate use cases by customer impact, financial materiality, model complexity, and data sensitivity.
- Set approval gates: Require model risk and compliance sign-off before development, before launch, and after material change.
- Bias and performance testing: Establish test suites for fairness, drift, stability, and stress scenarios; define remediation triggers.
- Explainability standards: Define minimum explanation requirements for adverse actions and high-impact decisions.
- Human-in-the-loop controls: Specify thresholds for manual review and clear customer recourse for disputes.
- Data controls: Enforce data minimisation, lineage tracking, access logging, and privacy impact assessments.
- Vendor governance: Update third-party risk due diligence to cover training data, bias controls, model updates, and incident reporting.
- Audit trail: Keep complete records-datasets, code, parameters, prompts, versions, and decisions-for audit and supervisory review.
High-priority use cases and what to watch
- Credit decisioning and pricing: Fairness testing across protected groups; clear reasons for declines or pricing differentials.
- Transaction monitoring and AML: Balance false positives with explainability; document thresholds and investigator override rules.
- Fraud detection: Monitor drift as attack patterns change; maintain rapid rollback paths for model updates.
- Collections and customer treatment: Guard against undue hardship from automated actions; add human review for vulnerable customers.
- Marketing and underwriting: Respect consent and permissible data use; avoid proxy variables that introduce bias.
- Chatbots and assistants: Disclose AI use, log interactions, and protect personal and financial data in prompts and outputs.
Why it matters
The Central Bank aims to build trust in financial innovation by balancing technological progress with strong consumer protection and financial stability. The Note is consistent with the UAE's national AI strategy and supports a resilient, sustainable financial sector.
For reference, see the Central Bank of the UAE and the UAE's Artificial Intelligence Strategy.
Statement from the Central Bank
"The guidance note aims to establish a clear framework for the responsible use of artificial intelligence and machine learning in the financial sector, in a way that enhances consumer protection, reinforces governance and transparency principles, and emphasises the importance of human oversight and data protection requirements."
Practical next steps for teams
- Create a cross-functional AI governance committee (risk, compliance, data, IT, product, legal).
- Adopt model documentation templates that capture purpose, data sources, features, KPIs, monitoring plans, and limitations.
- Implement production monitoring: quality checks, drift alerts, fairness dashboards, and incident playbooks.
- Train first and second lines on AI risks, bias, privacy, and customer communications.
- Schedule independent validation for material models at least annually or after significant changes.
Build capability
If your teams need practical upskilling on use cases, controls, and implementation patterns, explore AI for Finance.
Your membership also unlocks:
