CBUAE Set to Overhaul Insurance Agents Framework

4 min 6 sec January 20, 2026 (Edited)

The Central Bank of the UAE (“CBUAE”) issued a draft Insurance Agents’ Regulation (the “Draft Regulation”) for consultation, which will repeal and replace Insurance Authority Board Resolution No. (8) of 2011 concerning the regulation of insurance agents’ business. The Draft Regulation represents the first comprehensive overhaul of the insurance agency framework since 2011. Once published in the Official Gazette, the Draft Regulation will come into effect six (6) months from the date of publication.

Goals and Coverage

The Draft Regulation aims to ensure fair treatment of insureds and beneficiaries, promote the safety, soundness and efficiency of the insurance sector, and enhance public confidence in insurance agents’ operations. It applies to all insurance agents operating in the UAE and all insurance companies operating in the State. The CBUAE will apply the principle of proportionality, whereby agents may demonstrate that regulatory objectives are met based on the nature, scale and complexity of their business without necessarily addressing all specifics.

Licensing and Ongoing Oversight

The Draft Regulation establishes a comprehensive licensing framework administered by the CBUAE. Natural persons must be UAE nationals, at least 21 years old with full legal capacity, and may only act as agent for one company at a time. Juridical persons must be incorporated in the UAE with minimum capital of AED 500,000 fully owned by UAE nationals and may act for up to two companies provided the classes of insurance are different for each. All applicants must obtain professional indemnity insurance with a minimum sum insured of AED 2,000,000. Licenses are valid for one year and must be renewed annually. Agents must obtain necessary local permits and commence activities within six months of licensing. The Draft Regulation imposes ongoing requirements including full-time practice, prior CBUAE approval for changes to legal status, ownership, capital or premises, and ‑compliance with AML/CFT legislation. Agents are prohibited from collecting premiums, claim settlements or premium refunds, which must be paid directly between insureds and companies.

Governance, Risk and Data Protection

The Draft Regulation introduces comprehensive corporate governance requirements proportionate to the nature, scale and complexity of operations. Agents must implement clear organizational structures with defined reporting lines, conflict‑of‑interest controls, confidentiality procedures, compliance monitoring, professional codes of conduct and ‑whistleblowing policies. A risk governance framework must identify, measure, evaluate, monitor and mitigate material risks including operational risk, conduct risk, insurance fraud, cybercrime and AML/CFT risks. Internal controls must ensure effective operations, adequate risk control and regulatory compliance. On data protection, agents must adopt clear policies on collection, storage and sharing of personal data, store and back up all data within the UAE, implement encryption and access controls, and conduct regular security audits. Disclosure of personal data is restricted to specified circumstances including with insured consent, to the CBUAE, to courts, or for underwriting and claims purposes. Agents must also establish cyber incident response plans.

Outsourcing and Enforcement

The Draft Regulation explicitly regulates outsourcing for the first time. Agents remain fully liable for outsourced services and must contractually ensure service providers comply with regulatory requirements. Outsourcing of material business activities requires the CBUAE’s prior non-objection, with agents required to submit materiality assessments, risk assessments, due diligence summaries and evidence of representatives’ approval. The CBUAE will assess requests on a case-by-case basis within twenty business days and will generally not permit outsourcing of material business activities and key management functions. Outsourcing outside the UAE is prohibited. Enforcement powers are extensive: violations may result in supervisory action and sanctions including withdrawal, replacement or restriction of representatives’ powers, interim management arrangements, barring individuals from the UAE insurance sector, and license revocation. Agency agreements must comply with the Draft Regulation and existing agreements must be reviewed and amended before the effective date.

What’s next?

One of the most important changes is the prohibition to collect premium, claim settlements or premium refunds, which must be paid directly between insureds and companies. This is in line with the changes to all other regulations of CBUAE, including that for insurance brokers, and will require alignment of operations and of the existing arrangements between the insurers and existing licensees, who are able to collect premiums.

Insurance agents should begin reviewing their governance structures, risk management frameworks, data protection policies and agency agreements to ensure compliance with the new requirements. Key practical steps include: establishing or enhancing corporate governance arrangements and internal controls; implementing a risk governance framework addressing the specified risk categories; reviewing data handling practices and ensuring all personal data is stored within the UAE; assessing any outsourcing arrangements for material business activities; reviewing agency agreements to ensure compliance, particularly regarding prohibited terms that make agents responsible for unpaid premiums; establishing adequate complaint handling procedures; and ensuring staff meet fit and proper requirements including ongoing professional development of fifteen hours annually. Companies should also review their obligations regarding agent oversight, record-keeping and disclosure requirements. Given the six-month implementation period following publication, early engagement with legal and regulatory advisors is recommended to ensure a smooth transition.