Draft Telemarketing Regulation from CBUAE: Implications for Insurance Industry

6 min 57 sec January 20, 2026 (Edited)

The Central Bank of the UAE (“CBUAE“) has circulated a draft Telemarketing Regulation (the “Draft Regulation“) establishing a dedicated regulatory framework and minimum standards for telemarketing by licensed financial institutions. The Draft Regulation is issued pursuant to Federal Decree Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business (the “Central Bank Law“) and Cabinet Resolution No. (56) of 2024 Concerning the Telemarketing Regulations (“Cabinet Resolution 56/2024“). Once finalised, the Draft Regulation will come into effect sixty (60) days after publication in the Official Gazette, with licensed institutions required to achieve full compliance within that same sixty-day period.

Scope of Application: Who Will Be Affected?

The Draft Regulation applies to all “Licensed Financial Institutions” as defined under the Central Bank Law. This definition is notably broad, encompassing Banks, Insurance Companies (including Reinsurance Companies and Takaful Insurance Companies), and Other Financial Institutions (includes insurance brokers, agents and other insurance related professions) licensed by the CBUAE to carry on Licensed Financial Activities. The scope extends to institutions incorporated in the UAE, branches or subsidiaries of foreign financial institutions operating in the UAE, except for entities operating in Financial Free Zones. Importantly, the Draft Regulation applies on both a solo and group-wide basis, meaning that licensed institutions with subsidiaries, affiliates, or international branches must ensure compliance across their entire corporate structure. The requirements also apply where telemarketing functions are outsourced to third parties.

Impact on the Insurance Industry

The Draft Regulation carries significant implications for the UAE insurance sector. Insurance Companies, Takaful Insurance Companies, Brokers and Agents are expressly within scope as Licensed Financial Institutions. Given that telemarketing is a prevalent distribution channel for insurance products, particularly personal lines such as motor, health, and travel insurance, the stakeholders will need to undertake a comprehensive review of their marketing practices. Key considerations for insurers include: (i) ensuring that telemarketing of insurance products is subject to board level governance and approval; (ii) implementing robust consent mechanisms that capture customer preferences regarding language, communication channels, and product types; (iii) training insurance sales agents and call center staff on the specific requirements of the Draft Regulation, including ethical conduct and data protection obligations; (iv) reviewing arrangements with insurance intermediaries and third-party administrators who may conduct telemarketing on behalf of insurers; and (v) establishing compliant record-keeping systems for all telemarketing communications, including those conducted by AI systems or automated calling technology.

The Wider Legal Context

The starting point is Cabinet Resolution 56/2024, which defines “Telemarketing” broadly to include marketing calls and messages (including via social media applications) and introduces the Do Not Call Register (“DNCR”) to reduce unwanted marketing communications. The DNCR is a unified national registry supervised by the Telecommunications and Digital Government Regulatory Authority.

Crucially for financial services, Cabinet Resolution 56/2024 assigns the CBUAE responsibility for telemarketing of the services of banks, other financial establishments/institutions, insurance companies, and related professions licensed by it. In other words, this is now embedded in regulatory compliance and supervision.

Impact of the Draft Regulation

Cabinet Resolution 56/2024 sets the overall baseline, and the Draft Regulation then turns that into practical requirements for licensed institutions, covering governance, controls, staff training, monitoring, and enforcement. Key requirements under the Draft Regulation include:

1) Governance and approvals. Institutions would be required to obtain written board approval (or, in the case of branches of foreign licensees, approval from the highest decision-making body within the UAE) before launching telemarketing campaigns, with the CBUAE reserving the discretion to require prior CBUAE approval as well. This moves telemarketing from a “marketing department activity” into formal governance, risk, and compliance oversight.

2) Consent-first marketing. The Draft Regulation emphasizes explicit prior customer consent before being contacted for marketing purposes. The Draft Regulation mandates a ‘double opt-in’ mechanism for consent to be valid and requires that consent be obtained voluntarily, without coercion, and with adequate time for the customer to understand the terms. The Draft Regulation emphasizes explicit prior customer consent before being contacted for marketing purposes and requires that the consent indicates the customer’s preferred language, channels of communication, and methods of contact. That principle aligns with the Cabinet Resolution 56/2024’s emphasis on consumer comfort and privacy, and it will likely require firms to re-think how they capture, store, and refresh consent.

3) Do-not-call controls. Cabinet Resolution 56/2024 requires companies not to contact consumers listed on the DNCR. The Draft Regulation reinforces this by requiring institutions to maintain access to the updated DNCR at all times and to ensure telemarketers are trained on how to use it. Additionally, the Draft Regulation introduces a requirement for licensed financial institutions to publish, on their official platforms, guidance for customers on how to register on the DNCR.

4) Training and competence standards. The Draft Regulation sets minimum training requirements and expects retraining when products change. It also requires licensed financial institutions to ensure telemarketers (i) receive telemarketing-related training at least annually, and (ii) complete 15 hours of training on ethical and professional conduct and customer data handling before carrying out telemarketing. The CBUAE reserves the right to impose additional training requirements and may request periodic reports on training programs completed by telemarketers.

5) Standardised scripts and recorded calls. Cabinet Resolution 56/2024 requires companies to record marketing phone calls and inform the consumer at the beginning of the call. The Draft Regulation goes further by requiring standardised scripts to promote clarity and compliance, and by requiring retention of recorded consent where relevant. Licensed institutions must maintain comprehensive communication logs for all telemarketing, including communications by AI systems and robocalls, and retain such records for a minimum of five (5) years.

6) Time-window and frequency restrictions. Under Cabinet Resolution 56/2024, marketing calls may be made only between 9:00 am and 6:00 pm on weekdays. The Draft Regulation sets more granular restrictions: weekend calls are permitted only between 12:00 pm and 5:00 pm, and calls are prohibited on public holidays. Additionally, telemarketing communications to the same customer are limited to once per month, except where the customer has explicitly requested a follow-up. Customer preferred contact times must be respected where expressed.

7) AI and automated calling systems. The Draft Regulation imposes specific requirements on the use of automated communication systems (robocalls) and AI-generated communications. Automated dialing equipment must allow fifteen (15) seconds or four (4) rings before disconnecting unanswered calls, and customers must be connected to a telemarketer within two (2) seconds of answering. Where AI generated communications are used, customers must be given the option to transfer to a human telemarketer. The use of AI remains subject to Applicable Laws.

Practical Implications and Dispute Risk

The Draft Regulation provides a clear indication of the CBUAE’s supervisory expectations in relation to telemarketing. Licensed institutions should therefore begin assessing their existing frameworks against the direction of travel reflected in the draft. Violations of the Telemarketing Regulation may result in supervisory action, administrative action, and/or financial sanctions imposed by the CBUAE. Licensed institutions should also be aware of potential dispute risk arising from customer complaints regarding unwanted telemarketing communications, which may be escalated to the Ombudsman Unit (Sanadak) if not resolved within ten (10) business days. In practice, this is likely to involve:

• Customer consent frameworks: reviewing how marketing consent is obtained, recorded and maintained, including whether consent can be evidenced if challenged.
• DNCR controls: ensuring systems and procedures are in place to screen marketing lists against the DNCR, maintain internal do-not-call registers, and document any permitted exceptions.
• Oversight of outsourced arrangements: where telemarketing activities are outsourced, confirming that third party call centres and service providers are contractually bound to comply with applicable requirements, supported by appropriate training and monitoring.
• Record-keeping, monitoring, and complaints: assessing the adequacy of call recording, script approval, staff training records, and complaint handling processes, with a focus on maintaining a clear audit trail demonstrating compliance. Licensed institutions must be prepared to handle complaints regarding unwanted telemarketing communications in accordance with the Consumer Protection Regulation and Standards.

Overall, the Draft Regulation signals a clear shift towards treating telemarketing as a regulated distribution activity subject to formal governance, controls, and enforcement. For the insurance industry in particular, this represents a significant development given the sector’s reliance on telemarketing as a distribution channel. Insurers that embed telemarketing within their compliance and conduct frameworks, rather than treating it as a purely commercial function, will be better positioned to manage regulatory and dispute risk once the regime is finalised. Given the sixty-day implementation period following publication, licensed institutions should commence their gap analysis and remediation planning without delay.