The Central Bank of the United Arab Emirates (CBUAE) issued on April 23 two new fintech regulations, introducing the Open Finance Regulation and the Sandbox Conditions Regulation, a new post published by global law firm DLA Piper says.

These regulations aim to foster innovation and competition in the financial sector by facilitating data sharing across various financial industries, and reflect the UAE’s commitment to digital transformation.

Under the new Open Finance Regulation, licensed entities such as banks and insurance companies are mandated to grant access to customer data and enable transaction initiation to open finance providers. The regulation covers various financial products and accounts, including debit and credit banking products, mortgages, foreign exchange, insurance, e-money, and prepaid services. It emphasizes customer consent and control over the sharing of their financial data, and prohibits activities like data scraping, a technique in which a computer program extracts data from output generated from another program, and intercepting digital connections through reverse engineering.

Additionally, the regulation introduces a new license category and a compliance framework for open finance providers to undertake data sharing and/or service initiation. It also outlines a comprehensive framework for authentication, secure communication standards, and IT governance.

The CBUAE retains the authority to develop and issue supplementary technical standards for open finance providers in the future for aspects such as digital access, cybersecurity, customer experience design, and the management of charges for third-party services.

The Open Finance Regulation also introduces an Open Finance Framework. This framework comprises:

• The API Hub, a centralized platform for application programming interfaces (APIs) established by the CBUAE which serves as an access point to the framework for all the parties involved;
• The Trust Framework, which encompasses essential elements like the Participant Directory, facilitating participant validation; Digital Certificates for secure communications; the API Portal, which houses documentation on standards; and the Sandbox for ongoing testing and official certifications; and
• The Common Infrastructural Services, which include tools like the Consent and Authorization Manager, an independent app supporting the creation, management, enforcement, and revocation of various privacy directives for users of APIs.

The Open Finance Framework will be rolled out in a phased manner and onboarding into the Open Finance Framework will begin with banks and insurers.

Digital transformation program

The CBUAE’s new Open Finance Regulation falls under its broader Financial Infrastructure Transformation Programme (FIT Programme). Launched in February 2023, the program aims to accelerate the digital transformation of the financial sector and comprises nine key initiatives:

• Establishing a domestic card scheme for unified, secure and efficient card payment transactions to facilitate the growth of e-commerce and digital transactions;
• Introducing an electronic know-your-customer (eKYC) platform that facilitates remote customer onboarding and on-going customer due diligence;
• Implementing a central bank digital currency (CBDC) for faster and more efficient domestic and cross-border payment transactions;
• Developing advanced supervisory technology (suptech) solutions to support regulatory and supervisory progresses;
• Creating a collaborative innovation hub for engagement, research and development of fintech innovation;
• Building a robust instant payment platform to support financial inclusion and enable a cashless society;
• Establishing a secure, resilient, scalable and reliable sovereign cloud-based financial infrastructure;
• Promoting exceptional customer experiences and fostering a culture of excellence across the financial sector; and
• Establishing Open Finance to drive innovation and competition through interconnectivity and interoperability among all players and institutions.

Besides the Open Finance Regulation, the CBUAE has also initiated its CBDC initiative, announcing in March the launch of the CBUAE Central Bank Digital Currency (CBDC) Strategy. The strategy outlines plans for applying a so-called “digital dirham” across various domestic and cross-border scenarios in the region to improve efficiencies, enhance financial inclusion and support the move towards a cashless society.

In the first phase, R3 and G42 Cloud were chosen as the technology and infrastructure providers respectively, while Clifford Chance provided legal oversight for the strategy.

Phase 1 is expected to run for 12 to 15 months and focuses on three main pillars: the soft launch of mBridge to facilitate real value cross-border CBDC transactions for international trade settlement; proof-of-concept (PoC) work for bilateral CBDC bridges with India, one of the UAE’s top trading partners; and finally, PoC work for domestic CBDC issuance covering wholesale and retail usage.

These digital finance initiatives build on soaring usage of cashless payments in the UAE. According to Hasan Kazmi, head of digital partnerships for Visa in the Central and Eastern Europe, Middle East, and Africa, card payments were the most common online payment method in the UAE in 2023, accounting for nearly half of all transactions at 48%. Digital wallets came in second, representing slightly less than a quarter of transactions at 23% of the total.

Kazmi also noted that the mobile phone usage rate for payment transactions at point of sale have increased considerably over these past years, rising from 28% in 2020 to 41% in 2023. These figures indicate a growing trend towards mobile payment solutions among UAE consumers, and showcase a shift towards more convenient and secure payment methods, he said.

Featured image credit: edited from freepik