---

1. Introduction

In the UAE’s rapidly evolving digital payments space, Payment Service Providers (PSPs) must align with strict oversight from the Central Bank of the UAE (CBUAE). This guide covers the core compliance expectations—spanning licensing, risk controls, data protection, and consumer transparency.

2. Licensing & Classification

• PSPs must obtain a CBUAE license, except for licensed commercial banks that follow an abbreviated process.
  
• The CBUAE defines four categories: Retail, Micropayment, Government, and Non‑issuing PSPs (Baker Tilly JFC).
  
• License holders must be UAE-incorporated (excluding ADGM or DIFC) and meet minimum capital and operational requirements.
  

3. AML, KYC & Risk Management

• PSPs must implement FATF-aligned AML/CTF controls, including KYC, monitoring, and SAR filing (KWSME PSP Licensing Guide).
  
• Reports are submitted to the UAE Financial Intelligence Unit (FIU).
  
• AML programs must be backed by staff training and internal audits.
  

4. Corporate Governance & Internal Controls

• Governance obligations include clear organizational charts, audit functions, and policy review cycles (CBUAE Rulebook – Section 45).
  
• User funds must be segregated from business funds (Dentons).
  

5. Cybersecurity & Operational Thresholds

• PSPs processing ≥ AED 10M/month must designate IT security teams and conduct penetration tests.
  
• Systems must be documented and protected under an incident response framework as outlined by the CBUAE.
  

6. Consumer Protection & Transaction Transparency

• PSPs must ensure clear transaction references, disclose fees, and set appropriate limits.
  
• Terms of service and dispute resolution processes are required under CBUAE’s guidelines.
  

7. Data Localization & Storage

• All customer and transaction data must be stored and processed within the UAE (JD Supra).
  
• Data must remain accessible for inspection by the CBUAE.
  

8. Enforcement & Penalties

• CBUAE has issued fines up to AED 5 million for AML and compliance violations
  
• Violations of data or governance standards can lead to suspension or revocation of a license.
  

9. Compliance Checklist

Area	Requirement
Licensing	Valid PSP category license and UAE incorporation
AML/KYC	CDD, SARs, FIU reporting, risk-based approach
Governance	Internal audit, compliance officers, fund segregation
Cybersecurity	Incident plans, pen testing, architecture documentation (if ≥ AED 10M/month)
Consumer Protection	Transaction transparency, fees disclosure, complaints handling
Data Storage	UAE-only data processing and retention

10. Conclusion & CTA

Compliance with the UAE Central Bank’s evolving requirements is not optional—it’s foundational to operating as a PSP. From licensing structure to data localization, every piece matters.

Need help with licensing or regulatory navigation?
Book a consultation with PayCompliance today

Sources

1. CBUAE Rulebook – Stored Value Facilities Regulation
   
2. Dentons – UAE E-Payment Licensing Regulations Overview
   
3. JD Supra – UAE Digital Payment Regulatory Developments
    
4. Baker Tilly JFC – PSP Classifications and Capital Requirements
   
5. KWSME – Payment Service Provider Licensing in UAE