IDC Names Securiti a Worldwide Leader in Data Privacy


UAE Central Bank SVF Regulations

UAE Consumer Protection Regulations

Last Updated on November 19, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


On 30th September 2020, the Central Bank of UAE issued a new Stored Value Facilities Regulation (the “ SVF Regulation”) to support the development of digital payment services in the UAE. The SVF Regulation was designed to facilitate access to the UAE market for SVF providers, Payment Service Providers (PSPs), and FinTech Firms whilst continuing to protect customer interests, ensuring proper business practices and supporting the development of payment products and services in the UAE.

There are few sections under the SVF Regulation that prescribes the data protection requirements for the SVF licensees. The SVF Regulation requires that an SVF licensee must adequately protect customers’ data which are required to be stored and maintained in the UAE. It also prescribes that an SVF licensee must store and retain all customer and transaction data for a period of five years from the date of the creation of the customer data, or longer if required by other laws.

Furthermore, the SVF licensees must also have adequate policies, procedures and measures in place to protect their information and accounting systems, databases, and other records and documents from unauthorized access, unauthorized retrieval, tampering and misuse.

CBUAE SVF Regulation Solution

The solution

See how the comprehensive PrivacyOps framework can help you comply with various sections of the CBUAE SVF Regulation


Assess CBUAE SVF Regulation readiness

Articles: 2, 3(5)(6), 8(1), 9(10), 10(5)(6), 12, 13(7.4)

With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can gauge your organization's posture against the CBUAE SVF Regulation requirements, identify the gaps, and address the risks. Seamlessly being able to expand assessment capabilities across your vendor ecosystem to maintain compliance against the regulation.

CBUAE SVF Regulation Readiness Assessment
Personal Data Explorer

Continuous monitoring and tracking

Article: 8(1), 9(10), 10(5), 12

Keep track of risks involved by continuously scanning and monitoring data against non-compliance to the protection of data, security controls, or data residency.

Manage vendor risk

Articles: 3(5)(6), 8(1)(14)(15), 12(43-47), 13(7.4)

Keep track of privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate deletion requests, and manage all vendor contracts and compliance documents.

Vendor Risk Management
Data Flow Mapping

Map Data Flows

Article: 10(6)

Track data flows in your organizations, trace this data, catalogue, transfer, and document business process flows internally and to service providers or third parties.

Breach Response Notification

Article: 12(4)(30)

Automate compliance actions and breach notifications to concerned stakeholders with regards to security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Facts Related to CBUAE SVF Regulation


The SVF Regulation applies to all companies licensed under the now-repealed Regulatory Framework for Stored Value and Electronic Payment Systems and those looking to conduct SVF activities under the SVF Regulation.


While banks are exempted from this regulation, they are still required to notify the Central Bank in writing, if they plan to issue an SVF.


The SVF Regulation requires that outsourcing arrangements with third parties must  contain adequate data protection and data handling controls.


Central Bank of UAE expects licensees to have an incident management framework to manage, report, and deal with significant technology-related incidents.


For an SVF license, an applicant must also have, among other things,  an independent assessment on effective risk management, technology risk and internal controls framework.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report