UAE2021

CBUAE Technology Risk Management Guidelines

CBUAE TRM

The CBUAE Technology Risk Management (TRM) Guidelines set out requirements for managing technology and information security risks at licensed financial institutions in the UAE. They cover governance, change management, cloud computing, outsourcing, data security, cyber resilience, and business continuity — forming a key pillar of the UAE financial sector's operational risk framework.

Ask GCC LexAI about CBUAE TRM →UAE cybersecurity →

Key Requirements

Establish a board-approved Technology Risk Management framework with defined risk appetite and governance
Implement a secure software development lifecycle (SDLC) and rigorous change management controls
Apply enhanced due diligence and contractual safeguards before outsourcing critical technology functions
Comply with CBUAE cloud computing guidelines when hosting regulated data or applications in the cloud
Maintain a tested Cyber Incident Response Plan and report material incidents to CBUAE promptly
Conduct annual independent technology risk assessments and report material gaps to senior management

Applies to

All CBUAE-licensed financial institutions including banks, payment service providers, finance companies, and other regulated entities operating in the UAE.

Issued by:CBUAE ← UAE overview

CBUAE Technology Risk Management Guidelines

Key Requirements

Related Documents (2)