1. 6.1.6.1All Personal Data, documents, records and files must be securely retained for a minimum of 5 years. The retention period begins, depending on the circumstances, from the date of the most recent of any of the following events:
   1. a.Termination of the Business Relationship or the closing of a Consumer’s account with the Licensed Financial Institution; and
   2. b.Completion of a casual transaction (in respect of a Consumer with whom no Business Relationship is established).

All Standards related to confidentiality and security must be maintained after the termination of the relationship until the Personal Data is destroyed.

1. 6.1.6.2Licensed Financial Institutions must not process or use Personal Data for any period longer than is necessary for the fulfillment of the purpose for which that Personal Data is required. After the lapse of the mandatory retention period for retaining Consumer records, Licensed Financial Institutions must take all reasonable steps to ensure that all Data / Personal Data is destroyed or permanently deleted if it is no longer required for the purpose for which it was collected and processed or no longer required by law.
2. 6.1.6.3All Licensed Financial Institutions must hold and store all Consumer and transaction Data within the UAE as prescribed by the Central Bank. At a minimum, Licensed Financial Institutions must also establish a safe and secure backup of all the Consumer Data and transactions in a separate location for the required period of retention specified in Section 6.1.6.
3. 6.1.6.4Licensed Financial Institutions must ensure there is secure retention of Consumer Data that would prevent any unauthorized or accidental loss, misuse, modification, access, disclosure or destruction. Licensed Financial Institutions must review their procedures and methods for retention of Consumer Data on an annual basis.