FinTech in the United Arab Emirates

Divya Abrol Gambhir - Partner - Banking and Finance

Ashish Banga - Senior Associate - Consultant - Banking and Finance

The UAE, including the Abu Dhabi Global Market (“ADGM”) and the Dubai International Financial Centre (“DIFC”), continues to be actively involved in the development of the financial technology ecosystem within the MENA region particularly in respect of cryptoassets (otherwise described as ‘virtual assets’), the regulatory laboratories and testing licenses, financial technology licensing, digital banking and crowdfunding.

Given the broad scope of the subject, this article focuses on areas of cryptoassets, the associated regulatory ‘laboratories’ and the testing licenses.


Cryptoassets, Virtual Assets and Initial Coin Offerings (‘‘ICOs’’) and the Central Bank and Securities and Commodities Authority (‘‘SCA’’)

There are currently no formal regulations on cryptoassets or ICOs onshore in the UAE. There have been several press releases and statements issued by the UAE Central Bank confirming that it does not approve any private cryptocurrencies or schemes and has not issued any licenses in the UAE. However, no formal notification or guidelines have been issued by the Central Bank in this regard.

Initially the UAE SCA issued a public warning statement, in February 2018, on ICOs reiterating that the SCA does not regulate, mandate, or recognise any ICOs. The statement also highlighted the risks associated with investments in ICOs. This was followed by an announcement, later that year, indicating the SCA’s intention to regulate ICOs and recognise digital tokens as securities.

Taking a step further, the SCA, in October 2019, issued draft regulations relating to cryptoassets. The SCA invited feedback from various market players regarding these regulations. The draft regulations primarily dealt with token issuance requirements, trading and safekeeping practices with an emphasis on protecting investor interests, financial crime prevention measures, cryptoasset safekeeping standards, information security controls, technology governance norms and conduct of business requirements for all market intermediaries.

In the midst of these developments, the Dubai Multi Commodities Centre (‘‘DMCC’’), one of the free zones in the UAE, issued licenses for conducting ‘proprietary trading in cryptocommodities’. Activities of the entities holding such licenses are limited to trading in cryptoassets for and on their own behalf.


Dubai Financial Services Authority (‘‘DFSA’’)

Similar to the onshore position, there are no laws or regulations around cryptoassets in the DIFC. In 2017, DFSA issued a statement highlighting that the issuance and offering of cryptoassets and the systems and technology that support them are complex and therefore have a high risk associated with them. In said statement, it was confirmed that it does not regulate product offerings in connection with cryptoassets and also that it would not license firms undertaking such activities. There has been no change in this position since then.


Financial Services Regulatory Authority (‘‘FSRA’’)

Taking a lead on the regulation of cryptoassets in the ADGM, in June 2018 the FSRA issued guidance on conducting cryptoasset activities and accordingly amended the relevant financial regulations applicable to ADGM. This guidance was supplementary to, and is to be read in conjunction with, the FSRA’s earlier guidance on the regulation of ICOs, token offerings and virtual currencies issued in October 2017.

These guidelines were supported by an additional guidance ‘Regulation of Digital Security Offerings and Cryptoassets under the Financial Services and Markets Regulations’ and ‘Cryptoasset Activities’ both of which were issued by the FSRA earlier in 2019.

In February 2020, FSRA issued further guidelines amending the existing guidelines around crypto assets, ICOs and digital securities introducing the following changes: (a) replacing the term ‘Crypto Asset’ with ‘Virtual Asset’, in order to align the terminology with that of the Financial Action Task Force,the inter-governmental body established to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and related threats to the integrity of the international financial system; (b) amending the existing regulations and guidelines to move from a bespoke regulated activity of ‘Operating Crypto Asset Business’ to dealing in virtual assets within the scope of the underlying regulated activity (e.g. providing custody, operating a multilateral trading facility, dealing in investments, etc.) (‘‘Virtual Asset Guidance’’); (c) updating regulation of digital security offerings and virtual assets under the Financial Services and Market Regulations 2015 (‘‘ICO Guidance’’); and (d) regulating digital securities activity in ADGM (‘‘Digital Securities Guidance’’).

Similar to the previously issued cryptoasset guidance, the Virtual Asset Guidance applies to: (a) applicants intending to carry on a regulated activity in relation to virtual assets in or from the ADGM; (b) licensed entities conducting a regulated activity in relation to virtual assets in or from the ADGM; (c) recognised investment exchanges with a stipulation on its recognition order permitting it to carry on the regulated activity of operating a multilateral trading facility (in relation to Virtual Assets) within ADGM; and (d) applicants and licensed entities in respect of the use of stablecoins in or from the ADGM.

The ICO Guidance is applicable to those considering the use of ICOs to raise funds including those considering transacting in, and the general use of, virtual tokens and virtual assets. Whereas, the Digital Securities Guidance sets out the FSRA’s approach to the regulation of use of or using, digital securities within ADGM including activities undertaken by recognised investment exchanges, multilateral trading facilities, issuers, reporting entities, licensed entities conducting a regulated activity in relation to virtual assets and licensed entities providing custody or operating a private financing platform, amongst others.

Stablecoins are blockchain based tokens that are valued by reference to an underlying fiat currency or basket of assets. Typically, these are less volatile than typical virtual assets, which makes them a more lucrative option as a medium of transfer of value within the virtual asset domain. In addition to being a ‘safe’ store of value, the ability to liquidate a stablecoin to fiat currencies seems to be higher than virtual assets, therefore leading to a growing demand for such digital tokens.


Testing Laboratories


Following the SCA’s announcement in September 2018, indicating its intention to regulate ICOs and recognise digital tokens as securities, it also approved draft regulations setting the regulatory controls for the fintech sector in the form of a pilot regulatory environment (i.e. the sandbox) in order to enhance and support the financial integrity of financial technology companies.

The draft regulations explained Sandbox as a process-based framework that shall allow entities to test innovative products, services, solutions and business models in a relaxed regulatory environment, but within a defined space and duration. Under this framework, the SCA intends to work together with the participants to evaluate the innovative products, services, solutions or business models with a view to identifying legal and regulatory requirements which can potentially be relaxed or waived throughout the duration when the participants are within the Sandbox regulatory regime.

The SCA continues to discuss the said framework as well as the draft regulations with the relevant market players and is currently inviting comments on Sandbox controls from these players.


Fintech Hive accelerator

Similar to the SCA’s proposed Sandbox regime, Fintech Hive is an accelerator programme of the DIFC aimed at encouraging technology entities that have a product or service offering that benefits the financial services sector or the digital space. The programme allows fintechs, insurtechs, regtechs and Islamic fintechs, an opportunity to develop, test and adapt their technologies in the DIFC, in collaboration with top executives from the DIFC and regional established financial institutions.

To the extent applicants intend to provide innovative solutions in the financial services sector, the DFSA offers an innovation testing licence to such applicants. This restricted financial services licence allows qualifying applicants (i.e. participants) to develop and test innovative concepts from within the DIFC, without being subjected to all the regulatory requirements that normally apply to regulated firms. In order to determine the level of restriction and support the DFSA works with the participants to understand the business proposal and establish the appropriate controls for the safety of clients (if any) involved, on a case-by-case basis.

The validity of such a licence typically ranges from a period of six to twelve months, during which the participants are expected to complete the testing and development of the solution. At the end of the prescribed period, if the participant meets the outcomes detailed in the regulatory test plan, it can opt for migration to full authorisation. If it does not meet the outcomes, the participant will be required to cease activities within the accelerator programme.



The ADGM RegLab is a regulatory framework introduced by the FSRA to provide a controlled environment to fintech participants to develop and test innovative solutions.

The FSRA offers licenses for developing financial technology services within the RegLab. Such a licence permits the participants to develop and test innovative fintech services, business models and delivery mechanisms. Similar to the DFSA model, in order to facilitate such development and testing, FSRA assesses the risks posed in each fintech participant’s business model and accordingly tailors a set of appropriate regulatory controls on a specific, case-by-case basis. These regulatory controls are less onerous than those applicable to regulated entities in general in the ADGM. The tailoring of regulatory controls is usually subject to restrictions regarding the scope and scale of the test activities in order to mitigate the associated risks and impact.

The licence is typically valid for a period of two years, during which the participants are expected to successfully develop and test their fintech solution, to a point it can be commercially launched. Similar to the DFSA approach, at the end of the testing period, the participant is provided an option to migrate to a full licence, if the trial is successfully completed and the innovation is ready to be commercially launched. However, if this is not the case, the participant is required to cease its activities in the ADGM and exit the RegLab.



Whilst the Central Bank, the SCA, FSRA and DFSA have their own sets of laws, rules, regulations as well as guidelines for regulating fintech activities within their respective jurisdictions, efforts are being made to align the regulatory landscape and boost the overall development of the fintech ecosystem.

These jurisdictions do not provide for any passporting arrangements. Accordingly, the fintech participants will have to limit their activities within the jurisdiction in which they are incorporated and would therefore require additional licensing for conducting activities in other jurisdictions.