The Virtual Currency Regulation Review: United Arab Emirates

Introduction to the legal and regulatory framework

The United Arab Emirates (UAE) has a rapidly modernising legal system. The overall legal system is a civil law system influenced by shariah (Islamic law), the major legal codes of which include the Civil Transactions Law, the Commercial Transactions Law, the Penal Code and the Commercial Companies Code. In addition to UAE federal law, each of the seven emirates of the UAE (Dubai, Abu Dhabi, Sharjah, Ajman, Umm Al Quwain, Ras Al Khaimah and Fujairah) has its own laws and regulations in areas where there is no federal law. In the field of financial and capital markets, the UAE Central Bank and the Securities and Commodities Authority (SCA) are the federal regulators.

Each emirate also has its own free zones, which have limited independence from the emirate and federal law that applies to foreign investment restrictions and customs. There are, however, two financial free zones established pursuant to the UAE Constitution and federal law that are entirely separate jurisdictions in the sense that they have a regime of civil, financial and commercial laws separate from the remainder of the UAE. The two free zones are the Dubai International Financial Centre (DIFC), where the regulator is the Dubai Financial Services Authority (DFSA), and the Abu Dhabi Global Market (ADGM), where the regulator is the Financial Services Regulatory Authority (FSRA). The DIFC applies a common law system modelled on English common law, while the ADGM applies English common law itself. UAE federal criminal laws do, however, apply in the DIFC and the ADGM (e.g., the federal anti-money laundering laws). Onshore UAE, the DIFC and the ADGM are dealt with separately in this chapter.

Blockchain and distributed ledger technology (DLT) is a government priority for the UAE, which has initiated various blockchain-related ventures and initiatives, many in collaboration with other jurisdictions.

From a regulatory perspective, the ADGM has been the most active, having already issued extensive regulations in 2018. The ADGM's laws, regulations and guidance notes are regularly updated to keep abreast of global developments in blockchain regulation. The ADGM has consequently attracted significant interest from international industry participants, particularly from those operating central virtual currency exchanges.2

Taking a wait-and-see approach over several years, and following conflicting statements and much uncertainty, the SCA finally issued a long-awaited regulation on cryptoassets on 1 November 2020. Decision No. 23 of 2020 concerning Crypto Assets Activities Regulation (the SCA Virtual Asset Regulation),3 is far reaching and endeavours to regulate the offering, issuing, listing and trading of cryptoassets in onshore UAE. The issuance of the SCA Virtual Asset Regulation comes after the UAE Central Bank issued an updated Stored Value Facilities (SVF) Regulation, which also considers cryptoassets.4

Accordingly, only the DIFC has thus far avoided regulating cryptoassets. However, the DFSA conducted a public consultation5 in the first and second quarter of 2021 on a proposed legal framework for security tokens in the DIFC, also indicating that the DFSA plans to regulate other cryptoassets thereafter. At the time of writing, legislation has yet to be issued.

Securities and investment laws

i Onshore UAE

In onshore UAE, the UAE Central Bank and the SCA share responsibility for the regulatory oversight of the UAE's financial and capital markets. This includes the non-financial free zones, such as the Dubai Multi Commodities Centre (DMCC) and the Dubai Silicon Oasis (DSO).

On 1 November 2020, the Chairman of the Authority's Board of Directors issued the SCA Virtual Asset Regulation, a first draft of which had already been issued in October 2019 as part of a public consultation.6

The SCA Virtual Asset Regulation is drafted to be technologically neutral and all-encompassing and, notably, allows submissions by regulated persons in the English language, although Arabic translations may be requested on demand.7

The SCA Virtual Asset Regulation applies to anyone offering, promoting or issuing cryptoassets in or from onshore UAE or to persons in onshore UAE, as well as anyone offering crypto custody services, or operating a crypto exchange or a crypto fundraising platform and any other financial activity relating to cryptoassets.8

The SCA Virtual Asset Regulation distinguishes between (1) security tokens and (2) commodity tokens, the latter of which are any cryptoassets that are not security tokens9 and regulates both with far-reaching submission or approval requirements, although the regulatory requirements are higher for security tokens. The SCA Virtual Asset Regulation introduces a new professional investor definition that is wider than earlier qualified investor definition. For natural person residents, a professional investor includes those who confirm sufficient knowledge to deal with the investments concerned or are represented by qualified investment professionals, have an annual income of not less than 1 million dirhams a year or with a net worth of not less than 4 million dirhams.10 Various exceptions from approval and disclosure requirements apply to professional investors.

The SCA Virtual Asset Regulation subjects any offering, trading or dealing in security tokens or financial activities relating to security tokens to the UAE securities laws and provides that guidance would be issued on how to assess whether a cryptoasset qualifies as a security token.11 The designation of a cryptoasset as a security token is the decision of the SCA alone, which may also provide case-by-case exemptions from compliance with certain requirements.12 More details are provided in Sections V and VI.

Securities and related investments are primarily governed by Federal Law No. 4 of 2000 Concerning the Emirates Securities and Commodities Authority and Market (the Securities Law).13 The Securities Law established the SCA as a second federal regulator (together with the Central Bank) and includes basic rules on the offering of securities.14 On 9 May 2021, pursuant to decision No. 13 of 2021 of the Chairman of the Board of Directors, the SCA issued the SCA's new Market Rulebook, cancelling several previous decisions and regulations issued under the Securities Law.15 The Rulebook replaces the definition of a qualified investor with that of a professional investor.16 The definition is similar to that adopted by the SCA Virtual Asset Regulation, but leaves out the requirement that an individual's income not be less than 1 million dirhams a year.

ii DIFC

The DFSA, the DIFC's competent regulator, currently does not regulate cryptoassets, but this is due to change with the introduction of a framework for security tokens and a later framework for cryptoassets in the near future. Overall, the DFSA had in the past adopted a wait and see approach to crypto regulation despite having issued several warning messages in the past. As such, it stated in September 2017 that it does not regulate cryproassets and considers them to be high-risk.17 It then stated that it does not license any firms in the DIFC to carry out activities related to virtual currency investments. In October 2019, the DFSA sent an alert about 'MeleCoin' falsely being licensed in the DIFC.18 In its alert, the DFSA again referred to its September 2017 warning.19 Finally, in March 2021, the DIFC issued a consultation on its proposed framework for security tokens, which concluded in the second quarter of 2021. Therein, the DFSA makes clear that it intends to regulate cryptoassets in the near future.20 In July 2021, it was reported that the DIFC would start consultation on a cryptoasset framework in the third quarter of 2021.21 As to security tokens, it is expected that they will be regulated in accordance with existing regulation with additional requirements to tackle technological risks specific to DLT and blockchain. While DIFC regulation in general has a track record of being very business friendly, it is not expected that the framework will provide innovative solutions to the decentralised finance (DeFi) market; for example, by allowing security tokens issued on DIFC-based platforms to be traded on permissionless applications such as Uniswap or other DEXs.

Currently, the core laws regulating licensable businesses in the DIFC and administered by the DFSA are:

  1. the Regulatory Law 2004;
  2. the Markets Law 2012;
  3. the Law Regulating Islamic Financial Business 2004;
  4. the Collective Investment Law 2010; and
  5. the Investment Trust Law 2006.22

The DFSA has issued a rulebook (the DFSA Rulebook) that contains subsidiary legislation made under the Regulatory Law 2004 by the board of directors of the DFSA.23

The DIFC prohibits people from performing financial services, including dealing in and advising on investments such as securities and derivatives, unless authorised to do so.24

The DIFC also prohibits financial promotions, which covers any communication 'which invites or induces a Person to (a) enter into, or offer to enter into, an agreement in relation to the provision of a financial service; or (b) exercise any rights conferred by a financial product or acquire, dispose of, underwrite or convert a financial product'.25

The lack of specific regulatory framework has not stopped crypto and blockchain projects from setting up in the DIFC. As such, Ripple operates its regional headquarters from the DIFC,26 though it appears to only conduct marketing activities there.27

iii ADGM

The competent regulator in the ADGM is the FSRA. In summer 2018, the FSRA issued a far-reaching framework regulating the operation of what it then called 'cryptoasset' businesses by amendment of the Financial Services and Markets Regulations (FSMRs)28 and the provision of detailed guidance notes.29 The framework is regularly updated to keep abreast of global crypto-related developments; it was last amended in February 2020,30 along with corresponding guidance documentation.31

The FSMRs divide virtual coins and tokens into digital assets regulated by the FSRA on one hand, which includes virtual assets (such as non-fiat virtual currencies, including Bitcoin and Ether), digital securities, fiat tokens (fully backed by fiat), and derivatives and funds (i.e., derivatives over any digital assets and collective investment funds investing in digital assets) and other digital tokens (e.g., utility tokens) on the other hand.32 Only the latter remain unregulated.

The FSMRs define a virtual asset as a means of digital representation of value that can be digitally traded and functions as a medium of exchange, a unit of account or a store of value, or all three, but does not have legal tender status in any jurisdiction.33 From a regulatory policy perspective, the FSRA treats virtual assets as commodities and therefore not as specified investments under the FSMRs. Derivatives of virtual assets are treated as commodity derivatives and therefore as specified investments under the FSMRs.34 Even though not all virtual assets are specified investments, any market operator, intermediary or custodian dealing in virtual assets is required to be approved by the FSRA as a financial service permission holder in relation to the applicable regulated activity.35

Where the FSRA classifies digital assets as digital securities or derivatives or collective investment funds of virtual assets, dealing in them and their issuance must fully comply with the provisions applying to securities, derivatives and funds as set out in the FSMRs and ancillary rules issued by the FSRA.36 To clarify its treatment of digital securities, the FSRA issued new guidance on the regulation of digital securities activities in February 2020.37 The guidance defines digital securities as digital assets with the economic and legal features and characteristics of securities.38 The guidance seeks to clarify digital securities-related financial services activities within the ADGM, in both a primary and secondary market context, as well as tokenised security offerings.39

Where fiat tokens are involved, activities must be licensed and regulated as providing money services under the FSMRs.40

Banking and money transmission

The Central Bank is the UAE's banking, credit and monetary regulator, and it:

  1. provides general regulation of banking-related matters;
  2. oversees the issuance of currency;
  3. supervises banking and other licensable financial activities;
  4. advises the government on financial issues;
  5. maintains foreign exchange reserves; and
  6. acts as a bank for the government and other banks in the UAE.

In September 2018, the UAE government overhauled its financial service and banking laws through the issuance of Federal Law No. 14 of 2018 concerning the Central Bank and Organisation of Financial Institutions and Activities (the Financial Services Law).41 The Financial Services Law replaced Federal Law No. 10 of 1980 concerning the Central Bank, the Monetary System and the Organisation of Banking as the main legal framework for banking in the UAE.42 The law regulates financial services within and from the UAE as well as the proceedings of the Central Bank. Despite its recent issuance, the Financial Services Law does not refer to cryptoassets.

In September 2020, the UAE Central Bank issued a new Stored Value Facilities (SVF) Regulation, which came into effect on 15 November 2020 and repeals the regulatory framework for stored values and electronic payment systems previously issued in 2017.43 It applies to onshore UAE but not the financial free zones. Stored value facilities are non-cash facilities into which clients pre-pay money so that they can use that payment method thereafter to pay for goods and services. While the UAE Central Bank continues to maintain that cryptoassets are not legal tender in the UAE, the overhauled Stored Value Facilities (SVF) Regulation now explicitly allows cryptoassets to be used as a stored value when purchasing other goods and services.44

In the past, local banks in the UAE have adopted inconsistent and changeable restrictions on remitting funds to or receiving funds from cryptocurrency exchanges or other businesses in the ecosystem, typically without prior notice. The basis for such restrictions is typically the know-your-customer (KYC) and anti-money laundering (AML) obligations applicable to banks (as further considered in Section IV). As is the case elsewhere in the world, UAE banks have hesitated to open bank accounts for cryptoasset businesses. This position has improved significantly, however, as UAE banks are studying blockchain solutions and integrating them into their own business with great vigour or are at least considering doing so.45

The ability to buy real-world assets with cryptoassets in the UAE is also steadily increasing. As such, it was reported in February 2021 that Kiklabb, a state-owned company that assists businesses to gain free zone licences was accepting Bitcoin, Ethereum and USDT as payment.46 Virtuzone, another company assisting entrepreneurs to set up in the UAE, also announced it would accept cryptocurrencies.47 Restaurants have also been seen to accept cryptoassets as payment, as well as real estate companies.48

Anti-money laundering

In the UAE, the main piece of relevant legislation is Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations (the AML Law)49 together with Cabinet Resolution No. (10) of 2019 Concerning the Executive Regulation50 of Federal Law No. 20 of 2018 (the AML Executive Regulation).51 The AML Law and the AML Executive Regulation apply in all emirates, including the DIFC and ADGM. The AML Law repealed the older Federal Law No. 4 of 2002 concerning Combating Money Laundering and Terrorism Financing Crimes. The overhaul of the UAE's regime on AML and combating the financing of terrorism (CFT) went hand in hand with the issuance of the Central Bank Law complementing the AML Law.

The AML Law defines the crimes of money laundering and terrorist financing and details the sanctions for these activities. Additionally, Law No. 7 of 2014 on Combating Terrorism Offences (the CTO Law) addresses the combating of terrorism crimes.52

The main money laundering offence is defined in Article 2 of the AML Law. The offence renders a person a perpetrator of money laundering who:

  1. conducts any transaction aiming to conceal the funds' illegal source;
  2. conceals the true nature, origin, location, way of disposition or ownership of rights with respect to the proceeds of a transaction;
  3. acquires, possesses or uses the proceeds upon receipt; or
  4. assists the perpetrator of the office to escape punishment.

Crucially, it is not required to prove the illicit source of the funds to convict a person for money laundering. It is, however, only money laundering if the person is fully aware that the funds are derived from a felony or a misdemeanour.

For the purposes of virtual currencies, funds refer to any assets whatsoever, including assets in digital or electronic form.53 Cryptoassets do fall within the scope of the UAE's AML/CFT regime.

Sanctions for money laundering include prison sentences of up to 10 years, monetary fines for individuals of between 100,000 dirhams and 5 million dirhams. Where a representative of a legal person commits any of the AML Law's money laundering offences, monetary fines range from 500,000 dirhams to 50 million dirhams.54 Where the entity is convicted of terrorist financing, it is dissolved. In all cases, tainted funds are to be forfeited or, where this is not possible, equivalent funds seized.55 Forfeiture also applies to virtual currencies. Again, while cryptoassets are not specifically mentioned in the legislation, any cryptoassets will be considered assets that may be confiscated by the courts if those funds are tainted by money laundering. Other offences include intentionally failing to report suspicious activity or to provide additional information upon request, deliberately concealing information56 and tipping off.57 Failing reporting duties because of gross negligence also attracts prison sentences or fines, or both.58 Breaches by obliged entities may attract penalties ranging from warnings, revocation of licences, fines to arrest of responsible personnel.59

The AML Law applies broadly to financial institutions, and in contrast to previous regulation, now also explicitly designates non-financial businesses and professions and non-profit organisations as obliged entities.60 The term 'financial institutions' includes anyone who does any of the following on behalf of a customer:

  1. receives deposits and other funds that can be paid by the public;
  2. provides private banking services, credit facilities, cash brokerage services, currency exchange and money transfer services, stored value services, electronic payments for retail and digital cash, and virtual banking services;
  3. conducts financial transactions in securities, finance and financial leasing;
  4. issues and manages means of payment, guarantees or obligations;
  5. trades, invests, operates or manages funds, option or future contracts, and exchange rates;
  6. conducts interest rate transactions, other derivatives or negotiable financial instruments;
  7. participates in issuing securities and providing related financial services;
  8. manages fund portfolios;
  9. manages saving funds;
  10. prepares or markets financial activities;
  11. conducts insurance transactions; or
  12. conducts any other activity or financial transaction as determined by a supervisory authority.61

Designated non-financial businesses and professions include brokers when they conclude operations for the benefit of customers concerning a real estate transaction, dealers in precious metals or stones in any related transactions of 55,000 dirhams or more, lawyers, notaries and accountants when preparing, conducting or executing financial transactions for clients in respect of certain transactions, and providers of corporate and trust services or anyone so determined by a supervisory authority.62 Non-Profit organisations include 'any organised group, of a continuing nature set for a temporary or permanent time period, comprising natural or legal persons as well as not-for-profit legal arrangements for the purpose of collecting, receiving or disbursing funds for charitable, religious, cultural, educational, social, communal or any other charitable activities'.

The definitions are wide and non-exhaustive. The definition for activities rendering an entity a financial institution includes the provision of 'digital cash', without any further explanation as to whether this definition includes any or all forms of crypto or whether only fiat-like tokens such as stablecoins, particularly those pegged to or backed by a fiat currency63 are caught by the definition. However, the definition of assets taken together with the scope of obliged entities is wide enough to cover establishments dealing in or with cryptoassets, including blockchain ventures structured as foundations.

The ALM Law and its Executive Regulation also expands the powers of institutions, units and committees charged with supervision and enforcement of the UAE's AML/CTF regime.64 These include, among others, the Central Bank, which operates the Financial Intelligence Unit and is to receive suspicious activities report filings from obliged entities, the DMCC Authority within its free zone, the DFSA in the DIFC and the FSRA in the ADGM.65

Several key decisions relating to combating money laundering and terrorist financing have since been published that complement and update the AML Law.66 In March 2021, a comprehensive AMLCFT Guidelines for Financial Institutions67 explicitly covering virtual asset service providers and one Guidelines for Designated Non-Financial Businesses and Professions68 were prepared as a joint effort by the supervisory authorities of the UAE, including the DIFC and ADGM regulators.69 They set out the minimum expectations of the supervisory authorities regarding the factors that should be taken into consideration by financial institutions and designated non-financial businesses when implementing AML and CFT rules.

Since 2019, the UAE government requires regulated entities, including financial institutions to use 'goAML', a UN-developed software platform, to file reports of any activity suspected of money laundering to the Central Bank's Financial Intelligence Unit.70

The SCA Virtual Asset Regulation refers to the AML Law and regulations, but also sets out additional AML/CFT provisions,71 such as the need to have a robust compliance framework, including KYC and ongoing AML monitoring in place. The SCA Virtual Asset Regulation requires that deposits and withdrawals may only be made from and to a designated bank account in the name of the client with an authorised financial institution in the UAE or a foreign financial institution explicitly signed off by the SCA.72 Crucially, the SCA Virtual Asset Regulation suggests that a cryptoasset that cannot be adequately traced may not be used to fund accounts or make transactions through a licensed person, such as an SCA-licensed cryptoasset exchange.73 This is to restrict in the UAE the usage and trading of privacy coins, such as Monero, Zcash or Dash, and coins routed through anonymising protocols and mixers.

i DIFC

The AML Law, the CTO Law and their implementing regulations apply in the DIFC by virtue of Article 3 of the Regulatory Law. Violations of the mainland UAE AML/CTF regime may also be punished in the DIFC.74 Additionally, the DIFC has its own AML/CFT regime contained in Chapter II of Part IV of the DIFC Regulatory Law and the Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (the AML Rules) of the DFSA Rulebook, last updated in April 2020. Until the issuance of the AML Law in mainland UAE, the DIFC regime went beyond UAE requirements, but is now largely in line with them.75

The AML Rules also apply a risk-based approach to authorised firms (other than credit rating agencies), authorised market institutions, designated non-financial businesses or professions, and auditors. If a blockchain or cryptoasset business were licensed by the DFSA, it would be obliged to comply with the DFSA's AML Module, which includes extensive customer due diligence and continuing AML monitoring. Businesses active in DeFi, particularly in yield farming and liquidity mining via decentralised protocols, may have difficulty complying.

ii ADGM

The mainland UAE AML/CTF regime also applies in the ADGM. Like the DIFC, the FSRA maintains an AML Rulebook, which complements the federal regulations and puts detailed requirements on regulated entities, including for risk-based KYC and AML controls.76 The FSRA overhauled the ADGM's framework in 2018 and 2019 (with limited changes in February and November 2020) to bring it in line with the AML Law and implementing regulations.77 The Rulebook applies to all FSRA-regulated entities, including those regulated under the 2018 and follow-on amendments to the FSMA relating to virtual asset businesses.78 In line with other jurisdictions, the ADGM requires the provision of detailed and comprehensive virtual asset compliance policies and the appointment of a money laundering reporting officer responsible for overseeing the authorised person's compliance with the AML Rulebook.79

Regulation of exchanges

i Onshore UAE

The SCA Virtual Asset Regulation issued in November 2020 requires anyone who wants to operate a cryptoasset exchange in and from onshore UAE to be licensed by the SCA.80 The SCA Virtual Asset Regulation defines operating a cryptoasset exchange widely as 'a platform or facility for the trading, conversion and/or exchange of cryptoassets in return for other cryptoassets, fiat currency, securities and/or commodities, which applies non-discretionary trading and/or order matching rules, or which brings potential buyers and sellers together (regardless of whether any resulting transaction is executed on the platform), or which is deemed to be a crypto asset exchange . . . or is approved or licensed as a crypto fundraising platform'.81 The SCA subjects the licensing and operation of cryptoasset exchanges to the SCA's market regulations, but allows derogations from those regulations on a case-by-case basis.82

Licence requirements

To be licensed to operate a cryptoasset exchange, an operator needs to fulfil international best market practices, such as demonstrating the provision of resilient technological systems, asset segregation and capital requirements, the instatement of robust market surveillance mechanisms, effective AML/CTF controls and customer screening procedures that ensure the customers' knowledge and crypto investment skills, as well as effective policies to prevent insider trading and market abuse.83

While the definition is squarely focused on centralised actors, it could potentially be interpreted to cover protocols that do not take custody of a client's cryptoassets as well as messaging boards that bring buyers and sellers together, so long as a centralised operator can be pinpointed. The requirement that an operator must be a legal person leaves room for the interpretation that decentralised protocols operated by unregistered decentralised autonomous organisations or networks (DAOs) without legal entity do not fall within the scope of the SCA Virtual Asset Regulation.84

Listing of cryptoassets

Generally, licensed operators wishing to list a cryptoasset on their exchange must comply with the regulations and decisions of the authority in force regarding the listing of securities and commodities, subject to additional or varying requirements in the SCA Virtual Asset Regulation.85 Authorisation requirements depend on whether the cryptoasset exchange is open for retail investors or not.86 Where a cryptoasset exchange allows only professional investors for trading, the operator must file limited offering documentation as listed in Section 9 of the SCA Virtual Asset Regulation with the SCA but not seek listing approval,87 whereas in the case of exchanges open to retail investors, additional approval for listing is to be obtained for each cryptoasset separately.88

Cryptoasset exchanges targeting retail customers must only allow to trade users who are either (1) able to demonstrate experience and know-how in trading of cryptoassets or traditional securities or commodities, or (2) who wish to acquire the cryptoasset to exercise its utility exclusively, without investment intentions.89 The requirement likely means that cryptoasset exchanges implement a knowledge test when onboarding users or a confirmation that the user only wishes to acquire a cryptoasset for its utility. Similar procedures are common internationally. The SCA's refusal to permit privacy coins that do not allow tracing to be listed for trading on crypto exchanges is also in line with a growing international trend.90 It remains to be seen whether the SCA Virtual Asset Regulation will be able to entice cryptoasset exchanges to set up in onshore UAE as opposed to the ADGM.

At the time of writing, no cryptocurrency exchange fully operated out of onshore UAE. BitOasis, which markets itself as the 'first and largest cryptocurrency exchange in the Middle East' was originally incorporated as an entity in the DSO, a Dubai free zone, but thereafter moved to the British Virgin Islands.91 It has now secured a licence from the FSRA to operate a multilateral trading and a custody facility in the ADGM via its ADGM entity Blex Financial Ltd.92

While the SCA has been comparatively slow to offer a home to cryptoasset-related businesses, the DMCC offered – as early as December 2017 – proprietary trading in crypto commodities as a licensable regulated activity under Activity No. 6599-92.93 This is in line with the DMCC's position that cryptoassets are a commodity and therefore within the free zone's jurisdictional scope. The licence did not, however, allow the establishment of a fully fledged cryptoasset trading platform. Nevertheless, the DMCC continued to pursue its crypto ambition and entered various partnerships, including with CV VC AG, to further develop the blockchain ecosystem in the DMCC, akin to Switzerland's Crypto Valley.94

In March 2021, the DMCC entered into a memorandum of understanding with the SCA to establish a framework that would allow the DMCC to expand its offering to the full gamut of crypto activities, including the operation of cryptoasset exchanges.95 The cooperation, however, also means that DMCC regulation must align with the strict requirements under the SCA Virtual Asset Regulation. It is yet to be seen how the SCA Virtual Asset Regulation will be applied in the DMCC to allow a customer-friendly experience. A similar memorandum of understanding was signed between the Dubai Airport Free Zone Authority and the SCA.96

In April 2021, it was announced that the DMCC was establishing a refinery and storage facility to refine and store precious metals, including gold, silver, platinum, palladium and rhodium. The precious metal are then to be tokenised on goldexchange.com to back a set of stablecoins: GoldCoin, SilverCoin, PlatinumCoin, PalladiumCoin and RhodiumCoin.97

ii DIFC

Although the DIFC is home to NASDAQ DUBAI, one of the largest stock exchanges in the Middle East, and Dubai Mercantile Exchange, a major energy futures and commodities exchange, the DFSA has thus far not issued regulations specifically addressing cryptoasset exchanges. Nor has it issued any full licences to businesses operating to that effect. Operating an exchange, a multilateral trading facility or an alternative trading platform are, among other things, licensable activities in the DIFC and are regulated. In March 2021, the DFSA issued a consultation on a regulatory framework for security tokens, which concluded in the second quarter of 2021. The consultation suggests that trading facilities or exchanges wanting to handle security tokens will most likely have to comply with the same rules as authorised market institutions and authorised firms operating an alternative trading system, while also having to comply with new rules specific to the risks that attach only to security tokens and DLT. Accordingly, the DFSA has proposed information technology-related requirements for operators of facilities, including technology audits.98 At the time of writing, no security token framework has come into force, but its issuance is expected in 2021.

The lack of specific cryptoasset regulation did not stop Bitcoin Fund QBTCu.TO from premiering on Nasdaq Dubai on 23 June 2021, making it the Middle East's first indexed cryptocurrency digital asset-based fund.99 Its issuer, Canadian digital asset management firm 3iQ, had received approval from the DFSA in April 2021 for listing under the DFSA's current securities framework.100

iii ADGM

In contrast to the onshore UAE and the DIFC, the ADGM has passed explicit laws to regulate cryptocurrency exchanges under its virtual asset framework first issued in June 2018101 and last updated in 2020.102 Any cryptoasset exchange, both fiat-to-crypto and crypto-to crypto, must become an authorised person licensed as a financial service provider conducting a regulated activity in relation to virtual assets.103 The relevant regulated activity is operating a multilateral trading facility, an organised trading facility or a recognised investment exchange and, where the exchange holds the private keys of its users, also providing custody.

The FSMRs now subsume virtual asset-related financial activities in the same categories applicable to financial instruments, as follows:

  1. dealing in investments, which includes provisions in relation to:
  2. dealing in investments as principal;
  3. dealing in investments as agent;
  4. arranging deals in investments;
  5. advising on investments or credit;
  6. providing custody;
  7. operating a multilateral trading facility or organised trading facility; and
  8. managing assets.

The FSRA Virtual Asset Guidance clarifies that software development or dissemination for mining of virtual assets are excluded from the ambit of the ADGM framework.104

The FSMRs allow cryptocurrency exchanges to trade in 'accepted virtual assets' only.105 The FSRA decides which tokens or coins are accepted virtual assets. No public register is maintained, because the determination as to what constitutes an accepted virtual asset is specific to the applicant.106 The FSMRs envisage a licensed cryptoasset exchange to be regulated like a multilateral trading facility and an exchange is required to have in place the full gamut of oversight processes, such as:

  1. market surveillance, particularly with regard to market abuse, transaction reporting and misleading impressions;
  2. KYC and AML procedures;
  3. settlement processes;
  4. transaction recording;
  5. transparency and public disclosure mechanisms; and
  6. exchange-like operational systems and controls.107

Businesses planning to operate a cryptoasset exchange out of the ADGM as a multilateral trading facility (MFT) using virtual assets must pay an initial application fee of US$125,000108 and an annual supervision fee of US$60,000.109 This compares to an initial application fee for other virtual asset businesses of US$20,000110 and an annual supervisory fee of US$15,000,111 which is to reflect the heightened regulatory burden of the FSRA supervising a MFT. Where the cryptoasset exchange also operates other licensable business, the fee is cumulative. Moreover, a trading levy of between 0.0006 per cent and 0.0015 per cent is to be paid to the ADGM calculated on a sliding scale dependent on the average daily trading volume.112 An authorised person operating an MFT is required to maintain minimum regulatory capital in fiat at the standard of a recognised investment exchange, which is equivalent to 12 months' operational expenses.113 It may be higher if the FSRA determines that the virtual asset exchange is high-risk.114

With its clear stand on regulation, the ADGM has, since the introduction of its virtual asset framework in June 2018, become a jurisdiction of interest to global virtual asset businesses, particularly traditional centralised exchanges.

Several centralised exchanges have received financial services permission to operate out of the ADGM, including global exchange Kraken,115 as well as BitOasis,116 Matrix Exchange,117 DEX118 and MidChains,119 the last three of which officially operate out of the ADGM.

Regulation of miners

The mining of cryptoassets is not a regulated practice in the UAE or in any of the free zones within the UAE. The activity of mining is also not covered in any previous legislation that would be applicable.

The ADGM virtual asset framework does not regulate mining of cryptoassets as a regulated activity. The FSRA Virtual Asset Guidance specifically excludes 'the development, dissemination or use of software for the purpose of creating or mining a virtual asset' from its regulated activities.120 The SCA Virtual Asset Regulation does not address miners. The DFSA Consultation on Security Tokens explicitly suggests that the DFSA does not intend to regulate miners121 but at the same time proposes to further analyse whether certain market abuse rules should apply to miners.122

Regulation of issuers and sponsors

i Onshore UAE

The SCA Virtual Asset Regulation of 2020 regulates all persons offering, issuing or promoting cryptoassets,123 with the approval and licence requirements being stricter for security tokens.124

Persons issuing cryptoassets to fundraise from the UAE or to persons in the UAE (for example, via token sales, token generation events, ICOs or initial exchange offerings) must only do so on a licensed cryptoasset fundraising platform.125 The requirements are similar to those in other leading jurisdictions. Exceptions apply in the case of documented reverse solicitation and where cryptoassets are offered only to professional investors.126 Where the fundraising platform also intends to act as a cryptoasset custodian, a separate licence to operate cryptoasset custody services is required.127

A person authorised to fundraise for a specific cryptoasset must also meet several disclosure requirements, which include the production of detailed offering documentation.128

Per fundraising event, no person may invest more than 350,000 dirhams129 and payment must be capable of and subject to know your customer and anti-money laundering checks.130 Only traceable cryptoassets as opposed to privacy coins may be used to participate in cryptoasset fundraising events. To be able to issue a cryptoasset, an issuer needs to comply with in-depth disclosure requirements, including detailed offering documentation about the cryptoasset.131

The SCA Virtual Asset Regulation does not address issues specific to the area of DeFi, which has become central to the blockchain and crypto ecosystem. It accordingly does not consider initial listings on liquidity pools such as via Uniswap or Balancer or, generally, Initial Dex Offerings, all of which could be understood as activities subject to the more generalised offering requirements, where the party listing the cryptoassets is based in the UAE. Based on the wording, IDOs may continue to be possible so long as the parties funding and promoting the liquidity pools are not based in the UAE. The SCA Virtual Asset Regulation also does not look at the issuance of non-fungible tokens (NFTs).

ii DIFC

The DFSA has taken a wait-and-see approach to explicitly regulating the issuance of cryptoassets and their issuers and sponsors. In September 2017, the DFSA issued a warning to investors and clarified that 'it does not currently regulate these types of product offerings or license firms in the Dubai International Financial Centre (DIFC) to undertake such activities'.132 Although no explicit regulation has been issued thus far, virtual assets and blockchain are discussed in the DIFC at an accelerated pace and this subject is a staple in educational seminars offered by the DIFC.133 On 29 March 2021, the DFSA launched a now concluded consultation on a framework for regulating security tokens in the DIFC and expressed its intention to consider regulating other cryptoassets at a later stage.134 It is expected that a regulatory framework for security tokens, including provisions regulating issuers and sponsors as well as far-reaching prospectus requirements potentially more onerous than those applying to financial instruments, will enter into force in 2021.135

iii ADGM

In October 2017, the FSRA issued guidance applicable to those considering the offering of virtual assets.136 The guidance has been regularly updated (including in June 2018137 and in May 2019138), most recently in February 2020.139 The FSRA considers, on a case-by-case basis, whether a coin or token offering – still termed ICO140 by the FSRA – is to be regulated under the FSMRs.141 This would be the case where the FSRA determines that tokens exhibit the characteristics of securities under Section 58(2)(b) of the FSMRs. In that case, the FSRA considers virtual asset to be digital securities and an ICO must comply with the FSMRs if it is issued to the public in or from the ADGM.142 Accordingly, where an ICO is issued abroad but offered to the public in the ADGM, a decision by the FSRA needs to be sought, unless buyers located in the ADGM are excluded from participation.

Further, a FSRA decision to consider a token to be a security triggers the prospectus obligations under Section 61 of the FSMRs, other obligations under Chapter 4 of the FSMRs, as well as AML and KYC requirements.143 The usual prospectus exemptions may apply where an offer is made only to professional clients (as defined in the FSMRs) or fewer than 50 persons in any 12-month period, or where the consideration to be paid by a single person to acquire tokens is at least US$100,000.144 In its newest Digital Securities Guidance, the FSRA suggests that it expects issuers of digital securities to consider fully both the primary and secondary market contexts. This includes the obligation on the issuer to also seek the digital securities' admission to trading on multilateral trading facilities and recognised investment exchanges operating in the ADGM, owing to the incomplete integration of primary and secondary markets for digital securities.145

Classification as a digital security also triggers requirements for market intermediaries or operators, such as cryptoasset exchanges, who trade in those tokens, to be regulated as financial services permission holders, recognised investment exchanges or recognised clearing houses.146 Importantly, the FSRA does not currently envisage allowing a secondary market to list digital securities that were issued outside the ADGM.147

Additionally, the FSRA may consider tokens used by firms to build an investment fund on the blockchain as units in a collective investment fund (as defined in Section 106 of the FSMRs) to which the ADGM's fund rules apply.148 This classification also triggers extensive regulatory requirements.

Where the cryptoasset to be issued is a stablecoin, it may only be issued in the ADGM, where it is one-to-one backed by fiat currency and would then to be characterised as a fiat token.149 Its issuer is considered a money services business that must hold a financial services permission for the regulated activity of 'providing money services' pursuant to Schedule 1, Section 52 of the FSMRs.150

Only where the FSMRs do not consider cryptoassets to be digital securities, fiat tokens or derivatives is an ICO likely to fall outside the ADGM framework.151 The FSRA ICO Guidance calls on the industry to develop voluntary best-practice standards for such ICOs.152

Criminal and civil fraud and enforcement

Various UAE authorities have raised concerns about fraud related to cryptoasset transactions. The SCA has previously warned UAE residents about scams and advised against trading in cyptoassets.153 The SCA has previously added certain Twitter accounts or entity names to its list of alerts for falsely claiming to be regulated by the SCA,154 as well as issuing a general warning about promotion of or dealing in financial products associated with cryptoassets.

The DFSA has advised potential investors to exercise caution and undertake due diligence to understand the risks involved.155 The DFSA previously sent alerts about fraudulent cryptoassets falsely claiming to being regulated in the DIFC.156 One reason for the FSRA's decision to regulate cryptoassets was to prevent significant financial crimes and other risks. The Dubai police has also raised the matter several times.157

Reports have multiplied about virtual currency-related fraud in the UAE, mainly in relation to over-the-counter transactions to buy and sell cryptoassets,158 investment schemes and scam cryptoassets.159 It was reported that in the first half of 2021 alone more than 80 million dirhams were lost to crypto-related scams in the Emirate of Dubai.160 At the time of writing, a scam called 'Dubai Coin', which claimed to be Dubai's official cryptocurrency and approved by the government, made headlines, requiring the Dubai Media Office to issue several warnings.161

The SCA Virtual Asset Regulation clarifies that existing legislation, including criminal and civil penalties, may apply to cryptoasset-related fraud and similar behaviour in the UAE.162 It further sets out administrative penalties that are additional to criminal and civil penalties already provided by the law, with a focus on ensuring that regulated persons comply with the UAE's AML/CFT laws.163 The SCA Virtual Asset Regulation also specifically authorises the SCA to publish the names of violators.164 Likewise, in the ADGM, operators of a virtual asset business may be found guilty of the full gamut of financial crimes and administrative offences and misdemeanours, including market abuse and making misleading statements and impressions.165

Tax

The UAE established the Federal Tax Authority in 2016, introduced an excise tax on certain goods in October 2017 and introduced a value added tax on all good and services in the UAE, with some limited exemptions, from January 2018.166 A sale of cryptoassets could be a taxable transaction under the value added tax laws, but at the time of writing the Federal Tax Authority had not issued any official regulations on cryptoassets.

There is no corporate or income tax in the UAE. There are also no withholding tax or foreign exchange controls that impact cross-border payments involving cryptoassets.

Other issues

On 1 July 2020, the DIFC's Data Protection Law (DPL)167 entered into force. The DPL aligns data privacy law in the DIFC with global best practice reflected in the EU General Data Protection Regulation 2016/679 and California's Consumer Privacy Act. The DPL requires companies that perform 'high-risk processing' on a systematic or regular basis to appoint a data protection officer.168 High-risk processing includes processing that uses new or different technologies or methods that create a materially increased risk to the security or rights of data subjects or render it more difficult for data subjects to exercise their rights.169 This includes blockchain-based processing of data, which restricts a data subject's right to erasure and rectification.170 The DPL requires data controllers to inform a data subject about the limitations to request rectification or erasure of their personal data and to ensure the data subject understands and acknowledges the limitation.

Looking ahead

With the use of cryptoassets having gained significant popularity worldwide, and particularly since the coronavirus pandemic, the UAE is carving a dominant space in the field of blockchain and DLT by pouring significant funds into the ecosystem and by adopting pro-business regulatory measures. By introducing its virtual asset framework early, the ADGM has garnered wide international attention and attracted some centralised cryptoasset exchanges to operate out of the ADGM. So long as it remains service focused and agile, the pull to set up in the ADGM is likely to continue, at least for 'traditional' centralised entities whose technology fits the current framework. This is also the case for the DMCC, which attracts significant talent through its international collaborations and is likely to be able to do so increasingly, owing to its partnership with the SCA. The SCA Virtual Asset Regulation, which came into force in 2020, will most likely help to provide more certainty to crypto businesses considering operating onshore and help UAE to reach some of its blockchain ambitions. A lot will depend on attracting technical talent, and not only business and marketing functions, for blockchain innovation to thrive in the UAE. The Dubai government's Dubai Blockchain Strategy, which aims to put all transactions with governmental authorities onto a blockchain, continues to be highly promising.171

One topic that has thus far fallen by the wayside is the growing DeFi industry, which has become central to the blockchain and crypto ecosystem globally. UAE regulation onshore and in the ADGM fails to provide incentives for permissionless peer-to-peer systems and DeFi to develop, as the regulations lack clarity in these areas. In fact, there was some room for manoeuvre in relation to DeFi in an earlier draft of the SCA Virtual Asset Regulation, but this was ultimately removed from the implemented Regulation. Similarly, comments in the DIFC consultation indicate that there is no risk appetite to support DeFi, at least not in areas relating to security tokens. It remains to be seen whether this stance will change in the near future. A further area of uncertainty is the status of NFTs and their characterisation within the regulatory frameworks and the application of intellectual property laws. The UAE with its focus on luxury goods and art would do well to provide clarity on NFTs as soon as feasible.

Footnotes

1 Silke Noa Elrifai is the principal at Quant.law.

2 See Section VII for further information.

3 The Chairman of the Authority's Board of Directors' Decision No. (23/R. M) of 2020 Concerning Crypto Assets Activities Regulation, available at https://www.sca.gov.ae/Content/Userfiles/Assets/Documents/f79fbf6.pdf (last accessed 17 July 2021).

4 UAE Central Bank, Stored Value Facilities (SVF) Regulation, available at https://centralbank.ae/sites/default/files/2020-11/Stored%20Value%20Facilities%20%28SVF%29%20Regulation%20AR%20%26%20EN.pdf (last accessed 17 July 2021).

5 DFSA, Consultation No. 138, available at https://dfsaen.thomsonreuters.com/rulebook/consultation-paper-no-138-regulation-security-tokens [hereinafter 'DFSA Security Token Consultation'] (last accessed 17 July 2021).

6 SCA, Draft Regulation For Issuing And Offering Cryptoassets, available at https://www.sca.gov.ae/en/regulations/drafts.aspx#page=1 [SCA Draft Virtual Asset Regulation] (last accessed 17 July 2021).

7 SCA Virtual Asset Regulation, Section 5.

8 SCA Crypto Asset Regulation, Section 3.

9 SCA Virtual Asset Regulation, Section 1(1).

10 SCA Virtual Asset Regulation, Section 1(1).

11 SCA Virtual Asset Regulation, Section 4(1) – (2).

12 SCA Virtual Asset Regulation, Section 4(1) – (2).

13 Federal Law No. 4 of 2000 Concerning the Emirates Securities and Commodities Authority and Market (Securities Law), available in Arabic at http://www.dubaided.ae/English/DataCenter/BusinessRegulations/pages/federallaw4of2000.aspx (last accessed 6 July 2020).

14 Securities Law, Article 2.

15 SCA, Chairman of the Authority's Board of Directors' Decision No. (13/Chairman) of 2021 on the Regulations Manual of the Financial Activities and Status Regularization Mechanisms (8 May 2021) [hereinafter 'SCA Markets Rulebook'], Section 7, available at https://www.sca.gov.ae/en/regulations/regulations-listing.aspx#page=1 (last accessed 13 July 2021).

16 SCA Markets Rulebook, Section 3, Article 5.

17 DFSA, DFSA Issues General Investor Statement on Cryptocurrencies (13 September 2017), available at https://www.dfsa.ae/MediaRelease/News/DFSA-Issues-General-Investor-Statement (last accessed 4 July 2020).

18 Alert, Cryptocurrency Platform Melecoin falsely claims to be located in the DIFC (14 October 2019), https://www.dfsa.ae/alerts/cryptocurrency-platform-melecoin-falsely-claims-be-located-difc (last accessed 15 July 2021).

19 ibid.

20 See DFSA Security Token Consultation, Paras 2–3.

21 The National News, DFSA sounds alarm on cryptocurrency fraud as UAE regulators consult on technology guidelines (1 June 2021), available at https://www.thenationalnews.com/business/economy/dfsa-sounds-alarm-on-cryptocurrency-fraud-as-uae-regulators-consult-on-technology-guidelines-1.1233550 (last acccessed 17 July 2021).

22 DFSA administrative laws, available at https://dfsaen.thomsonreuters.com/ (last accessed 15 July 2021).

23 DFSA rules, available at https://dfsaen.thomsonreuters.com/rulebook/rulebook-modules (last accessed 16 July 2021).

24 Article 41, DIFC Law No. 1 of 2004 (Regulatory Law).

25 Regulatory Law, Article 41A.

26 DIFC, FinTech Ripple chooses DIFC for Regional Headquarters (7 November 2020), available at https://www.difc.ae/newsroom/news/fintech-ripple-chooses-dubai-international-financial-centre-regional-headquarters/ (last accessed 18 July 2021).

27 DIFC Public Register, Ripple Middle East, available at https://www.difc.ae/public-register/ripple-middle-east-limited/ (last accessed 18 July 2021).

28 Financial Services and Markets Regulations 2015, available at https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/ADGM1547_12483_VER2015.pdf (last accessed 16 July 2021).

29 See also Guidance – Regulation of Cryptoasset Activities in ADGM (25 June 2018), available at https://www.iosco.org/library/ico-statements/Abu%20Dhabi%20-%20FSRA%20-%20Guidance%20-%20Regulation%20of%20Crypto%20Asset%20Activities%20in%20ADGM.pdf; Supplementary Guidance – Regulation of Initial Coin/Token Offerings and Virtual Currencies under the Financial Services and Markets Regulations, available at https://www.iosco.org/library/ico-statements/Abu%20Dhabi%20-%20FSRA%20-%20Guidance%20-%20ICOs%20and%20Virtual%20Currencies.pdf (last accessed 18 July 2021).

30 Financial Services and Markets (Amendment No. 2) Regulations 2020, available at https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/Financial_Services_and_Markets_(Amendment%20No%202)_Regulations_24_February_2020.pdf (last accessed 18 July 2021).

31 FSRA, Guidance – Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations (24 February 2020), available at https://adgmen.thomsonreuters.com/sites/default/files/net_file_store/ADGM1547_19331_VER04240220.pdf [FSRA ICO Guidance]; FSRA, Guidance – Regulation of Digital Securities Activity in ADGM (24 February 2020), available at https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/ADGM1547_19883_VER02240220.pdf [FSRA Digital Securities Guidance]; FSRA Guidance – Regulation of Virtual Asset Activities in ADGM (24 February 2020), available at https://adgmen.thomsonreuters.com/sites/default/files/net_file_store/Guidance-Virtual_Asset_Activities_in_ADGM_VER03.240220.pdf [FSRA Virtual Asset Guidance] (last accessed 15 July 2021).

32 Guidance – Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations (24 February 2020), available at https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/Guidance-Virtual_Asset_Activities_in_ADGM_VER03.240220.pdf (last accessed 16 July 2021) [FSRA ICO Guidance], Article 5.2.

33 Section 258(1), Financial Services and Markets (Amendment No. 2) Regulation 2020, available at https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/Financial_Services_and_Markets_(Amendment%20No%202)_Regulations_24_February_2020.pdf (last accessed 15 July 2021).

34 FSRA ICO Guidance, Para. 4.2.

35 ibid., Para. 4.3 et seq.

36 FSRA, Digital Securities Guidance, Article 16 et seq.

37 FSRA, Digital Securities Guidance.

38 ibid., Para. 15.

39 ibid., Para. 3.

40 ibid., Para. 14.

41 Federal Law No. (14) of 2018 Regarding the Central Bank and Organisation of Financial Institutions and Activities, available at https://www.mof.gov.ae/en/lawsAndPolitics/govLaws/Documents/Decretal%20Federal%20Law%20No.%20(14)%20of%202018%20Regarding%20the%20Central%20Bank.pdf (last accessed 18 July 2021).

42 Federal Law No. 10 of 1980 concerning the Central Bank, the Monetary System and Organization of Banking, available at https://www.centralbank.ae/sites/default/files/2018-11/Law-10-English%20%281%29.pdf (last accessed 18 July 2021).

43 UAE Central Bank, Regulatory Framework for Stored Values and Electronic Payment Systems (1 January 2017).

44 UAE Central Bank, Stored Value Facilities (SVF) Regulation, available at https://centralbank.ae/sites/default/files/2020-11/Stored%20Value%20Facilities%20%28SVF%29%20Regulation%20AR%20%26%20EN.pdf (last accessed 17 July 2021).

45 ibid.

46 Arab News, Dubai-owned licensing firm accepts cryptocurrencies as payment (16 February 2021), available at https://www.arabnews.com/node/1810291/business-economy (last accessed 17 July 2021).

47 Virtuzone, Virtuzone becomes the first company to accept Bitcoin payments for business setup in the UAE, available at https://www.vz.ae/press-release/virtuzone-becomes-first-company-accept-bitcoin-payments-busines-setup-uae (last accessed 17 July 2021).

48 See, for example, Driven Properties, Buy Dubai property in cryptocurrency, bitcoin (21 March 2021), available at https://www.drivenproperties.com/services/buy-dubai-property-in-cryptocurrency-bitcoin (last accessed 18 July 2021).

49 Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations (New AML Law), available at https://www.mof.gov.ae/en/lawsAndPolitics/govLaws/Documents/EN%20Final%20AML%20Law-%20Reviewed%20MS%2021-11-2018.pdf (last accessed 17 July 2021).

50 Cabinet Resolution No. (10) of 2019 Concerning the Executive Regulation of the Federal Law No. 20 of 2018 concerning Anti-Money Laundering and Combating Terrorism Financing, available at https://www.mof.gov.ae/en/lawsAndPolitics/CabinetResolutions/Pages/201910.aspx (last accessed 19 July 2021); see also SCA Board Chairman's Decision No. (21/Chairman) of 2019 procedures of Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.

51 The SCA Board Chairman's Decision No. (21/Chairman) of 2019 Procedures of Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations, available at https://www.sca.gov.ae/en/regulations/regulations-listing.aspx#page=1 (last accessed 18 July 2021).

52 Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations, available at https://www.mof.gov.ae/en/lawsAndPolitics/govLaws/Documents/EN%20Final%20AML%20Law-%20Reviewed%20MS%2021-11-2018.pdf (last accessed 17 July 2021).

53 Federal Law 9 of 2014, Article 1.

54 New AML Law, Article 23.

55 ibid., Article 26.

56 ibid., Article 30.

57 ibid., Article 25.

58 ibid., Article 24.

59 ibid., Article 14.

60 ibid., Article 30.

61 Article 1, New AML Law read together with Articles 1 and 2, AML Executive Regulation.

62 Article 1, New AML Law together with Articles 1 and 3, AML Executive Regulation.

63 For example, the Gemini Dollar, Tether and True USD.

64 See Cabinet Resolution No. 38 of 2014 concerning the Executive Regulation of Federal Law No. 4 of 2002 Concerning Anti-Money Laundering and Combating Terrorism Financing.

65 See, for example, Section 7(6), Financial Services and Markets Regulations 2015, ADGM FSMRs.

66 Among others: Cabinet Decision No. 74 of 2020 concerning the UAE List of Terrorists and the Implementation of UN Security Council Decisions Relating to Preventing and Countering Financing Terrorism and Leveraging Non-Proliferation of Weapons of Mass Destruction, and the Relevant Resolutions; UAE Central Bank Regulation No. 1/2019 regarding declaration of currencies, negotiable bearer financial instruments, precious metals and precious stones in possession of travellers entering or leaving the UAE; Central Bank Board of Directors' Decision No. 59/4/219 regarding procedures for AML and CTF and illicit organisations; UAE Central Bank Guidelines for Financial Institutions on anti-money laundering and combating the financing of terrorism and illegal organisations (23 June 2019); Cabinet Decision No. 16/2021 regarding the unified list of violations and administrative fines for the said violations of measures to combat money laundering and terrorism financing that are subject to the supervision of the Ministry of Justice and the Ministry of Economy.

67 Anti-money Laundering and Combating the Financing of Terrorism and Illegal Organisations: Guidelines for Financial Institutions (March 2021), available at https://365343652932-web-server-storage.s3.eu-west-2.amazonaws.com/files/8716/2020/6582/AMLCFT_Guidance_for_FIs.pdf (last accessed 18 July 2021).

68 Anti-money Laundering and Combating the Financing of Terrorism and Illegal Organisations: Guidelines for Designated Non-financial Businesses and Professions (March 2021), available at https://365343652932-web-server-storage.s3.eu-west-2.amazonaws.com/files/6416/2020/6582/AMLCFT_Guidance_for_DNFBPs.pdf (last accessed 18 July 2021).

70 Khaleej Times, 'UAE financial firms to register on new platform or face penalties', available at https://www.khaleejtimes.com/news/crime-and-courts/uae-first-to-launch-un-developed-anti-money-laundering-platform; see also UAE Central Bank, Services Access Control Manager, available at https://eservices.centralbank.ae/sacm/; Central Bank, 'CBUAE Launches goAML Platform in Partnership with United Nations Office on Drugs and Crime (UNODC)', available at https://www.centralbank.ae/sites/default/files/2019-06/GoAML%20Press%20Release-%2023June2019_0.pdf (last accessed 17 July 2021).

71 SCA Draft Virtual Asset Regulation, Section 21, 25.

72 ibid., Section 21(4) and (5).

73 ibid., Section 22(2).

74 See Article 71(1) of the Regulatory Law.

75 DFSA, The DFSA Rulebook Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module, available at https://dfsaen.thomsonreuters.com/sites/default/files/net_file_store/DFSA1547_20015_VER180.pdf (last accessed 17 July 2021).

76 FSRA, Anti-Money Laundering and Sanctions Rules and Guidance (AML), available at https://www.adgm.com/documents/financial-crime-prevention-unit/aml-tab/anti-money-laundering-and-sanctions-rules-and-guidance.pdf (last accessed 15 July 2021), see also FSRA Virtual Asset Guidance,Para. 37 et seq.

77 ibid.

78 FSRA Virtual Asset Guidance, Para. 45 et seq., see also Chapter 17.1.2 of the FSRA Conduct of Business Rulebook.

79 FSRA Virtual Asset Guidance, Para. 45.

80 SCA Virtual Asset Regulation, Section 16(1).

81 SCA Virtual Asset Regulation, Section 1(1).

82 SCA Virtual Asset Regulation, Section 16(2) and (3).

83 SCA Virtual Asset Regulation, Section 16(4).

84 SCA Virtual Asset Regulation, Section 1(1).

85 SCA Virtual Asset Regulation, Section 17(1).

86 SCA Virtual Asset Regulation, Section 8.

87 SCA Virtual Asset Regulation, Section 8(1).

88 SCA Virtual Asset Regulation, Section 16(2).

89 SCA Virtual Asset Regulation, Section 16(4).4.

90 SCA Virtual Asset Regulation, Section 21(1).2.

91 The company operating BitOasis is operated by BO Technologies Ltd, information available at https://bitoasis.net/en/front/privacy-policy (last accessed 17 July 2021).

92 ADGM public register entry for Blex Financial Ltd available via link 'Public Register' on https://www.adgm.com/public-registers or choosing 'company search' on https://www.registration.adgm.com, see also BitOasis, BitOasis Secures Regulatory Approvals in Abu Dhabi Global Market ADGM, available at https://blog.bitoasis.net/bitoasis-secures-regulatory-approvals-in-adgm/ (last accessed 17 July 2021).

93 DMCC Services Updates December 2017, available at https://www.dmcc.ae/blog/dmcc-services-updates-december-2017 (last accessed 7 July 2020).

94 DMCC, 'DMCC Announces Crypto Valley in Dubai at Davos 2020, Boosting Blockchain Ecosystem' (23 January 2020), available at https://www.dmcc.ae/news/dmcc-announces-crypto-valley-dubai-davos-2020-boost-blockchain-ecosystem; see also https://landing.dmcc.ae/cryptovalley (last accessed 17 July 2021).

95 DMCC, Crypto Businesses Now Able to Set Up at DMCC in Dubai Following SCA Agreement (20 March 2021), available at https://www.dmcc.ae/news/crypto-businesses-now-able-set-dmcc-dubai-following-sca-agreement (last accessed 18 July 2021).

96 SAC, SCA and DAFZA sign agreement to support regulating cryptoassets (19 May 2021), available at https://www.sca.gov.ae/en/media-center/news/19/5/2021/sca-dafza-mou-crypto-assets.aspx (last accessed 12 July 2021).

97 DMCC, DMCC Completes Land Sale Transaction in JLT with REIT Development to Build a Blockchain Enabled Precious Metals Refinery in Dubai (21 April 2021), available at https://www.dmcc.ae/news/dmcc-completes-land-sale-transaction-jlt-reit-development-build-blockchain-enabled-precious-metals-refinery-dubai (last accessed 17 July 2021).

98 DFSA Security Token Consultation, Section 65 et seq.

99 Reuters, Bitcoin Fund breaks new ground in Middle East with debut on Nasdaq Dubai (23 June 2021), available at https://www.reuters.com/world/middle-east/bitcoin-fund-makes-nasdaq-dubai-debut-first-middle-east-2021-06-23/ (last accessed 18 July 2021).

100 Nasdaq, Canada's 3iQ to bring Middle East's first listed crypto fund to Nasdaq Dubai (20 April 2021), available at https://www.nasdaq.com/articles/canadas-3iq-to-bring-middle-easts-first-listed-crypto-fund-to-nasdaq-dubai-2021-04-20 (last accessed 18 July 2021).

101 73B of Schedule 1, Financial Services and Markets (Amendment No. 2) Regulations 2018.

102 Financial Services and Markets (Amendment No. 2) Regulations 2020, available at https://en.adgm.thomsonreuters.com/sites/default/files/net_file_store/Financial_Services_and_Markets_(Amendment%20No%202)_Regulations_24_February_2020.pdf [Financial Services and Markets Regulations 2020] (last accessed 18 July 2021).

103 Financial Services and Markets Regulations 2020, Section 5A.

104 FSRA Virtual Asset Guidance, Article 11.

105 Financial Services and Markets Regulations 2020, Section 258(1).

106 ibid.; see also FSRA Virtual Asset Guidance, Para. 30.

107 FSRA Virtual Asset Guidance.

108 ibid., Para. 176(b).

109 ibid., Para. 178(b).

110 ibid., Para. 176(a).

111 ibid., Para. 178(b).

112 ibid., Para. 182.

113 ibid., Para. 33.

114 ibid., Para. 32.

115 ADGM public register entry for Payward Mena Holdings Limited, available at available via link 'Public Register' on https://www.adgm.com/public-registers or choosing 'company search' on https://www.registration.adgm.com/ (last accessed 1 August 2021).

116 ADGM public register entry for Blex Financial Ltd available via link 'Public Register' on https://www.adgm.com/public-registers or choosing 'company search' on https://www.registration.adgm.com/ (last accessed 17 July 2021), see also BitOasis, BitOasis Secures Regulatory Approvals in Abu Dhabi Global Market ADGM (29 April 2021), available at https://blog.bitoasis.net/bitoasis-secures-regulatory-approvals-in-adgm/.

117 ADGM public register entry for Matrix Exchange Ltd, available via link 'Public Register' on https://www.adgm.com/public-registers or choosing 'company search' on https://www.registration.adgm.com/, see also https://www.matrix.co/ (last accessed 1 August 2021).

119 ADGM public register entry for Midchains Limited, available at available via link 'Public Register' onhttps://http://www.adgm.com/public-registers or choosing 'company search' on https://www.registration.adgm.com/, see also https://midchains.com/ (last accessed 17 July 2021).

120 FSRA Virtual Asset Guidance, Para. 11(b)(ii).

121 DFSA Security Tokens Consultation, footnote 49.

122 DFSA Security Tokens Consultation, Para. 169.

123 SCA Virtual Asset Regulation, Section 3(1).

124 ibid., Sections 4, 6 and 7.

125 SCA Virtual Asset Regulation, Section 14, see also Section 15.

126 SCA Virtual Asset Regulation, Section 14.

127 SCA Virtual Asset Regulation, Section 14, see also Section 12 and 13.

128 SCA Virtual Asset Regulation, Section 14, see also Sections 9, 10 and 11.

129 SCA Virtual Asset Regulation, Section 14(2).

130 SCA Virtual Asset Regulation, Section 14(3) and Section 21.

131 SCA Virtual Asset Regulation, Sections 9, 10 and 11.

132 DFSA Issues General Investor Statement on Cryptocurrencies (13 September 2017), available athttps://http://www.dfsa.ae/news/dfsa-issues-general-investor-statement-cryptocurrencies (last accessed 12 July 2021).

133 See, for example, https://academy.difc.ae/training-programmes/blockchainforbusiness/ (last accessed 12 July 2021).

134 DIFC Consultation on Security Tokens, Paras 2–3, page 2.

135 DIFC Consultation on Security Tokens, Para. 140 et seq.

136 FSRA, Supplementary Guidance – Regulation of Initial Coin/Token Offerings and Virtual Currencies under the Financial Services and Markets Regulations (October 2017), available at https://www.iosco.org/library/ico-statements/Abu%20Dhabi%20-%20FSRA%20-%20Guidance%20-%20ICOs%20and%20Virtual%20Currencies.pdf (last accessed 7 July 2020).

137 Guidance – Regulation of Initial Coin/Token Offerings and Cryptoassets under the Financial Services and Markets Regulations (June 2018), available at http://adgm.complinet.com/net_file_store/new_rulebooks/i/c/ICOs_and_Virtual_Currencies_Guidance_VER02.24062018.pdf (last accessed 7 July 2020).

138 FSRA, Regulation of Digital Security Offerings and Cryptoassets under the Financial Services and Markets Regulations (May 2019), available at http://adgm.complinet.com/net_file_store/new_rulebooks/g/u/Guidance_ICOs_and_Crypto_Assets_13052019.pdf (last accessed 10 July 2020).

139 FSRA ICO Guidance (last accessed 7 July 2020).

140 It is noteworthy that, despite the ADGM's speed of adapting its regulations, the February 2020 updates continue to focus on ICOs, although ICOs have lost most of their relevance in the ecosystem, whereas Initial Exchange Offerings, Initial Uniswap Listing and Initial Dex Offering have gained traction but have thus far had little attention from the regulator.

141 FSRA ICO Guidance, Article 3.3; see also FSRA Virtual Asset Guidance, Article 28 et seq. (last accessed 1 August 2021).

142 ibid.

143 ibid., FSRA ICO Guidance, Article 3.6; see also FSRA Digital Securities Guidance, Article 28 et seq. (last accessed 1 August 2021).

144 FSRA ICO Guidance, Article 3.6.

145 FSRA Digital Securities Guidance, Article 37.

146 FSRA ICO Guidance, Article 3.7.

147 FSRA Digital Securities Guidance, Article 38.

148 FSRA ICO Guidance, Article 3.9.

149 FSRA Virtual Asset Guidance, Para. 161.

150 ibid.

151 FSRA ICO Guidance, Article 3.10.

152 ibid., Article 3.12.

153 SCA Warnings, available at https://www.sca.gov.ae/en/open-data/warnings.aspx (last accessed 17 July 2021).

154 ibid. (last accessed 17 July 2021).

155 ibid.

156 See DFSAAlert, Advance Fee Scam using DFSA Logo (19 June 2019), available at https://www.dfsa.ae/alerts/advance-fee-scam-using-dfsa-logo (last accessed 14 July 2021).

157 CCN, 'Dubai Police Warns Against Crypto Scams, Predicts Electronic Money Will Replace Cash' (18 September 2018), available at https://www.ccn.com/dubai-police-warns-against-crypto-scams-predicts-replacement-of-cash-with-electronic-money/, see also Khaleeji Times, UAE: Police warn residents against fake cryptocurrency trading offers (5 July 2021), available at https://www.khaleejtimes.com/news/uae-police-warn-residents-against-fake-cryptocurrency-trading-offers (last accessed 17 July 2021).

158 Khaleej Times, 'Man arrested in UAE for Dh2 million Bitcoin fraud' (13 February 2018), available at https://www.khaleejtimes.com/news/crime/man-arrested-in-uae-for-dh2-million-bitcoin-fraud (last accessed 1 August 2021).

159 Gulf News, 'Aziz Com Mirza arrested in Dubai for fraud' (30 October 2019), available at https://gulfnews.com/uae/crime/aziz-com-mirza-arrested-in-dubai-for-fraud-1.67490190; see also 'Canadian in Dubai Arrested for Fraud, Including Crypto Fraud via Habibi Coin, the “Bitcoin of the Middle East''', available at https://www.crowdfundinsider.com/2019/11/153580-canadian-in-dubai-arrested-for-fraud-including-crypto-fraud-via-habibi-coin-the-bitcoin-of-the-middle-east/ (last accessed 1 August 2021).

160 Khaleeji Times, Dubai: Dh80 million lost to crypto scams this year; how to keep your money safe (6 June 2021), available at https://www.khaleejtimes.com/news/dubai-dh80-million-lost-to-crypto-scams-this-year-how-to-keep-your-money-safe (last accessed 17 July 2021).

162 SCA Virtual Asset Regulation, Sections 20(1), 21(1), 27(1).

163 SCA Virtual Asset Regulation, Sections 20, 21, 27.

164 SCA Virtual Asset Regulation, Section 28.

165 Financial Services and Markets (Amendment No. 2) Regulations 2020, Sections 92, 102 and 103 (as amended).

166 Federal Decree-Law No. 8 of 2017 on Value Added Tax, available at https://www.mof.gov.ae/En/lawsAndPolitics/govLaws/Documents/VAT%20Decree-Law%20No.%20%288%29%20of%202017%20-%20English.pdf (last accessed 2 July 2021).

167 DIFC Law No. 5 of 2020.

168 Section 16(2)(b) Data Protection Law DIFC Law No. 5, available at https://www.difc.ae/files/6115/9358/6486/Data_Protection_Law_DIFC_Law_No.5_of_2020.pdf (last accessed 12 July 2021).

169 ibid., Section 3.

170 ibid., Section 33(1)(c) and (2).

171 Smart Dubai, 'Dubai Blockchain Strategy', https://smartdubai.ae/en/Initiatives/Pages/DubaiBlockchainStrategy.aspx (last accessed 12 July 2021).

Get unlimited access to all The Law Reviews content