The UAE’s Securities and Commodities Authority (SCA) has published “The Authority’s Chairman of the Board of Directors Decision No. (21/R.M) of 2020 Concerning the Regulation of Crypto Assets” (Decision)

In 2019, the SCA consulted with the industry and the public on the wording of the draft text. The Decision was published on 1 November 2020 will become law thirty days after it is published in the UAE’s Official Gazette. The Decision is currently available to view online in Arabic. We expect the SCA will publish an unofficial English translation of the Decision in due course.

This article offers a high level overview of some of the key takeaways and points to note about the SCA’s Decision.

About the Decision
The Decision is a comprehensive document and is written using technologically neutral terms. The SCA’s Decision describes the SCA’s licensing regime for anyone who wishes to offer crypto assets within the UAE. This includes ICOs, exchanges, marketplaces, crowdfunding platforms, custodian services, and related financial services based upon, or leveraging crypto assets.

What types of crypto assets does the SCA’s Decision govern?
The SCA’s Decision based its definition of crypto assets broadly as a record within an electronic network or a distribution network that acts as a medium of exchange, storage, unit of account representation of ownership, usufruct that can be transferred electronically from one person to another through the operation of a computer programme or an algorithm governing its use. It describes the regulatory regime that also applies to commodity tokens and security tokens.

Who may offer crypto assets?
Providers who wish to offer crypto assets (or any related services) must be incorporated onshore within the UAE or within one of the UAE’s financial free zones (i.e. the Dubai International Financial Centre or the Abu Dhabi Global Market). Licensees may ‘passport’ the listing of crypto assets on one or more crypto currency exchanges.

Providers who wish to offer crypto assets within the UAE must be licensed by the SCA. As a part of that process, applicants must demonstrate strict compliance with UAE’s anti-money laundering and counter-terrorism financing laws, cyber security compliance standards and data protection regulations.

Onshore cloud computing and data residency rules
Service providers must locate computer systems (or cloud computing facilities) onshore within the UAE using international standards. Typically, this will entail service providers (or their subcontractors) being able to demonstrate compliance, at the very least with ISO9001 and ISO27001 and cybersecurity standards laid down by the UAE’s Federal Government.

In the case of service providers who use offshore servers or public cloud facilities to encrypt, store, process or transfer crypto assets, or personal data, the SCA’s Decision requires such providers to utilise onshore cloud computing services to provide parallel backup and disaster recovery facilities.

Employees and subcontractors
There are strict provisions governing the use of subcontractors and employees working for crypto asset providers, custodians, escrow companies and other contractors insofar that they must possess the requisite skills and experience to perform their roles.

Licensees may appoint subcontractors but will bear the risks and liabilities stemming from any breach of the Decision committed by their subcontractors. For this reason, the SCA’s Decision requires licensees and their subcontracts to formulate a detailed service level agreement spelling out the division of responsibilities between both parties relating to cyber security and data protection.

The SCA clarified that it has full powers to audit licensees and to monitor online transactions. In the event of any breaches, the SCA has wide ranging powers to impose fines, suspend or withdraw a licensee’s right to offer crypto assets and to publish the names of violators.

To whom may crypto assets be offered to?
The SCA’s Decision created two classes of people to whom crypto assets may be offered to: a) Qualified Investors; and b) other people who do not meet the eligibility criteria as a Qualified Investor.

Licensees must file documents with the SCA in advance of offering crypto assets to Qualified Investors. In all other cases, licensees must request prior approval from the SCA before offering crypto assets to non-Qualified Investors.

A Qualified Investor is broadly defined as:

  • Institutional investors (i.e. banks, financial institutions, or companies) who hold more than AED 75m in assets, or have a net turnover of AED 150m, or state governments, foreign governments and international bodies.
  • Individuals who hold AED 4m in funds or an annual income of no less than AED 1m, and with whom a licensee can verify that they possess sufficient knowledge and understanding about the risks of investing in crypto assets.

Due diligence
For the purpose of conducting anti-money laundering and ‘know your customer’ checks on potential investors, the SCA clarified that all customers must be classified and assessed as if they were a ‘high risk’. This broadly translates into conducting ‘enhanced due diligence’ into a customers source of funds, ultimate beneficial ownership structure, political exposure risks, the potential risks of customers being used as conduits for money laundering activities and any geographical risks presented by customers, their directors, shareholders and associated suppliers and intermediaries.

How to download a copy of the SCA’s Decision online?
The SCA’s Decision (in Arabic) may be downloaded from its website here.

It is worth noting that the Decision should be read in conjunction with the:

For further guidance on this issue, please contact Khaled Shivji.

For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.