As expected, on November 1, 2022, the Dubai Financial Services Authority (DFSA), which regulates the DIFC, set out its regulatory framework for crypto tokens. The feedback statement is here.
The DFSA already had an existing regulatory framework to deal with security tokens. However, this regulation expands it to now cover more traditional commodity-like tokens such as Bitcoin and Ether.
Here are some of the key takeaways:
Volume
-
This new regulatory framework came into effect on November 1, 2022. Existing authorized crypto firms have six months to comply.
-
A crypto firm intending to operate a crypto token market will be able to do so as a multilateral trading facility (MTF) under DFSA rules. Organized trading facilities (OTFs) – which have discretionary trading rules from the MTF order book – will not be allowed for now.
- A crypto token is defined (A2.5.1) as such, if:
“(a) is used, or intended to be used, as a medium of exchange or for payment or investment purposes; or
(b) confers a right or interest in another token that meets the requirements of (a).”
And the feedback statement adds:
“15. Our definition [of crypto tokens] is largely aligned with that of [Financial Action Task Force] (FATF), with the difference that we changed “uses” to something that is “used or intended to be used” and added “used as a medium of exchange” to further clarify the application. This is because, for example, some crypto tokens can be used as a medium of exchange to buy or sell other crypto tokens. 16. When it comes to other defining elements, i.e. “used for payment or investment purposes”, our definition echoes the FATF definition. The rest are small differences, mostly in terminology”.
-
Crypto Services may only be offered against recognized crypto tokens or fiat crypto tokens (ie, asset-backed stablecoins as opposed to algorithmic stablecoins). Such tokens will need to meet the DFSA criteria (GEN 3A.3.4) and be recognized before they can be traded in the DIFC. However, the DFSA has provided an initial list of recognized tokens that applies from 1 November 2022.
-
Non-fungible tokens (NFTs), according to the definition and guidelines, utility tokens (UTs) and central bank digital currencies (CBDCs) are out of scope. The DFSA approach to NFTs appears to be a reasonable approach in my view, and is set out in Rule A2.5.3 and A2.5.4 for UT.
-
Crypto tokens not recognized by the DFSA, privacy tokens or privacy devices and algorithmic tokens are prohibited from trading in the DIFC (with some custody exceptions). Using a VPN is not treated as a privacy device, nor is self-custodial use of the client’s own unhosted wallet. The instruction in 3A.2.2 of the Rulebook says:
“The definitions of privacy tokens and privacy devices shall apply to crypto tokens and devices that have features that are used or intended to hide, anonymize, disguise or prevent tracking of information, whether or not they are actually used to do so.” purpose. For example, some crypto tokens have features that can be turned on at the user’s discretion to hide or prevent information from being tracked. A crypto token having such optional features will be a privacy coin as defined and prohibited from use in the DIFC.”
-
A crypto exchange/trading venue operator is prohibited from trading on its own account (COB 9.7), even if acting as a market maker or liquidity provider.
-
The DFSA suggested that it was up to the firm to decide the appropriate method to demonstrate the client’s ownership of the crypto token, but suggested that this could include, for example, using a blockchain analysis firm, documentary evidence from a custodian, demonstration of the client holding private keys in a hosted or non-hosted wallet, or any other method they deem reliable.
-
The DFSA will allow activities to be carried out outside the DIFC where the regional and foreign jurisdictions are recognized to have an equivalent regulatory regime. Implications for this include:
- for DFSA authorized subsidiaries, the local regulatory framework of parent companies will be assessed; or
- for DFSA authorized custodians using an appropriate non-DIFC third party custodian, that it is on the list of recognized jurisdictions.
Obligations of investor protection including financial promotion
-
Crypto firms that transact with a retail investor, including a crypto exchange, will need to conduct a suitability test before doing business with that client. Suitability testing is the process of asking a customer questions to understand their knowledge and experience and then assessing whether a product or service is suitable for them.
-
The client’s money will have to be kept separate from the company’s money.
-
Financial promotion rules (COB 15.5, parts of COB 3 and other guidelines) apply and include:
- providing a key feature document prior to a crypto transaction/service;
- risk warnings must be included, including volatility, liquidity, complexity and cyber hacks; and
- giving incentives for trading (bonus offers, gifts or any form of reward in connection with opening a new account or trading) is prohibited.
NFTs
-
Issuers of NFTs and UTs and any person providing services in relation to NFTs or UTs (eg auction houses, issuance platforms, custody services) must be registered with the DFSA as a designated non-financial business or profession ( DNFBP) and comply with the anti-money laundering regime in the UAE and DIFC.
-
There are certain exceptions:
- for issuers, if each issue involves a single transaction or a series of multiple interrelated transactions with a value equal to or less than $15,000, and;
- for service providers, where the service is exclusively technological support or technological advice to the issuer.
- A crypto firm (other than a custodian) may not provide any service or perform any activity related to UTs or NFTs.
Staking
- The Investment Restriction Guidelines (COB 15.6) state that:
“Investing refers to an activity in which crypto token holders lend their tokens to firms, miners, or other persons, in exchange for a return or other reward for the use of the token. Rule 15.6.5 allows an Authorized Firm to offer or provide such a service or facility only if the lending is used in a proof-of-stake consensus mechanism, ie. a process that involves pledging crypto tokens to support the blockchain network and confirm transactions. In addition, such service or facility may only be offered or provided to professional clients or market counterparties.”
- A crypto firm may offer an investment only to non-retail clients and only if the purpose of the investment is for the borrower to participate in a proof-of-stake consensus mechanism for a recognized crypto token.
The DFSA will consider DeFI protocols in its next consultation on crypto tokens.
Conclusion
Overall, this is a significant step forward in introducing – by a key regulator – a crypto regulatory framework that goes beyond anti-money laundering obligations to address both behavioral and prudential obligations.
In the MENA region, the Abu Dhabi Global Markets Regulator (ADGM) has a regulatory framework, and we know that in mainland Dubai VARA – the Dubai Virtual Assets Regulatory Authority – is developing its own framework. And of course, more broadly, there is also an almost complete European approach to the crypto regulatory framework in MICA – the regulation of the crypto asset market.
Regulation of NFTs Stablecoins