CRYPTO ASSET REGULATIONS

EXPLANATORY GUIDE

December 2020

-1-
1. APPLICATION

1.1 The Regulation applies to most forms of Crypto Assets whether Securities or otherwise,
which are listed and available for trading on an organised market. The Regulation is not
intended to capture items regulated by the UAE Central Bank, which, as of the date of
this guide apply to stored value facilities and "Payment Token" (which broadly captures
stable-coins/tokens backed by fiat currency).

1.2 Limited disclosure based requirements will apply to Crypto Assets offered or promoted
in the UAE, which are not Securities and are not listed and available for trading on an
organised market. Such disclosures are designed to explain the risks to investors and
illiquidity of the Crypto Asset (essentially that such items should not be treated as
"investments" where any form of return should be expected). These disclosure
requirements would not apply to "Loyalty Schemes" and "Specific Use Credits" – i.e.
items issued in the ordinary course of administering a customer loyalty arrangement, or
through "in-game" credits for example.

1.3 A flow-chart of the application of the Regulation to different Crypto Assets is set out
in Section 5 below.

1.4 The SCA has not at this time chosen to characterise Crypto Assets by way of their
intended use (such as distinguishing a genuine utility feature from the nature of an
investment) to drive regulatory approach. In the SCA's view, this could unduly class a
Crypto Asset which is in fact traded as an investment as a non-regulated instrument,
due to a subjective judgment of the likely intent of such item. However, such an
approach may be considered in the future, depending on how the market develops.

1.5 This Regulation applies generally to SCA regulated: "Financial Activities" in respect
of Crypto Assets in the UAE and would include:

1.5.1 Promotion and marketing, issuance and distribution, advice, brokerage,

custody and safekeeping, fundraising, operating an exchange.

1.6 A further breakdown of activities and the regulatory approach is set out in Section 6
below.

1.7 Whilst existing securities rules of the SCA will apply to certain Crypto Assets, where
available on an organised market, this Regulation is not intended to impose ongoing
responsibilities on issuers of Crypto Assets which are not otherwise treated as Securities,
unless such person has sought approval of the Authority for such Crypto Assets to be
listed on an exchange.

1.8 Where a Crypto Asset is to be listed on a regulated Crypto Asset Exchange, the SCA's
approval would be needed other than for listing Crypto Assets on exchanges permitted
to operate only for Qualified Investors.

1.9 Defined terms used in this guide are the same as those set out in the Regulation.

-1-
2. APPROACH TO SECURITY DESIGNATION AND UNDERLYING
REGULATIONS

2.1 As is the case in most jurisdictions, when a Crypto Asset is considered a Security,
existing regulations of the SCA related to such security will apply. There will be a broad
and substantive assessment as to whether a Crypto Asset is a Security and market
participants should expect most items with a contractual right against an "issuer" entity
(or a pool of assets) will be considered a Security of a particular form. The SCA is open
to engaging with participants to identify the right type of Security rules to apply, having
satisfied the broad substantive test of whether the items should be a Security.

2.2 Once a specific Security is identified as applicable to the Crypto Asset, existing investor
rights and protections under applicable SCA regulations are not reduced (noting the
capacity of the SCA to grant the various exemptions from its regulations in certain
circumstances). However, the Regulation adds additional protections specific to the
nature of Crypto Asset Securities compared to traditional equivalents and it also sets
out how existing regulations of the SCA may be applied differently in certain
circumstances. Investor disclosure will be required to understand any Security
designation and how their rights may be different to the usual rules applicable to that
Security in respect of the relevant Crypto Asset.

2.3 Where a Crypto Asset is not considered a Security, SCA regulations will only apply in
specific circumstances. Principally, this will be where the Crypto Asset (i) is available
for exchange on an organised market and promoted or the subject of financial activities
in the UAE, and not on a purely transferred peer to peer basis and (ii) is not otherwise
regulated by the UAE Central Bank (i.e. falling within "Regulated Commodity Tokens"
and not excluded by the Regulation).

3. CRYPTO ASSET SPECIFIC RULES

3.1 Additional requirements specific to Crypto Assets covered in the Regulation include:

3.1.1 Minimum disclosure standards applicable to Crypto Assets to ensure risks are
fully identified to investors. This includes a standard disclosure obligation in
respect of all Regulated Commodity Tokens marketed or sold to investors in the
UAE setting out that investors should, amongst other things, be willing to lose
their entire investment.

3.1.2 Technology governance and security standards applied in respect of the Crypto
Assets are set out and intended to align with internationally accepted standards
– following a principles based approach. The SCA has not identified specific
types of approach to technology but, for instance, will require that all features
marketed to investors in respect of relevant Crypto Assets must be well defined
and incorporated into the operation of the relevant software underpinning the
operation of the Crypto Assets.

-2-
 3.1.3 Specific obligations for custodians and fund-raising platforms. These types of
providers are considered to raise unique concerns in respect of Crypto Assets
and require a specific approval from the SCA for their operations in the UAE.

3.1.4 Crypto exchange rules must build on existing regulatory requirements for
securities and commodity exchanges approved by the SCA (covering common
processes such as market oversight and effective non-discretionary trading rules)
and reflect measures to cover the risks specific to operating an exchange for
Crypto-Assets. This includes matters such as custody and settlement
arrangements, member / participant rules, Crypto Asset segregation and security
standards. Additional rules are provided for these matters in Chapter 6 of the
Regulation.

3.1.5 Financial crime controls, including AML protections and market abuse, are
critical features of emerging Crypto Asset business requirements, along with the
incorporation of additional FATF standards which have been issued in respect
of Virtual Assets and Virtual Asset Service Providers (as defined in FATF
standards) in applying AML rules to such market participants. The regulations
focus on this area and provide for enhancements as global standards develop.

4. OUTLINE OF THE RULES

4.1 The Regulation is set out as follows:

4.1.1 Scope and General Provisions: Chapter 1 covers the scope, application of the
regulations and approach of the SCA. This details which types of Crypto Assets
are covered, the approach in respect of Security Tokens and the scope of
activities related to Crypto Assets which are covered by the rules. This section
identifies what is covered by the regulations, how guidance is applied and the
principles used by the SCA in making decisions in respect of Crypto Asset
regulation.

4.1.2 Conduct Obligations and Disclosures: Chapters 2 and 3 cover the conduct
of business requirements for Crypto Assets, including investor disclosures.
There are different approaches designed for different types of Crypto Assets,
including broad disclosure requirements generally applicable for all Security
Tokens and Regulated Commodity Tokens. These requirements are designed to
protect investors in Crypto Assets through adequate disclosure of risks and the
avoidance of misleading conduct.

4.1.3 Custody: Chapter 4 covers the requirements unique to the custody of Crypto
Assets, drawing from existing SCA regulations for custodians. In principle, all
Crypto Asset custodians will need a license equivalent to a traditional custodian
but must also comply with a number of new or modified regulations specific to
how Crypto Asset custody differs from traditional security safekeeping. This
includes, but is not limited to, following international best practices on "private
key" storage. The definitions applied to this activity are designed to regulate

-3-
 where responsibility for private key (or equivalent) storage is undertaken by the
custodian but not where self-custody software or hardware is provided to
investors (with appropriate warning on what this entails).

4.1.4 Fundraising: Chapter 5 covers fundraising platforms and specific

requirements. As a large number of the identified instances of fraud relating to
crypto assets have come through methods of raising funds from investors
(whether intentionally or through compromises to such platforms), this is a key
area of specific regulation in respect of Crypto Assets.

4.1.5 Crypto Asset Exchanges: Chapter 6 is specifically related to exchanges in

respect of Crypto Assets. The existing regulations of the SCA relating to
markets will apply, depending on whether the Crypto Asset Exchange will
include Securities (for which Securities exchange rules will apply) or a
Regulated Commodity Token (for which commodity exchange rules will apply).
Existing regulations will be referred to for common processes such as market
oversight and effective non-discretionary trading rules. Additional regulations
in the Regulation will reflect measures to cover the risks specific to operating
an exchange for Crypto-Assets. This includes custody and safeguarding
arrangements, member/participant rules, conflicts of interest management,
clearing and settlement and security standards. Other requirements relevant to
exchanges, such as market abuse rules, are covered elsewhere.

4.1.6 Other Regulated Activities: Chapter 7 is designed to ensure that all other
activities regulated by the SCA in respect of Securities are captured in respect
of Regulated Commodity Tokens, where applicable, including Securities
standards and licensing requirements which are not specific to a particular class
of Security (e.g. regulations for the issuance of debt securities).

4.1.7 Filings for Qualified Investors: Chapter 8. This chapter covers specific filing
requirements for issuing Crypto Assets only to Qualified Investors, which picks
up this process since such issuances are not subject to specific SCA approval
under Article 9(Second).

4.1.8 Systems and Controls: Chapter 9 covers specific measures relating to

technology governance and financial crime controls. As key risk areas for
Crypto Assets, firms operating in this area in the State must ensure adequate
technology standards are applied and that financial crime control measures are
adopted that are specific to the risks presented by Crypto Assets. FATF
standards applicable to Crypto Assets should be applied (as noted at 3.1.5
above), with emerging international standards.

-4-
5. CRYPTO ASSET FLOWCHART

-5-
6. BREAKDOWN OF HOW CRYPTO ASSET RULES ARE APPLIED TO VARIOUS ACTIVITIES

# Activity Explanation Approach

1. Distribution / Foreign and local persons issuing crypto The Regulation requires approval for Security Token issuances (or
issuance assets to investors or third parties filings for Qualified Investors – depending on applicable securities
distributing on behalf the issuer rules).
online/through existing platforms
For Regulated Commodity Tokens, specific disclosures are required
and approval is required to issue tokens available for trading on an
exchange available to retail investors

2. Marketing / Both local promoters and foreign SCA Promotion and Introduction rules apply to Security Tokens in
promotions promoters may target UAE investors to the usual way and are applied to Regulated Commodity Tokens
purchase Crypto Assets under the Regulations.

3. Pre-issuance offering "Pre-issuance" investments may be See item #1 above. Where the pre-issuance is the grant of tokens
/ marketing considered Crypto Assets and regulated which will become used in the future, these will be Crypto Assets.
in the same way as an issuance of the Where the subscription agreement refers to future tokens which
underlying tokens. may or may not be issued, these instruments may not be considered
Crypto Assets (depending on the arrangements), but it must be clear
to investors that no rights are being obtained. See specific Guidance
at Article 6 at Section 9.

4. Advice Financial advice and recommendations SCA Financial Consultation and Analysis rules apply to advice in
issues by way of business to investors in respect of Security Tokens in the usual way and are applied to
the UAE in respect of Crypto Assets Regulated Commodity Tokens under the Regulations.

5. Brokerage Acting as a Crypto Asset broker through SCA Brokerage Regulations typically apply to brokers who conduct
arranging for UAE investors to acquire brokerage in respect of a UAE securities exchange (e.g. DFM /
Crypto Assets from overseas exchanges. ADX). The Regulation applies the brokerage regulations to Security

-6-
# Activity Explanation Approach
Tokens and Regulated Commodity Tokens to brokerage activities
whether or not related to a UAE exchange.

Where the brokerage platform gives the impression of access to a

market and displays live prices, it may be holding itself out as an
exchange and may either need to meet the regulatory requirements
for an exchange of amend its approach to clearly identify itself to
investors as a brokerage operation..

6. Principal trading Many "brokers" in respect of Crypto Existing SCA regulations do not have a separately regulated
Assets are typically purchasing and activity for "dealing as principal". Therefore this activity should be
holding Crypto Assets for re-sale. considered as akin to brokerage when conducted by way of business
in the UAE.

7. Custody and In respect of crypto assets, this may be At a high level, an entity that provides services to safeguard private
safekeeping through holding wallets for investors, cryptographic keys on behalf of its customers, to hold, store and
arranging for third party storage of transfer crypto assets, generally requires a custody license.
private keys. In some cases, investors are
provided with technology in order to Where, under the services, the custodian takes responsibility for
store their own Crypto Assets. such safe-guarding, by way of holding private keys, maintaining
wallets for investors or otherwise, a custody license should be
required.

Where an investor is provided with the technological means to store

its own Crypto Assets, a license as a custodian to provide such tech
will generally not be needed. However, investor disclosures are
required where investors are required to self-custody.

Note that an exchange offering the above services would also need
a custody license.

-7-
# Activity Explanation Approach
8. Exchange A platform or facility for the trading, This activity is intended to capture a broader range of activities to
conversion and/or exchange of Crypto what is covered by markets regulation (which is intended only for
Assets in return for other Crypto Assets, traditional securities exchanges). Where a platform is publishing
money, Securities and/or Commodities as live prices and offering market matching services, or running a
defined in the SCA Glossary or the trading engine/order books, they will require an exchange license to
Regulation, whether or not amounting to offer this to investors.
a Market as defined in the SCA Glossary
or the Regulation. Peer to peer arrangements and facilities whereby a person may offer
online, at their discretion, to exchange crypto assets for fiat
currencies would not be captured. However, this will be a matter of
fact and degree and websites which are substantively being held out
as market place are likely to be considered in scope for Crypto
Asset Exchange regulation.

Existing markets rules would apply to traditional exchange

functions, where applicable to securities rules with additional
regulations applying to custody and safeguarding arrangements,
member/participant rules, conflicts of interest management, clearing
and settlement and security standards.

9. Others ancillary Ancillary activities related to Securities Such regulations will be applied to Security Tokens and Regulated
activities which are regulated by the SCA, such as Commodity Tokens, which such exemptions as the SCA may
Securities Lending etc. determine from time to time. It is not proportionate to map out the
entirety of all regulated activities at this stage, but this will be
subject to ongoing review as SCA rules are developed.

10. Airdrops /Airgrabs This is the process whereby Crypto Where no funds are raised and no marketing of Crypto Assets
Assets are provided to persons occurs in the UAE, permitting UAE persons who have pre-actively
participating in a network, hold the signed up on a website to receive Crypto Assets will not be
Crypto Assets or otherwise signed up and regulated.
provide personal information to a

-8-
# Activity Explanation Approach
website. Crypto Assets are provided free Where the airdrop/airgrab is marketed and the Crypto Assets are
of charge. An airdrop deposits Crypto Regulated Commodity Tokens or Security Tokens, securities
Assets to users, an airgrab permits users marketing rules would apply (the SCA Promotion and Introduction
to claim Crypto Assets if they follow Regulations).
certain actions.
Where there are obligations committed to in return for the Crypto
Assets, including the provision of personal information or rights
granted to the issuer (such as computer space rights etc.), such
issuance could be regulated as a distribution of Crypto Assets.
Where the Crypto Asset is a Security, such as a share, existing SCA
rules on rights issues may apply.

Exchanges will be obligated to notify customers to ensure

awareness and they have the right information to exercise their
rights through the relevant platform.

11. Forks Where the nature of a Crypto Asset is This process performs similar to a corporate event, such as a stock
fundamentally changed by way of a split, but could have many different impacts on user rights and
"fork" in the underlying DLT protocol. obligations. As the protocol updates may not be controllable, such
For example, where the bitcoin protocol actions would be regulated by effective disclosure to investors on
splits to create two different types of the possible forks which may occur as a risk disclosure. When such
Crypto Assets. events arise, information on the event and its management by the
relevant platform, such as an exchange, must be provided to
investors. This would likely apply only to custodians, exchanges
and, if involved in the process and having distributed tokens to
investors in the UAE, issuers.

For Security Tokens, investor consents may be required for certain

events related to a fork. For example, where rights and obligations
of a Crypto Asset bond are materially changed.

-9-
# Activity Explanation Approach
12. Mining / mining Persons who invest IT resource in order Not regulated – mining typically involves crypto-currencies (such
contracts to receive Crypto Assets. In practice, as BTC and ETH) with "proof of work" protocols. Generally, this is
such persons are creating crypto assets by not subject to regulation but could be considered in the future
solving mathematical challenges should there be detriment to investors speculating through complex
requiring massive computing power. mining contracts and this practice grows (rather than continuing to
diminish).

13. Running a node Actively participating in a DLT network, Not regulated, unless the function is to perform a regulated activity
including validating transactions on the in respect of the Crypto Asset, such as custody, settlement or acting
network on respect of the Crypto Assets. as registrar for Security Tokens.

14. Smart contract Reviewing software code related to the Not regulated – this is an IT function, similar to validating a
preparation / audit administration of Crypto Assets fundamental software system for a regulated institution,

15. Blockchain / DLT The software development Not regulated – this is a chosen software protocol applied at the
provider company/developer which has produced election of regulated institutions. It is the responsibility of other
the DLT platform on which the Crypto regulated providers to ensure the choice of software is appropriate
Assets are created/recorded. for the administration of the relevant Crypto Asset.

- 10 -
7. CRYPTO ASSET APPLICATION TABLE

Security Tokens (UAE Issuer) Security Tokens Commodity Commodity Commodity Commodity Commodity
(Foreign Issuer) Tokens Tokens Tokens Tokens Tokens
Qualified Retail Qualified Retail - Domestic - Domestic or - Domestic or - Foreign - Foreign
Investor Investor Issuer foreign Issuer foreign Issuer Issuer Issuer
- Not listed - Listed on - Listed on - Listed on - Not listed
on exchange UAE UAE foreign on exchange
exchange for exchange for exchange
- Promoted in
public Qualified
- Promoted in UAE
Investors
UAE
only
All Security ✓ ✓ ✓ ✓     
Token Rules
Documentation Art 10 re Art 9 re Crypto Art 10 re Art 9 re No Art 9 re Art. 11 re Art. 11 re No
Required Security Tokens Assets Security Crypto Crypto Assets Commodity Commodity
only Tokens Assets Tokens Tokens
Art 10 re Art. 11 re
only
Security Art 10 re Commodity N/A for N/A for
Tokens Security Tokens Payment Payment
Tokens Tokens Tokens
N/A for
regulated by regulated by
Payment
CBUAE CBUAE
Tokens
regulated by
CBUAE
Filing or Filing Approval Filing Approval  Approval Filing  
Approval
Promoter to Promoter to
Requirements update SCA update SCA
if it becomes if it becomes
traded traded
Activities ✓ ✓ ✓ ✓  ✓ ✓ ✓ 
regulated

- 11 -
 Security Tokens (UAE Issuer) Security Tokens Commodity Commodity Commodity Commodity Commodity
(Foreign Issuer) Tokens Tokens Tokens Tokens Tokens
Qualified Retail Qualified Retail - Domestic - Domestic or - Domestic or - Foreign - Foreign
Investor Investor Issuer foreign Issuer foreign Issuer Issuer Issuer
- Not listed - Listed on - Listed on - Listed on - Not listed
on exchange UAE UAE foreign on exchange
exchange for exchange for exchange
- Promoted in
public Qualified
- Promoted in UAE
Investors
UAE
only
(custodians, Security rules Security rules Security Security "Regulated "Regulated "Regulated
brokers, generally apply generally apply rules rules Commodity Commodity Commodity
exchanges and generally generally Token" Token" Token"
promotors) apply apply
SCA  ✓  ✓ No ✓  ✓ No
Promotion Qualified Qualified Qualified
Rules apply – Investors Investors Investors
with disclosure
exempt under exempt exempt under
re Crypto under promotion
promotion rules
Assets to SCA? promotion rules
rules

- 12 -
8. LICENSING AND REQUIREMENTS FOR LICENSES

8.1 As set out in the Regulations, a license from the Authority is required to conduct
Financial Activities in relation to Crypto Assets.

8.2 At Article 22, the licensing process for Financial Activities, other than those of
operating a Crypto Fundraising Platform and operating Crypto Asset Exchange, will be
the process prescribed by the Authority generally in respect of the relevant Financial
Activities (whether conducted in respect of Securities or Crypto Assets), with some
modifications. The Authority will, from time to time, publish specifications for
licensing such Financial Activities to be conducted in respect of Crypto Assets. When
no such specifications are published, applicants should contact the licensing division of
the Authority for guidance.

8.3 Each applicant shall have corporate personality and the legal form specified by the
.Authority in the relevant application form, to the extent not specified in the Regulations

8.4 The license application to engage in a Financial Activity or the application for
accreditation to engage in any tasks or activities associated with any Financial
Activities shall be submitted to the Authority using the format prepared for that purpose.
This application must be accompanied by the supporting documents, data, and
information required in the form.

8.5 Fees payable in respect of applications for operating a Crypto Fundraising Platform
and operating Crypto Asset Exchange shall be AED 200,000. Fees for other types of
licensing applications relating to Crypto Assets will be determined by the Authority on
a case by case basis in line with fees ordinarily charged in respect of the relevant
Financial Activity.

8.6 The Authority shall, within thirty (30) business days of receipt of a complete application,
issue its decision accepting or rejecting the application in accordance with the public
interest. No response shall be tantamount to rejection of the application.

8.7 The Authority may, within the period it specifies, cancel licensing applications that
have been submitted but do not fulfil the requirements, and the fees paid shall not be
refunded.

8.8 The Authority may restrict the license or accreditation with the requirements its deems
appropriate. Moreover, it may suspend the license for a particular Financial Activity, if
it deems that in the public interest, for the period it deems appropriate.

8.9 A new application may only be submitted after three months of the date on which the
first application was rejected or deemed rejected.

8.10 The Authority may cancel a licensee's license in any of the following instances:

8.10.1 if it fails to satisfy any of the licensing requirements;

8.10.2 if it fails to pay the fees prescribed in accordance with the decisions issued by
the Authority, or fails to pay the prescribed fines;

8.10.3 if it fails to execute the decisions issued by the Authority;

- 13 -
 8.10.4 if it is in or commits a material breach of any ofits obligations set forth in the
Regulations or fails to remedy a breach of the Regulations within a prescribed
period;

8.10.5 if it fails to provide any information requested by the Authority within the
prescribed period, or if it provides incorrector misleading information;

8.10.6 in the event of voluntary or involuntary liquidation;

8.10.7 ;upon a request from the licenseeor

8.10.8 in any other instances specified by the Authority.

8.11 Following the cancellation of the license, the Authority may require the relevant
licensee to settle and complete all transactions made prior to such cancellation. The
Authority may also require a guarantee until the licensee settles all obligations arising
from engaging in its activities.

8.12 Each Licensee and its personnel shall:

8.12.1 provide the Authority with information requested by the Authority within the
time limits it set. In addition, the Authority may, through the competent
authorities in the State, verify the accuracy of the information and data provided;

8.12.2 apply the "fitness" and "suitability" criteria, internal control and corporate
,governance standards in accordance with the decisions issued by the Authority
relevant to its Financial Activities;

8.12.3 ensure the right balance between engaging in the commercial activity and
reinforcing the principles of proper and fair dealing, prioritize the public interest
and the interests of those dealing with them over their own interests, as well as
manage and disclose conflicts of interest;

8.12.4 refrain from harming the Market and those trading therein;

8.12.5 seek the prior approval of the Authority before a change in its control (including
any person who would, by itself or with persons within its corporate group, own
more than 50% of the shares in the Licensee or exercise de facto majority
control), pursuant to the application and approval prescribed by the Authority
from time to time;

8.12.6 notify the Authority in writing of its intention to cancel the license, provided
that no licensee ceases to carry out the activity or liquidate its business until the
Authority approves cancellation of its license in accordance with the controls
instituted by the Authority, and after verifying settlement of the claims,
obligations and customer accounts and fulfilling the other requirements
associated with cancelling the approved license.

- 14 -
9. REGULATIONS SPECIFIC GUIDANCE

Chapter 1 SCOPE, PURPOSES AND APPLICATION

Article 1 Definitions

Guidance

1. The definitions in this Regulation reflect the standard definitions across the
SCA's rules and regulations, including its Glossary, as modified for Crypto
Assets.

2. Offers and Promotions are distinguished in the definitions. Offers relate to a

new subscription in Crypto Assets being offered in the State and Promotions
refers to a broader term encompassing all adverts and specific marketing for
Crypto Assets. Generally, Offers made in the State to persons in the State are
regulated specifically under the Regulations. Promotions of Crypto Assets not
relating to an Offer are regulated more broadly, including by the Promotion
and Introduction Regulations in respect of Security Tokens and Regulated
Commodity Tokens (see Article 18 (Third) of the Regulations).

Article 2 Purpose, Principles and Guidance

Guidance

1. The Authority will provide further information on its website from time to time
regarding the ability of persons to seek Guidance and the process (including
fees). Engagement with the Authority and availability of Guidance, will be
subject to its discretion, including that any Guidance (including any specific
references to any particular Crypto Asset) may be published on the Authority's
website.

2. Article 4 also sets out a process whereby Offering Persons (and other relevant
persons) may seek a designation from the Authority regarding a Crypto Asset's
treatment as a Security.

Article 3 Scope of Application: General

Guidance

1. The definition of Crypto Assets is intentionally broad as most regulation under

this Regulation would only apply where the item constitutes or represents a
Security or the item is traded through an exchange.

2. In the limited instance when there are prescribed disclosure requirements for
issuances or offers of Commodity Tokens in the State under Article 11, there are
carve outs for Specific Use Credits and Loyalty Schemes.

3. The exclusion set out in Article 3 / Second / (3) is partly designed to avoid the
mere fact that securities are held in dematerialised form, commonly adopted for
the holding of securities in various clearing systems or depositories, rendering
them Security Tokens under these rules. Other types of electronic record used

- 15 -
 by services providers should also not have this effect. A Crypto Asset will be an
item issued to investors in a cryptographic form, typically with investors using
cryptographic keys to evidence their ownership.

4. The Authority appreciates that there are a variety of scenarios when distributed
ledger technology is applied in the administration of Securities and many forms
will not result in a "tokenisation" in the manner necessary to render the item a
Crypto Asset. The Authority appreciates that approaches and practices will
develop over time. Offering Persons are encouraged to engage with the
Authority at an early stage on its approach for a relevant Security Offering.

5. The Regulations will not apply to a currency, virtual currency, unit of stored
value or any other item, including any item issued within a facility, in each case
approved or required to be approved by the Central Bank pursuant to its
regulations from time to time. A key consideration of the Authority will be
ensuring that maintains a distinction from Crypto Assets regulated by the
Authority and any Crypto Asset regulated from time to time by the Central Bank.
The Authority expects that this would mean the following items are currently
excluded from the scope of the Regulations:

• any Crypto Asset (including "stable-coins) which are linked to fiat

currency, in the form of a derivative or direct representation of
monetary value

• any other form of stored value or virtual currency regulated by the

Central Bank under the Regulatory Framework for Stored Values and
Electronic Payment Systems

6. Please also see Part [5] of this Guidance Paper for a flowchart of
characterisation of Crypto Assets.

Article 4 Security Tokens: Scope of Application

Article 4 also sets out a process whereby Offering Persons (and other relevant persons) may
seek a designation from the Authority regarding a Crypto Asset's treatment as a Security.

Article 5 Filings Process

Guidance

1. Please see Section 5 of this Guidance Paper for a flowchart of characterisation

of Crypto Assets and Section 4 for further details on the intended scope of
application in respect of Securities.

2. The Authority is likely to designate any Crypto Asset as a Security Token if it

considers that the Crypto Asset demonstrates the substantive features of, or
poses equivalent risks to investors of, a Security or is otherwise a right to a
financial claim on an Offering Person, or the electronic representation thereof.

3. Where the Authority designates a Crypto Asset as a Security Token under

Article 4.4, it will take into account the treatment of its regulations and

- 16 -
 decisions in respect of persons Offering, Promoting, holding or administering
the Crypto Assets.

4. The Authority will accept requests for designations online under Article 4.4
through its Legal Consultation service. This process is intended to provide some
clarity for issuers and Offering Persons. However, applicants will be expected
to provide a proposed designation and conduct a detailed analysis and
rationale to support this. Where relevant, specialist advice will be required in
respect of applying the Authority's regulations and decisions, where the
applicant has limited experience of such matters. Applications which do not
provide the Authority with sufficient clarity and explanation behind the
approach will not be accepted.

- 17 -
Conduct of Business and Required Disclosures Module
Chapter 2 CONDUCT OF BUSINESS

Article 6 General Obligations in Respect of Crypto Assets

Guidance

1. Arrangements whereby future Crypto Assets yet to be created will be issued to

investors subscribing for such future Crypto Assets, will generally be
considered an Offer of Crypto Assets of the future type or, where applicable, as
the issuance of rights to future Crypto Assets which themselves shall be treated
as Crypto Assets, unless subscribers have agreed, in terms which are clear, fair
and not misleading, that their contribution is a mere donation with no future
rights and without reference to any specified Crypto Asset expected to be issued.

2. Where subscription terms for the collection of funds relating to future Crypto
Assets provide that investors shall have no rights to future Crypto Assets, but,
the surrounding messaging on the relevant website or fund raising platform
refer to investors receiving a specific issuance of Crypto Assets or represent
that future Crypto Assets will be issued to investors, the Authority shall treat
such arrangement as an Offer of Crypto Assets.

3.

- 18 -
Chapter 3 DOCUMENTARY AND DISCLOSURE REQUIREMENTS

Article 9 Documentation Requirements for Crypto Assets Generally

Guidance

1. The Authority expects investors to be made aware of all material matters

relevant to their rights and obligations in respect of the Crypto Assets and may
publish additional expected disclosures from time to time in Guidance.

2. The Authority expects the following risks to be highlighted in respect of Crypto

Assets as part of a detailed disclosure containing all risks specific to the
relevant Crypto Asset:

• Illiquidity
• Volatility and unpredictability compared to other Securities
• Reliance upon new technologies
• Reliance upon technology providers
• Cyber security
• Settlement risks and irreversibility of transactions
• Thin capitalisation and susceptibility to inefficient markets, arbitrage
on exchanges and irrational market forces
• Rapidly evolving international regulation outside the UAE which may
restrict the operations connected to the Crypto Assets

3. The Authority recognises some overlap with the required risks disclosures at
Article 11(First), but expect the prescribed form risk disclosures at Article 14
to be expanded on in respect of the specific Crypto Assets.

4. References to "where applicable" are since the Authority expects that not all
required disclosures, or those published in Guidance, under this Article 9 will
be relevant for certain Crypto Assets and expects relevant persons to apply such
disclosures to the extent applicable, with disclosure to the Authority. The
Authority may require applicants to explain why certain disclosures are not
applicable.

Article 10 Documentation Requirements for Security Tokens

Guidance

1. The Authority requires Security Tokens to be legitimately linked to the

underlying income streams represented to investors and not, by use of the
relevant technology, imposing enforcement risks or opacity for investors.

2. The Authority refers to Article 7 (Third) on the permitted use of electronic

registers, which is subject to compliance with this Article 12.

- 19 -
Article 11 Documentation Requirements for Commodity Tokens and Approvals

Guidance

1. These disclaimers are generally expected to be added for Regulated Commodity

Tokens where not proving investors with the level of protections afforded to
Securities issuances, with limited exceptions for Specific Use Credits and
Loyalty Schemes.

2. Article 11 (Third) is designed to permit persons to seek the approval of the

Authority, where not otherwise required to do so under this Regulation. This
may apply to a Commodity Token which is not listed on an exchange, but may
plan to do in the future (with the appropriate disclaimers).

- 20 -
Chapter 4 CRYPTO CUSTODY SERVICES

Article 12 Regulation of Custody of Crypto Assets

Guidance

1. Persons planning to conduct Crypto Custody Services, should carefully review

the Custody Regulations. Unless a specific case for a modification or exemption
is made by applicants, the Authority will expect the Custody Regulations to be
applied.

2. Regulated crypto custodians licensed in the recognized jurisdiction may seek

exemptions from licensing requirements to operate in the UAE – it is expected
that there will be common minimum standards applicable. However, this will
be without prejudice to needing to establish a commercial presence to do
business in the UAE in the ordinary course. Crypto custodians may also seek to
outsource to service providers in recognized jurisdictions as permitted under
Article 22 (Third) and in consultation with the Authority.

- 21 -
Chapter 5 FUNDRAISING

Article 14 Fundraising Standards

Guidance

1. For the purposes of Article 14 (2), equivalent amounts to AED 350,000 shall be
calculated by the fundraising platform pursuant to methods disclosed to the
Authority in respect of the non-AED currencies and other Crypto Assets it plans
to accept in its application to the Authority.

Article 15 Operating a Crypto Fundraising Platform

Guidance

1. The Authority will prepare a licensing process and set of additional

requirements for persons seeking to conduct fundraising. These requirements
will be prepared in line with the development of crowd funding regulations by
the Authority which will cover similar ground.

- 22 -
Chapter 6 CRYPTO ASSET EXCHANGES

Article 16 Crypto Asset Exchange Rules

Guidance

1. It should be noted that, in respect of Commodity Tokens, the regulations and

decisions of the Authority applicable to markets in Commodities shall apply.

2. Regarding the definition of Crypto Asset Exchanges all persons seeking to

operate a marketplace in respect of Crypto Assets in the State shall be expected
to engage with the Authority regarding the application of this Regulation. Peer
to peer proprietary trading and discretionary brokerage arrangements to
exchange fiat currency for Crypto Assets are not intended to be covered.
However, persons must carefully consider whether other Financial Activities
may apply under Chapter 7.

The Authority may grant exemptions from its rules and regulations generally,
where the exchange is limited to Qualified Investors – under Article 2 / Second
/ (1)

3. Quasi trading platforms which are substantially brokerage operations need to

engage with the Authority and get approvals as brokerage operations and not
hold themselves out as true exchanges

4. The Authority will require specific measures to be adopted by operators of

Crypto Asset Exchanges to ensure clear, accurate and timely disclosures to
users, including risk acceptance procedures and identification of commissions
and fees paid in respect of the users' trading activity.

5. The Authority will require proposed Crypto Asset Exchanges to provide detailed
demonstrations of its operations and how it controls the trading on its exchange
in a manner which protects investors, including but way of limits on trading,
and ensures the relevant markets are not abused.

6. The Authority will also require worked demonstrations of stress testing to show
how client assets will be protected upon a full default of the exchange and how
bad actors within its organisation would be prevented from profiting by use of
client assets or market abuse.

7. As noted under Article 16(Fourth), exchanges must restrict access to certain

classes. It is recognised that Crypto Asset Exchanges will likely need to use "tick
box" type online forms to satisfy matters such as suitability and knowledge base
in practice. The process for ensuring informed approval of these matters should
be demonstrated.

8. It is also appreciated by the Authority that Crypto Asset Exchanges may need
to use software solutions to prevent the access/use of exchanges by non-
Qualified Investors if this is the intended operation of the exchange.

- 23 -
8. In respect of the Regulation required to be put in place under Article 16 / Fourth
/ (6), the following items should also be considered by applicants, where
relevant:

General Rules:

• charges, commissions and fees;

• margin and solvency requirements for participants, including day trading limits
permits;
• permitted movement limits of listed Crypto Assets;
• "know your customer" and other information disclosure requirements;
• suitability assessments to be undertaken;
• use of information by the exchange;
• publication of transactions and quotations;
• use of and connected devices and algorithms and fraud avoidance methods;
• customer confirmations provided;
• conflicts of interest and relationships with token issuers;
• any discretionary accounts permitted;
• the extent to which sharing in accounts/joint accounts is/are permissible;
• communications with users and the public;
• offers and marketing to be made;
• mandatory systems testing;
• discipline and trading suspension process;
• procedures for supervision of participant’s conduct and compliance with
applicable requirements;
• review of activities of participant, including periodic examination of customer
accounts to detect and prevent irregularities or abuses;
• the prevention of the misuse of material non-public information;
• forwarding of proxy and other issuer-related materials;
• market making on the exchange.

Financial and Operational Rules for issuers:

• publication of financial information and interrelation with Authority;

• rules for securities disclosures (where applicable);
• disclosures of material developments.

Market Abuse Prevention Rules:

• market manipulation, fictitious transactions;

• excessive sales by participants, manipulative transactions;
• dissemination of false information;
• prohibition against trading ahead of customer orders, joint activity;

- 24 -
 • influencing data feeds;
• trade shredding; best execution;
• publication of transactions and changes;
• front running of block transactions;
• a prohibition against disruptive quoting and trading activity.

Trading Rules:

• offer process, price certainty and order execution process;

• access to and conduct on the market place, days/hours;
• units of trading;
• minimum price variant;
• Opening the Marketplace;
• Trading Halts;
• Order Entry;
• Audit Trail;
• Execution and Price Time Priority;
• Risk Controls;
• Trade Execution and Reporting;
• Dissemination of Quotations;
• Error Trades;
• Short Sales;
• Locking or Crossing Quotations in Crypto Assets;
• Settlement.

Listing rules: to be based on existing UAE exchange rules and processes in respect of
Securities. To include, Suspension and Delisting; Guide to Filing Requirements;
Procedures for Review of Exchange Listing Determinations; and Fees and Other
Charges.

Article 17 Listing of Crypto Assets on a Crypto Asset Exchange

Guidance

1. The Authority will apply equivalent assessment procedures in considering the

approval of Crypto Assets on the market as it presently applies in the content of
approving the listing of Securities on a Market. However, such procedures will
be modified as appropriate to take into account the nature of the investments
and oversight of compliance with the requirements under the Regulations.

- 25 -
Chapter 7 OTHER REGULATED ACTIVITIES

Article 18 Regulated Functions in respect of Crypto Assets

Guidance

1. This Chapter broadly seeks to apply the scope of activities currently regulated
by the Authority to Security Tokens and Regulated Commodity Tokens. The
general approach required will be that persons conducting such activities will
seek a license through the current process prescribed by the Authority, but
would identify their proposed scope of activities in respect of Crypto Assets.
There will be opportunity for applicants to demonstrate, taking into account the
specific areas identified in Chapter 7 to request specific arrangements.

2. The financial activities to be regulated in respect of Regulated Commodity

Tokens under Chapter 7, shall include brokerage, dealing as agent and
principle, promotions, investment funds related activities, market making,
securities lending, registered owner and beneficiary services.

3. Article 18 (Third) provides that Regulated Commodity Tokens shall be treated

as securities and usual Securities rules will apply, as applicable. It is intended
that SCA regulations specific to particular types of securities only, such as
regulations specific to the issuance of debt securities or IPOs for equities, would
not apply. It is also not intended that Disclosure and Transparency Rules would
apply to Regulated Commodity Tokens not listed on a UAE exchange.

4. Article 18 (Fifth) seeks to ensure that brokerage, as commonly conducted in

respect of Crypto Assets is properly caught within the scope of licensing,
whether or not fitting the technical description of Securities Brokerage under
the Authority's regulations.

5. Article 18 (Sixth) sets out the requirements when a person maintains the register
determining who holds the Crypto Assets – this may be by way of maintaining
a distributed ledger. In acting as such the person will be expected to comply
with applicable rules of the Clearing, Settlement and Depository Regulations
and, in respect of the Crypto Assets:

• Ensure that the unauthorised creation of deletion of securities is

prevented
• Regularly verify that the relevant Crypto Assets records as in issue is
equal to the aggregate number of crypto assets validly recorded as held
by investors identifiable through the relevant database/ledger, whether
by way of anonymous code/hash or otherwise
• Implement adequate arrangements for information exchange between
all other persons authorised to execute instructions to issue, hold and
transfer the Crypto Assets through the relevant network.
• Ensure that in the event that another person also has authority to
maintain the register or make changes to the register determining the
ownership of Crypto Assets (not including where one person holds
Crypto Assets on behalf of another person or persons, but including

- 26 -
 persons who jointly decide on changes to the register), adequate
procedures are implemented to ensure:
• information is exchanged between each person for a daily
reconciliation on ownership of the Crypto Assets and
compliance with the above principles is maintained
• in the event of a failure of insolvency of one person records
would be maintained to avoid any loss of ownership rights over
Crypto Assets
• several transactions in the same Crypto Assets by different
persons cannot take place

6. To ensure the compliance with Article 18 (Sixth), the Authority would expect
Licensees conducting the relevant functions to engage with it on the
arrangements in place and implement other requirements the Authority may
have to ensure the soundness and security of the arrangements for the register
of holdings in the Crypto Assets.

7. Article 18 (Seventh) addresses a core requirement of the Authority across all

service providers in respect of applicable Crypto Assets (to be generally limited
to Security Tokens and Regulated Commodity Tokens) that where a person
conducts a function of being responsible for recording ownership and amounts
of issued Crypto Assets, responsibilities akin to a depository must be considered.
The Authority's Depository Regulations will be relevant.

8. Standards of training for Licensed Persons in respect of Crypto Assets shall be

as set out in the fitness and propriety regulations established by the Authority

- 27 -
Chapter 8 MARKET ABUSE PREVENTION

Article 20 Market Abuse Prevention

Guidance

1. The Authority recognises that many Crypto Assets subject to these rules may be
exchanged within a thin market and effective systems oversight to mitigate risks
of market abuse will need to be adjusted proportionately compared to more
deeply traded Securities.
2. The Authority expects a proportionate and risk adjusted approach to be adopted
in accordance with international best practices to protect and detect fraudulent
trading.
3. However, any perceived limitations in the nature of the relevant Crypto Assets
in respect of market transparency and efficiencies, should be disclosed to
investors.
4. Statutory references relevant to market abuse shall be added by the Authority
in line with latest regulations been published

- 28 -
Chapter 9 SYSTEMS AND CONTROLS

Article 21 Financial Crime Controls

Guidance

1. The Authority requires Licensed Persons to adopt adequate and effective

systems and processes to monitor transactions involving Crypto Assets and to
conduct appropriate enquiries and evaluate potentially suspicious transactions,
including identifying the following for prevention or additional screening:

• the use of proxies, any unverifiable or high-risk geographical locations,

any disposable email addresses or mobile numbers, or use of a
constantly changing device to conduct transactions;
• transactions involving wallets or transferee/transferor addresses which
show evidence of being processed through non-verifiable means;
• transactions involving Crypto Assets with a higher risk or greater
anonymity, including those designed to mask users' identities or
transaction details.

2. Persons conducting financial activities in respect of Crypto Assets are expected

to apply FATF guidance and recommendations in respect of the mitigation of
AML risks for Virtual Assets and Virtual Asset Services Providers and apply the
standards issued by the UAE Central Bank in respect of the application of FATF
guidance and recommendations in the UAE from time to time.

3. Additional Guidance will be considered by the Authority in respect of business

risk assessments and compliance frameworks to be updated in line with
financial crime risks specific to Crypto Assets. Applicants are encouraged to
demonstrate techniques adopted to identify and mitigate financial crime risks.

Article 22 Technology Governance and Standards

Guidance

1. Cyber security measures are expected to include:

• Security measures and procedures for the safe storage and transmission
of data and protection of access rights and protocols shall be developed
and continually monitored against external threats and regularly
updated.
• Access to network resources being tracked and activities monitored,
with appropriate logging mechanisms to observe and prevent data
compromises.
• Procedures for the creation and management of services, interfaces and
channels provided by or to third parties (as recipients and providers of
data or services).
• Policies and procedures for the management of personnel and decision-
making by qualified staff, with staff possessing adequate technological
expertise to make such decisions.

- 29 -
 • Policies and procedures that support an appropriate governance
structure that identifies key systems or assets that could be at risk.
• Physical or organizational measures to control and protect against
cyber risks (e.g., vulnerability testing, penetration testing).
• Measures to detect cyber anomalies.
• Policies related to incident response.
• Business continuity plans and/or disaster recovery plans, including
procedures for business continuity and client engagement in the event
of both planned and unplanned system outages.

2. Licensees are expected to provide the following information to the Authority in

the form is shall prescribe for this purpose from time to time:

• Data protection, software development and oversight and encryption

standards
• Software, systems and architecture standards
• Use of third-party service providers and procedures for delegating
activities to third parties
• Information technology infrastructure located outside of the State and
replication of data in real time.

- 30 -