In the interests of securing financial transactions and fostering innovation in the United Arab Emirates, the Central Bank of the UAE (CBUAE) has issued the Payment Token Services Regulation governing issuance, conversion, custody and transfer of payment tokens. Concurrently, the Sandbox Conditions Regulation establishes a supervised environment for testing innovative financial services. Participants can experiment under defined rules, excluding certain activities, with safeguards ensuring consumer protection and financial stability. These regulations underline the UAE’s commitment to fostering fintech innovation while maintaining regulatory oversight.
Overview of the PTS regulation
In a proactive move to regulate digital payment services within its jurisdiction, the CBUAE has introduced a comprehensive regulatory framework for payment token services. This initiative marks a pivotal step towards embracing the digital economy while ensuring a secure and robust financial environment. Here we provide an overview of the key aspects of the Payment Token Services Regulation (PTS regulation), highlighting its scope, objectives and implications for both the payment token service providers and consumers.
The PTS regulation, crafted by the UAE Central Bank, delineates the criteria and conditions under which licenses or registrations are granted to entities offering payment token services in the UAE. It encompasses three primary categories: payment token issuance, payment token conversion, and payment token custody and transfer.
A secure and efficient framework
The PTS regulation’s primary goal is to establish a secure and efficient framework for digital monetary services, fostering innovation while safeguarding consumer interests and maintaining financial stability.
Entities seeking to provide payment token services must undergo a rigorous evaluation of their financial health, operational capabilities, and compliance with regulatory standards as part of the licensing or registration process overseen by the CBUAE. Foreign entities interested in operating within the UAE market can also apply for registration, subject to specific conditions and supervision by the UAE Central Bank.
A significant focus of the PTS regulation is on consumer protection and operational standards. Payment token service providers are required to implement robust risk management practices, ensure the confidentiality of customer data, and maintain adequate capital and liquidity to meet their obligations. Additionally, they must provide clear and transparent information to customers regarding the terms and conditions of their services.
Acknowledging the pivotal role of technology in digital payment services, the PTS regulation mandates the adoption of effective technology and cybersecurity risk management frameworks by the payment token service providers. Adherence to international best practices is essential to fortify systems against threats and ensure the reliability and security of services offered.
The CBUAE has instituted rigorous compliance and reporting requirements for payment token service providers. Entities are obligated to comply with anti-money laundering and counter-terrorism financing standards, conduct regular audits, and promptly report significant operational incidents. Non-compliance with these regulations may result in administrative penalties and financial sanctions.
Overview of the Sandbox Conditions Regulation
On the other hand, the CBUAE issued the Sandbox Conditions Regulation (sandbox regulation) on June 25, 2024, with the aim of establishing a regulatory sandbox environment as a supervisory tool enabling participants to test innovative business models, products and services in the financial services sector. This sandbox operates within a specified timeframe under appropriate regulatory supervision to ensure optimal outcomes for all stakeholders, while fostering innovation and attracting innovators.
The sandbox regulation outlines eligibility criteria and participation rules for the regulatory sandbox, in addition to the regulatory compliance requirements. It specifies that the sandbox is open to all entities and individuals, including the financial free zone companies, interested in testing licensed financial activities, excluding activities related to (i) taking deposits of all types; (ii) carrying out insurance activities in the UAE; and (iii) acting as principal in financial products that affect the financial position of the person, including but not limited to foreign exchange, financial derivatives, bonds and sukuk, equities, commodities, and any other financial products, as determined by the CBUAE.
Essential safeguards
The sandbox regulation also stipulates a minimum level of safeguards that participants must fulfil during their time in the regulatory sandbox, aiming to mitigate risks associated with innovative financial technologies in terms of consumer protection and financial system stability. These safeguards include, for example, appropriate mechanisms for handling consumer complaints, compensations, dispute settlements, as well as necessary measures to combat money laundering and terrorist financing in accordance with relevant legislation.
Regarding the duration of the regulatory sandbox, the testing period ranges between six to 12 months, with the possibility of extension based on an evaluation by the CBUAE for each case. It should be noted that the testing may be discontinued at any time during or after the specified testing period, subject to specific circumstances outlined in the regulation.
Paving the way for digital success
The sandbox regulation and the PTS regulation, issued by the UAE Central Bank, represent pivotal advancements towards fostering innovation and ensuring stability in the digital economy and financial services sector of the UAE. These regulations provide a structured framework that encourages experimentation and growth while safeguarding consumer interests and maintaining the integrity of the financial system.
By promoting a secure environment for digital payment innovations and establishing clear guidelines for regulatory compliance, the CBUAE is paving the way for sustainable development and enhanced competitiveness in the global digital landscape. These regulatory initiatives underscore the UAE’s commitment to embracing technological advancements and maintaining leadership in the evolving realm of financial technology.
Eslam Ashry is managing associate, Fintech and Financial Services, Addleshaw Goddard. He is a bilingual qualified lawyer with over seven years of experience and is currently a managing associate in the fintech and financial services team at Addleshaw Goddard. Eslam has assisted many government entities across the region in developing their regulatory frameworks and has advised multiple private clients on the legal and regulatory frameworks pertaining to their businesses.
Anna Zeitlin is partner, fintech and financial services, Addleshaw Goddard. Anna leads the fintech and financial services practice at Addleshaw Goddard Dubai, servicing clients in the UAE, Saudi, Qatar and Oman. Her work is divided between government and non-government mandates. On the government side, she works with ministries and regulators to design frameworks from scratch, establish new regulators, and draft implementing regulations. On the non-government side, her clients range from startups to established financial institutions looking to enter the GCC market or expand their operations within it. Her team also offers licensing services to clients operating in the financial regulatory space.
For more op-eds, click here.