Navigating new frontiers: Unveiling the UAE's Payment Token Services Regulation

The eagerly anticipated UAE Payment Token Services Regulation (Circular No.2 /2024) was published last month representing a significant advancement in the regulatory framework governing digital payment services in the UAE. The regulation marks a significant step in the UAE’s digital economy agenda and provides a clear and structured framework for stablecoin and digital assets within the UAE.  

A comprehensive framework for digital payment services

The Payment Token Services Regulation sets out a comprehensive framework for licensing and supervising digital payment services, including:

• payment token issuance,
• payment token conversion, and 
• payment token custody and transfer. 

The new framework brings certain types of stablecoins within the regulatory perimeter for payment services for the first time in the UAE, in line with the global trend of the increasingly developed regulatory matrix for digital assets.

Payment token services

The regulation restricts service providers from performing payment token services within the UAE or directed to persons within the UAE without a licence from the UAE Central Bank to perform such activities. 

The promotion of payment token services within the UAE or to persons in the UAE is also restricted, unless the promoter has the appropriate licence from the UAE Central Bank. 

Payment token services may only be provided or promoted in relation to:

•  stablecoins; 
•  payment tokens denominated in Dirhams or
•  other foreign fiat currency. 

In particular, any algorithmic stablecoin or privacy token are prohibited.  Interestingly, the regulation also limits the ability for merchants and service providers to accept any payment tokens that are not Dirham denominated.   There is an exemption for certain types of payment tokens which pose a low risk to customers. 

Licensing

Only companies incorporated in the UAE or free zones (other than DIFC and ADGM) may apply for a licence. Foreign entities (which would include DIFC and ADGM entities) may apply for registration as a foreign payment token issuer. 

Certain entities that are already licensed by the Securities and Commodities Authority (SCA) or other local licensing authority may be eligible to apply for a “Non-Objection Registration” pursuant to which the UAE Central Bank may permit that entity to perform payment token services. 

Ongoing regulatory requirements

Licensed and registered entities must comply with ongoing regulatory requirements as to, among other things, corporate governance and risk management, risk management (such as relating to technology, payment security, liquidity and reputation) and customer protection, together with regulatory capital requirements. 

Excluded activities

Specified activities are excluded from the scope of the regulation, including activities where the service provider is licensed or requires a licence under from the UAE Central Bank pursuant to the Retail Payment Services and Card Schemes Regulation or the Stored Value Facilities Regulation, providing or maintaining a communication network or distributed ledger technology and certain types of payment token transfers. 

Timing and looking ahead

The regulation comes into force on the date of publication in the Official Gazette, although notably the regulation introduces a one-year transitional period for compliance with the regulation. 

The Payment Token Services Regulation makes it clear that after the transitional period any entities licensed by the Retail Payment Services and Card Scheme Regulation, or the Stored Value Facilities Regulation shall cease to be licensed for any Virtual Asset activities under their respective licence and must instead obtain a licence pursuant to the Payment Token Services Regulation.