UAE operating obligations

What each authority requires operationally.

Authority control stack

Federal CBUAE obligations apply across all venues for payment tokens. Each venue adds its own obligation layer.

Licence perimeter: Art. 5 requires one or more categories for DPT issuance, foreign payment-token issuance, custody/transfer, and conversion.
Reserve assets: Art. 22 requires reserves at least equal to fiat face value in circulation, held in a segregated escrow account.
Reserve composition: Under Art. 22, a bank subsidiary must hold 50%+ in cash; balance in UAE gov bonds and CBUAE Monetary Bills ≤6mo duration.
Segregation: Art. 22 requires separate reserves per token type. Tokenholders have a claim on reserve assets on insolvency.
Redemption: Art. 21 gives holders the right to redeem without any time limitation.
Product restrictions: Art. 12 prohibits interest or holding-period benefits. DPTs are AED-only.
Safeguarding: Art. 23 requires customer tokens in a separate wallet from licensee and other customer assets.
White paper: Art. 26 requires a white paper submitted to CBUAE for review before any sale or transfer in/from the UAE.

Application staging: The VA guidance sets a five-stage process: initial review, formal application, in-principle approval, final approval, and operational launch testing.
Technology and launch controls: The guidance may require operational launch testing and third-party verification before final approval.
Accepted FRT use: The guidance requires regulated activity involving FRTs to use only Accepted FRTs.
Reserve quality: The FRT framework requires high-quality, liquid reserve assets in the same currency as the FRT.
Governance and attestation: The FRT framework requires governance, integrity, periodic independent attestation, and stress testing.
Disclosure: The FRT framework requires detailed white papers and ongoing disclosures on operations, risks, and holder rights.
Redemption: The FRT framework gives holders redemption at par value within defined timeframes.
Prohibited stablecoin type: The VA guidance prevents algorithmic stablecoins from use in ADGM regulated activity.

Non-fiat token suitability: GEN 3A.2.1 requires a prior suitability assessment before using a non-fiat crypto token in or from the DIFC.
Ongoing monitoring: Suitability should be reviewed at least every six months under GEN 3A.2.1.
Fiat Crypto Tokens: The policy statement lists EURC, USDC, and RLUSD as suitable.
Full-reserve expectation: The policy statement requires reserves at least equal to notional value in the reference currency.
Reserve quality and segregation: Reserves must be high-value, liquid, diversified, minimal-credit-risk assets held in segregated accounts per the policy statement.
Valuation and publication: The policy statement requires daily valuation and at least monthly reserve publication.
Independent verification: The policy statement requires third-party verification independent of the issuer.
Client-asset custody: COB 15.4 applies client-asset protection to crypto-token custody.
Technology audit reports: COB 15.8 requires technology audit reporting for the crypto-token regime.

Category 1 issuance: The Issuance Rulebook and Category 1 rules require a VARA licence.
Marketing reach: The Marketing Regulations apply to all entities marketing into Dubai, including foreign entities.
AED exclusion: The FRVA Rules exclude AED-linked stable-value tokens, which remain under CBUAE.
Reserve assets: The FRVA Rules permit short-maturity government debt, repos, and short-term government money-market funds.
Segregation and control: The FRVA Rules require legal segregation, remote from issuer assets, unencumbered, held with licensed firms.
Redemption: The FRVA Rules require legally enforceable par redemption within one working day. No redemption fees.
Monthly audit: The FRVA Rules require monthly independent audit of backing and senior-management attestation to VARA.
Capital: The FRVA Rules require paid-up capital of AED 1.5 million (~$410K) plus 2% of available supply.
Qualified-investor gating: The QI circular requires financial-threshold evidence, knowledge review, suitability, and a one-week cooling-off period.

VARA AML/CFT/PF circular: The 4 March 2026 circular translates UAE 2025 AML/CFT/PF regulations into Dubai VASP expectations: PF risk assessment, sanctions-evasion controls, transfer controls, escalation.
VARA Travel Rule circular: The 24 February 2026 circular requires originator/beneficiary information collection, verification, secure transmission, and retention. Blocks execution where requirements are not met.
Counterparty checks: The Travel Rule circular requires counterparty VASP checks, policy updates, exception handling, recordkeeping, and staff training.
CBUAE unlicensed-VASP handling: The joint guidance directs regulated firms to identify and avoid misuse of unlicensed VASPs.
CBUAE LFI VA risk guidance: The July 2023 guidance sets expectations for licensed financial institutions managing VA/VASP risks.