CRYPTO REGULATIONS IN ABU DHABI

1) THE REGULATORY PERIMETER IN ABU DHABI (ADGM)

Abu Dhabi Global Market (ADGM) is a financial free zone with an independent financial services (including virtual assets) regulator – the Financial Services Regulator Authority (FSRA), and an English-law-based legislative framework. Within ADGM, the FSRA sets the requirements for firms that carry on Regulated Activities in relation to Virtual Assets (VAs). The FSRA consolidates these requirements in its Guidance – Regulation of Virtual Asset Activities in ADGM (most recently updated 10 June 2025) and in the Conduct of Business Rulebook (COBS), Chapter 17.

Outside ADGM, onshore UAE activities are overseen primarily by the Securities and Commodities Authority (SCA) and the Central Bank from a federal perspective; however, this article is limited to the ADGM perimeter and FSRA rules. All ADGM firms must also comply with the ADGM Anti-Money Laundering and Sanctions Rulebook (AML), which implements FATF standards (including the “Travel Rule”).

2) KEY DEFINITIONS: VIRTUAL ASSETS, FRTs AND EXCLUSIONS

Virtual Assets and Accepted Virtual Assets (AVAs)

The FSRA regulates the use of Virtual Assets through a mechanism that requires each Authorised Person to assess whether a token qualifies as an Accepted Virtual Asset (AVA) for that firm’s intended use. Under COBS 17.2, an Authorised Person must follow the FSRA’s assessment criteria, maintain and publish its AVA list, and notify the FSRA no later than five business days prior to using a VA for the first time (and on material changes). The firm must also monitor the AVA on an ongoing basis and remove it if it no longer meets the criteria. 

Fiat-Referenced Tokens (FRTs)

ADGM introduced a specific framework for Fiat-Referenced Tokens (i.e., fiat-backed stablecoins). COBS 19A sets the admission, reserve, segregation, attestation, audit, redemption and disclosure standards that apply where FRTs are used within ADGM. In practice, only “Accepted FRTs” may be used for Regulated Activities, and where COBS Chapter 17 expressly references FRTs, the corresponding VA rules also apply.

Prohibited token types: privacy tokens & algorithmic stablecoins

Following Consultation Paper 11 of 2024, the FSRA amended the framework on 10 June 2025 to enshrine an express prohibition on the use of privacy tokens and algorithmic stablecoins in ADGM for any Regulated Activity. The FSRA also introduced a product-intervention power for VAs.

The rulebook’s background and stablecoin sections now explicitly define these token types and confirm their prohibited status for Regulated Activities in ADGM. 

3) WHAT ACTIVITIES ARE REGULATED?

The FSRA aligns VA activities with existing Regulated Activities under the Financial Services and Markets Regulations (FSMR). As clarified in the VA Guidance, a firm must obtain FSRA approval to use VAs when it conducts any of the following:

• Dealing in Investments as Principal
• Dealing in Investments as Agent
• Advising on Investments or Credit
• Arranging Deals in Investments
• Managing Assets
• Providing Custody
• Operating a Multilateral Trading Facility (MTF) (in relation to VAs)

Where a token is structured as a Digital Security, separate FSRA digital-securities guidance and permissions apply (for example, an MTF seeking to admit and trade digital securities alongside VAs requires additional approvals).

4) CORE CONDUCT, PRUDENTIAL AND TECHNOLOGY CONTROLS (COBS 17)

COBS Chapter 17 overlays additional requirements on Authorised Persons that conduct a Regulated Activity in relation to VAs (and, where specified, in relation to FRTs). The chapter is structured as follows:

• 17.1 Application & interpretation
• 17.2 Accepted Virtual Assets (firm-level assessment, notification, website disclosures, monitoring)
• 17.2A Accepted FRTs
• 17.3 Capital requirements
• 17.4 International tax reporting (CRS/FATCA where applicable)
• 17.5 Technology governance & controls
• 17.6 Additional disclosures to clients
• 17.7 Extra rules for MTFs using VAs
• 17.8 Extra rules for Custody (and arranging custody) in relation to VAs.

Capital

For MTFs using VAs, COBS 17.3.1 cross-refers to the Market Infrastructure Rulebook (MIR) 3.2 capital standards; other VA firms remain subject to the FSRA’s prudential regime based on their permissions (with refinements adopted in June 2025 alongside the AVA process changes).

Technology governance and controls

Firms must implement robust technology governance and IT risk controls proportionate to their VA business model, as set out in COBS 17.5. In practice, the FSRA expects clear system ownership, change management, capacity/resilience planning, incident reporting, and appropriate segregation of duties.

International tax reporting & disclosures

Where relevant, firms must comply with COBS 17.4 on international tax reporting obligations and COBS 17.6 on additional disclosures, including clear risk warnings tailored to VA products and services.

5) MARKET INFRASTRUCTURE: OPERATING A VA MTF

ADGM permits MTFs to admit and trade VAs subject to MKT/MIR and the additional COBS 17.7 obligations. The VA Guidance sets expectations around admission criteria, market surveillance, default management, settlement, and insider-dealing/market-abuse controls adapted to on-chain asset characteristics.

Practically, an MTF must:

• Establish transparent, non-discriminatory admission standards for VA listings and counterparties;
• Implement ongoing monitoring of admitted VAs (including delisting where a token ceases to meet AVA criteria or becomes prohibited under policy);
• Maintain market surveillance tools able to detect manipulation patterns specific to DLT-based trading; and
• Define arrangements for settlement and custody, addressing hot/cold wallet architecture, finality, and reconciliation processes.

6) CUSTODY OF VIRTUAL ASSETS

The FSRA prescribes safe-custody outcomes through COBS 14–16 (client money/safe custody/resolution planning) and specific VA custody overlays in COBS 17.8. The VA Guidance further details operational expectations for Virtual Asset Custodians, including asset-segregation, reconciliation, client statements, and sub-custody controls.

Illustrative expectations from the Guidance include:

• Reconciliations of client VA holdings (e.g., weekly reconciliations against blockchain records and internal books/records);
• Periodic statements to clients (e.g., monthly statements summarising holdings and movements);
• Multi-signature / multi-party controls and procedures designed to mitigate collusion risk;
• Documented hot/cold wallet policies, key-management, and incident response playbooks; and
• Rigorous due diligence over any sub-custodians (including jurisdictional risk and insolvency analysis).

7) AML/CFT: THE TRAVEL RULE AND VA TRANSFERS

ADGM’s AML Rulebook integrates the Travel Rule for wire transfers, expressly including Virtual Asset transfers. AML 10.3.1 and 10.3.2 require originator and beneficiary information to accompany transfers and to be retained throughout the payment chain, with monitoring for missing data and controls for batch transfers. This applies to Authorised Persons and Recognised Bodies.

In practice, VA firms should:

• Embed pre-transfer screening to ensure required originator/beneficiary fields are populated;
• Integrate TRSPs (Travel-Rule Service Providers) or equivalent secure messaging channels; and
• Align sanctions screening and suspicious activity reporting with ADGM/Federal requirements.

8) STABLECOINS IN ADGM: FRTS VS OTHER “STABLECOINS”

The FSRA distinguishes FRTs (fiat-backed) from other tokens often marketed as “stablecoins”. Tokens that do not meet the FRT definition (e.g., asset-referenced baskets, commodity-referenced, or designs relying principally on algorithms) are not treated as FRTs; firms must consult the FSRA to determine their treatment, and algorithmic tokens are prohibited for Regulated Activities. 

9) NFTs

As of June 2025, NFTs remain outside FSRA regulatory oversight as a product; however, the FSRA permits limited NFT-related activity within ADGM only if undertaken by a regulated MTF/VA-Custodian group through a ring-fenced commercial NFT entity that outsources all client, trading, auction, and custody functions back to the regulated group. AML/CTF obligations continue to apply. 

10) THE 2025 AMENDMENTS – WHAT CHANGED?

On 10 June 2025, the FSRA implemented targeted amendments that:

• Streamlined the AVA process and updated related fees and capital references;
• Introduced a product-intervention power specific to VAs; and
• Codified the prohibition on privacy tokens and algorithmic stablecoins across the framework. 

These changes reflect the FSRA’s risk-based evolution of its VA framework and reinforce the emphasis on transparency, market integrity, and consumer protection consistent with FATF standards. 

11) LICENSING PATHWAY: FROM APPLICATION TO OPERATIONAL LAUNCH

The FSRA sets a five-stage authorisation pathway for VA firms:

1. Due diligence & pre-filing discussions with FSRA (demos of systems and controls)
2. Formal application (Virtual Asset Application Form + detailed launch plan + payment of fees)
3. In-Principle Approval (IPA) with conditions
4. Final Approval (Financial Services Permission)
5. Operational-launch testing, including third-party verification of systems where applicable

The FSRA expects intensive engagement throughout – and notes that banks will typically scrutinise AML onboarding, source/destination of funds controls, and transaction monitoring when onboarding VA firms, with the existence of an IPA often aiding account-opening discussions.

12) PRACTICAL COMPLIANCE FOCUS AREAS

To build a regulator-ready ADGM VA business, focus on the following pillars – mapping each to COBS 17 and the VA Guidance:

A. Token governance & disclosures

• Establish an AVA methodology, governance committee, and website disclosures for the firm’s AVA list.
• Implement continuous monitoring (e.g., code updates, chain forks, liquidity, concentration, market-abuse risks) and delisting protocols.

B. Market or intermediary controls

• For MTFs, embed admission criteria, on-chain surveillance, fair access, and robust default/settlement arrangements.
  
• For broking/arranging/advisory, maintain client classification, suitability/appropriateness processes, and clear risk disclosures tailored to VA features.

C. Custody controls

• Design wallet architecture with multi-party controls, disaster recovery, key-ceremony procedures, and access segregation.
• Perform reconciliations and issue periodic statements; document and monitor sub-custody arrangements.

D. AML/CFT & sanctions

• Map Travel-Rule data fields to system architecture; integrate TRSP connectivity; manage unhosted wallet risks; and align screening and STR processes to ADGM/Federal thresholds.

E. Technology governance

• Formalise change management, incident response, capacity testing, and third-party risk management for chain nodes, oracles, data providers, or custody vendors.

F. Token-type restrictions

• Ensure governance includes a hard block against privacy-enhancing coins and algorithmic stablecoins at onboarding and on an ongoing basis. 

13) HOW ADGM TREATS “BORDERLINE” TOKENS AND EVOLVING MODELS

The FSRA recognises that many tokens marketed as “stable” or “utility” may not fit cleanly into FRT or unregulated utility buckets. Where a token does not meet the FRT definition (e.g., asset-referenced baskets or algorithmic designs), firms should engage the FSRA early to determine regulatory treatment – and note that algorithmic designs are not permitted for Regulated Activities. 

Similarly, where token features confer profit rights, governance, or claims akin to securities, firms should assess whether the instrument is a Digital Security and require corresponding permissions (e.g., trading, custody, or issuance under the FSRA’s digital-securities guidance).

14) ENFORCEMENT & SUPERVISION POSTURE

The FSRA’s 2025 updates reinforce a proactive supervisory posture:

• Product-intervention powers to halt dealings in a particular VA;
• Codified prohibitions on certain token types; and
• Emphasis on ongoing supervision, thematic reviews, and technology demonstrations during authorisation and post-licensing life-cycle.

15) CHECKLIST FOR FOUNDERS AND INSTITUTIONS

1. Define your business model and map permissions (e.g., MTF, custody, dealing, arranging, advisory, asset management). 
2. Build an AVA policy and website disclosure process; integrate real-time risk monitoring and delisting triggers. 
3. Embed COBS 17.5 technology controls; document wallet/key governance and vendor dependencies.
4. Implement Travel Rule solutions across inbound/outbound flows; align with AML 10.3.2 and sanctions controls.
5. For FRTs, map COBS 19A requirements (reserves, segregation, audits, redemption) and obtain “Accepted FRT” status where applicable.
6. If operating an MTF, align admission, market surveillance, and settlement with FSRA expectations.
7. If custody is in scope, meet COBS 14–16 plus COBS 17.8 overlays and custody guidance (reconciliations, statements, sub-custody).
8. Bake in token-type controls to block privacy tokens and algorithmic stablecoins.
9. Plan for IPA → FSP → operational launch with third-party testing and live simulations.

16) CLOSING TAKEAWAYS

ADGM’s framework is now one of the most granular and technology-aware VA regimes globally. The shift to a firm-led AVA process – tempered by product-intervention powers and prohibited token-type rules – pushes responsibility to governance, risk, and technology teams while keeping the regulator’s ability to act quickly where market or consumer risks arise. For founders and institutions, success in ADGM requires tight alignment of legal permissions, token-governance, technology controls, and AML/Travel-Rule operations from day one.

Disclaimer:

This article is provided for general information only and does not constitute legal advice. Regulatory positions evolve and depend on your specific facts. You should seek formal legal counsel before taking action, including on licensing, product design, AML/CTF, sanctions, disclosure and cross-border issues

FAQ: