Regulated PTS Activities — Under CBUAE (UAE)
A complete breakdown of Payment Token Services regulated by the Central Bank of the UAE (CBUAE); Issuance, Custody & Transfer, and Conversion, including licensing vs registration routes, operational scope boundaries, promotion restrictions, and how to structure correctly from day one.
What We Deliver
- Payment-Token Perimeter
- Stablecoin structuring
- White Paper drafting
- Promotion Compliance Review
- AML/Travel Rule
- Custody Governance and Technology
- Regulator-Facing Submission Packs
Overview
What Requires a CBUAE Authorisation?
Under the CBUAE Payment Token Services Regulation (Circular No. 2/2024), Payment Token Services are digital payment services in the UAE and comprise three categories:
1. Payment Token Issuance
2. Payment Token Conversion
3. Payment Token Custody and Transfer
Core Rule (Make Regulatory Perimeter):
No person may perform any Payment Token Service within the UAE or directed to persons in the UAE unless that person is Licensed or Registered by the Central Bank to perform that service.
This prohibition applies broadly, including to firms that may otherwise be licensed or regulated for other virtual asset activity by other authorities.
🚫 Authorisation is activity-specific. The CBUAE regulates not just “stablecoin issuance,” but also the infrastructure functions that make payment tokens usable in practice (custody/transfer and conversion).
Core Regulated Activities
The Core Regulated Activities (Payment Token Services)
01
Regulated Activity
Payment Token Issuing (Stablecoin Issuance)
Regulatory character: Issuance of a Payment Token is a regulated Payment Token Service and requires CBUAE authorisation.
Permitted scope (typical)
- Issuing payment tokens to users (primary issuance / initial distribution)
- Operating issuance and redemption mechanics
- Maintaining the token framework and issuer controls
- Publishing regulated disclosures (White Paper)
Not permitted / prohibited
- Any issuance or issuance-related service that is not authorised by CBUAE
- Promotions relating to Algorithmic Stablecoins or Privacy Tokens (expressly prohibited)
Best suited for
- AED-backed stablecoin issuers (Dirham payment token model)
- Institutional-grade token issuers with reserve, redemption, audit, and governance maturity
Critical issuer requirement; White Paper — A Payment Token Issuer may not perform Payment Token Issuing unless it has:(1) produced a White Paper, (2) submitted it to the CBUAE, (3) received the CBUAE’s acceptance, and (4) published the White Paper in accordance with the Regulation.
02
Regulated Activity
Payment Token Custody and Transfer
Regulatory character: Safeguarding payment tokens and/or the means to control them, and enabling transfers, is a regulated Payment Token Service requiring CBUAE authorisation.
Permitted scope (typical)
- Safeguarding payment tokens and/or cryptographic keys
- Operating controlled wallet infrastructure for payment tokens
- Facilitating transfers of payment tokens (client instructions, operational transfer rails)
Not permitted / prohibited
- Performing custody/transfer services in or into the UAE without being licensed or registered
- Promoting services relating to Algorithmic Stablecoins or Privacy Tokens
Best suited for
- Institutional custodians
- Payment token wallet operators
- Platforms providing safeguarded payment token transfers under a compliant custody model
Key structuring point, “exclusive business” expectation — Where a Payment Token Custodian and Transferor is licensed under the CBUAE retail payments/SVF regimes (or otherwise within scope), the Regulation frames the exclusive business as performing the licensed Payment Token Custody and Transfer activities (subject to specific exceptions and bank status).
03
Regulated Activity
Payment Token Conversion (Spot Buy/Sell)
Regulatory character: “Conversion” (spot buying/selling of payment tokens) is regulated as a Payment Token Service and requires CBUAE authorisation (licence or non-objection registration depending on the model).
Permitted scope (typical)
- Spot conversion of payment tokens (buy/sell)
- Operating compliant conversion rails (including customer onboarding and execution controls)
Not permitted / prohibited
- Conversion services in or into the UAE without being licensed or registered
- Promotions for non-permitted means of payment or for services similar/equivalent to Payment Token Services outside the authorised perimeter
Best suited for
- Fintechs enabling compliant payment-token conversion
- Exchanges and platforms integrating payment token conversion as a regulated function (where structured correctly)
Key structuring point, registration category exists — The Regulation defines a Registered Payment Token Conversion Provider as a juridical person that has received a Non-Objection Registration to perform Payment Token Conversion.
Authorisation Pathways
Licence vs Registration — The CBUAE Authorisation Pathways
CBUAE authorisation comes in two broad forms:
Pathway A
Licence (CBUAE-licensed Payment Token Service Provider)
Required where the entity will provide Payment Token Services as a licensed activity under the CBUAE regime.
Pathway B
Registration (CBUAE registration routes)
The Regulation defines “Registration” as either:
- a Foreign Payment Token Issuer Registration, or
- a Non-Objection Registration.
Key registration categories explicitly defined include:
- Registered Foreign Payment Token Issuer (registered pursuant to Article 5(2))
- Registered Foreign Payment Token Custodian and Transferor (Non-Objection Registration for custody/transfer of foreign payment tokens)
- Registered Payment Token Conversion Provider (Non-Objection Registration for conversion)
Promotion Rules
What You Can (and Can't) Market In The UAE
CBUAE imposes specific prohibitions on promotions in or into the UAE where promotions relate to “means of payment” services, unless the promotion relates solely to:
Permitted scope (typical)
- Dirham Payment Tokens issued by Licensed Payment Token Issuers for lawful purposes; or
- Foreign Payment Tokens issued by Registered Foreign Payment Token Issuers being lawfully used as a means of payment for purchase of a virtual asset or virtual asset derivative.
Not permitted / prohibited
- Algorithmic Stablecoins and related services
- Privacy Tokens and related services
- Non-permitted "means of payment" services
- Services outside CBUAE authorisation scope
Separately, promotions for Algorithmic Stablecoins and Privacy Tokens (and related services) are prohibited in or into the UAE.
Prudential Expectations
Prudential & Operational Expectations Across All Payment Token Services
While each activity has its own technical perimeter, the CBUAE framework is prudentially driven and will expect applicants to evidence:
- Board-level governance and accountability
- Robust risk management and internal controls
- AML/CFT and Travel Rule implementation maturity
- Technology resilience and incident response discipline
- Customer protection and transparent communications
- Controlled promotions aligned with permitted categories
Regulatory Scrutiny
What CBUAE Will Scrutinise (In Practice)
During pre-application engagement, licensing, and ongoing supervision, expect scrutiny on:
Authorisation perimeter
whether the model constitutes Issuing, Custody/Transfer, Conversion (or equivalent services)
White Paper governance
readiness to produce, submit, obtain acceptance, and publish (issuers)
Promotion compliance
whether marketing fits within the permitted promotional perimeter
Operational exclusivity & activity containment
whether activities remain within the approved scope
Material change reporting discipline
prompt notification and documentation for changes affecting application accuracy/completeness
Structuring Strategy
Structuring Strategy Matters
Misclassification vs Phased Approach
Misclassification under the Payment Token Services framework can trigger:
- Wrong authorisation pathway (Licence vs Registration)
- Expanded supervisory burden
- Promotion breaches (often overlooked)
- Enforcement risk for “similar or equivalent” services performed outside CBUAE authorisation
A phased authorisation strategy is often more efficient:
- Obtain the correct authorisation for the immediate product perimeter
- Expand scope only after control maturity is demonstrable
Our Services
What CRYPTOVERSE Legal Delivers
Payment-Token Perimeter
Mapping (CBUAE Licence vs Registration route design)
Stablecoin Structuring
(Dirham vs foreign model, permitted usage perimeter)
White Paper Drafting
Drafting and acceptance readiness (issuer track)
Promotion Compliance
Review and go-to-market guardrails
AML/Travel Rule
Architecture and operational testing.
Custody Governance
Governance and technology control frameworks.
Regulator-Facing Submission Packs
Submission packs and file management through authorisation.
FAQs
Frequently Asked Questions
Yes. No person may perform Payment Token Services in or into the UAE unless licensed or registered by the CBUAE.
Promotion of algorithmic stablecoins (and related services) in or into the UAE is prohibited under the Regulation.
The Regulation identifies three: Issuance, Conversion, and Custody & Transfer.
Yes. The Regulation recognises Foreign Payment Token Issuer Registration and Non-Objection Registration categories, including for conversion and custody/transfer of foreign payment tokens.
No. Promotions in or into the UAE are restricted, and must fall within the permitted categories defined by the Regulation.
Get Started
Structure Your PTS Correctly
From perimeter mapping and White Paper drafting through promotion compliance and custody governance — we manage the full CBUAE authorisation file from structuring through launch.