Application Process & Documents Required by CBUAE
For Payment Token Service Providers (Stablecoin Issuers, Custody & Transfer, Conversion)
A practical, regulator-aligned guide to the CBUAE licensing pathway for VASPs conducting Payment Token Services in or into the UAE.
What We Deliver
- Regulatory perimeter analysis
- Capital & prudential modelling
- White Paper drafting & alignment
- Governance framework design
- AML programme structuring
- Reserve architecture validation
- Pre-application supervisory positioning
- Application dossier compilation
- Regulatory response management
Who Requires Authorisation
Who Requires a CBUAE Licence or Registration?
Under the Payment Token Services Regulation, any person conducting Payment Token Services within or directed to the UAE must obtain the appropriate authorisation.
Regulated activities include:
1. Payment Token Issuance (Dirham Payment Tokens)
2. Payment Token Custody & Transfer
3. Payment Token Conversion
4. Foreign Payment Token Issuance (Registration Regime)
🚫 Unlicensed activity constitutes a regulatory breach.
Licensing Pathway
Licensing Pathway — Step by Step
Regulatory Perimeter & Structuring Analysis
Before submission, applicants must determine:
- Which activity(ies) require licensing;
- Whether the entity qualifies as a Dirham Issuer or Foreign Token Issuer;
- Applicable capital thresholds (Articles 13 & 14);
- Reserve framework (Article 22 for Issuers);
- AML obligations.
This phase typically includes a legal opinion and prudential readiness assessment.
Pre-Application Engagement (Recommended)
While not mandatory in all cases, early supervisory engagement is strongly advisable to:
- Confirm activity classification;
- Validate capital and reserve structure;
- Clarify business model boundaries;
- Discuss expected timelines.
Complex or high-volume models benefit from pre-application dialogue.
Formal Application Submission
A complete application must be submitted to the CBUAE, including:
- Prescribed application form;
- Supporting documentation;
- Capital evidence;
- Governance framework;
- AML/CFT controls;
- Operational readiness materials.
Incomplete applications are typically returned or delayed.
Supervisory Review & Queries
The Central Bank may:
- Request additional documents;
- Seek clarifications;
- Conduct interviews with key management;
- Review capital and financial projections;
- Assess technology and cybersecurity controls.
Supervisory review focuses on prudential soundness and systemic risk.
Conditional Approval & Final Authorisation
Where satisfied, the CBUAE may issue:
- Approval subject to conditions;
- Final licence (or registration for Foreign Issuers);
- Scope-limited authorisation.
Issuers must ensure the bank guarantee (Article 13(4)) is in place before final approval.
Core Documents Required
Documents Required by Provider Type
Licensed Payment Token Issuers must submit:
Category A
Corporate & Governance Documents
- Certificate of incorporation
- Memorandum & Articles of Association
- Shareholding structure (≥10% UBOs)
- Board composition
- Senior management CVs
- Governance policy
- Internal controls framework
Category B
Capital & Prudential Documentation
- Paid-up capital confirmation
- Source of funds evidence
- Capital composition breakdown
- Bank guarantee draft (equal to full paid-up capital)
- Financial projections (3-year minimum)
- Wind-down plan
Category C
Reserve of Assets Framework (Article 22)
- Reserve policy
- Banking arrangements
- Asset segregation controls
- Daily reconciliation process
- Redemption policy
- Liquidity access mechanism
Category D
White Paper (Issuers)
- Token mechanics
- Redemption rights
- Reserve structure
- Risk disclosures
- Governance disclosures
- Operational flow
ℹ️ White Paper must be submitted and accepted prior to publication.
Core Documents Required - Custody & Transfer Providers
- Business model description
- Custody architecture
- Cybersecurity framework
- Incident response plan
- Insurance arrangements (if applicable)
- Capital evidence (Article 14 tier)
- AML/CFT programme
- Transaction monitoring controls
- Business continuity plan
Core Documents Required - Conversion Providers
- Description of conversion mechanism
- Liquidity management policy
- Counterparty risk controls
- Capital modelling (Article 14 thresholds)
- AML/CFT framework
- Transaction monitoring tools
- Sanctions screening system
- Technology infrastructure documentation
AML/CFT Documentation
AML / CFT Documentation (All Licensees)
Applicants must submit:
- Enterprise-wide AML risk assessment
- AML/CFT policy manual
- Customer Due Diligence procedures
- Sanctions screening framework
- Suspicious Transaction Reporting process
- Travel Rule compliance procedures (where applicable)
- MLRO appointment documentation
- Staff training programme
Payment Token Service Providers are AML Obligors under UAE law.
CAPITAL & FINANCIAL
Capital & Financial Requirements (Articles 13–15)
Applicants must demonstrate:
- Regulatory capital compliance (AED 15m + buffer for Issuers; AED 1.5m/3m for Custody/Conversion tiers);
- Ongoing capital sufficiency;
- Source of funds transparency;
- Ability to withstand operational and redemption stress;
- Capacity for orderly wind-down.
The CBUAE may impose higher capital requirements based on scale and complexity (Article 15).
Technology & Fit & Proper
Technology, Cybersecurity & Fit & Proper
TECHNOLOGY & CYBERSECURITY SUBMISSIONS
Applicants should provide:
- System architecture diagrams
- Data storage locations
- Cybersecurity controls
- Penetration testing reports
- Access control policies
- Outsourcing agreements (if applicable)
- Cloud service disclosures
ℹ️ Operational resilience is a core supervisory focus.
FIT & PROPER REQUIREMENTS
Directors, senior management, and key function holders must satisfy:
- Competence and experience standards;
- Integrity and reputation requirements;
- Absence of serious regulatory history;
- Financial soundness.
Background screening and declarations are required.
TIMELINES
Timelines
While not rigidly codified in days, review timelines depend on:
- Completeness of application;
- Business model complexity;
- Capital readiness;
- Responsiveness to supervisory queries.
ℹ️ Complex issuance models typically undergo more extensive review.
Common Deficiencies
Common Application Deficiencies
Avoid These Application Pitfalls
- Undercapitalisation
- Incomplete White Paper
- Weak reserve segregation
- AML frameworks copied from other jurisdictions without UAE tailoring
- Over-broad business models
- Misalignment between marketing and licence scope
- Insufficient wind-down planning
What We Deliver
What CRYPTOVERSE Legal Delivers
Regulatory perimeter analysis
Capital & prudential modelling
White Paper drafting & alignment
Governance framework design
AML programme structuring
Reserve architecture validation
Pre-application supervisory positioning
Application dossier compilation
Regulatory response management
FAQs
Frequently Asked Questions
Not expressly mandatory, but strongly advisable for complex or high-volume models.
Yes. Foreign Payment Token Issuers operate under a registration regime, while Dirham Issuers and service providers require licences.
Capital must be demonstrably in place before approval, and issuers must provide a bank guarantee equal to full paid-up capital.
No. Performing Payment Token Services without authorisation constitutes a breach.
Get Started
Launch Your PTS Licence Application
From regulatory perimeter analysis and pre-application positioning through dossier compilation and regulatory response management — we carry your file from structuring through authorisation.