CBUAE Stablecoin Regulation in the UAE

The Authoritative Guide to Payment Token Services (2024 Framework)

The United Arab Emirates has established one of the most structured and prudentially rigorous stablecoin regimes globally. Under the Payment Token Services Regulation (Circular No. 2/2024), the Central Bank of the United Arab Emirates (CBUAE) now directly regulates stablecoins used as a means of payment in or into the UAE.

For founders, exchanges, fintechs, payment institutions, banks, and foreign stablecoin issuers, this framework changes the regulatory calculus. Stablecoins are no longer treated as loosely defined virtual assets when they function as money, they are treated as regulated payment instruments subject to reserve, governance, AML, and prudential oversight.

This guide explains:

• Who the CBUAE regulates
• What qualifies as a Payment Token
• Licensing vs registration pathways
• Reserve of Assets requirements
• White Paper obligations
• Prohibitions (including algorithmic stablecoins)
• AML and Travel Rule expectations
• Merchant acceptance rules
• Supervision and enforcement architecture
• Strategic implications for UAE and cross-border firms

1. The Central Bank’s Role in Stablecoin Regulation

The CBUAE is the UAE’s federal monetary authority under the Central Bank Law (Federal Decretal Law No. 14 of 2018). Traditionally responsible for monetary stability, banking supervision, and payment systems, the Central Bank has now formally asserted jurisdiction over stablecoins that function as payment instruments.

The regulatory intent is clear:

• Preserve monetary stability
• Protect consumers
• Prevent systemic risk from undercollateralised tokens
• Align with FATF standards
• Ring-fence payment tokens from speculative crypto activity

Unlike other virtual asset frameworks in the UAE (e.g., VARA or SCA), the CBUAE regime focuses strictly on tokens that function as a “Means of Payment.”

This is a monetary policy question, not merely a crypto licensing question.

2. What Is a “Payment Token” Under UAE Law?

A Payment Token is defined as a Virtual Asset designed to maintain stable value by reference to:

• The same Fiat Currency in which it is denominated; or
• Another Payment Token denominated in the same Fiat Currency.

In simple terms, this covers fiat-referenced stablecoins.

Two primary categories exist:

A. Dirham Payment Tokens (AED-backed stablecoins)

• Denominated in AED
• Issued by a Licensed Dirham Payment Token Issuer
• May be used for lawful domestic payment purposes

These represent the UAE’s official pathway for domestic stablecoin issuance.

B. Foreign Payment Tokens

• Denominated in foreign fiat (e.g., USD, EUR)
• Issuer must be registered with CBUAE if targeting UAE users
• Use within UAE is restricted primarily to purchasing virtual assets or derivatives

This restriction is a deliberate monetary policy safeguard to prevent foreign-denominated stablecoins from functioning as domestic substitutes for the Dirham.

3. Activities Regulated by the CBUAE

The Regulation governs three core Payment Token Services:

1. Payment Token Issuing

The primary issuance or first sale/transfer of a stablecoin.

2. Payment Token Custody and Transfer

Safeguarding tokens or cryptographic keys and facilitating token transfers.

3. Payment Token Conversion

Spot buying and selling of Payment Tokens.

No person may perform these activities within the UAE or directed to UAE persons without CBUAE authorisation.

This applies to:

• UAE-incorporated entities
• Foreign issuers targeting UAE residents
• Virtual asset platforms
• Custodians
• Conversion providers

The territorial reach includes services “directed into” the UAE.

4. Licensing vs Registration: Understanding the Regime

The CBUAE has implemented a tiered approach.

Licensed Activities (Full Prudential Regime)

Required for UAE-incorporated entities performing:

• Dirham Payment Token Issuing
• Custody and Transfer
• Payment Token Conversion

These entities operate under a full supervisory framework similar to regulated financial institutions.

Registered Activities

Applies to:

• Foreign Payment Token Issuers
• Foreign Custody and Transfer providers
• Certain Conversion providers (via Non-Objection Registration)

Registration is not “light-touch.” AML, reporting, and conduct obligations still apply.

5. The Reserve of Assets: The Core Prudential Requirement

The defining feature of the UAE stablecoin regime is the Reserve of Assets requirement.

Dirham Payment Token Issuers must maintain:

• Full backing of issued tokens
• Segregated reserve assets
• Safeguarding against misuse
• Independent external audit
• Transparent disclosure

The reserve must be robust enough to ensure redemption at par.

This requirement eliminates:

• Fractional reserve stablecoin models
• Under-collateralised structures
• Algorithmic supply-balancing models

Reserve mismanagement is likely to trigger immediate regulatory intervention.

6. Algorithmic Stablecoins Are Prohibited

The Regulation expressly prohibits:

• Issuance of algorithmic stablecoins
• Promotion of algorithmic stablecoins
• Provision of services relating to algorithmic stablecoins

Privacy tokens used as payment instruments are also prohibited.

This reflects global regulatory consensus that algorithmic stablecoins pose systemic and consumer protection risks.

In the UAE, there is no pathway to legal issuance of algorithmic stablecoins.

7. White Paper Requirements

Licensed issuers must publish a White Paper containing:

• Token mechanics
• Reserve composition
• Governance structure
• Redemption rights
• Risk disclosures
• Technology architecture
• Operational safeguards

The White Paper is not marketing material, it is a regulated disclosure document subject to audit and regulatory review.

Misrepresentation within a White Paper exposes issuers to enforcement risk.

8. Merchant Acceptance Rules

The Regulation restricts what merchants in the UAE may accept as payment.

Merchants may only accept:

• Licensed Dirham Payment Tokens; or
• Registered Foreign Payment Tokens (used for purchase of virtual assets)

This prevents general retail acceptance of non-approved stablecoins.

The policy objective is monetary sovereignty, preserving the primacy of the Dirham.

9. AML, Travel Rule & Financial Crime Controls

All Licensees and Registrants are AML Obligors under UAE law.

They must implement:

• Risk-based AML framework
• Customer Due Diligence (CDD)
• Enhanced Due Diligence (EDD)
• Sanctions screening
• Suspicious Transaction Reporting (STR)
• Travel Rule compliance
• Blockchain analytics

CBUAE expectations align with:

• UAE AML Law (Federal Decree Law No. 20 of 2018)
• FATF standards

Failure in AML compliance is one of the most common enforcement triggers.

10. Governance Expectations

CBUAE expects institutional-grade governance, including:

• Board oversight
• Senior Management accountability
• Fit & Proper requirements for controllers (≥10% shareholders)
• Internal audit function
• Risk management framework
• Outsourcing oversight
• External auditor engagement

Stablecoin issuers are treated more like regulated financial institutions than technology startups.

11. Custody and Technology Controls

Custody providers must implement:

• Segregated wallet architecture
• Multi-signature governance
• Private key lifecycle controls
• Daily reconciliation
• Incident reporting
• Business continuity planning
• Disaster recovery testing

Technology risk is considered prudential risk.

12. Supervision & Enforcement

CBUAE supervises through:

• Periodic reporting
• Reserve audits
• AML inspections
• On-site examinations
• Thematic reviews
• Administrative penalties
• Licence suspension or revocation

Material events must be reported promptly, including:

• Capital deterioration
• Reserve shortfall
• Cyber incidents
• Operational disruptions

13. Interaction with Other UAE Regulators

The UAE has multiple regulators in the virtual asset ecosystem:

• VARA (Dubai virtual assets)
• SCA (federal securities & commodities)
• ADGM FSRA
• DIFC DFSA

However, if a token functions as a Means of Payment, CBUAE jurisdiction applies.

Payment tokens are not merely “crypto assets.” They are monetary instruments.

This is a crucial perimeter distinction for VASPs structuring operations in the UAE.

14. Practical Licensing Pathway

Typical pathway for Dirham Payment Token Issuers:

1. Confirm regulatory classification
2. Conduct structural feasibility analysis
3. Design reserve architecture
4. Develop governance framework
5. Prepare White Paper
6. Draft AML and risk policies
7. Submit full application dossier
8. Respond to regulatory queries
9. Confirm reserve arrangements
10. Obtain licence grant

Capital and reserve backing must be demonstrably in place before authorisation.

15. Strategic Implications for Founders & Investors

The UAE stablecoin regime offers:

• Regulatory certainty
• Clear prohibition lines
• Institutional-grade legitimacy
• Alignment with global AML standards

However, it also requires:

• Significant compliance investment
• Full reserve backing
• Governance maturity
• Ongoing supervisory engagement

For serious stablecoin issuers, the regime enhances credibility.

For lightly capitalised or experimental models, it raises entry barriers.

16. Why the UAE Framework Is Globally Significant

The UAE regime reflects global trends seen in:

• EU MiCA stablecoin rules
• MAS Singapore stablecoin guidance
• U.S. legislative proposals

Key characteristics:

• Reserve-backed requirement
• Algorithmic prohibition
• White Paper disclosure
• AML alignment
• Segregation of client assets

The UAE has positioned itself as a jurisdiction favouring structured, institutional-grade digital money models.

17. Common Mistakes Firms Make

• Assuming VARA licence covers stablecoin issuance
• Treating stablecoin issuance as “token launch” rather than financial activity
• Failing to segregate reserves
• Underestimating AML expectations
• Ignoring merchant acceptance restrictions
• Overlooking territorial scope (“directed into UAE”)

Regulatory perimeter analysis is critical before launch.

18. Key Takeaways

• CBUAE regulates stablecoins used as payment in the UAE.
• Algorithmic stablecoins are prohibited.
• Dirham-backed tokens must be fully reserve-backed.
• Foreign stablecoins face usage restrictions.
• White Papers are regulated disclosure documents.
• AML and Travel Rule compliance is mandatory.
• Merchant acceptance is tightly controlled.
• Stablecoin issuers are treated as financial institutions.

A Monetary Framework, Not a Crypto Framework

The CBUAE Payment Token Services Regulation is not a crypto-friendly sandbox regime. It is a structured monetary oversight framework designed to:

• Protect the Dirham
• Ensure consumer protection
• Prevent systemic risk
• Align with global prudential standards

For founders and institutions seeking to issue or integrate stablecoins in the UAE, the message is clear:

Stablecoins are money-like instruments, and will be regulated accordingly.

Firms that embrace the governance, reserve, and compliance expectations will find the UAE one of the most credible and strategically positioned jurisdictions for stablecoin deployment.

Those seeking light-touch oversight will not.

FAQs