Jurisdiction & perimeter
The Central Bank is the nationwide supervisor for Payment Token Services – i.e., single-currency fiat-referenced tokens used as a Means of Payment inside the UAE. If you issue, convert, safeguard/custody, transfer or promote a payment token for use in payments within the UAE, you fall within CBUAE’s scope – even if another VA licence covers other parts of your stack. Critically, algorithmic stablecoins and privacy tokens are prohibited from issuance, service provision and promotion in or into the UAE. Only Dirham Payment Tokens (DPTs) issued by a Licensed Issuer or Foreign Payment Tokens (FPTs) issued by a Registered Foreign Issuer may be transferred or promoted for specified, lawful uses.
Promotions: You may not run payment-token promotions in the UAE unless you hold the relevant Licence/Registration or are appointed by a Licensee; promotions for algorithmic or privacy tokens are outright banned.
Authorisation routes (what you apply for)
CBUAE distinguishes between licensing and registrations across the stack:
- Licensed Payment Token Issuer (DPT) – UAE entity authorised to issue a DirhamPayment Token for use as a Means of Payment. (Note: a Bank itself cannot act as a Payment Token Issuer, but may set up a wholly-owned subsidiary to do so.)
- Registered Foreign Payment Token Issuer (FPT) – a foreign issuer registered to facilitate lawful use of its Foreign Payment Token in the UAE for VA or VA-derivative purchases.
- Registered Payment Token Conversion Provider – registered to convert between payment tokens/fiat for permitted use cases (registration requires a non-objection from the SCA or relevant Local Licensing Authority where applicable).
- Registered Foreign Payment Token Custodian/Transferor – registered to safeguard or transfer payment tokens for UAE users in permitted scenarios; transfers are limited to DPTs and registered FPTs.
Fees & timing
The Regulation prescribes the prudential and conduct core; fee schedules and precise timelines are set administratively by the Central Bank (and can be updated). Treat these as process-managed variables and plan your budget and sequencing accordingly. (Where your model also touches SCA or a Local Licensing Authority, a non-objection may be part of the path.)
Capital requirements (what you must hold)
For Licensed Payment Token Issuers (DPT Issuers):
- Baseline regulatory capital: AED 15,000,000 plus 0.5% of the total outstanding face value of issued tokens (“float”). Alternatively – if you adopt the bank-subsidiary reserve option described below – you must hold 2% of outstanding tokens as capital.
For Custody/Transfer & Conversion (Licensed/Registered Providers):
- A tiered minimum applies (AED 3,000,000 for larger providers; AED 1,500,000 for below-threshold providers), plus percentage-based add-ons that scale with the value of tokens held/transferred or converted (e.g., 1% of foreign-token float safeguarded/transferred; 0.5% linked to specified reserve exposures). Build these buffers into your treasury plan; they scale with business volume and risk.
Reserve of assets (how the peg is protected)
For DPT Issuers, the Reserve of Assets must equal 100% of the total fiat face value of tokens in circulation at all times. The default is cash in a segregated escrow account at a UAE-licensed bank, in the same currency as the token, ring-fenced from other creditors, and segregated by token type. The Central Bank may require the reserve to be held at the Central Bank.
Bank-subsidiary option: If the issuer is a wholly-owned subsidiary of a UAE bank, it may opt to hold ≥50% of the reserve in cash and invest the remainder in UAE government bonds or CBUAE Monetary Bills (≤6-month average duration). If you elect this option, you must hold capital under the 2% method noted above.
Operational controls on reserves (non-negotiable):
- Daily reconciliation of reserve balances vs system records with daily reporting to CBUAE.
- Monthly external-auditor confirmation that the reserve equaled or exceeded outstanding tokens throughout the prior month.
- Legal & operational ring-fencing so customers have a direct claim on the reserve upon redemption – even in insolvency.
Redemptions & settlement discipline
Redemption must be at par and without delay – no later than the next Business Day (unless the Central Bank specifically allows otherwise). Build your funding, banking rails, and ops runbooks to meet next-day redemption finality at scale. Transfers by service providers are limited to DPTs from a Licensed Issuer and FPTs from a Registered Foreign Issuer used lawfully for VA/VA-derivative purchases.
Culture & controls (how to “think CBUAE”)
Operate like a payments institution with stablecoin features – not the other way around. That means:
- Treasury & liquidity playbooks for ordinary and stressed outflows;
- Reserve governance with segregation, daily ops checks, and independent assurance;
- Promotion hygiene – no marketing without the right authorisation, and no algorithmic/privacy token touchpoints;
- Legal architecture (escrow deeds, trust/contract terms) that put customer claims first and stand up in insolvency testing.
Why founders pick CBUAE
- Payments-grade credibility: Redemption-at-par with reserve discipline sends the right signal to banks, merchants, and regulators.
- Nationwide perimeter: CBUAE’s framework covers on-shore payments used across the UAE, complementing DFSA/FSRA/VARA where your token is used to settle VA purchases or where group entities run other VA activities.
- Clear prohibitions reduce noise: By excluding algorithmic/privacy tokens from issuance, services, and promotions, the regime narrows risk and clarifies product design.
The takeaway
“Payments first, everything else second.” If your model touches stablecoins for UAE payments, start with CBUAE and design outward. Expect prudential heft – notably AED 15m + buffers for issuers, tiered capital for custody/transfer/conversion, 100% (or 50%+HQLA with bank-subsidiary option) reserve, daily reconciliations with daily reporting, monthly external-auditor confirmations, and next-day redemption. This is a payments-safety regime with clear lines to product, treasury, and marketing disciplines.
Legal note: This article is for information only and does not constitute legal advice. Always consult the CBUAE Regulation text and seek tailored counsel before making structuring or licensing decisions.
Frequently Asked Questions
1. What does the CBUAE regulate under its Payment Token Services framework?
The Central Bank of the UAE regulates single-currency, fiat-referenced tokens used as a means of payment within the UAE. This includes licensing, registration, custody, transfer, and conversion of payment tokens under strict prudential and operational standards.
2. Can algorithmic or privacy tokens be issued or promoted under the CBUAE regime?
No. The CBUAE strictly prohibits the issuance, service provision, or promotion of algorithmic and privacy tokens within or into the UAE.
3. What are the capital requirements for Licensed Payment Token Issuers under CBUAE?
Licensed Payment Token Issuers must maintain a minimum capital of AED 15 million plus 0.5% of total issued token value, or alternatively hold 2% if following the bank-subsidiary reserve option.
4. How must DPT Issuers manage reserve assets under CBUAE rules?
Issuers must maintain a 100% reserve of assets equivalent to the token’s total face value, held in segregated escrow accounts at UAE-licensed banks or the Central Bank, with daily reconciliation and monthly external audits.
5. What are the redemption rules for CBUAE-regulated payment tokens?
Payment tokens must be redeemable at par value without delay—no later than the next business day, ensuring liquidity and consumer protection standards aligned with payment-system expectations.
6. Why do issuers choose the CBUAE route for payment tokens?
CBUAE offers a credible, payments-grade regulatory regime with nationwide coverage, strong prudential standards, and clear prohibitions that promote compliance and market confidence.