• CBUAE — Retail Payment Services & Card Schemes

Regulated Activities Under CBUAE

A complete breakdown of Retail Payment Services and Card Scheme activities licensed by the Central Bank of the UAE — including licence categories, initial capital requirements, prudential expectations, and how to structure correctly from day one.

Book a Structuring Call
Get CBUAE Activity Matrix
Licensing Is:

🎯

Activity-specific

ℹ️

Category-driven

💰

Capital-tiered

🔍

Prudentially supervised

⚠️

Misclassification materially alters capital exposure and supervisory intensity

We map your business model against CBUAE licence categories, determine capital exposure under Articles 3 and 6 of the RPSCS Regulation, build prudential-ready structures, and manage the file through authorisation.

01 / Overview

What Requires a CBUAE Licence?

Under the Retail Payment Services and Card Schemes (RPSCS) Regulation, any person conducting a regulated Retail Payment Service in the UAE (outside DIFC & ADGM) must obtain a licence from the Central Bank of the UAE.

🚫

No person may carry on a regulated Retail Payment Service in the UAE without CBUAE authorisation.

Framework Characteristics

🎯

Activity-specific licensing

📋

Four licence categories

💰

Capital-tiered requirements

🔍

Prudential supervision

ℹ️

The framework is prudentially structured, capital-based, and risk-tiered.

02 / Licence Categories

Licence Categories Under RPSCS

The CBUAE issues four licence categories. Monthly average value of Payment Transactions is calculated using a 3-month moving average or projected business plan at licence grant.

Category

Activities Covered

Capital (≥ AED 10m avg.)

Capital (< AED 10m avg.)

Category I

All Retail Payment Services including Payment Token Services

AED 3M

AED 1.5M

Category II

Retail Payment Services excluding Payment Token Services

AED 2M

AED 1M

Category III

Domestic-only subset — no cross-border, no Payment Tokens

AED 1M

AED 500K

Category IV

Payment Initiation & Account Information Services only

AED 100K

Regardless of volume

Capital Must Be

  • Fully paid-up
  • Unencumbered
  • Maintained at all times
  • Demonstrable at licence grant

⚠️

If monthly transactions exceed AED 10 million for three consecutive months, higher capital requirements automatically apply.

03 / Core Regulated Services

The Core Retail Payment Services

Six primary activity types form the foundation of the RPSCS regulatory perimeter.

SERVICE 01

Payment Account Issuance Services

Operating payment accounts used solely for executing payment transactions — opening accounts, accepting funds, enabling withdrawals, and operating transit accounts.

Permitted Scope

  • Opening payment accounts
  • Accepting funds for execution
  • Enabling withdrawals
  • Operating transit accounts

Category I–III

No deposit-taking

SERVICE 02

Payment Instrument Issuance Services

Issuing personalised instruments enabling payment orders. Capital category depends on whether cross-border or token services are included.

Permitted Scope

  • Debit/prepaid cards
  • Digital credentials
  • Tokenised instruments
  • Card transaction processing

Scope-dependent

Cards & credentials

SERVICE 03

Merchant Acquiring Services

Contracting with merchants to accept and process payment transactions. Prudential focus on merchant risk management, chargeback controls, and settlement integrity.

Permitted Scope

  • POS acquiring
  • E-commerce acquiring
  • Merchant settlement
  • Scheme connectivity

POS & e-commerce

Risk management focus

SERVICE 04

Payment Aggregation Services

Facilitating merchant acceptance without direct scheme membership. Regulatory sensitivity centres on possession of client funds, pooling structures, and AML exposure.

Client fund possession

AML exposure

Pooling structures

SERVICE 05

Domestic Fund Transfer Services

Executing transfers within the UAE only. Typically structured under Category II or III depending on scope and volume thresholds.

Category II–III

UAE only

SERVICE 06

Cross-Border Fund Transfer Services

Executing international payment transfers. Automatically excludes Category III and elevates licence requirement to Category II or I. Higher AML scrutiny applies.

Excludes Cat III

Category I–II

Enhanced AML

04 / Payment Token Services

Payment Token Services — Stablecoin-Related

All Payment Token Services automatically require Category I licensing — the highest capital and supervisory tier.

⚠️

Category I Required — No Exceptions

Public issuance of Payment Tokens without a Category I licence is prohibited under the RPSCS framework.

07

Payment Token Issuing

Issuing fiat-backed Payment Tokens and offering tokens to the public with CBUAE approval.
  • White Paper approval mandatory
  • Category I capital required
  • Ongoing capital maintenance

08

Token Buying & Selling

Buying or selling tokens for fiat or other tokens. Possession of fiat or tokens triggers licensing.
  • Fiat possession triggers licensing
  • Token possession triggers licensing

09

Facilitating Token Exchange

Operating a token exchange involving fiat. Higher supervisory intensity due to market integrity and AML exposure.
  • Market integrity obligations
  • Enhanced AML scrutiny

10

Merchant & P2P Token Payments

Enabling merchant or peer-to-peer token payments. Must align with full Category I scope.
  • Category I alignment required

11

Custodian Services (Tokens)

Safekeeping tokens or private keys. Custody significantly increases supervisory scrutiny.
  • Segregation mandatory
  • Daily reconciliation
  • Key governance & incident reporting

🔒

Card Scheme Activities

Operating scheme rules, clearing & settlement, participant governance, fee disclosure. Requires a separate CBUAE licence.

05 / Combination Models

Combination Models — Prudential Impact

Combining regulated activities escalates supervisory intensity, capital obligations, and ongoing reporting.

Category I + Custody

  • Heightened supervisory scrutiny

Acquiring + Aggregation

  • Client fund segregation review

Token Issuance + Exchange

  • Enhanced AML & conduct expectations

Card Scheme + Acquiring

  • Dual supervisory review

⚠️

Capital escalates based on monthly transaction volume, cross-border scope, Payment Token inclusion, and custody/exchange models. Capital must be maintained at all times.

06 / Prudential Framework

Prudential Expectations Across All Categories

All licensees must implement the following. The framework is prudentially driven — capital, governance, and AML are central.

Capital & Governance

  • Ongoing capital maintenance
  • Board-level governance oversight
  • Risk-based governance structure
  • Wind-down planning

AML & Financial Crime

  • Comprehensive AML/CFT framework
  • Customer Due Diligence (CDD)
  • Sanctions screening
  • Suspicious Transaction Reporting

Technology & Operations

  • Technology risk governance
  • Incident reporting to CBUAE
  • Cybersecurity controls
  • Regulatory reporting

ℹ️

Operational resilience is a core supervisory focus across all licence categories.

07 / Supervisory Focus

What CBUAE Will Scrutinise

During both licensing and ongoing supervision, the Central Bank examines:

🎯

Licence Category Alignment

💰

Capital Sustainability

🏦

Source of Funds

⚖️

AML Monitoring Systems

💻

Technology Resilience

📢

Marketing Conduct

🌐

Cross-Border Servicing

⚠️

Scope Creep

08 / Structuring Risk

Structuring Strategy Matters

Choosing the Wrong Category Can:

  • Increase capital lock-up significantly
  • Trigger unnecessary supervisory intensity
  • Delay authorisation timelines by months
  • Expose the firm to enforcement risk

A phased licensing model may reduce capital exposure and accelerate authorisation. Misclassification (e.g., Category I vs Category II, Aggregation vs Acquiring) can materially alter capital exposure and supervisory intensity.

What We Deliver

What CRYPTOVERSE Legal Delivers

End-to-end CBUAE licensing support — from regulatory perimeter analysis to full file handling and go-live.

🔬

Regulatory Perimeter Analysis

Activity classification & licence category mapping

🏗️

Licence Category Structuring

Optimal category selection & phasing

📊

Capital Modelling & Stress Testing

Scenario-based capital requirement analysis

📝

Regulatory Business Plan

Board-grade business plan drafting

📄

White Paper Drafting

Category I token issuance documentation

⚖️

AML Architecture Design

End-to-end AML/CFT programme build

🤝

Supervisory Engagement

Managing regulator communications

📁

Full CBUAE File Handling

Complete application through licence issuance

FAQs

Frequently Asked Questions

Does including Payment Token Services automatically require Category I?

Yes. Any regulated activity involving Payment Tokens — including issuance, buying/selling, exchange facilitation, merchant/P2P payments, or custody — automatically requires a Category I licence from the CBUAE.

Does cross-border transfer disqualify Category III?

Yes. Category III is limited to domestic-only services. Including cross-border fund transfer services automatically disqualifies Category III and elevates the licence requirement to Category II or I.

Is capital required before approval?

Yes. Capital must be fully paid-up and demonstrable at the point of application. It must remain unencumbered throughout the licensing process and ongoing operation.

Can capital requirements increase after licensing?

Yes. If your monthly transaction volume exceeds AED 10 million for three consecutive months, the higher capital tier automatically applies. This is calculated using a 3-month moving average.

Get Started

Structure It Right From Day One

Misclassification can materially alter capital exposure and supervisory intensity. From regulatory perimeter analysis through governance design, AML architecture, and full CBUAE file management — we carry your application through to licence issuance and go-live.

Book an RPSCS Strategy Call