- Retail Payment Services — CBUAE
Retail Payment Services and Card Schemes (RPSCS) - CBUAE
The CBUAE is the federal prudential regulator of Retail Payment Services and Card Schemes across the UAE (excluding DIFC & ADGM): licensing categories, capital expectations, governance standards, AML controls, and authorisation pathway.
End-to-End Delivery
🗺️
Licensing artefact preparation
💰
Capital planning & modelling
🏛️
Governance framework design
⚙️
AML architecture implementation
🔄
Regulatory Business Plan drafting
📋
Full CBUAE file management
01 / The Regulator
Who the CBUAE Is
The Central Bank of the UAE is the federal monetary and prudential authority responsible for licensing and supervising Retail Payment Service Providers and Card Schemes in the UAE (outside DIFC and ADGM).
The CBUAE regulates PSPs, Payment Token Service Providers, Merchant Acquirers, Payment Aggregators, Payment Account & Instrument Issuers, Payment Initiation & Account Information Providers, Card Schemes, and firms accessing the Wages Protection System.
🚫
Instruments the CBUAE Uses
⚖️
Central Bank Law (Federal Decree-Law No. 14 of 2018)
📜
RPSCS Regulation (Circular No. 15/2021)
📋
Level 2 Acts (rules, directives, standards, notices)
🛡️
AML/CFT legislation & CBUAE guidance
🔨
Administrative enforcement & sanction powers
ℹ️
02 / Scope
Scope & What's Covered
To carry on a Retail Payment Service in the UAE, firms must obtain a CBUAE licence specifying the regulated activity, licence category, capital requirement, ongoing prudential obligations, and any supervisory conditions.
- Payment Account Issuance
- Payment Instrument Issuance
- Merchant Acquiring
- Payment Aggregation
- Domestic Fund Transfer
- Cross-Border Fund Transfer
- Payment Token Services
- Payment Initiation Services
- Account Information Services
ℹ️
03 / Capital
The Licensing Categories — Capital Matters
The CBUAE framework is structured by licence category and activity risk.
Activity Type
Capital Structure
Payment Token Issuing (Cat I)
Prudential capital + White Paper approval
Merchant Acquiring / Aggregation
Activity-specific capital thresholds
Custody / Conversion Services
Volume-based capital assessment
Card Schemes
Separate licensing & supervisory reporting
Capital Must Be
- Fully paid-up
- Unencumbered
- Maintained on an ongoing basis
- Supported by governance oversight
⚠️
04 / Licensing Pathway
How Firms Get Authorised
Capital must be demonstrably available prior to final approval.
1
Regulatory perimeter assessment
2
Licence category confirmation
3
Capital and prudential modelling
4
Regulatory Business Plan preparation
5
Governance and AML framework development
6
Submission of full application dossier
7
Supervisory engagement and clarifications
8
Capital confirmation
9
Licence issuance
05 / Standards
Conduct, Prudential & Technology — What "Good" Looks Like
Prudential Standards
- Ongoing capital maintenance
- Risk-based governance structure
- Board oversight of compliance & capital
- Segregation of client funds
- Wind-down planning
Conduct Expectations
- Transparent customer disclosures
- Fair treatment of payment users
- Complaint handling framework
- Clear contractual arrangements
- Conflict of interest controls
Technology & Operational Controls
- Technology risk governance
- Cybersecurity controls
- Business continuity & disaster recovery
- Incident reporting to CBUAE
- Outsourcing governance
ℹ️
06 / AML & Financial Crime
AML & Financial Crime Controls
CBUAE-licensed PSPs must implement the following. AML expectations align with UAE federal AML law and FATF standards. Payment Token Services are subject to heightened AML scrutiny.
- Risk-based AML framework
- Customer Due Diligence (CDD)
- Enhanced Due Diligence (EDD)
- Sanctions screening
- Suspicious Transaction Reporting
- Ongoing monitoring
07 / Restrictions & Prohibitions
What the CBUAE Restricts or Prohibits
The Framework Prohibits or Restricts
- Carrying on Retail Payment Services without licenc
- Offering Payment Tokens without Cat I authorisation
- Commingling of client funds
- Operating outside licensed scope
- Failure to maintain regulatory capital
- Misleading marketing of payment products
- Unauthorised Card Scheme operation — scope creep is closely scrutinised
08 / Supervision
Supervision & Inspections
Material events must be escalated promptly (capital deterioration, cyber incidents, regulatory breaches).
📊
Periodic Reporting
💰
Capital Adequacy Reviews
⚖️
AML Monitoring
🔬
On-Site Inspections
💻
Technology Risk Reviews
⚠️
Enforcement & Penalties
Key Facts at a Glance
Key Facts at a Glance
CBUAE regulates Retail Payment Services across UAE (outside DIFC & ADGM)
Payment Token public issuance requires Category I authorisation
Capital must be fully paid-up and maintained
Card Schemes require a dedicated licence
Client protection & AML compliance are central pillars
Operating without licence is a regulatory breach
What We Deliver
What CRYPTOVERSE Legal Delivers
🔬
Regulatory Perimeter Analysis
Activity classification & licence category
📊
Capital Planning
Prudential modelling & tier optimisation
📝
Regulatory Business Plan
Board-grade business plan drafting
🏛️
Governance Framework
Board & controls design
⚖️
AML Architecture
Programme implementation
💻
Technology Risk Advisory
Outsourcing compliance & controls
📁
Full CBUAE File Management
End-to-end application through licence issuance and go-live
FAQs
Frequently Asked Questions
Yes. Carrying on a regulated Retail Payment Service outside Financial Free Zones requires CBUAE authorisation.
Yes. Payment Token issuance to the public requires Category I licensing and regulatory approval of the White Paper.
Yes. Operating a Card Scheme in the UAE requires separate CBUAE authorisation with its own supervisory reporting requirements.
Yes. Capital must be fully paid-up and unencumbered prior to licence issuance.
Get Started
Secure Your CBUAE Retail Payment Licence
From regulatory perimeter analysis and capital planning through governance design, AML architecture, and full CBUAE file management — we carry your application through to licence issuance and go-live.