Regulator's Profile — CBUAE (UAE)
CBUAE is the federal regulator of Payment Token Services (stablecoins) in the United Arab Emirates: who must obtain a licence or registration, the reserve and prudential requirements for Dirham-backed tokens, restrictions on foreign payment tokens, AML obligations, custody controls, and how issuers secure authorisation.
What We Deliver
- Regulatory perimeter analysis
- Stablecoin structuring
- Reserve architecture
- White Paper drafting
- AML/Travel Rule
- Governance documentation
- Capital planning & prudential modelling
- Full CBUAE submission
The Regulator
Who The CBUAE Is
The Central Bank of the United Arab Emirates (CBUAE) is the federal monetary authority regulating:
- Digital payment services
- Stablecoins (Payment Tokens)
- Fiat-referenced virtual assets used as a means of payment
- Issuers and custodians of payment tokens
- Conversion (spot exchange) of payment tokens
Under the Payment Token Services Regulation (Circular No. 2/2024) issued pursuant to the Central Bank Law (Federal Decretal Law No. 14 of 2018), the CBUAE regulates:
- Dirham Payment Token Issuers
- Foreign Payment Token Issuers (registration regime)
- Payment Token Custody and Transfer providers
- Payment Token Conversion providers
🚫 No person may perform a Payment Token Service within or directed to the UAE without a CBUAE licence or registration.
Instruments the CBUAE Uses
Payment Token Services Regulation (Circular No. 2/2024)
Central Bank Law (Federal Decretal Law No. 14 of 2018)
UAE AML Law (Federal Decree Law No. 20 of 2018)
Consumer Protection Regulation
Outsourcing Regulation
Administrative enforcement powers under the Central Bank Law
The CBUAE framework is prudentially structured and reserve-backed. Stablecoin issuance is treated as a financial activity subject to banking-style oversight.
Scope
Scope & What's Covered (Stablecoins)
To perform a Payment Token Service in the UAE, firms must obtain either:
- A CBUAE Licence (for UAE-incorporated entities), or
- A CBUAE Registration (for foreign issuers and certain conversion/custody models)
Payment Token Services include:
1. Payment Token Issuing (primary issuance)
2. Payment Token Custody and Transfer
3. Payment Token Conversion (spot buy/sell)
The Regulation applies to services:
● Performed within the UAE, or
● Directed to persons in the UAE
Token Types
Types of Payment Tokens
AED-backed stablecoins
Dirham Payment Tokens
- Denominated in AED
- Must be issued by a Licensed Dirham Payment Token Issuer
- May be used for lawful domestic payment purposes
- Subject to full reserve and prudential oversight
FOREIGN CURRENCY-BACKED STABLECOINS
Foreign Payment Tokens
- Denominated in foreign fiat currency
- Issuer must obtain CBUAE registration
- In the UAE, use is restricted primarily to purchasing virtual assets or derivatives
Prohibitions
What Is Prohibited
The CBUAE framework expressly prohibits:
- Issuance or promotion of Algorithmic Stablecoins
- Issuance or promotion of Privacy Tokens used as payment
- Unlicensed Payment Token Services
- Merchant acceptance of non-approved virtual assets as payment
- Commingling of client assets and company assets
- Performing activities outside approved scope
- ⛔ Algorithmic stablecoins are entirely prohibited within or directed to the UAE.
Licensing Structure
Licensing Structure — Stablecoin Regime
The CBUAE regime distinguishes between licensing and registration:
Licensed Activities (UAE Entities)
1. Dirham Payment Token Issuer
2. Payment Token Custody & Transfer
3. Payment Token Conversion (where principal activity)
Registered Activities
1. Foreign Payment Token Issuer
2. Foreign Payment Token Custody & Transfer
3. Certain Conversion Providers (Non-Objection Registration)
Capital, governance, reserve architecture and reporting obligations apply proportionately to risk.
Core Prudential Requirements
Reserve Of Assets - The Core Prudential Requirement
Reserve of Assets — Core Prudential Requirement
Dirham Payment Token Issuers must maintain:
- A fully backed Reserve of Assets
- Segregated custody arrangements
- Safeguards against misappropriation
- Independent external audit
- Transparent disclosure of reserve composition
⚠️ Reserve mismanagement is a primary enforcement trigger.
WHITE PAPER REQUIREMENT
Licensed issuers must publish a White Paper covering:
- Token structure
- Reserve composition
- Redemption rights
- Governance framework
- Risk disclosures
- Technology architecture
ℹ️ The White Paper is subject to audit and Central Bank scrutiny.
Standards
Conduct, Prudential & Technology — What "Good" Looks Like
Prudential Standards
- Full reserve backing
- Segregation of client assets
- Independent audit
- Ongoing reporting to CBUAE
- Stress testing and liquidity planning
Conduct Expectations
- Transparent customer agreements
- Clear risk disclosures
- Proper client onboarding
- Fair and non-misleading promotions
- Prompt reporting of material incidents
Custody & Technology Controls
- Segregated wallet architecture
- Multi-signature governance
- Private key lifecycle management
- Daily reconciliation
- Incident reporting protocol
- Business continuity and disaster recovery
AML & Travel Rule
AML, Travel Rule & Financial Crime Controls
All Licensees and Registrants are AML Obligors.
They must implement:
- Risk-based AML framework
- Customer Due Diligence (CDD)
- Enhanced Due Diligence (EDD)
- Sanctions screening
- Suspicious Transaction Reporting (STR)
- Travel Rule compliance
- Blockchain monitoring tools
CBUAE expectations align with FATF standards and UAE federal AML law.
Merchant Acceptance
Merchant Acceptance Rules
Merchants in the UAE may only accept:
Licensed Dirham Payment Tokens, or
Registered Foreign Payment Tokens — for purchase of virtual assets only
🚫 No other virtual assets may be accepted as a means of payment.
Supervision & Enforcement
Supervision & Enforcement
CBUAE supervises through:
Periodic reporting
Reserve audits
Prudential review
AML supervision
On-site inspections
Thematic reviews
Administrative penalties
Licence suspension or revocation powers
Material events (capital, reserve shortfall, cyber incident, breach) must be escalated promptly.
Quick Facts
Quick Facts
CBUAE regulates stablecoins used as payment in the UAE.
Algorithmic stablecoins are prohibited.
Dirham-backed tokens must be fully reserve-backed.
Foreign payment tokens are restricted in domestic use.
Issuers must publish an audited White Paper.
Client assets must be segregated.
AML compliance is mandatory.
Services directed into the UAE fall within scope.
What We Deliver
What CRYPTOVERSE Legal Delivers
Regulatory Perimeter Analysis
(CBUAE vs VARA vs SCA)
Stablecoin Structuring
(Dirham vs foreign model)
Reserve Architecture
Design & safeguarding framework
White Paper Drafting
Drafting & audit coordination
AML/Travel Rule
Framework implementation
Governance and Board Docs
Board documentation
Capital Planning
Prudential modelling
Full CBUAE Submission
Management through authorisation
FAQs
Frequently Asked Questions
Yes. Dirham-denominated stablecoins require a CBUAE licence. Foreign issuers must register if targeting the UAE.
No. They are prohibited under the Payment Token Services Regulation.
Only if the token qualifies as a Registered Foreign Payment Token and is used within permitted scope.
Not automatically. Custody and transfer is a separate regulated activity.
Yes, if the asset functions as a “Means of Payment,” CBUAE jurisdiction applies.
Get Started
Launch Your PTS Under the CBUAE
From regulatory perimeter analysis and stablecoin structuring through reserve design, white paper drafting, and full CBUAE submission management — we carry the file through authorisation to launch.