The Dubai Financial Services Authority has announced it has launched a consultation on proposed amendments to its Crypto Tokens Regulation. It ends on 4 March 2024.

The Authority is proposing to amend its regime for individuals wanting to provide financial services activities in terms of crypto tokens.

The consultation does not cover the regulation of investment tokens.

The Authority’s Crypto Tokens Regulation came into force in November 2022 and at that time the Authority alluded to subsequent changes being made as the regulatory regime evolved and international regulation in this area developed. In particular the Authority envisaged changes to the decentralised finance, money laundering and terrorist financing and custody provisions.

It was implemented to put a comprehensive regime to address various risks associated with crypto token businesses in place. It included requirements relating to technology, governance, custody, disclosure, market abuse and fraud.

The Authority has also listened to feedback from interested parties.

Those who have provided feedback have expressed concerns about the uncertainty in the length of time it will take for an application to be considered and the high application costs.

The Authority will engage with firms applying for recognition closely so as they are kept fully informed about the progress of their application and if any further information is required.

The Authority is also proposing to reduce the application fee from 10,000 US Dollars to 5,000 US Dollars.

In addition, the Authority are proposing more flexibility when it comes to Fiat Crypto Tokens.

The Authority is proposing to remove specific requirements on the proportion of assets held in reserves and require reserves to be be held in assets that are likely to maintain their value. This has to include during periods of stress. They also have to be highly liquid, appropriately diversified and carry minimal credit risk and require daily valuation.

The amendment will provide the Authority with the flexibility to recognise Fiat Crypto Tokens issued in other jurisdictions and regulated in a comparable way.

The Authority are also proposing changes to the definition of a Fiat Crypto Token. This will involve removing the reference to a combination of fiat currencies so that a Fiat Crypto Token is referenced/pegged to a single fiat currency only.

The Authority is also proposing to allow external funds to invest in Crypto Tokens and offering foreign funds the ability to invest in Crypto Tokens, provided specific requirements are met:

The total investment in Crypto Tokens is limited to Recognised Crypto Tokens and must not exceed 10% of the gross asset value of the Fund and daily valuations on the investment in Crypto Tokens must be conducted.

In addition, the units in the Fund must only be offered to professional clients by way of a private placement, a minimum subscription of 50,000 US Dollars is required and an eligible custodian has been appointed to safeguard and administer the Fund’s investment in Crypto Tokens.

They are also proposing to expand the definition of an eligible custodian for a fund manager of an external fund, or authorised firm offering the units of foreign funds that invest in Crypto Tokens.

Eligible custodians may either be an authorised firm who is licenced to provide custody of Crypto Tokens or a person whom the relevant fund manager or authorised firm has, after performing due diligence, assessed as having adequate custody arrangements.

Firms should consider the regulatory status of the custodian, e.g., whether the person is authorised and supervised by another financial services regulator when providing custody of Crypto Tokens as well as whether the person’s systems and controls ensure safety and segregation of Crypto Tokens.

Firms should also consider the adequacy of the person’s policies and procedures for the storage of private keys, the robustness of the person’s technology governance, the independence and management of conflicts of interest and the appropriate client disclosures and periodic reporting among other things.

The Authority is proposing to require fund managers of external funds that invest in Crypto Tokens to provide unitholders with relevant and up-to-date information about the performance and management of the Fund’s Crypto Token investments (upon request), include relevant disclosures in the prospectus, including information on the rights and obligations conferred by Crypto Tokens, the distributed ledger technology used, cybersecurity risks and other relevant information and maintain records, including daily valuations of the fund’s investments in Crypto Tokens too as well as other information to demonstrate compliance with the additional requirements.

The Authority are also proposing to remind fund managers of external funds that they remain subject to overarching obligations applicable to authorised firms.

These include observing high standards of integrity and fair dealing and apply due skill, care and diligence, in managing an external fund. Similarly, a fund manager must have adequate systems and controls to ensure that the affairs of the fund are effectively managed, having regard to the nature, scale and complexity of the its operations and investment objectives and needs of its investors.

They are also proposing to allow domestic funds to make limited investments in unrecognised Crypto Tokens, provided the total exposure to unrecognised Crypto Token does not exceed 10% of the gross asset value of the fund and the domestic fund is a qualified investor fund, i.e., a fund whose units are offered only to professional clients via private placement with a minimum subscription of 500,000 US Dollars.

Fund managers of these qualified investor funds will also be required to provide unitholders with information on unrecognised Crypto Token investments, including information on the rights and obligations conferred by the Crypto Token, its trading history, technology characteristics and associated cybersecurity risks.

While a fund manager of a qualified investor fund will continue to be exempt from many detailed requirements applicable to public funds and exempt funds, it will continue to be subject to the overarching obligations of a fund manager.

In terms of the custody of Crypto Tokens, the Authority is proposing to align its regime more closely with the International Organisation of Securities Commissions Crypto and Digital Asset Recommendations. authorised firms providing custody will be required to disclose their policies on the chosen storage arrangements for client Crypto Tokens, why they have chosen that storage option, the risks associated with the option, how they will address the risks and the mechanism for transfer between wallets.

Authorised firms will also be allowed to hold a client’s Crypto Tokens in a wallet solely for that client. Alternatively, an authorised firm may choose to pool a client’s Crypto Tokens in a wallet containing Crypto Tokens of more than one client. However, they must disclose the approach taken, why they have taken that approach and any risks involved with the approach.

The Authority is also proposing to allow authorised firms providing custody to segregate a client’s Crypto Tokens or pool them with those of other clients provided they disclose the approach taken, why they have taken it and any risks involved with the approach taken.

Authorised firms that provide custody of Crypto Tokens will be responsible for any unauthorised or incorrectly executed transfers of client Crypto Tokens.

The firm will also have to address the situation promptly and put the client’s account back in the position it would have been in if the transfer had not taken place or had been executed correctly within three business days.

They are also proposing to require an authorised firm providing custody of Crypto Tokens to have appropriate policies and procedures in place to enable it to identify and rectify any unauthorised or incorrectly executed transfers of client Crypto Tokens.

They are also proposing requiring an authorised firm to have appropriate compensation arrangements in place to cover the potential losses in the case of any unauthorised or incorrectly executed transfers of client Crypto Tokens, disclose the compensation arrangements selected to its clients and review the measures and arrangements it has selected to comply with this obligation at least annually.

Authorised firms providing custody will also be required to report to the Authority, on a quarterly basis.

They will have to report on the numbers of unauthorised or incorrectly transferred client Crypto Tokens, the numbers of unauthorised or incorrectly transferred client Crypto Tokens that were reversed and the time it took to reverse the transfer, the total number and value of those unauthorised or incorrectly transferred client Crypto Tokens and the total amount of compensation paid to Clients for any unauthorised or incorrectly executed transfers of client Crypto Tokens.

Where a third party agent is used, an authorised firm should consider whether that agent is authorised and supervised to provide custody of Crypto Tokens and the adequacy of their arrangements. This would involve looking at the suitability of the agent’s systems and controls to ensure proper safeguarding and segregation of Crypto Tokens, the extent of the policies and procedures regarding the storage of client Crypto Tokens including the type of storage chosen, safety of the keys, and the measures in place to protect the keys from a hack, theft or fraud and the robustness of technology governance requirements.

The Authority is proposing publishing guidance on assessing the suitability of an agent.

In terms of records, authorised firms must at the very least maintain records which are accurate, and up to date, establish a separate entry for each client, set out the type of Crypto Token held, the amount, location, transfer history and ownership status of those Crypto Tokens and record the type of storage and if it is commingled with the tokens of other clients or individually segregated.

These records must also be maintained in such a way that they are readily available to the Authority, if requested.

If the proposals are approved, daily reconciliation of client Crypto Tokens will be required.

A safe custody auditor’s report will also have to be produced and it will have to include an audit on the systems and controls in place to store a client’s Crypto Tokens to ensure they are adequate to protect them against hacking, theft or fraud.

In addition, authorised persons will have to have policies and procedures in place to deal with the money laundering risks arising from the transfer of Crypto Tokens. This will include transfers to or from an unhosted wallet. They will have to include how the authorised person will deal with situations where a transfer of a Crypto Token is received without the relevant information.

In terms of Crypto Token transfers totalling 1,000 US Dollars or more, authorised persons will have to conduct due diligence on any counterparty virtual asset service provider and identify the money laundering risks associated with a transfer, applying appropriate risk-based measures and specify additional requirements that would apply to non-fungible token and utility token transfers carried out by a designated non-financial business or profession.

Given the range of providers and the products and services they offer, the Authority is proposing that where an authorised person uses a solution or solutions, they should demonstrate to the Authority at the licensing stage or during a risk assessment the effectiveness of that transaction monitoring and blockchain analysis in relation to the firm’s size, customer base and complexity. In doing so, they should look at the quality and effectiveness of the tracking, screening, and tracing provided.

In terms of financial crime, the Authority is proposing to include requirements relating to Crypto Token transfers in the AML module.

They are also proposing to require authorised persons to develop policies and procedures for how they will comply with the travel rule and require an authorised person to have adequate transaction monitoring procedures to detect the origin, any intermediate transaction, and destination of Crypto Tokens transferred from or to its customer so that it can identify and report any suspicious transactions.

In terms of decentralised finance, and specifically staking, the Authority are proposing to limit staking to be offered only by authorised firms who provide custody of crypto tokens.

The Authority may consider expanding the ability to offer staking to other authorised firms.

The Authority are proposing that a custodian must undertake a full assessment of the validator and satisfy itself on reasonable grounds that they are suitable to provide staking services. A custodian should consider the borrower’s governance and internal controls, their financial status, their compliance with applicable laws, the infrastructure used and the security measures in place and the number of Crypto Tokens staked by the borrower on its nodes.

Risk disclosure should also be made available to clients before they stake their tokens. The disclosure should include details of the staking service and the role of any third parties, due diligence performed risks related to staking, such as risk of loss due to technical errors or bugs in the protocol; hacks or theft of the Crypto Tokens and how losses will be dealt with, potential for losses, bonding and unbonding periods and what this might mean if a client cannot withdraw their staked tokens, fees and charges and how rewards are calculated, and how they are paid out to clients.

In addition, the Authority are proposing that if there are any changes in the information provided to clients, an authorised firm must inform their clients of any of these changes in a reasonable time.

Authorised market institutions will not be able to provide any facility or service in relation to staking.

If approved, amendments will be made to the General (GEN) module, the Conduct of Business (COB) module, the Collective Investment Rules (CIR) module, the Anti-Money Laundering, Counter-Terrorist Financing and Sanctions module (AML), the Fees (FER) module, the Auditor (AUD) module and the Authorised Market Institutions (AMI) module of the Authority’s Rulebook.

For more news and content, try Lexis Middle East. Click on lexis.ae/demo to begin your free trial of Lexis® Middle East platform.

You can also explore the legal landscape by subscribing to our Weekly Newsletter.

Want to learn more about Lexis® Middle East? Visit, https://www.lexis.ae/lexis-middle-east-law/.