• about
  • people
  • expertises
  • insights
  • events
    • English
    • Russian
  • career
  • contact
  • sign up
SEAMLESS
09/20/2024
A Comprehensive Analysis of the SCA’s Regulatory Framework for Virtual Assets and Virtual Asset Service Providers

The arrival of virtual assets has introduced a model shift in global finance, fundamentally transforming how value is exchanged, stored, and managed. With this rapid innovation, jurisdictions worldwide are tasked with developing regulatory frameworks to mitigate associated risks and protect market participants. In this context, the UAE’s Securities and Commodities Authority (“SCA”) has issued a detailed set of guidelines to regulate Virtual Assets (“VAs”) and Virtual Asset Service Providers (“VASPs”), perfecting the existing legislations. These guidelines are essential for ensuring market stability, investor protection, and the preservation of financial integrity in the rapidly evolving digital economy.

Introduction and Scope of Regulation

VAs, ranging from cryptocurrencies to non-fungible tokens (“NFTs”), possess unique characteristics that challenge traditional financial systems. Recognizing the potential risks and rewards associated with these digital innovations, the UAE’s SCA established a comprehensive guideline. These guidelines specify the approach of the SCA to regulating the use of VAs. The guidelines shall apply to virtual asset platform operators if the assets are used as an investment instrument in the UAE, with the notable exceptions of the financial free zones of the Dubai International Financial Centre (“DIFC”) and the Abu Dhabi Global Market (“ADGM”).

The SCA’s guidelines clearly differentiate between two distinct categories of virtual assets:

  • Virtual Assets for Investment Purposes: These are under the purview of the SCA and include assets such as cryptocurrencies and other tokens intended for trading or speculative purposes.
  • Virtual Assets for Payment Purposes: These assets fall under the governance of the UAE Central Bank, unless they are specifically approved by the Central Bank for investment use on recognized platforms.

Additionally, certain digital assets, such as digital securities, digital commodity derivatives, and non-fungible tokens (NFTs) that are not used for investment purposes, are excluded from the scope of the SCA’s regulation. This exclusion extends to loyalty programs, VAs for payment purposes and software used for mining of VAs.

Objectives of the Virtual Asset Framework

The SCA’s fundamental goals for establishment of its regulatory system for promotion of innovation, alongside risk management and protection of consumers, are core objectives aimed at:

  • Investor Protection: Ensuring that the participants in the virtual asset market are protected from fraud, market manipulation, and other malicious activities.
  • Market Integrity: Establishing standards that promote transparency and fair competition, thereby maintaining the trust of market participants.
  • Risk Mitigation: Addressing the numerous risks associated with VAs, particularly those related to money laundering, cybersecurity, and operational inefficiencies.

These objectives form the basis of a strict licensing framework that ensures only qualified and financially stable entities are permitted to operate in the VAs market.

Licensing Requirements for Virtual Asset Activities under the SCA

One of the cornerstones of the SCA’s regulatory framework is the requirement that VASPs obtain a license to conduct their activities legally. The SCA has issued detailed guidelines outlining VA activities that require licensing under UAE law. These activities are in line with the definitions established by the Financial Action Task Force (“FATF”). The SCA mandates that the following activities involving virtual assets must obtain licenses:

  • Operating and Managing Virtual Asset Platforms: Any entity providing services to operate or manage platforms where VAs are traded.
  • Providing Virtual Asset Exchange Services: Facilitating exchanges between different types of VAs or between VAs and fiat currencies.
  • Offering Virtual Asset Transfer Services: Enabling the transfer of VAs between users or platforms.
  • Brokerage Services for Virtual Asset Trading: Acting as intermediaries in VAs trading between buyers and sellers.
  • Custody and Management of Virtual Assets: Providing safe custody and management of VAs, including enabling control over them.
  • Financial Services Related to Virtual Asset Offerings: Participating in financial services related to the issuance or sale of VAs, such as token offerings.

To regulate these activities, the SCA provides specific licenses for:

  • Virtual Asset Platform Operators,
  • Custodians of Virtual Assets,
  • Financial Consultants in Virtual Assets,
  • Portfolio Managers of Virtual Assets,
  • Virtual Asset Brokers,
  • Virtual Asset Dealers.

Additionally, VAs trading platforms are considered equivalent to Multilateral Trading Facility (‘MTF”) platforms used in traditional financial markets, meaning they are subject to similar regulatory standards.

Regulatory Requirements for Licensing Virtual Asset Activities

To be granted a license to engage in VAs activities, an applicant must satisfy all regulatory requirements outlined by the SCA. These requirements are specified in the SCA’s Rulebook, which consists of multiple modules: General Provisions, Licensing and Accreditation, Conduct of Business, Capital Adequacy, and Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT). Upon successfully obtaining the necessary license, the applicant is granted the same regulatory status as other licensed entities under the SCA’s jurisdiction.

A key component of the licensing process is the Capital Adequacy module, which mandates that licensed entities maintain sufficient capital to support their operations and absorb potential losses. This is particularly critical for VA platform operators, as the capital adequacy requirements ensure that they are financially resilient and able to protect client funds. The exact capital requirements may vary depending on the scope and size of the entity’s operations, but they must demonstrate that they have adequate financial reserves to meet any liabilities that may arise, such as operational disruptions, market fluctuations, or security breaches. Module 2 of the Rulebook contains further information and details about the required capital amounts.

In addition to capital adequacy, licensed entities are required to comply with Module 5, which addresses Anti-Money Laundering (“AML”) and Combating the Financing of Terrorism (“CFT”). This module obligates licensed bodies to implement robust internal systems to detect and report any suspicious activities. Licensed entities must establish effective compliance frameworks that include detailed reporting procedures, cooperation with relevant authorities, and regular risk assessments to mitigate financial crime risks.

The SCA Chairman’s Decision No. 26 of 2023 further regulates VA platform operators, setting specific standards for their operations. This decision ensures that platform operators maintain the necessary controls to support fair and transparent trading, while fostering a secure environment for investors. The decision outlines the need for operators to adhere to strict procedures when listing VAs on their platforms, with the aim of maintaining the quality and integrity of the assets traded. Appendix 1 to the decision details the requirements for accepting VAs into the official trading list of the platform, ensuring that listed assets meet specific quality standards.

Technological Safeguards in SCA Virtual Asset Regulations

Under the SCA guideline, VASPs must be licensed and should retain a license by ensuring strict technical capabilities ancillary to the safe and efficient conduct of the VAs activities. For this reason, the VASPs shall include advanced security measures, such as encryption and management of cryptographic keys for clients' assets and data protection. VASPs should also have robust infrastructure that supports business continuity through planned and unplanned outages, as well as monitoring, detection, and reporting procedures in respect of suspicious activities.

A very important segment of protection is implementation of a Travel Rule. As part of the global effort to combat money laundering and terrorism financing, VASPs are expected to comply with this rule, which mandates that virtual asset transactions are traceable to their origin and destination. Further to this, we can conclude that the privacy coins (AEC coins) will be prohibited from listing, following a similar approach to that which the Virtual Assets Regulatory Authority (“VARA”) has implemented in the Emirate of Dubai.

Risk Mitigation and Consumer Protection

The SCA places significant importance on the protection of consumers and the mitigation of risks associated with virtual asset transactions. The guidelines stipulate that VASPs must:

  • Comply with AML/CTF Standards: The VASPs shall comply with the international AML and CTF standards. To this end, adherence to Module 5 of the SCA Rulebook is mandatory, as well as reporting stipulated in the international framework such as FATCA and CRS.
  • Disclose Consumer Risks: VASPs shall ensure that full disclosure of the risks associated with the VAs is done in a clear and updated manner. Given the volatility and technological risks characterizing the VAs, consumers must be informed of potential losses, security vulnerabilities, and other financial risks​.

Custody of Virtual Assets

The safe custody of virtual assets is a critical component of the SCA’s regulatory approach. VASPs offering custodial services must adhere to strict guidelines to ensure that VAs are securely managed and protected. The guidelines recognize three types of custodial arrangements:

  • Direct Custody: VASPs directly manage and secure client assets, providing solutions for storage, encryption, and access control.
  • Outsourced Custodial Solutions: In cases where custody is outsourced to third parties, VASPs must ensure that the external provider meets all regulatory requirements, including security protocols and reporting standards.
  • Audits and Reconciliation: VASPs are required to conduct periodic audits in order to identify discrepancies and ensure that client funds are not at risk​.

Data Protection and Insurance

VASPs are operating under the umbrella of a broad UAE Data Protection Law, which mandates for secure handling of all personal data. Any data collected should, to a greater extent, not only be stored appropriately but also be securely processed. The client should have full capacity to ask for an amendment or removal of his/her private data. Moreover, while insurance for VAs remains complex, as the industry is still in the growing phase, the SCA calls upon VASPs to devise a plan that will ensure the mitigation of risks and operational continuity.

Conclusion

The UAE’s regulatory framework for VAs and VASPs represents a comprehensive approach to managing the risks and opportunities presented by the digital economy. By establishing clear licensing requirements, promoting technological governance, and ensuring consumer protection, the SCA’s guidelines offer a robust foundation for the development of a secure and innovative VAs market. As VAs continue to evolve, the UAE is positioning itself as a global leader in the regulation of this transformative sector, balancing innovation with security to foster long-term growth​.

All Insights Next Publication
Privacy Policy Cookie Policy Terms of Use
mail linkedin telegram youtube
© SEAMLESS LEGAL LIMITED 2026
Our website uses cookies to ensure the best user experience. Please accept cookies for optimal performance. For more information check our Cookie Policy.
ACCEPT COOKIES
REJECT COOKIES
Send your request
Many thanks for your inquiry.
We have received your message and will revert shortly.