‍Overview

The Central Bank of the UAE (CBUAE) is the federal authority responsible for regulating payment token services across the UAE - covering stablecoins and other fiat-referenced digital payment instruments. Its framework, the Payment Token Services Regulation (C 2/2024), came into force on 31 August 2024 and establishes the licensing and registration regime for any entity issuing, converting or providing custody of payment tokens within or directed at the UAE. Unlike VARA and the CMA, the CBUAE's mandate in the virtual asset space is specific: it governs payment tokens used as a means of payment, not the broader spectrum of virtual asset investment or trading activity.

Scope

The CBUAE's framework applies to three categories of payment token service. 

Payment Token Issuance covers the creation and first sale or transfer of a payment token. Payment Token Conversion covers the buying and selling of payment tokens on a spot basis. Payment Token Custody and Transfer covers the safekeeping of client payment tokens and associated private keys, and the transfer of those tokens on behalf of clients.

The regulation draws a clear perimeter around what it governs. Algorithmic stablecoins and privacy tokens are categorically prohibited - no entity may issue, promote or provide services in relation to them within the UAE. Only Dirham-denominated payment tokens issued by licensed entities, and foreign payment tokens issued by registered foreign issuers, may lawfully circulate as a means of payment in the UAE.

Licence and Registration Categories 

The CBUAE operates a dual-track authorisation model - a full licence for entities establishing new payment token operations in the UAE, and a Non-Objection Registration (NOC) for entities already authorised by VARA, the CMA, or operating as a bank or exchange house. The applicable route depends on both the activity and, in the case of custody and transfer, the currency denomination of the payment tokens involved.

Dirham Payment Token Issuer - A full licence is required for any entity wishing to issue AED-denominated payment tokens within the UAE. This route is only available to UAE-incorporated entities. There is no NOC pathway for Dirham issuance.

Foreign Payment Token Issuer - Entities incorporated outside the UAE - including those based in financial free zones - may apply for a Foreign Payment Token Issuer Registration rather than a full licence. This registration permits the issuance of foreign currency-denominated payment tokens into the UAE market and requires written non-objection from VARA or the CMA as part of the application process.

Payment Token Custodian and Transferor (Dirham) - A full licence is required for any entity wishing to provide custody and transfer services for Dirham payment tokens. There is no NOC pathway for this activity.

Foreign Payment Token Custodian and Transferor - Entities already licensed by VARA or the CMA as virtual asset service providers providing custody services may apply for a NOC Registration to perform custody and transfer services specifically in respect of foreign payment tokens. This NOC pathway is not available for Dirham token custody, which requires a full licence.

Payment Token Conversion - Entities seeking to provide payment token conversion services may obtain a full licence. A NOC Registration is available as an alternative route for entities already holding a relevant authorisation - specifically, virtual asset exchange platform operators licensed by VARA or the CMA, licensed banks, and exchange houses.

Unlike custody and transfer - where the regulation creates denomination-specific authorisation categories, making token type the determining factor - conversion is not split by denomination in the regulatory framework. For conversion, the determining factor is entity type: eligible entities access the NOC route regardless of whether the tokens being converted are Dirham or foreign-denominated. New entrants without existing authorisation require a full licence in all cases.

Applicant Profiles

The CBUAE accepts applications from payment token issuers, custodians, conversion providers and foreign stablecoin issuers seeking access to the UAE market. Applicants must be UAE-incorporated entities, with the exception of foreign payment token issuers who may apply for registration from outside the UAE. Banks may not act directly as payment token issuers but may establish a subsidiary or affiliate to do so. Virtual asset exchange platform operators already licensed by the CMA or VARA may apply for a Non-Objection Registration to perform conversion services rather than a full licence. 

Process

The CBUAE licensing procedure follows a structured application process:

• Pre-application engagement - Senior management are strongly encouraged to meet with the CBUAE's Licensing Division before submitting a formal application to discuss the proposed business plan.
• Formal application - Applicants submit the completed application form and all required documents as specified in the Regulation's Annex. Incomplete submissions are treated as draft and suspended if outstanding information is not provided within the specified timeframe.
• Independent assessment - A mandatory independent assessment report, no older than six months at the time of submission, must accompany the application. It must cover capital adequacy, corporate governance and risk management, reserve of assets management, technology risk, payment security, business continuity, customer protection and AML/CFT controls.
• Fit and proper assessment - The board, senior management and all controllers must be approved by the CBUAE as fit and proper before a licence is granted. Face-to-face meetings with CBUAE staff may be required.
• Licence issuance - Once all conditions are satisfied, the CBUAE assigns a unique licence reference number, specifies the effective date and lists the licence on its public register.

Key Considerations

• Capital - Licensed Payment Token Issuers must maintain a minimum of AED 15 million in initial and ongoing capital, plus an additional ongoing buffer of at least 0.5% of the fiat currency face value of outstanding tokens. Payment Token Custodians and Conversion Providers must hold between AED 1.5 million and AED 3 million depending on monthly transaction volumes, with the higher threshold applying where monthly average transfers exceed AED 10 million.
• Reserve of assets - Payment Token Issuers must hold a reserve equal to the full fiat currency face value of tokens in circulation, held as cash in a segregated escrow account with a UAE-licensed bank. Monthly audits by an independent external auditor are mandatory.
• Governance - Board and senior management appointments require prior CBUAE approval. A Compliance Officer and Money Laundering Reporting Officer must be appointed. All controllers holding 10% or more of shares or voting rights are subject to formal fit and proper assessment.
• AML/CFT - Payment token services are classified as high money laundering and terrorist financing risk by the CBUAE. Comprehensive risk-based CDD, transaction monitoring and suspicious transaction reporting to the Financial Intelligence Unit are mandatory. Travel rule compliance is required for wire transfers.
• Technology - Licensees must maintain robust technology risk management frameworks, including business continuity arrangements, data breach protocols and secure data storage within the UAE. Personal data must be retained for a minimum of five years.
• White Paper - Payment Token Issuers must produce, submit and obtain CBUAE acceptance of a White Paper before issuing any token. The White Paper must be audited by an independent external auditor and published at least seven days before the token becomes available. It must be drafted in both Arabic and English.
• Prohibited instruments - Algorithmic stablecoins and privacy tokens may not be issued, promoted or serviced within the UAE under any circumstances.

Engage CFC

The CBUAE's payment token framework is technically demanding and operationally distinct from the virtual asset regimes administered by VARA and the CMA. CFC's regulatory specialists support payment token issuers, custodians and conversion providers through every stage of the authorisation process - from pre-application engagement and independent assessment coordination through to reserve of assets structuring, White Paper preparation and ongoing supervisory compliance. Engage CFC to convert Central Bank expectations into a practical licence pathway - and to ensure your payment or token project launches on a foundation regulators trust.