Nicky Eilers, Governance Risk and Compliance Advisor at Equiom Corporate Services (Middle East) Limited, gives us an in-depth overview of the DFSA regulations that have been introduced this month and takes us through the various components of this framework.
In a feedback statement issued on 17th October 2022, the DFSA has explained the changes from the proposed rules outlined in Consultation Paper (CP) 143 which was published on 8th March 2022.
That CP set out initial proposals for a regulatory framework overseeing crypto tokens and has, in the most part, been adopted after a review of comments received.
The new rules came into effect on 1st November 2022.
General overview (including Token Taxonomy)
(Source - Table 1 of the DFSA Feedback statement) Further context on the Token taxonomy can be found at Feedback Statement on Consultation Paper No. 143 Regulation of Crypto Tokens | Rulebook (thomsonreuters.com)
These were outlined in the DFSA’s CP 138 and incorporated into their Rulebook, in 2021. Briefly, such tokens are a digital representation of a real-world financial asset (such as a stock or bond). They can be used in Financial Services activities, regulated by the DFSA.
These were outlined in CP 143 and, subject to recent amendments, were incorporated into the DFSA Rulebook on 1st November 2022. Further details are contained below, including how the DFSA intends to implement these changes.
These tokens will either be completely excluded from regulation (Central Bank Digital Currencies [CBDCs] which, similar to cash, are an un-regulated product) or have a lower threshold of regulation (such as NFTs and Utility Tokens, where providers will now need to register as a ‘Designated Non-Financial Business or Profession’ – DNFBP).
Such tokens, typically algorithmic or privacy tokens, will not be allowed in the DIFC.
Recognised Tokens and Activities
Only Recognised Crypto Tokens may be used in the DIFC, and there will be a process to determine which they will be:
- Pre-Recognised Crypto Tokens
The DFSA published a list of Pre-Recognised Crypto Tokens on 2nd November 2022. As expected, this included the most frequently traded crypto tokens – Bitcoin, Ethereum and Litecoin.
- Recognition of other Crypto Tokens
For those tokens not on the Pre-Recognised list, a process will be in place whereby an application can be made to the DFSA for recognition. This process will include:
Due diligence and background considerations
- Location of relevant key persons, like founder, developers amongst others
- Approval in other jurisdictions
- History and possible regulatory issues
- Public information related to issuers, founders, developers, miners, and other key persons
- Allocation of funds raised as well as the development path of the Crypto Token.
- Public access to the blockchain protocol, consensus mechanism, technology audit reports as well as live updates to the blockchain
- The ability to identify associated persons
- Traceability of balances and transactions in line with AML and FATF recommendations
- Historical data such as, maturity of the market and trading history
- Market capitalisation, regarding predetermined schedules for issuing or burning and any inflationary or deflationary mechanisms used,
- Supply and demand, including transparency regarding volatility and returns
- Market liquidity, trading volumes, and liquidity profile responses to market stress.
System Capability and Risk Management factors
- Type of blockchain, access permissions and right to amend the protocol
- Environmental costs
- Smart contract availability, endogenous computational capacity, native token features and the ability to host piggyback tokens on the blockchain
- Interoperability across blockchains,
- limitations of transaction validation times and costs associated
- Cyber security controls, including any history of hacks, and losses from security failures
- Custody and wallet risks and management thereof.
- Capabilities regarding collecting and storing user information, transactional monitoring, and ability to comply with Data Protection and privacy requirements.
- Ability to comply with AML and sanctions requirements
- Settlement risk and mitigation
- Operational risk, systems, and controls to prevent, detect faulty codes, and risk reaction systems
Financial Service Activities
Generally, most DFSA regulated Financial Services can be undertaken, with respect to Crypto Tokens. The rules concerning funds have been amended to accommodate this new investment type, and there are also prohibitions on the use of Crypto Tokens in some activities (such as Providing Money Services and Crowdfunding).
The regime went live on 1st November 2022 and the following points should be noted:
- The DFSA requires all interested parties to register on their website, if they intend to undertake activities related to Crypto Tokens.
- Once such registration has occurred, the DFSA will gauge demand for Crypto Tokens and then allocate resources accordingly.
- Existing Authorised Firms (AFs), already involved in Crypto Token activity, will be granted a six-month transitional phase, to move to the new DFSA rules.
- All other parties, either existing AFs or new entrants, will be required to undertake the normal application process. This will include the submission/review of a regulatory business plan and subsequent filing of further application documentation.
- The DFSA has not indicated any timelines for application processing, and these will probably be dependent upon demand from applicants and resource availability.
The bottom line
The DFSA has, finally, introduced its crypto regime (some 3 years after the ADGM). They are taking a cautious approach to implementation, given the likely high level of demand.
They will revisit their rules, in due course, using the experience gained during the initial phases of implementation and feedback from stakeholders.
How can we help?
At Equiom our experienced GRC team can help you with this new investment type, by providing advice on licence applications and upgrades, including developing and implementing the necessary policies and procedures.
Equiom also has experience in similar applications, with the ADGM (based in ADGM) and with the Virtual Assets Regulatory Authority (VARA, based in the Dubai World Trade Centre).
Please contact Nicky Eilers (or your usual Equiom contact) regarding your organisation’s governance, risk and compliance needs and to ensure your firm has a holistic all-encompassing Compliance Framework.
This article has been carefully prepared, but it has been written in general terms and should be seen as broad guidance only. The article cannot be relied upon to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact Equiom to discuss these matters in the context of your particular circumstance. Equiom Group, its partners, employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this article or for any decision based on it.
For information on the regulatory status of our companies, please visit www.equiomgroup.com/regulatory