DIFC Digital Assets Regime
The Dubai Financial Services Authority (DFSA) recently issued a consultation paper on the regulation of Security Tokens in the DIFC. This paper is one of the two consultation papers that will go on to make the base for the DIFC Digital Assets Regime, thus opening the gateway to a whole new world of exciting and cutting-edge fintech applications using the Distributed Ledger Technology (DLT).
The DFSA then made the relevant amendments to it’s legislation in the end of September, thus creating the framework for the regulation of Security Tokens in the centre.
Part 1 of the DIFC Digital Assets Regime covers Security Tokens. Part 2 is expected to cover Utility Tokens, Exchange Tokens and Stablecoins.
The DIFC Digital Assets Regime will be of interest to issuers of Security Tokens, Authorised Market Institutions that wish to admit Security Tokens to trading, or performing clearing and settlement services, operators of Alternate Trading Systems such as Multilateral Trading Facilities (MTF) and Organised Trading Facilities (OTF) that wish to trade Security Tokens, providers of Digital Wallets who provide custody and storage services for such tokens, technology providers and in general, any licensed firm that wishes to advise, arrange or manage crypto-assets.
What does DIFC consider to be a token, or a crypto asset?
The DFSA defines a token as a digital representation of value, rights and obligations that are created, stored and transferred electronically, using distributed ledger technology (DLT) or similar technology.
Generally, crypto assets depend on cryptography and distributed ledger as part of their perceived or inherent value. They are created, stored and transferred using a DLT application, using:
- An address,
- a public key corresponding to that address, and
- a private key, also corresponding to that address.
What does the DFSA consider a Security Token?
A Security Token is defined as a token that confers rights and obligations that are:
(i) the same as those conferred by a share, debenture or futures contract (Investments); or (ii) substantially similar in nature, purpose or effect, to those conferred by Investments.
In effect, a Security Token is a token that behaves as a security (equity, debenture, convertible, future, option etc.) and is hence considered by the DFSA as a specified investment.
What is a security?
The DFSA has a list of instruments that they consider a security. In general, a transaction is considered a security if a) there is an investment of money, b) there is an expectation of profit, c) the investment of money is in a common enterprise and d) any profit comes from the efforts of a promoter or third party. This is also commonly known as the Howey Test.
How would the DFSA determine whether a particular Security Token is an Investment or not?
The DFSA aims to take a hybrid approach, where they will make their own assessment of whether the proposed token is a Security Token, based on a self-assessment submitted by the applicant.
What about exchange tokens, utility tokens, payment tokens, stablecoins and other types of tokens?
The DFSA currently regulates only Security Tokens, with additional regulatory guidance for other types of tokens expected in a few months. Until then, other types of tokens will not be considered for the purpose of regulation.
Trading of Security Tokens
The DFSA has an existing framework for the authorization and regulation of Exchanges, Alternate Trading Systems and Clearing houses. Under the regulation for conventional securities, exchanges are licensed as Authorised Market Institutions (AMI), and MTFs and OTFs are licensed as Alternate Trading Systems. Accordingly, the DFSA now permits such institutions to perform the same activities for Security Tokens as well. However, privacy tokens and anonymous trading will not be allowed.
In cases where the facility is exclusively dedicated to trading only in Security Tokens, it would be labeled a Security Token Market (or Derivative Token Market, or Investment Token Clearing House etc.).
There will be additional requirements applicable to such facilities, mainly comprising KYC and technology-related compliances.
What are the kinds of platforms used for trading and settlement of Security Tokens?
There usually exist three major types of platforms for trading of tokens:
1. Centralised platforms – the platform takes control of clients’ tokens by holding their private keys in a single distributed ledger account under their own private key, with trading transactions recorded on-chain. However, matching of the orders, the execution of the orders, and the corresponding transfer of the ownership of the token, is typically recorded in the books of the platform, or off-chain. Such platforms use permissioned access, with some market participants having full access (full-node clients) while others would be give limited access (lightweight clients).
2. DEX – These are fully decentralised platforms (open access) and solely based on smart contracts with self-execution. Investors usually control their tokens, and trading settlement occurs on-chain, using atomic swaps. Such platforms can only do virtual-to-virtual transactions, with fiat-to-virtual and vice-versa being effected through conventional exchanges. The DFSA will not license DEXs as of now.
3. Hybrid – these platforms use a combination of centralization and DLT in varying degrees.
Clearing and settlement will be by gross settlement models, where instructions are directly settled in the account of the relevant customer/client, or where the operator of the facility takes control of the clients’ Security Tokens by holding the clients’ private keys on their behalf or keeping clients’ assets in a single DLT address under the platform operator’s own private key. Fully-automated clearing and settlement models will not be allowed as of now.
The DFSA will apply the existing requirements for market operators, and focus on the following areas for trading of Security Tokens (among others):
- Information technology.
- Independent technology audits.
- Direct access to facilities.
- Investment criteria to admit Security Tokens for trading and clearing.
- Business and operating rules; and
- Digital Wallets providing custodial services.
Additional IT-related requirements
The DFSA would be interested in reviewing the criteria for market participants who access and update records on the platform, network security and ongoing compliances. They would also review the IT design of the DLT implementation adopted by the facility that trades security tokens, and whether it is able to address how the rights and obligations relating to the tokens are properly discharged.
Technology governance mechanisms would also be reviewed, including IT architecture, storage and transmission of data, procedures to address soft and hard forks, cyber-security measures,
decision-making protocols and interfaces with providers of digital wallets.
A comprehensive IT audit, conducted by an independent third-party IT expert would be required to be submitted to the DFSA annually.
Direct access to facilities
Earlier, only persons who met certain criteria were allowed access to DFSA-regulated exchanges, clearing houses and ATS. These intermediated-models of trading are in direct contrast to the peer-to-peer nature of trading in tokens, through direct access methods.
Under the DIFC Digital Assets Regime, direct access models are now allowed, with enhanced requirements on the operator of platforms to address counterparty risks, AML/CTF and market integrity, with adequate disclosures related to the Security Tokens that are traded on the platform.
The operator will have to undertake client classification of each client and monitor such direct access clients on an ongoing basis to ensure compliance with all applicable rules.
Listing of Security Tokens
Security Tokens can be listed and traded on DFSA-regulated exchanges or Alternate Trading Systems, with both facilities being able to host initial token offerings and secondary trading.
The current admission criteria will also be applied to such Security Tokens, in a way that tokens trading elsewhere will also be tradable in such facilities.
What are digital wallets?
Digital wallets store the public and private keys that enable users to interact with DLT to trade in tokens and monitor their balances. These can be hot wallets, i.e. software/cloud-based wallets connected to the Internet, or cold wallets, i.e. hardware devices such as USB sticks with security features.
DLT networks usually provide their own wallet functions, like Bitcoin Core for Bitcoin. There are also specialized wallet providers who hold client’s tokens – these include the likes of Coinbase, Exodus and Mycellum.
Providers of Digital Wallet services will have to be licensed to Provide Custody, either by the DFSA or an equivalent regulator. Clients also have the option to self-custody by using their own digital wallets, in which case, the Security Tokens are held at their own risk. Operators can also take custody of clients’ Security Tokens by holding their private keys in a DLT-based account under the operator’s own private key, and hence will have to be licensed by the DFSA to provide such services.
Additionally, the DFSA now allows operators of Alternate Trading Systems to hold Client Money, so that they can trade Security Tokens. Such ATS will be subject to Client Money requirements from the DFSA, with a base capital of US$ 140,000 and expense-based capital calculations at 18/52.
The prospectus requirements that apply for public offers of Securities, i.e. Initial Public Offerings, will continue to apply to IPO’s of Security Tokens. In these cases, the white papers released by the issuers can be considered as Prospectuses, provided they contain the information as mandated by the DFSA for issuances of securities. Also, there will be additional information and disclosures required for Security Token issuances.
The DFSA has provisions for exempt offers in the case of conventional securities, and an offer of Security Tokens denominated in an amount of at least US$ 100,000 or equivalent will be considered an exempt offer. However, any further fractional interest in such security tokens (for less than US$ 100,000) will not be exempt.
Funds can also be tokenised. The DFSA allows Security Tokens that represent rights and obligations similar to Units in a Fund, in which case they will be regulated in the same manner as Units of Funds. Additional prospectus disclosures will be required, similar to those required in the case of initial offers of other Security Tokens. Such tokens can be offered both to the public and via private placement, and the same rules and eligibility criteria will apply to the Fund Managers.
Funds will also be allowed to invest in other crypto-tokens, subject to appropriate disclosures in the Fund Prospectus.
There are additional disclosures required in case of public funds where 10% or more of their underlying assets are crypto assets.
All the above requirements also extend to distribution of foreign security tokens. Marketing and promotional activities related to security tokens will be subject to the same compliance requirements as conventional securities.
In addition, firms that market, promote, manage or undertake any other financial services in relation to Security Tokens will be required to provide to their clients a Key Features Document, with relevant disclosures.
The fees for filing an application to be licensed as an Alternate Trading System that allows for trading in security tokens will be US$ 150,000 and annual license fees will be US$ 100,000. An additional US$ 10,000 per year will be applicable for AMIs and ATSs that operate direct access markets for security tokens. Firms will also have to pay an additional US$ 20,000 for Retail Endorsements, to deal with Retail Clients.
The admission fees for listing and trading will be US$ 2500.
Consultations on structuring fintech businesses in the UAE and Saudi Arabia. Starts with advice on holding structures, share vesting plans, investor and founder legal packs. In case of regulated fintechs, we also advise and assist in authorisations from the relevant financial regulators.
Sectors – Money Service Businesses, Open Banking, Robo-Advisory (passive, automated and hybrid), crowdfunding platforms (investment, loan-based, property) and decentralised applications (DeFi and Blockchain-based solutions).
Regulators – UAE Central Bank, Emirates Security and Commodity Authority, Dubai Financial Services Authority (DFSA/DIFC), Financial Services Regulatory Authority (FSRA/ADGM) and the Central Bank of Bahrain.
Regulated licenses – Electronic Money Institutions (EMI), Payment Institutions (PI), Crowdfunding Platforms, AISP/PISP, Automated Investment Advisors and Asset Managers
Regulatory Sandbox Consulting
Approach and structuring of regulatory sandbox licenses in the DIFC (Innovation Testing License, or ITL) and the ADGM (Fintech Reglab).
(i.)Sectors – Money Service Businesses, Robo-Advisory (passive, automated and hybrid), tokenized crowdfunding platforms (investment, loan-based, property) and decentralised applications (Blockchain-based solutions).
(ii.)Regulators –Dubai Financial Services Authority (DFSA/DIFC), Financial Services Regulatory Authority (FSRA/ADGM) and the Central Bank of Bahrain.
(iii.)Regulated licenses – Electronic Money Institutions (EMI), Payment Institutions (PI), Alternate Trading Systems (ATS), DeFi, Blockchain-based regulated fintech
Blockchain and Crypto
Compliant Token Design, Crypto asset Product Design, Jurisdictional Scoping, KYC/AML Policy Development for Crypto asset Products, Privacy and Data Protection Compliance Strategy for Crypto asset Products
a. Corporate Structuring – Holding structures, IP vesting, ESOPs, Investor on-boarding, customized Articles, Legal documentation
b. Jurisdictional Selection
c. Assistance in incorporation
(iii.)Jurisdictions – Dubai International Financial Centre (DIFC), Abu Dhabi Global Market (ADGM), Dubai World Trade Centre Free Zone (DWTC), Dubai Multi-Commodities Centre (DMCC), Luxembourg
a. Tokenised Crowdfunding Licensing.
c, Crypto-asset Licensing.
d. Crypto-asset Facility Licensing – MTF, OTF.
e. Crypto Trading Platforms.
f. Crypto-related advisory and asset management permissions.
a. Crypto-asset Purchase Agreements.
b. Crypto-asset Terms and Conditions.
c. Key Features Documents for Security Tokens.
d. Private Placement Memorandums for Tokenised Funds.
e. STO Prospectuses.
f. Simple Agreement for Future Tokens (SAFT).
g. Privacy Notices.
Tokenisation of Assets
Legal and technical consultancy services on tokenization of physical or digital assets such as securities, real estate, financial assets, luxury goods, art, and initial public offerings. Assistance in legal documentation, compliance framework for the offering and selection of suitable jurisdictions.
We also assist with corporate and commercial documentation through our legal consultancy - 10 Leaves Legability. We assist in the drafting of:
- Crypto-asset Purchase Agreements.
- Crypto-asset Terms and Conditions.
- Key Features Documents for Security Tokens.
- Private Placement Memorandums for Tokenised Funds.
- STO Prospectuses.
- Simple Agreement for Future Tokens (SAFT).
- Privacy Notices.
- Founder agreements.
- Shareholder agreements.
- Investor agreements.
- Share vesting/ESOP plans.
- Client/Supplier/Distributor agreements.
- Employment agreements.
Rohit Ghai – Founder & Blockchain Specialist
Rohit is the Founder of 10 Leaves. With over eighteen years of experience in the region, Rohit consults firms on corporate structuring, market entry strategies, fintech, fund structuring, regulatory authorisations and startup funding. He conducts workshops on doing business in the region and is a regular presenter to visiting trade delegations from Europe and Asia.
Rohit advises clients on legalities related to blockchain technologies and applications, including tokenization, DeFi and DApps, Tokenomics, STOs and secondary listings.
Master in Business Administration
Capabilities – Fintech, Blockchain, Funds, Venture Capital
Jurisdictions – DIFC, ADGM, UAE Mainland, DWTC, DMCC
Bishr established and headed the MENA office of the leading Luxembourg law firm, Arendt & Medernach for around 10 years. In this capacity he advised leading financial institutions, sovereign wealth funds, asset managers, MNCs and family offices in both Europe and the Middle East on all issues relating to the structuring of international transactions and the setting up of regulated and unregulated investment structures.
Certified Investment Fund Director (CIFD)
Master of Laws (L.L.M.) in International Economic Law from the University of Warwick (UK). Capabilities – Legal, Structuring, STOs and secondary offerings, Islamic Finance, Funds
Jurisdictions – DIFC, ADGM, Luxembourg, Europe
Soumen is a Master of Computer Applications and has over 20 years of experience in media and technology applications. He has consulted international organisations on technology transformation and helped implement holistic media solutions across India and the United Arab Emirates. Soumen now consults on fintech applications in money services, robo-advisory and blockchain-related solutions. He is an active NFT creator, with profiles on OpenSea and Mintable.
Get in touch! to know more about DIFC Digital Assets Regime