United Arab Emirates: Fintech (2nd Edition)

Last Updated: 21 November 2019
Article by Nadim Bardawil

1. What are the sources of payments law in your jurisdiction?

The United Arab Emirates ("UAE") consists of "onshore" ("UAE Onshore") and financial free zone jurisdictions, to which different sources of payments law apply. There are currently two financial free zones in the UAE: the Dubai International Financial Centre (the "DIFC") and the Abu Dhabi Global Market (the "ADGM") (together, the "Financial Free Zones").

The sources of payments law in the UAE depend on the applicable jurisdiction and financial regulatory regime:

– UAE Onshore. Where the payment service provider ("PSP") is providing its services in or from UAE Onshore, it is governed by the federal laws of the UAE. Financial services conducted in or from UAE Onshore are regulated by the UAE Central Bank ("UAECB"), Securities and Commodities Authority ("SCA") and Insurance Authority ("IA") (as applicable).

– DIFC. Where the PSP is providing its services in or from the DIFC, it is governed by the laws of the DIFC. The Dubai Financial Services Authority ("DFSA") regulates financial services conducted in or from the DIFC.

– ADGM. Where the PSP is providing its services in or from the ADGM, it is governed by the laws of ADGM. The Financial Services Regulatory Authority ("FSRA") regulates financial services conducted in or from the ADGM.

UAE Onshore

The sources of payments law on UAE Onshore principally consist of the Regulatory Framework for Stored Values and Electronic Payment Systems 2017 ("2017 Payment Regulations") and Federal Law No. 14 of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities ("2018 FIA Law").

2018 FIA Law

Article 65 of the 2018 FIA Law sets out the relevant financial activities subject thereto, which include "Providing currency exchange and money transfer services" and "Providing stored values services, electronic retail payments and digital money services" (among others).

The 2018 FIA Law sets out the requirements for conducting the above financial activities and prohibits, under Article 64, any entity from conducting such financial activities without a license from the UAECB.

The 2018 FIA Law further sets out certain information with respect to the application procedure for a UAECB license, reporting obligations to the UAECB and other obligations, delegating a sizeable amount of regulations to the UAECB.

2017 Payment Regulations

The 2017 Payment Regulations set out the requirements imposed upon four main types of PSPs:

1) Retail PSP: Authorized commercial banks and other licensed PSPs offering retail, government, and peer-to-peer digital payment services as well as money remittances;

2) Micropayment PSP: PSPs offering micropayments solution facilitating digital payments targeting the unbanked and under-banked segments in the UAE;

3) Government PSP: Federal and local government statutory bodies offering government digital payment services; and

4) Non-issuing PSP: Non-deposit taking and non-issuing institutions that offer retail, government, and peer-to-peer digital payment services.

The 2017 Payment Regulations cover the following digital payment services:

-Cash-in services: enabling cash to be placed in a payment account;

– Cash-out services: enabling cash withdrawals from a payment account;

– Retail credit/debit digital payment transactions;

– Government credit/debit digital payment transactions;

– Peer-to-peer digital payment transactions; and

– Money remittances.

The 2017 Payment Regulations do not apply to the following PSPs, which may be subject to other UAECB laws and Regulations:

– Payment transactions in cash without any involvement from an intermediary;

– Payment transactions using a credit/debit card;

– Payment transactions using paper cheques;

– Payment instruments accepted as a means of payment only to make purchases of goods/services provided from the issuer/any of its subsidiaries (i.e. closed loop payment instruments);

– Payment transactions within a payment/settlement system between settlement institutions, clearing houses, central banks and PSPs;

– Payment transactions related to transfer of securities/assets (including dividends, income, and investment services);

– Payment transactions carried out between PSPs (including their agents/branches) for their own accounts; and

– Technical service providers: Defined as entities facilitating the provision of payment services to PSPs, whilst excluded at all times from possession of funds (or transference thereof). A payment gateway operator could fall under this category.


The sources of payments law in the DIFC and ADGM are similar:

– DIFC: The sources of payments law in DIFC principally consist of DIFC Law No.1 of 2004 ("Regulatory Law") and DFSA rulebook ("DFSA Rulebook").

– ADGM: The sources of payments law on UAE Onshore principally consist of the Financial Services and Markets Regulations 2015, as amended ( "FSMR") and the FSRA rulebook ("FSRA Rulebook").

The FSMR and Section 2.6 of the DFSA Rulebook (General Module) both define the provision of money services as "providing currency exchange or money transmission". Money transmission is defined as "(a) selling or issuing payment instruments, (b) selling or issuing stored value, or (c) receiving money or monetary value for transmission, including electronic transmission, to a location within or outside the [DIFC/ADGM (as applicable)]".

Section 7.2 of the DFSA Rulebook (General Module) and Section 16 of the FSMR both require that PSPs in the DIFC/ADGM (as applicable) have a license from the DFSA/FSRA (as applicable), authorizing the PSP to provide payment services. However, section 16 of the FSMR provides for an exception to this obligation where the corporate entity is considered "exempt".

The above regulations set out certain information with respect to the application procedure for a license, reporting obligations to the competent authority and other obligations, with the laws delegating a sizeable amount of regulations to the DFSA/FSRA (as applicable).

2. Can payment services be provided by non-banks, and if so on what conditions?

UAE Onshore

PSPs on UAE Onshore can be non-banks. The 2017 Payment Regulations limits the scope of non-bank PSPs to the following, imposing ownership restrictions in many cases:

  1. Retail PSPs: a commercial bank or consortium thereof must hold majority ownership of it;
  2. Micropayment PSPs: it must be (a) a telecommunications service provider or operator licensed by the Telecommunications Regulatory Authority; (b) a UAE licensed money exchange business, or (c) a corporate entity providing transport services and licensed by the National Transport Authority. Additionally, one or a consortium of the following must hold majority ownership of it: commercial bank, telecommunications services provider or operator, transport services entity and monetary or financial intermediary licensed by the UAECB;
  3. Government PSPs: one or a consortium of a federal ministry or authority or local government authority must hold majority ownership of it; and
  4. Non-Issuing PSPs: no ownership restrictions are included under the 2017 Payment Regulations however reference is made to further requirements under a "licensing requirements" which may include such restrictions (more on this below).

The above non-banks would require a license from the UAECB in order to provide payment services. The 2017 Payment Regulations refer to licensing processes and requirements for PSPs set out in a "licensing manual" and Article 67 states that the UAECB shall issue the rules, regulations and standards and determine conditions for granting licenses. The UAECB has confirmed that such licensing manual has not yet been issued and is currently under development. At this stage, licensing processes and requirements for PSPs may be provided by the UAECB upon submission of an application therefor.


PSPs in DIFC can be non-banks. However, they must satisfy an extensive range of requirements, many of which differ based on the applicable category. There are five categories of financial services in the DFSA, set out under the Prudential – Investment, Insurance Intermediation and Banking Business Module of the DFSA Rulebook. The provision of money services is not expressly included under a category, therefore the category that best corresponds to the activities of a PSP would apply. The DFSA financial services categories are set out as follows:

  1. Category 1: Accepting deposits or providing credit;
  2. Category 2: Dealing in investments as principal (not including matched principal);
  3. Category 3: Dealing in investments as principal or agent, operating a collective investment fund, managing assets, providing custody, providing trust services, acting as the trustee of a fund;
  4. Category 4: Arranging credit or deals in investments, advising on financial products or credit, arranging custody, insurance intermediation, insurance management, operating an alternative trading system, providing fund administration; and
  5. Category 5: An Islamic financial institution managing a profit-sharing investment account entirely in accordance with Sharia.

The PSP would require a license from the DFSA to provide the relevant financial services.


PSPs in ADGM can be non-banks. However, they must satisfy an extensive range of requirements, many of which differ based on the applicable category. There are five categories of financial services in the FSRA, set out under the Prudential – Investment, Insurance Intermediation and Banking Rules of the FSRA Rulebook. The provision of money services is included under Category 3C, and a PSP would fall under this category unless it also meets the criteria of categories 1, 2, 3A, 3B or 5.

It is worth noting that a PSP may, where authorised under its FSRA financial services permission (i.e. FSRA license) to do so, conduct any number of regulated activities specified under a lower category than the one applicable to it.

The conditions specifically applicable to a PSP company under category 3C include, inter alia:

1. Capital requirements: Higher of Base Capital Requirement or Expenditure Based Capital Minimum:

a) Base Capital Requirement: USD 250,000, and

b) Expenditure Based Capital Minimum: Where no client assets or insurance money is held by the PSP, 13/52nds of the Annual Audited Expenditure, calculated as all expenses and losses that arise in the license holder's normal course of business in a 12-month accounting period (excluding exceptional items) which are recorded in its audited profit and loss account, not including the following:

  • discretionary staff bonuses;
  • discretionary incentive shares and share options;
  • other non-automatic appropriations of profits (not including a management charge);
  • shared commissions and fees payable, directly related to commissions and fees receivable (which are included with total revenue);
  • fees, brokerage and other charges paid for purposes of executing, registering or clearing transactions;
  • expenses for which pre-payments or advances have already been made to the respective claimant and deducted from capital resources as illiquid assets;
  • foreign exchange losses; and
  • contributions to charities;

2. The maintenance at all times of an amount of assets exceeding its Expenditure Based Capital Minimum in the form of liquid assets;

3. The maintenance at all times of a professional indemnity insurance in accordance with the FSRA's requirements; and

4. Supervisory review and evaluation processes requirements.

The PSP would require a financial services permission from the FSRA to provide the relevant financial services.

3. What are the most popular payment methods and payment instruments in your jurisdiction?

With respect to small and regular amounts, payment by way of cash remains the most prevalent method of payment in the UAE: many small establishments in the UAE only accept cash. However, an increasing number of UAE residents are opting to pay by way of debit and credit cards: VISA and MasterCard credit cards are widely accepted by businesses and government services.

With respect to larger amounts, cheques are an important payment instrument in the UAE and are notably used for rent payments.

Online payments are increasingly common across the entire spectre of payments. Visa's CNP transaction data illustrated a growth of e-Commerce by 31% in the UAE over the 12 months leading to June 2019.

Various other digital initiatives are increasingly utilized; however, these initiatives represent a small segment of payment mechanisms. Such initiatives include the government's Mobile Wallet, Etisalat Wallet, NOL Cards, Apple Pay, Samsung Pay and Alipay. Alipay, a large online and mobile payment platform, is also active in the UAE. It should be noted that the Dubai government introduced plans to launch its own wallet emCash which can be used as a digital currency and cryptocurrency as well.

4. What is the status of open banking in your jurisdiction (i.e. access to banks' transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?

There is no current legislation specifically governing open banking or requiring banks to share their data with open banking service providers. However, pursuant to Article C.2.5 and D.7.1 of the 2017 Regulations, the UAECB has the right to impose "Access" regimes and interoperability obligations on PSPs.

The UAE is one of the fastest growing markets in the Gulf Cooperation Council ("GCC"). The current use of open banking in the UAE is largely limited to e-wallets. Certain aggregation tools exist with respect to banks' data however they are limited to specific banking services and are not widespread.

The use of open banking in the UAE is gaining traction with the continual advancements of e-wallets, mobile payments and real time transfers.

The use of Etisalat Wallet, Apple Pay and Samsung Pay in the UAE, inter alia, evidence the presence of open banking. Also, Emirates NBD, a major bank in the UAE, had enabled open banking collaboration, having launched an API sandbox for fintech companies and other financial institutions registered in the DIFC. Five Fintech companies have graduated from this initiative with a "certificate of collaboration".

Open banking services providers that possess funds at any point (or transference thereof) are categorized as payment (or money) services providers and must be licensed by the relevant authority.

5. How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?

UAE Onshore

UAE Onshore does not have any specific stand-alone data protection legislation. Data privacy and protection is addressed across a number of separate laws and regulations not specifically focused on data protection. Such legislation encompasses generally applicable laws regarding data protection including those under Federal Law No. 3 of 1987 Promulgating the Penal Code ("Penal Code") and Federal Law No. 5 of 2012 on Combating Cybercrimes ("Cybercrime Law") which prohibit disclosure or publication of private information and interception of personal communications. There are also sector-specific applicable laws and regulations regarding data protection available in the labor, telecommunications and finance sectors.

With respect to the provision of financial services, the 2017 Payment Regulations impose the following obligations on PSPs with respect to data protection and privacy obligations, inter alia:

– Not to process or share personal data provided by customers, unless necessary as per AML/CFT laws;

– To store and retain all user and transaction data exclusively within the borders of the UAE (excluding Financial Free Zones), for a period of at least five years from the date of the original transaction; and

– To store details of users' personal information for at least five years from the date the user relationship is terminated.

Furthermore, Article 120 of the 2018 FIA Law provides that all data and information relating to customers' accounts, deposits, safe deposit boxes and trusts with "Licensed Financial Institutions" and related transactions shall be considered confidential in nature, and may not be perused, or directly or indirectly disclosed to any third party without the "written permission of owner of the account or deposits, his legal attorney or authorized agent, and in legally authorized cases".

As illustrated above, it is important that no user or transaction data be stored outside the UAE. The requirements under the 2017 Payment Regulations and 2018 FIA Law are in addition to any other applicable laws and regulations, as well as circulars issued by the UAECB.

Financial Free Zones

In the DIFC, the DIFC Law No. 1 of 2007 and DIFC Data Protection Regulations govern the protection of data. In the ADGM, the Data Protection (Amendment) Regulations 2018 and Data Protection Regulation of 2015 govern the protection of data.

The data protection laws in the DIFC and ADGM impose similar requirements on data controllers and data processors with respect to personal data, including the following, inter alia:

– That processing is done fairly, lawfully and securely for a legitimate purpose; and

– That personal data is kept in a form which permits identification of the data subject for no longer than is necessary.

Legitimate processing of personal data in Financial Free Zones may only be conducted upon one of the below requirements being fulfilled, inter alia:- The data subject provided its written consent;

– The data subject is provided specific information unless it is reasonably expected that it is already aware of the same;

– It is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

– It is necessary for compliance with regulatory and legal obligations to which the data controller is subject;

– It is necessary for a task carried out in the interests of the DIFC/ADGM (as applicable) or other specified authorities; or

– It is necessary for the purposes of the legitimate interests pursued by the data controller or third party or parties to whom the personal data is disclosed, except where such interests are overridden by those of the data subject relating to the latter's particular situation.

The Financial Free Zones' data protection laws also include requirements with respect to disclosure to third parties, notification to the competent authority, and rights of data subjects, including right to access, erase, block and object to the processing of personal data.

Each Financial Free Zone has issued its own list of jurisdictions to which the transfer of personal data is permitted. With respect to jurisdictions not included in the list, each Financial Free Zone permits the transfer of personal data to such jurisdictions on the condition that certain requirements are fulfilled, e.g. obtaining the consent of the competent authority or the data subject. The competent authority in the case of the DIFC is the Commissioner of Data Protection, and that in the case of the ADGM is the Registrar.

6. What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?

There is a clear mandate across all sectors of government to support and encourage the growth of fintech in the region. The financial sector, particularly in Financial Free Zones, represents a significant industry where innovation is sought, principally through accelerator programs.

UAE Onshore

Pursuant to the Board of Directors' resolution no. 28/R.M of 2018, the Securities and Commodities Authority of the UAE (the "SCA") approved draft regulations setting out regulatory controls for the fintech sector in the form of a pilot regulatory environment (sandbox) to enhance and support the financial integrity of fintech companies. The regulations achieve this by relaxing the regulatory requirements or exempting testers from some of these requirements. This testing environment is designed for developers of fintech projects, whether emergent or existing companies or individual projects by entrepreneurs.

The governor of the UAECB has stated, in the UAECB's annual report for 2018, that the UAECB is "currently in the process of developing a fintech strategy that aims to capitalise on the UAE fintech eco-system and to cohesively deploy balanced regulatory and development initiatives". The UAECB's annual report for 2018 also mentions plans to commence further work on other regulations relating to payments and fintech in 2019.


The DIFC launched an accelerator programme named the Fintech Hive to encourage cutting-edge fintech solutions for leading financial institutions. Pursuant to this programme, the DIFC established an innovation testing license which permits qualifying fintech firms to develop and test innovative concepts for a period of six to twelve months without being subject to all regulatory requirements that normally apply to regulated firms. If the outcomes detailed in the regulatory test plan are fulfilled and the participating firm can satisfy DFSA requirements, it may migrate to full authorisation. If such conditions are not met, the firm must cease to carry on activities in the DIFC requiring regulation.


The ADGM launched an accelerator programme named the Regulatory Laboratory ("RegLab") to encourage cutting-edge fintech solutions for leading financial institutions. Pursuant to this programme, the ADGM established a special type of financial services permission (i.e. license) which permits qualifying fintech firms to develop and test innovative concepts for up to two years without being subject to all regulatory requirements that normally apply to regulated firms. If participating firms are capable of meeting ADGM requirements at the expiry of the license, they may be transferred to the regular authorisation and supervision review. If such firms cannot meet these requirements, they must cease to carry on activities in the ADGM requiring regulation.

In addition to launching an accelerator programme, the ADGM added legislation in the FSMR specifically addressing the emergence of new technologies, namely crypto assets.

7. Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?

As previously stated, there is a clear mandate to encourage the growth of the fintech market in both the public and private sectors of the UAE.

From a general standpoint, strict legislation or none at all results in the risk of hindering the healthy growth of any industry. Legacy laws are often ill-suited for technology-driven business models. We have noted that regulators in the UAE are keeping a watchful eye on fintech activities in their respective jurisdictions. It is customary for regulations to lag behind developments in emerging technologies as regulators need to first assess the legal implications and consequences of such technology. These may be far-reaching, as illustrated by the emergence of AirBnb and Uber in their respective industries. It is expected that over the next couple of years, additional regulations will be issued by regulators to provide structure and clear policies in relation to the fintech market.

Another factor presenting important challenges to the growth of the fintech market are cyberattacks and security breaches. Federal Law No. 5 of 2012 on Combatting Cybercrimes criminalizes these activities and applies to both UAE Onshore and the Financial Free Zones. Cyberattacks constitute the biggest threat due to their increasing frequency, unpredictability, potential for systemic impact and existing gaps in risk management. Increased interconnectivity driven by financial technological developments and successful cyberattacks erode confidence in fintech and slow down the growth of the fintech market. The UAE has been a target of several cyberattacks including ATM skimmer malware. Pursuant to a Symantic cybersecurity threat intelligence report (2018), the UAE was the second most targeted country for ransomware attacks in the MENA region.

There are several other imminent risks to the growth of the fintech market in the UAE. These include ownership restrictions, gaps in talent and private capital:

UAE Onshore

Although the current eligibility requirements under the 2017 Payment Regulations restricts ownership of PSPs, it is still possible for fintech entrepreneurs to enter joint ventures as minority shareholders with more established partners or establish themselves as Technical Service Providers. However, the provision of fintech services on UAE Onshore may be considered limited by regulations pertaining to the offshoring of data. It is arguable that the current legislative structure offers a compromise between encouraging innovation and ensuring the retention of control by UAE financial institutions.The SCA's adoption of fintech regulatory sandbox guidelines pursuant to the Board of Directors' resolution no. 28/R.M of 2018 set out a platform upon which fintech companies can test and launch modern technological initiatives in the securities sector. This structure includes the obtaining of an experimental license from the Ministry of Economy for a period between six to twelve months, under terms and conditions to be determined by the government commission upon evaluation of their business model and other factors.

Financial Free Zones

The Financial Free Zones have taken an early-on approach to invite emerging companies, existing companies and individual projects to be able to apply for their own set of experimental licenses under their accelerator programs, Fintech Hive and RegLab (please refer to our answer under question 6 for more details).

8. What tax incentives exist in your jurisdiction to encourage fintech investment?

The UAE is considered attractive to businesses in terms of taxation. There are no tax incentives specifically directed at the fintech sector, however the UAE generally imposes little taxation with no corporate income tax but a value added tax of 5%. This value added tax applies to the provision of financial services where (1) such services are performed in return for an explicit fee, discount, commission, rebate or similar matter; and (2) the recipient of the services is a consumer residing inside the UAE, including the Financial Free Zones.

9. Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?

Investment in fintech in the UAE is mainly directed either at businesses dealing directly with consumers, or businesses providing technology solutions to existing financial institutions.

There is also a considerable amount of investment directed at a variety of industries in the UAE, including the educational sector, healthcare sector, insurance sector, and emerging technologies (e.g. artificial intelligence, distributed ledger technology and deep-learning).

The level of investment in fintech differs per area and jurisdiction. In general, the majority of investment in cutting-edge fintech is currently in the Financial Free Zones and at friends and family or Series A level. At least one fintech company has progressed beyond a Series B round of investment, with Dubai-based Souqalmal.com raising USD 10 million in its Series B funding.

10. If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?

The government has reiterated on numerous occasions its policy to support and encourage technology innovation. This policy is implemented by, inter alia, sandboxes and accelerators set up on UAE Onshore and in the Financial Free Zones.

If the fintech product is well-tested and it is a new technology used to provide a service for which a license already exists, then upon the product meeting the regulatory requirements of the authorities, the service provider may obtain a license from the relevant authorities to conduct its activities in the UAE beyond the testing phase.

Another principal reason entrepreneurs consider initiating operations in the UAE is its advantageous taxation environment.

11. Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?

The UAE has one of the more open immigration policies when it comes to acquiring talent. Its population consists of roughly 80% expatriates and 20% UAE nationals.

There are no quota systems or immigration caps in place, although it is worth noting that an Emiratisation quota requirement exists on UAE Onshore whereby any company with more than 100 employees is obliged to recruit the stipulated number of UAE nationals to ensure a minimum percentage of participation of Emiratis in the workforce. This minimum percentage of participation varies depending on the economic sector of the company and job description.

12. If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?

The UAE has a well-established policy of encouraging access to new talent. It implements this policy by providing, inter alia, employment visas for long-term talent as well as mission visas for short-term talent required in the UAE. The UAE has reiterated on numerous occasions its policy of encouraging innovation in the fintech sector. It implemented changes to its immigration policy including the introduction of a six-month visa specifically for jobseekers.

13. What protections can a fintech use in your jurisdiction to protect its intellectual property?

The protections a fintech can use to protect its intellectual property are the same on UAE Onshore and in the Financial Free Zones. However, implementation measures and procedures undertaken by the authorities differ among the jurisdictions: the DIFC and ADGM are subject to common law procedures, whereas UAE Onshore is subject to civil law procedures.


UAE copyright laws provide legal protection for original computer programs, related software applications and databases.

The most applicable protection for copyrights is under Federal Law No. 7 of 2002 Concerning Copyrights and Neighboring Rights (as amended). The UAE is a member of the Berne Convention for the Protection of Literary and Artistic Works, pursuant to which all member states recognize and protect the copyrights of individuals of other member states. While there is no requirement to register copyrights in order for them to be recognized and enforced against a third party in the UAE, it is advisable, for evidentiary purposes, to register copyrights under the applicable UAE registrar.

Financial rights under a copyright are effective for a period of 50 years from the death of the inventor or, where the identity of the inventor is not identifiable, from the date of publication (or launching) of the copyrighted product.In the UAE, financial rights of an employee under a copyright are not automatically assigned to his/her employer. A separate agreement must be executed to this effect. Additionally, it is not possible to assign the moral rights to a copyright under UAE law.


UAE patent laws may provide certain protection to computer programs, provided, among other conditions, that such programs be suitably tied to hardware and presented as a technical solution to a technical problem.With respect to patents, protection is provided under Federal Law No. 17 of 2002 on Regulation and Protection of Industrial Property of Patents, Industrial Drawings and Designs (as amended) for a limited period of 20 years from the date of filing of the protection application with the Ministry of Finance and Industry.

Other intellectual and industrial property rights

The UAE is also a member of the Paris Convention for the Protection of Industrial Property. The Paris Convention for the Protection of Industrial Property requires, inter alia, that all member states recognize and protect the intellectual property rights of individuals of other member states. Additionally, the UAE is a member of the Trade-Related Aspects of Intellectual Property Rights ("TRIPS"), a minimum standards agreement for the protection of intellectual property rights.

There are also general intellectual property protections applicable to all businesses, for instance with respect to logos, slogans and names. These intellectual property protections are implemented under Federal Law No. 37 of 1992 on Trademarks (as amended), upon registration with the Trademark Office of the Ministry of Economy. Registration with the Trademark Office results in protection for a period of 10 years, renewable upon application.

14. How are cryptocurrencies treated under the regulatory framework in your jurisdiction?

UAE Onshore

If an entity wishes to provide financial services in the UAE and such services involve use of the UAE Dirham, it must be licensed or authorised by the UAECB. Due to the nature of current regulations addressing the use of cryptocurrencies in the UAE, it is currently unclear whether the UAECB would be willing to provide licenses to private entities for activities specifically related to the use of cryptocurrencies (e.g. a crypto currency exchange).

Reference to "virtual currencies" is made under the 2017 Payment Regulations, in which it defines virtual currency as "any type of digital unit used as a medium of exchange, a unit of account, or a form of stored value. Virtual currency(s) is not recognized by this regulation. Exceptions are made to a digital unit that: (a) can be redeemed for goods, services, and discounts as part of a user loyalty or rewards program with the Issuer; and (b) cannot be converted into a fiat/virtual currency" (emphasis added).

The 2017 Payment Regulations provides that virtual currencies are "not recognized by this regulation" and that "All Virtual Currencies (and any transactions thereof) are prohibited".

In February 2017, the governor of the UAECB clarified that the 2017 Payment Regulations do not "cover 'virtual currency', which is defined as any type of digital unit used as a medium of exchange, a unit of account, or a form of stored value". The governor clarified in his statement that the "regulations do not apply to bitcoin or other crypto-currencies... or underlying technology such as Blockchain".

Since issuance of the 2017 Payment Regulations, (1) the SCA announced its intention to draft regulations with respect to initial coin offerings (please refer to question 15 below); and (2) the Dubai government announced plans to launch its own wallet emCash which can be used as a digital currency and cryptocurrency. These two announcements suggest that certain cryptocurrencies are not (or at least will not be) prohibited.

However, the wording in the 2017 Payment Regulations remains unchanged and therefore there remains a grey area with regards to the specific legal status of virtual currencies in the UAE.


On 13 September 2017, the DFSA issued a general investor statement on cryptocurrencies stating that "these types of product offerings, and the systems and technology that support them, are complex.... should be regarded as high-risk investments". The DFSA further stated that it does not regulate such product offerings or license firms in the DIFC to undertake such activities. DIFC regulations do not, at the time of writing, include express reference to cryptocurrencies.

The above DFSA warning is restricted to cryptocurrencies and does not encompass all distributed ledgers. The DIFC has, as mentioned, launched the FinTech Hive, which encourages innovation in technology, including through the use of blockchain and blockchain tokens. At least one Fintech start-up that utilizes distributed ledger technology has "graduated" from the DIFC's accelerator program.


The ADGM's regulatory framework does not prohibit the use of crypto assets, however it has set out mandatory requirements and conditions applicable to such use.

ADGM regulations include reference to a specific license that must be obtained by operators of crypto asset businesses. Additionally, the ADGM has issued a legal framework clearly defining the term "crypto asset" and listing the factors the FSRA would consider while determining which crypto assets are "accepted" for use in the ADGM ("Accepted Crypto Assets"), such as under crypto asset exchanges. Under the FSMR, Crypto Assets activities include the following:

(a) Buying, selling or exercising any right in Accepted Crypto Assets (whether as principal or agent);

(b) Managing Accepted Crypto Assets belonging to another person;

(c) Making arrangements with a view to another person (whether as principal or agent) buying, selling or providing custody of Accepted Crypto Assets;

(d) Marketing of Accepted Crypto Assets;

(e) Advising on the merits of buying or selling of Accepted Crypto Assets or any rights conferred by such buying or selling; or

(f) Operating a crypto asset exchange or as a crypto asset custodian.

15. How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?

UAE Onshore

The SCA announced on 9 September 2018 the approval of a plan to regulate initial coin offerings and recognise them as securities. The plan developed is part of an integrated project to regulate digital securities and commodities. The relevant regulations are expected to be issued in 2019.


The DFSA issued an investor warning stating that cryptocurrencies are "high-risk investments" and that it does not currently regulate these types of product offerings.


The ADGM permits initial coin offerings subject to specific conditions, including that the applicable cryptocurrency be an "Accepted Crypto Asset". The FSRA has issued a Regulation of Initial Coin/Token Offerings and Crypto Assets under the FSMR.

16. Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?

We are aware of live blockchain projects in various sectors of the UAE and both on UAE Onshore and in Financial Free Zones.

In the financial sector, Emirates NBD, a major bank in the UAE, recently launched the "Cheque Chain" which integrates blockchain into issued cheques to strengthen authenticity and minimize potential fraud. It registered close to one million cheques using blockchain during the first month of its launch.

Additionally, Smart Dubai has also announced, in collaboration with IBM, the launch of Dubai Blockchain Platform, the first government-endorsed blockchain platform as-a-service in the UAE. This platform will serve as a stepping-stone for organizations in the UAE and globally to transition their blockchain testing and development into full-production. Smart Dubai's DubaiPay, the payment gateway for most Dubai Government entities, was the first customer of Dubai Blockchain Platform.

There are also live blockchain projects in other sectors. For instance, in the educational sector, Educhain enables the instant issuance and authentication of digital records for institutions, corporates, and governments. It is working with top institutions and employers from MENA, Europe and North America, encompassing 400,000 students and professionals. Additionally, the Dubai Land Department launched the blockchain-based Real Estate Self Transaction (also known as Rest System) technology to enable the complete digital management of real estate transactions, eliminating paper documents and reducing brokerage procedures. It placed existing title deeds onto a blockchain ownership platform, through which it secures more than 500,000 title deeds and 1.5 million smart contract records that connect investors/owners to the property.

17. To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?

The use of artificial intelligence in the financial sector is well-established. We do not believe UAE legislation impedes the use of artificial intelligence in the UAE. However, such use would need to satisfy UAE security requirements which are in line with international standards. The Ministry of Finance has on its website included, as a critical activation point to build the UAE's artificial intelligence capabilities, the issuance of government law and appointment of a UAE Artificial Intelligence Advisory Board to ensure the proper use of artificial intelligence.

Banks use artificial intelligence for a variety of reasons, including the automation of processes, interaction with customers, and building intelligent and real-time lending models. For instance, Emirates NBD has launched the chatbot Eva, which helps customers cut through time consuming layers and access the information they want immediately. Also, First Abu Dhabi Bank (FAB) launched a portal powered by artificial intelligence and machine learning tools to deliver advanced analytics to merchants.

The DIFC has, through its innovation testing program, approved the first robo-wealth advisor in the Middle East, Sarwa. The Dubai Electricity and Water Authority has also launched its robot, Rammas, which listens to customers' concerns and knows their transaction history.

18. Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?

While insurtech business is present in the UAE, it is developing at a slower pace than other areas such as fintech. As there is nothing in current legislations specifically regulating insurtech companies, the latter must ensure they are providing their services in compliance with general regulations addressing the provision of insurance and reinsurance policies:

– On Onshore UAE, the IA regulates insurance and reinsurance services.

– In the DIFC and ADGM, the DFSA and FSRA respectfully regulate insurance and reinsurance services (only wholesale services with respect to insurance are permitted in the Financial Free Zones).

Successful insurtech business include (1) Aqeed, which developed an insurance wallet where customers can store and recall all their policy documents, it also sends reminders to customers with respect to renewal dates, compares different policies and informs customers where there is a duplication of coverage; and (2) Souqalmal.com, an insurance, personal loan and credit card comparison website, which underwent a Series B funding in 2017.

More recently, the Insurance Authority issued Board of Directors' Resolution No. 41 of 2019 which provides supervisory rules for the experimental environment of financial technology in the insurance industry.

19. Are there any areas of fintech that are particularly strong in your jurisdiction?

To a certain extent, fintech services is present in many sectors in the UAE. As illustrated above, the payment services sector of fintech is particularly strong, with banks and government bodies launching cutting-edge technology in this sector.

20. What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?

As illustrated above, there is a predominant trend of incumbent financial institutions investing significantly in fintech start-ups, resulting in a collaboration between fintech entities and incumbent financial institutions in the UAE. This can be attributed to two main reasons, inter alia:

  1. The ownership requirements on UAE Onshore requiring that PSPs be majority-owned by, inter alia, UAE licensed financial institutions; and
  2. An apprehension by incumbent financial institutions of competition from certain fintech entities having business models able to bypass the high barriers to entry traditional financial institutions must satisfy.It should be noted that the adoption of fintech by incumbent financial institutions may result in the redundancy of many banking jobs.

UAE Onshore

With respect to the provisions of payment services, the 2017 Payment Regulations require that, in the majority of cases, PSPs are majority-owned by, inter alia, UAE-licensed financial institutions. Due to the current difficulty in obtaining licenses to establish such financial institutions, many fintech entrepreneurs wishing to access the payment sector must either partner with incumbent financial institutions or establish themselves as Technical Service Providers.

Financial Free Zones

The nature of regulations in the Financial Free Zones, in particular, the more flexible ownership and data storage requirements relative to UAE Onshore, result in a larger potential for disruption between fintechs and incumbent financial institutions.

21. To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?

Many banks and other incumbent financial institutions in the UAE are active in the authorities' accelerator programs and provide their services and support to participants. Additionally, these financial institutions are prospective, and in some cases mandatory, investors for start-ups and their presence facilitates the provision of pitches to them.

Many banks and other incumbent financial institutions in the UAE, particularly in Financial Free Zones, have also launched a variety of initiatives to carry out their own fintech development and innovation programmes, e.g. Emirates NBD established the Future Banking Lab as a key initiative of its digital strategy, it is through this program that it developed and launched the "Cheque Chain" mentioned under question 16.

22. Are there any strong examples of disruption through fintech in your jurisdiction?

A strong example of disruption through fintech in the UAE is the lower requirement for over-the-counter banking services due to the availability of digital services. Another strong example is the launch of crowd-funding platforms, which result in a decrease in demand for loans from banks, e.g. Smart Crowd, which was a part of the DIFC Fintech Hive program and now a company licensed by the DFSA, obtained an operating license in April 2018 as a property crowdfunding website.

Published first by The In-House Lawyer

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions