Fintech Frontiers: Legal Landscape for Innovation and Sandboxes in The UAE

09 Jul 2024

Broadly speaking, a business which utilizes technology, typically software, to provide, support and facilitate financial services, usually in new and innovative ways, can be labelled as a “fintech” company. Some common examples are crowdfunding platforms, cryptocurrencies or initial coin offerings (ICOs), online banking, payment processing, among others services. Establishing a fintech business in the UAE is not a particularly complex process, however, one may come across certain barriers to entry and stringent regulatory requirements, as financial activities are regulated by various bodies in the UAE. 

A brief overview into the regulatory landscape of the fintech space: 

  1.  Central Bank of the UAE (the Central Bank):

The Central Bank is the primary regulatory authority for banking and financial services in the country. Some of the recent regulations and initiatives undertaken by the Central Bank to promote fintech, include the issuance of fintech licenses, regulations on stored value facility activities and large value payment systems. 

The Central Bank has also developed sandbox regulations to specifically cater to the operation and management of the experimental environment in the insurance sector. While the Central Bank had yet to issue specific regulations governing cryptocurrencies, its cautious stance implies that cryptocurrencies are still not considered legal tender in the UAE. On numerous occasions, it has issued public warnings and encourages individuals to exercise caution when dealing with cryptocurrencies. 

  1.  Abu Dhabi Global Market (the ADGM):

ADGM is a financial free zone in Abu Dhabi, regulated by the Financial Services Regulatory Authority (the FSRA). ADGM has been at the forefront of fostering fintech innovation through its Regulatory Laboratory (ADGM RegLab). The ADGM RegLab, the world’s second most active sandbox, provides a controlled environment for fintech companies to develop and test their innovative solutions, and is ideal for both new market entrants and established financial institutions. Novel fintech solutions can be tested in a controlled and regulated environment, without being subject to the complete regulatory regime that would typically apply to a financial services company established within the jurisdiction. 

  1.  Dubai Financial Services Authority (the DFSA):

The DFSA is the regulatory authority for the Dubai International Financial Centre (the DIFC). The DFSA has introduced fintech-related regulations and initiatives to support the growth of fintech businesses within the DIFC, which includes its own regulatory sandbox, known as the DFSA Innovation Testing Licence Programme. Under this program, license holders can test and develop their financial services, products and models in a controlled environment. 

  1.  Securities and Commodities Authority (the SCA):

The SCA oversees and regulates activities related to securities and commodities within the UAE. In 2019, the SCA expressed its intention to regulate cryptocurrency-related activities, ICOs, and digital asset exchanges and subsequently introduced the SCA Crypto Assets Activities Regulation 2020 and Guidance notes, which governs the offering, issuing, listing and trading of cryptoassets in the UAE and related financial activities.  

  1.  DIFC:

DIFC has been proactive in supporting fintech innovation through various initiatives and programs, including the Fintech Hive accelerator. Its primary objective is to nurture innovation and growth in the fintech sector. The program offers both incubation and acceleration tracks, providing fintech startups access to mentorship, resources, and opportunities to collaborate with established financial institutions within the DIFC ecosystem.

Along with the changes and developments in the fintech space, the UAE faces major risk in the absence of safeguarding laws relating to data protection, cyber security and anti-money laundering (AML).  Compliance with data protection laws and cybersecurity regulations is crucial for fintech companies handling customer data and financial transactions. Furthermore, fintech companies are also required to implement robust AML and KYC measures to prevent money laundering and ensure customer identification. Some recent initiatives to address these issues include, the guidance on AML risks issued by the Central Bank in 2022, specifically relating to the payment sector, which aims to: i. understand and highlight key risks faced by licensed financial institutions; and ii. identify transactions that require special scrutiny.