Regulation of crypto-tokens: Spotlight on the DFSA’s latest consultation

Taxonomy

Those familiar with CP138 will remember that the DFSA proposed a definition of a token which was subsequently adopted in the Glossary (‘GLO’) module. This provides that a token is a:

“cryptographically secured digital representation of value, rights or obligations, which may be issued, transferred and stored electronically, using Distributed Ledger Technology or other similar technology”. 

In CP143, the DFSA builds on this definition by proposing that a crypto token should be broadly defined so that it is a token:

“that is used, or intended to be used, as a medium of exchange or for payment or investment purposes but excludes an Investment Token, or any other type of investment, or an Excluded Token.”

The reason why the DFSA has taken such a broad approach to the definition of a crypto-token is to try and future proof its regulatory approach. Those types of token that will fall within this broad definition will include crypto currencies, hybrid utility tokens and asset referenced tokens.

A number of different tokens will not fall within the proposed definition of a crypto-token. The DFSA calls these “Excluded Tokens” and they will consist of utility tokens, non-fungible tokens (‘NFTs’) and central bank digital currencies (‘CBDCs’). 

The DFSA accepts that, when it comes to utility tokens, there may be instances where they may come within the proposed definition of a crypto-token where they take on the characteristics of a hybrid utility token. This could occur when a utility token develops secondary trading markets and/or uses cases beyond the issuer’s platform. Also, for NFTs the DFSA stresses that their exemption depends on the characteristics of the NFT and its function, and not what terminology or marketing terms are used. 

Those involved with NFTs should also note the DFSA’s warning that creators and any other service providers should take ‘due care’ in order not to make a public offer or provide financial services relating to a NFT in or from the Dubai International Financial Centre (‘DIFC’) without properly considering whether it is subject to regulation. 

The DFSA is also considering whether NFT creators and service providers that fall outside the proposed regulatory perimeter should fall within the DIFC’s designation of Designated Non-financial Business and Profession (‘DNFBP’). DNFBPs are required to register with the DFSA, appoint a money laundering reporting officer, and comply with the DFSA’s detailed Anti-Money Laundering rules. In our view, if the DFSA regulates NFT creators, the immediate impact will be to prohibit such activities in the DIFC by forcing NFT creators to move ‘onshore’, thereby killing off, in one swift blow, an entire NFT industry in the DIFC.  The DFSA should instead focus its regulatory oversight on the platforms which permit the buying and selling of NFTs. 

Apart from Excluded Tokens the DFSA also sets out in its consultation certain prohibited tokens, such tokens would be banned. These types of token would be privacy tokens and devices, and algorithmic tokens.

Accepted Crypto Tokens

Similar to other jurisdictions the DFSA sets out proposals that adopts an approach that limits the types and numbers of crypto-tokens that can be used. The DFSA calls this an ‘Accepted Crypto Token’ approach. What this essentially means is that a firm wanting to provide a financial service in or from the DIFC in relation to a crypto-token or a crypto-token derivative will only be able to do so if the DFSA has accepted it for use in the DIFC.

In the consultation paper¹  the DFSA sets out a list of indicative factors which sets out its regulatory expectation as to what a crypto-token should be able to demonstrate so that it can be considered suitable. Importantly, the DFSA’s assessments will be on a case-by-case basis and it has not prescribed any specific risk weights or degrees of importance in one factor over another and states that this will depend on the specific characteristics of the crypto-token. It is also notable that the list of indicative factors does not include any reference to the ESG characteristics of a crypto-token.

The DFSA sets out a proposed acceptance process for firms applying for a crypto-token to be an Accepted Crypto Token. Among other things, firms are put on notice that there will be a waiting period while the DFSA deliberates on applications although it will engage as to the expected timeframe. Should the DFSA deem the crypto-token to be an Accepted Crypto Token it will be placed on a list of Accepted Crypto Tokens which will be made available on the regulator’s website.

Where a crypto-token is already on the Accepted Crypto Token list, firms will not be expected to make an application to the DFSA. Such crypto-tokens will be available for immediate use. However, if the firm becomes aware of any development that may result in the crypto-token no longer qualifying as an Accepted Crypto Token they must notify the DFSA.

To avoid any confusion that Excluded Tokens are Accepted Crypto Tokens firms will not be allowed to provide services in relation to Excluded Tokens and Accepted Crypto Tokens from the same entity. The DFSA believes that this will prevent any confusion that Excluded Tokens are regulated. This approach appears disproportionate to the risks which it seeks to mitigate.

Financial Promotions

The DFSA proposes to follow the same route that it has done for investment tokens in that the financial promotions requirements in the General module (‘GEN’) will apply to all activities concerning the marketing of crypto-tokens. The definition of financial product will also be changed to include crypto-token.

Regulatory Requirements

A considerable part of the consultation paper covers regulatory requirements in relation to crypto-tokens. The DFSA sets out proposals on issues such as providing financial services in relation to crypto-tokens, requirements for venues that allow for the trading and clearing of crypto-tokens and proper markets.

Incorporation

Significantly, the DFSA is proposing that all entities intending to offer financial services in relation to crypto-tokens must establish in the DIFC as a body corporate and be incorporated under DIFC law. This means that, for foreign financial institutions, only a DIFC subsidiary will be allowed to offer financial services in relation crypto-tokens in or from the DIFC. Branches or representative offices will not be allowed to conduct financial services in relation to crypto-tokens. This proposal raises two important questions: first, while it may be appropriate in the context of a regulated crypto exchange with substantive activities in the DIFC, it is entirely disproportionate to apply such a policy to a firm which simply intermediates between its clients and a crypto-token provider (e.g. arranging or advising on crypto-tokens); second, this proposal effectively prevents existing branches in the DIFC from engaging in any financial services in relation to crypto-tokens. This proposal appears disproportionate, creates an uneven playing field and is, to some degree, anti-competitive. Also, it is not clear whether the DFSA expects existing DIFC bank branches to avoid crypto-token activities entirely, or to convert to subsidiaries or to establish separate DIFC subsidiaries for their crypto-token activities. 

In terms of the type of financial services activities that may be carried out in relation to crypto-tokens the DFSA proposes the following: advising on investments, operating an exchange, providing custody, arranging custody, operating a clearing house and operating an alternative trading system. The relevant rules in the DFSA Rulebook will also apply (together with some additional rules). The DFSA is also considering whether firms may hold Accepted Crypto Tokens for their own account on their own balance sheet and, in terms of the prudential treatment of these exposures it intends to impose, the preliminary proposals in CP143 are those that which the Bank of International Settlements has issued on the prudential treatment of credit institutions’ exposures to crypto-tokens.

Trading venues

Regarding trading venues, the DFSA is extending many of the requirements that it has already put in place for investment tokens. But there are some important differences. For example, the trading of Accepted Crypto Tokens will be limited in certain ways, including that the DFSA is not proposing at this stage to allow trading through an organised trading facility due to the discretionary rules associated with this model. Trading venues will therefore need to be licensed as Authorised Market Institutions or as multilateral trading facilities. Also, an operator may not combine the trading of a crypto-token and investment token within the same legal entity. It is not entirely clear why this restriction is deemed necessary. 

Clearing and settlement

When it comes to assessing the appropriateness of clearing and settlement arrangements implemented by an operator, the DFSA is proposing to adopt a case-by-case approach. Whilst this is in keeping with the position for investment tokens, the DFSA has taken a further step by clarifying its expectations as to what proper clearing and settlement arrangements look like. Essentially, the DFSA wants to see a clearing house interposing itself between counterparties to the trade or that there is an ‘air-tight’ blockchain solution that removes the known risks between counterparties to the trade. The DFSA goes on to describe in more detail the position concerning counterparties, technological excellence, capital requirements and settlement instruments.

Collective investment funds

The consultation paper contains a number of proposals concerning collective investment funds and, in relation to prospectus disclosures, the DFSA is planning to go further than the current position as regards investment tokens. Also, at this point in time, and in keeping with its policy of requiring all crypto-token business to be based in the DIFC, the DFSA is proposing not to allow the offer or marketing of a foreign crypto-token fund in or from the DIFC. Again, this proposal appears to be disproportionate to the risks, particularly where such risks could be mitigated by client risk warnings or by limiting the promotion of such foreign funds to sophisticated clients (deemed professional clients and market counterparties for instance). 

Digital wallets

The concept of a digital wallet was introduced in CP138 and is intended to provide a means by which persons can acquire, hold or transact with tokens. The DFSA is proposing to adopt the same requirements concerning digital wallets as it does for investment tokens and require a technology audit. In addition, a prohibition on privacy devices is proposed and this may include digital wallets that hide, anonymise or prevent the tracing of crypto-token transactions, the identity of the parties to a crypto-token transaction or the holder of a crypto-token.

Proper markets

The DFSA is proposing to take the same approach to crypto-tokens as it has for investment tokens although it has asked for comment as to whether it should produce additional guidance to address any practical issues.

New issuance

Currently, the DFSA is proposing that at present it will not allow for the issuance of new crypto-tokens in the DIFC. Instead it states that it would prefer to focus on those crypto-tokens that have already been issued.

Other Regulatory Requirements

The broad spectrum of proposals covered in the consultation paper under the heading ‘Other regulatory requirements in relation to crypto-tokens’ are grouped under the following topics: conduct, prudential, financial crime, market abuse, Islamic finance, cyber risk and fees.

Conduct

Unsurprisingly, in the conduct section a number of retail client protections are considered. This includes whether the DFSA should set out further proposals outlining its expectations in terms of what it considers to be ‘fair and balanced’ in relation to the requirements in 3.2.6 of the Conduct of Business module (‘COB’) which deals with past performance and forecasts information. The DFSA also asks the question whether some of the updated requirements recently proposed by the UK Financial Conduct Authority²  in relation to the marketing of crypto assets should also be considered. Moving away from disclosure, the DFSA also proposes prohibiting the offering of incentives to retail clients in relation to any crypto-token product or service.

Financial crime

As for financial crime, the DFSA reminds firms that they are subject to the laws and regulations published at the Federal level and that they should also follow the Financial Action Task Force standards and guidance.  The DFSA is also considering how it can develop further guidance to expand on what is already set out in the Anti-Money Laundering, Countering-Terrorist Financing and Sanctions module. This could include examples of typologies where tokens can be misused by criminals.

Market abuse

Rather than rely on the provisions in GEN the DFSA is instead proposing to apply all the market abuse provisions in the Markets Law³ and the Code of Market Conduct (‘CMC’) to all persons using crypto-tokens. In addition, given the DFSA’s concerns regarding the use of forums it is proposing to add a further requirement for an AMI and multilateral trading facility to monitor these (if provided) and identify and remove posts that may contravene the Markets Law or the CMC.

Islamic finance

In the consultation paper the DFSA picks up on the disagreement between Islamic scholars about the Shari’a compliance of crypto-tokens because they can be used for speculation (maisir), which is prohibited. The DFSA is inviting comments on whether there are measures it should be taking in this area in addition to those provisions in the Islamic Finance Rules module.

Fees

Among other things the DFSA is proposing a flat one-time application fee of US$ 10,000 for an assessment of whether a crypto-token is an Acceptable Crypto Token.

Next Steps

The deadline for comments on the consultation paper is 6 May 2022. 

Following the public consultation the DFSA will finalise its approach and produce draft legislation as needed.

Finally, it’s worth noting that the DFSA has invited those authorised firms already engaging in crypto-token related activities to contact it so that the regulator can consider how the business can be brought into line with the new regime. The DFSA also confirms that it is aware that there will be some applicants with existing crypto-token related business that will want to apply and it will have to work through with them any re-onboarding issues. Those firms seeking to conduct a financial services activity in relation to crypto-tokens will be ‘rigorously scrutinised’ by the DFSA, which will expect well thought out regulatory business plans, business continuity plans and anti-money laundering business risk assessments.

¹See pages 10 to 12 of the DFSA consultation paper

²FCA Consultation Paper 22/2: Strengthening our financial promotion rules for high risk investments, including cryptoassets

³Markets Law DIFC Law No. 1 of 2012