The Dubai Financial Services Authority (DFSA) has launched the first phase of their Digital Assets regime by introducing regulation governing Security Tokens in and from the DIFC. In this article, we provide a brief overview of the new regime.
Cryptocurrencies such as Bitcoin and Ethereum have dominated the news cycle over the past year. The question of how and whether such cryptocurrencies should be regulated is likely on the mind of every regulator. The financial services regulator for the Dubai International Financial Centre (DIFC), the Dubai Financial Services Authority (DFSA), took its first step in October 2021 when it introduced a new regime for the regulation of Security Tokens in and from the DIFC. This forms the first phase of the DFSA’s Digital Assets regime.
The DFSA have not sought to regulate cryptocurrencies, but to regulate ‘tokens’ which are based on the same underlying technology as cryptocurrencies. They have defined Tokens in the Glossary Module (GLO) as: “a cryptographically secured digital representation of value, rights or obligations, which may be issued, transferred and stored electronically, using Distributed Ledger Technology (DLT) or other similar technology”. The DFSA intends to issue a second consultation paper which is expected to cover cryptocurrencies and so-called stablecoins.
The rationale for regulating tokens is because the DFSA considers them to be a form of financial instrument. As such, the DFSA has real concerns in respect (i) investor protection, (ii) market integrity and (iii) disclosure and conduct requirements by service providers of such tokens. However, the DFSA recognised in the Consultation Paper that heralded the recent changes that the underlying technologies are still evolving, and that they should therefore not take an overly restrictive or prescriptive approach.
The new rules came into force on 25 October 2021. We summarise the key changes below.
Types of regulated Tokens
The DFSA has created a category of regulated tokens called Investment Tokens which encompasses both Security Tokens and Derivative Tokens. These include a security or derivative in the form of a token, or a token that confers rights and obligations that are substantially similar in nature to those conferred by a security or derivative or with a substantially similar purpose / effect to a security or derivative. Carrying on a Financial Service in relation to Investment Tokens will require DFSA approval or authorisation. Making an offer of Security Tokens in the DIFC, or admitting such securities to an exchange or trading platform in the DIFC will, absent an exemption, require the publication of a prospectus under the DFSA’s Markets Law 2012.
The prohibition of financial promotions has been extended to cover Investment Tokens. In addition, the scope of Financial Product has also been extended to cover tokens that are held out as Investment Tokens. The onus of determining whether a token is an Investment Token is on the person proposing to carry out activities in relation to these tokens. The DFSA has provided guidance, with examples, to help in determining whether a token would qualify as an Investment Token.
Custody rules for digital wallets
Tokens are stored on so-called ‘Digital Wallets’ and are accessed using a combination of public and private cryptographic keys. The DFSA have introduced custody requirements to cover Digital Wallet Service Providers. Those providers which operate in the DIFC must be Authorised Firms, and must ensure that:
- the DLT technology it uses is resilient and reliable;
- that it is able to clearly identify and segregate Investment Tokens belonging to different clients; and
- that there are appropriate procedures in place to confirm client instructions and transactions and maintain records and data in respect of such instructions and transactions.
Key features document
Any Authorised Firm that wishes to provide a Financial Service in respect of Investment Tokens must provide a ‘key features’ document. This document must set out, amongst other things, the essential characteristics of the Investment Token, the risks associated with the use of DLT and cryptographic keys and any information that would help a prospective client to better understand the technology and make an informed decision.
There are similar, albeit more onerous rules, in respect of any Authorised Firms producing a prospectus in relation to Security Tokens.
The new rules impose a technology audit requirement on all Authorised firms that operate a facility for Investment Tokens, hold or control investments that include Investment Tokens, rely on DLT or similar technology to carry out financial services in relation to Investment Tokens, or manage a fund where the either the units are in Security Tokens, or 10% or more of the asset value of the fund consists of Investment Tokens.
The technology audit must be carried out by a third-party professional in respect of the Authorised Firm’s compliance with the technology resources and governance requirements imposed on it. The auditor must produce a written report that must be submitted to the DFSA. The onus is on the Authorised Firm to satisfy the DFSA that the auditor has the relevant expertise to conduct the relevant audit.