This country-specific Q&A provides an overview of the legal framework and key issues surrounding fintech law in the UAE.
This Q&A is part of the global guide to Fintech.
For a full list of jurisdictional Q&As visit http://www.inhouselawyer.co.uk/index.php/practice-areas/fintech-2nd-edition
What are the sources of payments law in your jurisdiction?
The United Arab Emirates (“UAE”) consists of “onshore” (“UAE Onshore”) and financial free zone jurisdictions, to which different sources of payments law apply. There are currently two financial free zones in the UAE: the Dubai International Financial Centre (the “DIFC”) and the Abu Dhabi Global Market (the “ADGM”) (together, the “Financial Free Zones”).
The sources of payments law in the UAE depend on the applicable jurisdiction and financial regulatory regime:
- UAE Onshore. Where the payment service provider (“PSP”) is providing its services in or from UAE Onshore, it is governed by the federal laws of the UAE. Financial services conducted in or from UAE Onshore are regulated by the UAE Central Bank (“UAECB”), Securities and Commodities Authority (“SCA”) and Insurance Authority (“IA”) (as applicable).
- DIFC. Where the PSP is providing its services in or from the DIFC, it is governed by the laws of the DIFC. The Dubai Financial Services Authority (“DFSA”) regulates financial services conducted in or from the DIFC.
- ADGM. Where the PSP is providing its services in or from the ADGM, it is governed by the laws of ADGM. The Financial Services Regulatory Authority (“FSRA”) regulates financial services conducted in or from the ADGM.
The sources of payments law on UAE Onshore principally consist of the Regulatory Framework for Stored Values and Electronic Payment Systems 2017 (“2017 Payment Regulations”) and Federal Law No. 14 of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities (“2018 FIA Law”).
2018 FIA Law
Article 65 of the 2018 FIA Law sets out the relevant financial activities subject thereto, which include “Providing currency exchange and money transfer services” and “Providing stored values services, electronic retail payments and digital money services” (among others).
The 2018 FIA Law sets out the requirements for conducting the above financial activities and prohibits, under Article 64, any entity from conducting such financial activities without a license from the UAECB.
The 2018 FIA Law further sets out certain information with respect to the application procedure for a UAECB license, reporting obligations to the UAECB and other obligations, delegating a sizeable amount of regulations to the UAECB.
2017 Payment Regulations
The 2017 Payment Regulations set out the requirements imposed upon four main types of PSPs:
1) Retail PSP: Authorized commercial banks and other licensed PSPs offering retail, government, and peer-to-peer digital payment services as well as money remittances;
2) Micropayment PSP: PSPs offering micropayments solution facilitating digital payments targeting the unbanked and under-banked segments in the UAE;
3) Government PSP: Federal and local government statutory bodies offering government digital payment services; and
4) Non-issuing PSP: Non-deposit taking and non-issuing institutions that offer retail, government, and peer-to-peer digital payment services.
The 2017 Payment Regulations cover the following digital payment services:
- Cash-in services: enabling cash to be place in a payment account;
- Cash-out services: enabling cash withdrawals from a payment account;
- Retail credit/debit digital payment transactions;
- Government credit/debit digital payment transactions;
- Peer-to-peer digital payment transactions; and
- Money remittances.
The 2017 Payment Regulations do not apply to the following PSPs, which may be subject to other UAECB laws and Regulations:
- Payment transactions in cash without any involvement from an intermediary;
- Payment transactions using a credit/debit card;
- Payment transactions using paper cheques;
- Payment instruments accepted as a means of payment only to make purchases of goods/services provided from the issuer/any of its subsidiaries (i.e. closed loop payment instruments);
- Payment transactions within a payment/settlement system between settlement institutions, clearing houses, central banks and PSPs;
- Payment transactions related to transfer of securities/assets (including dividends, income, and investment services);
- Payment transactions carried out between PSPs (including their agents/branches) for their own accounts; and
- Technical service providers: Defined as entities facilitating the provision of payment services to PSPs, whilst excluded at all times from possession of funds (or transference thereof). A payment gateway operator could fall under this category.
DIFC and ADGM
The sources of payments law in the DIFC and ADGM are similar:
- DIFC: The sources of payments law in DIFC principally consist of DIFC Law No.1 of 2004 (“Regulatory Law”) and DFSA rulebook (“DFSA Rulebook”).
- ADGM: The sources of payments law on UAE Onshore principally consist of the Financial Services and Markets Regulations 2015, as amended ( “FSMR”) and the FSRA rulebook (“FSRA Rulebook”).
The FSMR and Section 2.6 of the DFSA Rulebook (General Module) both define the provision of money services as “providing currency exchange or money transmission”. Money transmission is defined as “(a) selling or issuing payment instruments, (b) selling or issuing stored value, or (c) receiving money or monetary value for transmission, including electronic transmission, to a location within or outside the [DIFC/ADGM (as applicable)]”.
Section 7.2 of the DFSA Rulebook (General Module) and Section 16 of the FSMR both require that PSPs in the DIFC/ADGM (as applicable) have a license from the DFSA/FSRA (as applicable), authorizing the PSP to provide payment services. However, section 16 of the FSMR provides for an exception to this obligation where the corporate entity is considered “exempt”.
The above regulations set out certain information with respect to the application procedure for a license, reporting obligations to the competent authority and other obligations, with the laws delegating a sizeable amount of regulations to the DFSA/FSRA (as applicable).
Can payment services be provided by non-banks, and if so on what conditions?
PSPs on UAE Onshore can be non-banks. The 2017 Payment Regulations limits the scope of non-bank PSPs to the following, imposing ownership restrictions in many cases:
- Retail PSPs: a commercial bank or consortium thereof must hold majority ownership of it;
- Micropayment PSPs: it must be (a) a telecommunications service provider or operator licensed by the Telecommunications Regulatory Authority; (b) a UAE licensed money exchange business, or (c) a corporate entity providing transport services and licensed by the National Transport Authority. Additionally, one or a consortium of the following must hold majority ownership of it: commercial bank, telecommunications services provider or operator, transport services entity and monetary or financial intermediary licensed by the UAECB;
- Government PSPs: one or a consortium of a federal ministry or authority or local government authority must hold majority ownership of it; and
- Non-Issuing PSPs: no ownership restrictions are included under the 2017 Payment Regulations however reference is made to further requirements under a “licensing requirements” which may include such restrictions (more on this below).
The above non-banks would require a license from the UAECB in order to provide payment services. The 2017 Payment Regulations refer to licensing processes and requirements for PSPs set out in a “licensing manual” and Article 67 states that the UAECB shall issue the rules, regulations and standards and determine conditions for granting licenses. The UAECB has confirmed that such licensing manual has not yet been issued and is currently under development. At this stage, licensing processes and requirements for PSPs may be provided by the UAECB upon submission of an application therefor.
PSPs in DIFC can be non-banks. However, they must satisfy an extensive range of requirements, many of which differ based on the applicable category. There are five categories of financial services in the DFSA, set out under the Prudential – Investment, Insurance Intermediation and Banking Business Module of the DFSA Rulebook. The provision of money services is not expressly included under a category, therefore the category that best corresponds to the activities of a PSP would apply. The DFSA financial services categories are set out as follows:
- Category 1: Accepting deposits or providing credit;
- Category 2: Dealing in investments as principal (not including matched principal);
- Category 3: Dealing in investments as principal or agent, operating a collective investment fund, managing assets, providing custody, providing trust services, acting as the trustee of a fund;
- Category 4: Arranging credit or deals in investments, advising on financial products or credit, arranging custody, insurance intermediation, insurance management, operating an alternative trading system, providing fund administration; and
- Category 5: An Islamic financial institution managing a profit-sharing investment account entirely in accordance with Sharia.
The PSP would require a license from the DFSA to provide the relevant financial services.
PSPs in ADGM can be non-banks. However, they must satisfy an extensive range of requirements, many of which differ based on the applicable category. There are five categories of financial services in the FSRA, set out under the Prudential – Investment, Insurance Intermediation and Banking Rules of the FSRA Rulebook. The provision of money services is included under Category 3C, and a PSP would fall under this category unless it also meets the criteria of categories 1, 2, 3A, 3B or 5.
It is worth noting that a PSP may, where authorised under its FSRA financial services permission (i.e. FSRA license) to do so, conduct any number of regulated activities specified under a lower category than the one applicable to it.
The conditions specifically applicable to a PSP company under category 3C include, inter alia:
- Capital requirements: Higher of Base Capital Requirement or Expenditure Based Capital Minimum:
a) Base Capital Requirement: USD 250,000, and
b) Expenditure Based Capital Minimum: Where no client assets or insurance money is held by the PSP, 13/52nds of the Annual Audited Expenditure, calculated as all expenses and losses that arise in the license holder’s normal course of business in a 12-month accounting period (excluding exceptional items) which are recorded in its audited profit and loss account, not including the following:
- discretionary staff bonuses;
- discretionary incentive shares and share options;
- other non-automatic appropriations of profits (not including a management charge);
- shared commissions and fees payable, directly related to commissions and fees receivable (which are included with total revenue);
- fees, brokerage and other charges paid for purposes of executing, registering or clearing transactions;
- expenses for which pre-payments or advances have already been made to the respective claimant and deducted from capital resources as illiquid assets;
- foreign exchange losses; and
- contributions to charities;
- The maintenance at all times of an amount of assets exceeding its Expenditure Based Capital Minimum in the form of liquid assets;
- The maintenance at all times of a professional indemnity insurance in accordance with the FSRA’s requirements; and
- Supervisory review and evaluation processes requirements.
The PSP would require a financial services permission from the FSRA to provide the relevant financial services.
What are the most popular payment methods and payment instruments in your jurisdiction?
With respect to small and regular amounts, payment by way of cash remains the most prevalent method of payment in the UAE: many small establishments in the UAE only accept cash. However, an increasing number of UAE residents are opting to pay by way of debit and credit cards: VISA and MasterCard credit cards are widely accepted by businesses and government services.
With respect to larger amounts, cheques are an important payment instrument in the UAE and are notably used for rent payments.
Online payments are increasingly common across the entire spectre of payments. Visa’s CNP transaction data illustrated a growth of e-Commerce by 31% in the UAE over the 12 months leading to June 2019 .
Various other digital initiatives are increasingly utilized; however, these initiatives represent a small segment of payment mechanisms. Such initiatives include the government’s Mobile Wallet, Etisalat Wallet, NOL Cards, Apple Pay, Samsung Pay and Alipay. Alipay, a large online and mobile payment platform, is also active in the UAE. It should be noted that the Dubai government introduced plans to launch its own wallet emCash which can be used as a digital currency and cryptocurrency as well.
What is the status of open banking in your jurisdiction (i.e. access to banks’ transaction data and push-payment functionality by third party service providers)? Is it mandated by law, if so to which entities, and what is state of implementation in practice?
There is no current legislation specifically governing open banking or requiring banks to share their data with open banking service providers. However, pursuant to Article C.2.5 and D.7.1 of the 2017 Regulations, the UAECB has the right to impose “Access” regimes and interoperability obligations on PSPs.
The UAE is one of the fastest growing markets in the Gulf Cooperation Council (“GCC”). The current use of open banking in the UAE is largely limited to e-wallets. Certain aggregation tools exist with respect to banks’ data however they are limited to specific banking services and are not widespread.
The use of open banking in the UAE is gaining traction with the continual advancements of e-wallets, mobile payments and real time transfers. The use of Etisalat Wallet, Apple Pay and Samsung Pay in the UAE, inter alia, evidence the presence of open banking. Also, Emirates NBD, a major bank in the UAE, had enabled open banking collaboration, having launched an API sandbox for fintech companies and other financial institutions registered in the DIFC. Five Fintech companies have graduated from this initiative with a “certificate of collaboration”.
Open banking services providers that possess funds at any point (or transference thereof) are categorized as payment (or money) services providers and must be licensed by the relevant authority.
How does the regulation of data in your jurisdiction impact on the provision of financial services to consumers and businesses?
UAE Onshore does not have any specific stand-alone data protection legislation. Data privacy and protection is addressed across a number of separate laws and regulations not specifically focused on data protection. Such legislation encompasses generally applicable laws regarding data protection including those under Federal Law No. 3 of 1987 Promulgating the Penal Code (“Penal Code”) and Federal Law No. 5 of 2012 on Combating Cybercrimes (“Cybercrime Law”) which prohibit disclosure or publication of private information and interception of personal communications. There are also sector-specific applicable laws and regulations regarding data protection available in the labor, telecommunications and finance sectors.
With respect to the provision of financial services, the 2017 Payment Regulations impose the following obligations on PSPs with respect to data protection and privacy obligations, inter alia:
- Not to process or share personal data provided by customers, unless necessary as per AML/CFT laws;
- To store and retain all user and transaction data exclusively within the borders of the UAE (excluding Financial Free Zones), for a period of at least five years from the date of the original transaction; and
- To store details of users’ personal information for at least five years from the date the user relationship is terminated.
Furthermore, Article 120 of the 2018 FIA Law provides that all data and information relating to customers’ accounts, deposits, safe deposit boxes and trusts with “Licensed Financial Institutions” and related transactions shall be considered confidential in nature, and may not be perused, or directly or indirectly disclosed to any third party without the “written permission of owner of the account or deposits, his legal attorney or authorized agent, and in legally authorized cases”.
As illustrated above, it is important that no user or transaction data be stored outside the UAE. The requirements under the 2017 Payment Regulations and 2018 FIA Law are in addition to any other applicable laws and regulations, as well as circulars issued by the UAECB.
Financial Free Zones
In the DIFC, the DIFC Law No. 1 of 2007 and DIFC Data Protection Regulations govern the protection of data. In the ADGM, the Data Protection (Amendment) Regulations 2018 and Data Protection Regulation of 2015 govern the protection of data.
The data protection laws in the DIFC and ADGM impose similar requirements on data controllers and data processors with respect to personal data, including the following, inter alia:
- That processing is done fairly, lawfully and securely for a legitimate purpose; and
- That personal data is kept in a form which permits identification of the data subject for no longer than is necessary.
Legitimate processing of personal data in Financial Free Zones may only be conducted upon one of the below requirements being fulfilled, inter alia:
- The data subject provided its written consent;
- The data subject is provided specific information unless it is reasonably expected that it is already aware of the same;
- It is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- It is necessary for compliance with regulatory and legal obligations to which the data controller is subject;
- It is necessary for a task carried out in the interests of the DIFC/ADGM (as applicable) or other specified authorities; or
- It is necessary for the purposes of the legitimate interests pursued by the data controller or third party or parties to whom the personal data is disclosed, except where such interests are overridden by those of the data subject relating to the latter’s particular situation.
The Financial Free Zones’ data protection laws also include requirements with respect to disclosure to third parties, notification to the competent authority, and rights of data subjects, including right to access, erase, block and object to the processing of personal data.
Each Financial Free Zone has issued its own list of jurisdictions to which the transfer of personal data is permitted. With respect to jurisdictions not included in the list, each Financial Free Zone permits the transfer of personal data to such jurisdictions on the condition that certain requirements are fulfilled, e.g. obtaining the consent of the competent authority or the data subject. The competent authority in the case of the DIFC is the Commissioner of Data Protection, and that in the case of the ADGM is the Registrar.
What are regulators in your jurisdiction doing to encourage innovation in the financial sector? Are there any initiatives such as sandboxes, or special regulatory conditions for fintechs?
There is a clear mandate across all sectors of government to support and encourage the growth of fintech in the region. The financial sector, particularly in Financial Free Zones, represents a significant industry where innovation is sought, principally through accelerator programs.
Pursuant to the Board of Directors’ resolution no. 28/R.M of 2018, the Securities and Commodities Authority of the UAE (the “SCA”) approved draft regulations setting out regulatory controls for the fintech sector in the form of a pilot regulatory environment (sandbox) to enhance and support the financial integrity of fintech companies. The regulations achieve this by relaxing the regulatory requirements or exempting testers from some of these requirements. This testing environment is designed for developers of fintech projects, whether emergent or existing companies or individual projects by entrepreneurs.
The governor of the UAECB has stated, in the UAECB’s annual report for 2018, that the UAECB is “currently in the process of developing a fintech strategy that aims to capitalise on the UAE fintech eco-system and to cohesively deploy balanced regulatory and development initiatives”. The UAECB’s annual report for 2018 also mentions plans to commence further work on other regulations relating to payments and fintech in 2019.
The DIFC launched an accelerator programme named the Fintech Hive to encourage cutting-edge fintech solutions for leading financial institutions. Pursuant to this programme, the DIFC established an innovation testing license which permits qualifying fintech firms to develop and test innovative concepts for a period of six to twelve months without being subject to all regulatory requirements that normally apply to regulated firms. If the outcomes detailed in the regulatory test plan are fulfilled and the participating firm can satisfy DFSA requirements, it may migrate to full authorisation. If such conditions are not met, the firm must cease to carry on activities in the DIFC requiring regulation.
The ADGM launched an accelerator programme named the Regulatory Laboratory (“RegLab”) to encourage cutting-edge fintech solutions for leading financial institutions. Pursuant to this programme, the ADGM established a special type of financial services permission (i.e. license) which permits qualifying fintech firms to develop and test innovative concepts for up to two years without being subject to all regulatory requirements that normally apply to regulated firms. If participating firms are capable of meeting ADGM requirements at the expiry of the license, they may be transferred to the regular authorisation and supervision review. If such firms cannot meet these requirements, they must cease to carry on activities in the ADGM requiring regulation.
In addition to launching an accelerator programme, the ADGM added legislation in the FSMR specifically addressing the emergence of new technologies, namely crypto assets.
Do you foresee any imminent risks to the growth of the fintech market in your jurisdiction?
As previously stated, there is a clear mandate to encourage the growth of the fintech market in both the public and private sectors of the UAE.
From a general standpoint, strict legislation or none at all results in the risk of hindering the healthy growth of any industry. Legacy laws are often ill-suited for technology-driven business models. We have noted that regulators in the UAE are keeping a watchful eye on fintech activities in their respective jurisdictions. It is customary for regulations to lag behind developments in emerging technologies as regulators need to first assess the legal implications and consequences of such technology. These may be far-reaching, as illustrated by the emergence of AirBnb and Uber in their respective industries. It is expected that over the next couple of years, additional regulations will be issued by regulators to provide structure and clear policies in relation to the fintech market.
Another factor presenting important challenges to the growth of the fintech market are cyberattacks and security breaches. Federal Law No. 5 of 2012 on Combatting Cybercrimes criminalizes these activities and applies to both UAE Onshore and the Financial Free Zones. Cyberattacks constitute the biggest threat due to their increasing frequency, unpredictability, potential for systemic impact and existing gaps in risk management. Increased interconnectivity driven by financial technological developments and successful cyberattacks erode confidence in fintech and slow down the growth of the fintech market. The UAE has been a target of several cyberattacks including ATM skimmer malware. Pursuant to a Symantic cybersecurity threat intelligence report (2018), the UAE was the second most targeted country for ransomware attacks in the MENA region.
There are several other imminent risks to the growth of the fintech market in the UAE. These include ownership restrictions, gaps in talent and private capital:
Although the current eligibility requirements under the 2017 Payment Regulations restricts ownership of PSPs, it is still possible for fintech entrepreneurs to enter joint ventures as minority shareholders with more established partners or establish themselves as Technical Service Providers. However, the provision of fintech services on UAE Onshore may be considered limited by regulations pertaining to the offshoring of data. It is arguable that the current legislative structure offers a compromise between encouraging innovation and ensuring the retention of control by UAE financial institutions.
The SCA’s adoption of fintech regulatory sandbox guidelines pursuant to the Board of Directors’ resolution no. 28/R.M of 2018 set out a platform upon which fintech companies can test and launch modern technological initiatives in the securities sector. This structure includes the obtaining of an experimental license from the Ministry of Economy for a period between six to twelve months, under terms and conditions to be determined by the government commission upon evaluation of their business model and other factors.
Financial Free Zones
The Financial Free Zones have taken an early-on approach to invite emerging companies, existing companies and individual projects to be able to apply for their own set of experimental licenses under their accelerator programs, Fintech Hive and RegLab (please refer to our answer under question 6 for more details).
What tax incentives exist in your jurisdiction to encourage fintech investment?
The UAE is considered attractive to businesses in terms of taxation. There are no tax incentives specifically directed at the fintech sector, however the UAE generally imposes little taxation with no corporate income tax but a value added tax of 5%. This value added tax applies to the provision of financial services where (1) such services are performed in return for an explicit fee, discount, commission, rebate or similar matter; and (2) the recipient of the services is a consumer residing inside the UAE, including the Financial Free Zones.
Which areas of fintech are attracting investment in your jurisdiction, and at what level (Series A, Series B etc)?
Investment in fintech in the UAE is mainly directed either at businesses dealing directly with consumers, or businesses providing technology solutions to existing financial institutions.
There is also a considerable amount of investment directed at a variety of industries in the UAE, including the educational sector, healthcare sector, insurance sector, and emerging technologies (e.g. artificial intelligence, distributed ledger technology and deep-learning).
The level of investment in fintech differs per area and jurisdiction. In general, the majority of investment in cutting-edge fintech is currently in the Financial Free Zones and at friends and family or Series A level. At least one fintech company has progressed beyond a Series B round of investment, with Dubai-based Souqalmal.com raising USD 10 million in its Series B funding.
If a fintech entrepreneur was looking for a jurisdiction in which to begin operations, why would it choose yours?
The government has reiterated on numerous occasions its policy to support and encourage technology innovation. This policy is implemented by, inter alia, sandboxes and accelerators set up on UAE Onshore and in the Financial Free Zones.
If the fintech product is well-tested and it is a new technology used to provide a service for which a license already exists, then upon the product meeting the regulatory requirements of the authorities, the service provider may obtain a license from the relevant authorities to conduct its activities in the UAE beyond the testing phase.
Another principal reason entrepreneurs consider initiating operations in the UAE is its advantageous taxation environment.
Access to talent is often cited as a key issue for fintechs – are there any immigration rules in your jurisdiction which would help or hinder that access, whether in force now or imminently? For instance, are quotas systems/immigration caps in place in your jurisdiction and how are they determined?
The UAE has one of the more open immigration policies when it comes to acquiring talent. Its population consists of roughly 80% expatriates and 20% UAE nationals.
There are no quota systems or immigration caps in place, although it is worth noting that an Emiratisation quota requirement exists on UAE Onshore whereby any company with more than 100 employees is obliged to recruit the stipulated number of UAE nationals to ensure a minimum percentage of participation of Emiratis in the workforce. This minimum percentage of participation varies depending on the economic sector of the company and job description.
If there are gaps in access to talent, are regulators looking to fill these and if so how? How much impact does the fintech industry have on influencing immigration policy in your jurisdiction?
The UAE has a well-established policy of encouraging access to new talent. It implements this policy by providing, inter alia, employment visas for long-term talent as well as mission visas for short-term talent required in the UAE. The UAE has reiterated on numerous occasions its policy of encouraging innovation in the fintech sector. It implemented changes to its immigration policy including the introduction of a six-month visa specifically for jobseekers.
What protections can a fintech use in your jurisdiction to protect its intellectual property?
The protections a fintech can use to protect its intellectual property are the same on UAE Onshore and in the Financial Free Zones. However, implementation measures and procedures undertaken by the authorities differ among the jurisdictions: the DIFC and ADGM are subject to common law procedures, whereas UAE Onshore is subject to civil law procedures.
UAE copyright laws provide legal protection for original computer programs, related software applications and databases.
The most applicable protection for copyrights is under Federal Law No. 7 of 2002 Concerning Copyrights and Neighboring Rights (as amended). The UAE is a member of the Berne Convention for the Protection of Literary and Artistic Works, pursuant to which all member states recognize and protect the copyrights of individuals of other member states. While there is no requirement to register copyrights in order for them to be recognized and enforced against a third party in the UAE, it is advisable, for evidentiary purposes, to register copyrights under the applicable UAE registrar.
Financial rights under a copyright are effective for a period of 50 years from the death of the inventor or, where the identity of the inventor is not identifiable, from the date of publication (or launching) of the copyrighted product.
In the UAE, financial rights of an employee under a copyright are not automatically assigned to his/her employer. A separate agreement must be executed to this effect. Additionally, it is not possible to assign the moral rights to a copyright under UAE law.
UAE patent laws may provide certain protection to computer programs, provided, among other conditions, that such programs be suitably tied to hardware and presented as a technical solution to a technical problem.
With respect to patents, protection is provided under Federal Law No. 17 of 2002 on Regulation and Protection of Industrial Property of Patents, Industrial Drawings and Designs (as amended) for a limited period of 20 years from the date of filing of the protection application with the Ministry of Finance and Industry.
Other intellectual and industrial property rights
The UAE is also a member of the Paris Convention for the Protection of Industrial Property. The Paris Convention for the Protection of Industrial Property requires, inter alia, that all member states recognize and protect the intellectual property rights of individuals of other member states. Additionally, the UAE is a member of the Trade-Related Aspects of Intellectual Property Rights (“TRIPS”), a minimum standards agreement for the protection of intellectual property rights.
There are also general intellectual property protections applicable to all businesses, for instance with respect to logos, slogans and names. These intellectual property protections are implemented under Federal Law No. 37 of 1992 on Trademarks (as amended), upon registration with the Trademark Office of the Ministry of Economy. Registration with the Trademark Office results in protection for a period of 10 years, renewable upon application.
How are cryptocurrencies treated under the regulatory framework in your jurisdiction?
If an entity wishes to provide financial services in the UAE and such services involve use of the UAE Dirham, it must be licensed or authorised by the UAECB. Due to the nature of current regulations addressing the use of cryptocurrencies in the UAE, it is currently unclear whether the UAECB would be willing to provide licenses to private entities for activities specifically related to the use of cryptocurrencies (e.g. a crypto currency exchange).
Reference to “virtual currencies” is made under the 2017 Payment Regulations, in which it defines virtual currency as “any type of digital unit used as a medium of exchange, a unit of account, or a form of stored value. Virtual currency(s) is not recognized by this regulation. Exceptions are made to a digital unit that: (a) can be redeemed for goods, services, and discounts as part of a user loyalty or rewards program with the Issuer; and (b) cannot be converted into a fiat/virtual currency” (emphasis added).
The 2017 Payment Regulations provides that virtual currencies are “not recognized by this regulation” and that “All Virtual Currencies (and any transactions thereof) are prohibited”.
In February 2017, the governor of the UAECB clarified that the 2017 Payment Regulations do not “cover ‘virtual currency’, which is defined as any type of digital unit used as a medium of exchange, a unit of account, or a form of stored value”. The governor clarified in his statement that the “regulations do not apply to bitcoin or other crypto-currencies… or underlying technology such as Blockchain”.
Since issuance of the 2017 Payment Regulations, (1) the SCA announced its intention to draft regulations with respect to initial coin offerings (please refer to question 15 below); and (2) the Dubai government announced plans to launch its own wallet emCash which can be used as a digital currency and cryptocurrency. These two announcements suggest that certain cryptocurrencies are not (or at least will not be) prohibited.
However, the wording in the 2017 Payment Regulations remains unchanged and therefore there remains a grey area with regards to the specific legal status of virtual currencies in the UAE.
On 13 September 2017, the DFSA issued a general investor statement on cryptocurrencies stating that “these types of product offerings, and the systems and technology that support them, are complex…. should be regarded as high-risk investments”. The DFSA further stated that it does not regulate such product offerings or license firms in the DIFC to undertake such activities. DIFC regulations do not, at the time of writing, include express reference to cryptocurrencies.
The above DFSA warning is restricted to cryptocurrencies and does not encompass all distributed ledgers. The DIFC has, as mentioned, launched the FinTech Hive, which encourages innovation in technology, including through the use of blockchain and blockchain tokens. At least one Fintech start-up that utilizes distributed ledger technology has “graduated” from the DIFC’s accelerator program.
The ADGM’s regulatory framework does not prohibit the use of crypto assets, however it has set out mandatory requirements and conditions applicable to such use.
ADGM regulations include reference to a specific license that must be obtained by operators of crypto asset businesses. Additionally, the ADGM has issued a legal framework clearly defining the term “crypto asset” and listing the factors the FSRA would consider while determining which crypto assets are “accepted” for use in the ADGM (“Accepted Crypto Assets”), such as under crypto asset exchanges. Under the FSMR, Crypto Assets activities include the following:
(a) Buying, selling or exercising any right in Accepted Crypto Assets (whether as principal or agent);
(b) Managing Accepted Crypto Assets belonging to another person;
(c) Making arrangements with a view to another person (whether as principal or agent) buying, selling or providing custody of Accepted Crypto Assets;
(d) Marketing of Accepted Crypto Assets;
(e) Advising on the merits of buying or selling of Accepted Crypto Assets or any rights conferred by such buying or selling; or
(f) Operating a crypto asset exchange or as a crypto asset custodian.
How are initial coin offerings treated in your jurisdiction? Do you foresee any change in this over the next 12-24 months?
The SCA announced on 9 September 2018 the approval of a plan to regulate initial coin offerings and recognise them as securities. The plan developed is part of an integrated project to regulate digital securities and commodities. The relevant regulations are expected to be issued in 2019.
The DFSA issued an investor warning stating that cryptocurrencies are “high-risk investments” and that it does not currently regulate these types of product offerings.
The ADGM permits initial coin offerings subject to specific conditions, including that the applicable cryptocurrency be an “Accepted Crypto Asset”. The FSRA has issued a Regulation of Initial Coin/Token Offerings and Crypto Assets under the FSMR.
Are you aware of any live blockchain projects (beyond proof of concept) in your jurisdiction and if so in what areas?
We are aware of live blockchain projects in various sectors of the UAE and both on UAE Onshore and in Financial Free Zones.
In the financial sector, Emirates NBD, a major bank in the UAE, recently launched the “Cheque Chain” which integrates blockchain into issued cheques to strengthen authenticity and minimize potential fraud. It registered close to one million cheques using blockchain during the first month of its launch.
Additionally, Smart Dubai has also announced, in collaboration with IBM, the launch of Dubai Blockchain Platform, the first government-endorsed blockchain platform as-a-service in the UAE. This platform will serve as a stepping-stone for organizations in the UAE and globally to transition their blockchain testing and development into full-production. Smart Dubai’s DubaiPay, the payment gateway for most Dubai Government entities, was the first customer of Dubai Blockchain Platform.
There are also live blockchain projects in other sectors. For instance, in the educational sector, Educhain enables the instant issuance and authentication of digital records for institutions, corporates, and governments. It is working with top institutions and employers from MENA, Europe and North America, encompassing 400,000 students and professionals. Additionally, the Dubai Land Department launched the blockchain-based Real Estate Self Transaction (also known as Rest System) technology to enable the complete digital management of real estate transactions, eliminating paper documents and reducing brokerage procedures. It placed existing title deeds onto a blockchain ownership platform, through which it secures more than 500,000 title deeds and 1.5 million smart contract records that connect investors/owners to the property.
To what extent are you aware of artificial intelligence already being used in the financial sector in your jurisdiction, and do you think regulation will impede or encourage its further use?
The use of artificial intelligence in the financial sector is well-established. We do not believe UAE legislation impedes the use of artificial intelligence in the UAE. However, such use would need to satisfy UAE security requirements which are in line with international standards. The Ministry of Finance has on its website included, as a critical activation point to build the UAE’s artificial intelligence capabilities, the issuance of government law and appointment of a UAE Artificial Intelligence Advisory Board to ensure the proper use of artificial intelligence.
Banks use artificial intelligence for a variety of reasons, including the automation of processes, interaction with customers, and building intelligent and real-time lending models. For instance, Emirates NBD has launched the chatbot Eva, which helps customers cut through time consuming layers and access the information they want immediately. Also, First Abu Dhabi Bank (FAB) launched a portal powered by artificial intelligence and machine learning tools to deliver advanced analytics to merchants.
The DIFC has, through its innovation testing program, approved the first robo-wealth advisor in the Middle East, Sarwa. The Dubai Electricity and Water Authority has also launched its robot, Rammas, which listens to customers’ concerns and knows their transaction history.
Insurtech is generally thought to be developing but some way behind other areas of fintech such as payments. Is there much insurtech business in your jurisdiction and if so what form does it generally take?
While insurtech business is present in the UAE, it is developing at a slower pace than other areas such as fintech. As there is nothing in current legislations specifically regulating insurtech companies, the latter must ensure they are providing their services in compliance with general regulations addressing the provision of insurance and reinsurance policies:
- On Onshore UAE, the IA regulates insurance and reinsurance services.
- In the DIFC and ADGM, the DFSA and FSRA respectfully regulate insurance and reinsurance services (only wholesale services with respect to insurance are permitted in the Financial Free Zones).
Successful insurtech business include (1) Aqeed, which developed an insurance wallet where customers can store and recall all their policy documents, it also sends reminders to customers with respect to renewal dates, compares different policies and informs customers where there is a duplication of coverage; and (2) Souqalmal.com, an insurance, personal loan and credit card comparison website, which underwent a Series B funding in 2017.
More recently, the Insurance Authority issued Board of Directors’ Resolution No. 41 of 2019 which provides supervisory rules for the experimental environment of financial technology in the insurance industry.
Are there any areas of fintech that are particularly strong in your jurisdiction?
To a certain extent, fintech services is present in many sectors in the UAE. As illustrated above, the payment services sector of fintech is particularly strong, with banks and government bodies launching cutting-edge technology in this sector.
What is the status of collaboration vs disruption in your jurisdiction as between fintechs and incumbent financial institutions?
As illustrated above, there is a predominant trend of incumbent financial institutions investing significantly in fintech start-ups, resulting in a collaboration between fintech entities and incumbent financial institutions in the UAE. This can be attributed to two main reasons, inter alia:
- The ownership requirements on UAE Onshore requiring that PSPs be majority-owned by, inter alia, UAE licensed financial institutions; and
- An apprehension by incumbent financial institutions of competition from certain fintech entities having business models able to bypass the high barriers to entry traditional financial institutions must satisfy.
It should be noted that the adoption of fintech by incumbent financial institutions may result in the redundancy of many banking jobs.
With respect to the provisions of payment services, the 2017 Payment Regulations require that, in the majority of cases, PSPs are majority-owned by, inter alia, UAE-licensed financial institutions. Due to the current difficulty in obtaining licenses to establish such financial institutions, many fintech entrepreneurs wishing to access the payment sector must either partner with incumbent financial institutions or establish themselves as Technical Service Providers.
Financial Free Zones
The nature of regulations in the Financial Free Zones, in particular, the more flexible ownership and data storage requirements relative to UAE Onshore, result in a larger potential for disruption between fintechs and incumbent financial institutions.
To what extent are the banks and other incumbent financial institutions in your jurisdiction carrying out their own fintech development / innovation programmes?
Many banks and other incumbent financial institutions in the UAE are active in the authorities’ accelerator programs and provide their services and support to participants. Additionally, these financial institutions are prospective, and in some cases mandatory, investors for start-ups and their presence facilitates the provision of pitches to them.
Many banks and other incumbent financial institutions in the UAE, particularly in Financial Free Zones, have also launched a variety of initiatives to carry out their own fintech development and innovation programmes, e.g. Emirates NBD established the Future Banking Lab as a key initiative of its digital strategy, it is through this program that it developed and launched the “Cheque Chain” mentioned under question 16.
Are there any strong examples of disruption through fintech in your jurisdiction?
A strong example of disruption through fintech in the UAE is the lower requirement for over-the-counter banking services due to the availability of digital services. Another strong example is the launch of crowd-funding platforms, which result in a decrease in demand for loans from banks, e.g. Smart Crowd, which was a part of the DIFC Fintech Hive program and now a company licensed by the DFSA, obtained an operating license in April 2018 as a property crowdfunding website.