Fintech 2025

UAE Law and Practice Contributed by: Stefan Mrozinski, Gabrielle Margerison (nee Lowe) and Arnold Krutilins, White & Case LLP

and any digital representation of any other value specified by the VARA in this regard. As such, those that intend to provide virtual asset services related to NFTs in the emirate of Dubai (exclud - ing the DIFC) will be required to comply with the obligations set out under the DVAL and its sup - plementary regulations and Rulebooks, includ - ing obtaining a licence from the VARA. The DFSA General Rulebook Module determines that a token will constitute an NFT where it: • is unique and not fungible with any other token; • is related to an identified asset; and • is used to prove the ownership or provenance of the asset. In contrast to the VA Decision and the DVAL, under the DFSA’s regime, NFTs are considered excluded tokens, which means that their use is not regulated in the DIFC, except under certain circumstances. While certain FSRA AML/CTF requirements will apply to NFTs in the ADGM, NFTs themselves currently remain outside of the FSRA’s regula - tory oversight. 11. Open Banking 11.1 Regulation of Open Banking In the UAE, open banking is regulated under: • the RPSCS Regulation, under which pay - ment initiation service providers and account information service providers are required to obtain a licence to operate in “onshore UAE” ; and • the Open Finance Regulation. The Open Finance Regulation issued by the CBUAE in

2024 introduced an “Open Finance Frame- work” which CBUAE-licensed financial institutions are mandated to participate in. In summary, licensed financial institutions will, following consent from a customer, be able to access customer data (including that held by other licensed financial institutions) for the purpose of initiating transactions on custom - ers’ accounts. In “offshore UAE” : • the DFSA General Rulebook Module was amended in 2020 to include the provision of open banking-related services within the scope of its licensing framework; and • the FSRA introduced a new regulatory framework for Third Party Financial Technol - ogy Services. The framework for Third Party Financial Technology Services focuses on the activities provided by third parties that act as intermediaries between customers and FSPs. 11.2 Concerns Raised by Open Banking In recent years in the UAE there has been an increased awareness of privacy and data securi - ty standards. This has been driven by the impact of the GDPR on international data flows and consumer and business expectations. The DIFC and the ADGM also amended their data protection regimes in 2020 and 2021 respec - tively. The DIFC and the ADGM frameworks are largely modelled on the GDPR and require open banking providers to implement the data privacy and security measures contained therein where they are established in the financial free zones or are processing the personal data of individuals in the financial free zones. The CBUAE also sets out extensive data protec - tion provisions as part of its regulatory frame -

926 CHAMBERS.COM

Powered by