Guiding Principles for the Financial Services Regulatory Authority’s Approach to Virtual Asset Regulation and Supervision

Guiding Principles for the Financial Services Regulatory Authority’s Approach to Virtual Asset Regulation and Supervision September 2022

VER01.120922 TABLE OF CONTENTS

1. BACKGROUND.........................................................................................................................1
2. AIMS..........................................................................................................................................1
3. PRINCIPLES .............................................................................................................................1

VER01.120922 1

1. BACKGROUND 1.1 As a progressive regulator, the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) recognises the transformative power of the virtual asset (VA) industry and its potential to facilitate access to innovative financial services. In response, we created the world’s first bespoke and comprehensive regulatory framework designed for virtual asset activities in 2018. It stands distinct from our other publications covering Digital Assets more broadly which, in addition to VAs, includes the digitalisation of financial services and capital markets, including in relation to Digital Securities.
2. AIMS 2.1 The FSRA has considered the comments and views expressed to date by international standard setters on both VAs and the future of the industry. As the design of regulatory standards in this area continue, we have developed these Guiding Principles to support engagement with other like-minded regulatory agencies in the UAE, across the region and globally, acting as a basis for regulatory cohesion across jurisdictions. 2.2 The Guiding Principles aim to clearly articulate at a high level our approach to the regulation of VAs in ADGM. Whilst they are not legally binding, they should be viewed as a complement to the comprehensive detail of our published framework, providing an accessible view of our priorities and supporting rationale in this space. 2.3 Each principle is a declaration of the FSRA’s risk appetite in the areas of regulation, authorisation, financial crime, supervision, enforcement and international cooperation. When viewed holistically, these expectations are calibrated to ensure the appropriate balance between confidence in our ecosystem, risk-sensitivity, customer protection and attracting new entrants.
3. PRINCIPLES Principle 1 – A Robust and Transparent Risk-Based Regulatory Framework 3.1 The rapid growth of the VA sector and evolution of its enabling technology has seen financial regulators across the globe responding with a variety of approaches, including but not limited to prohibition, restrictions and forbearance. The FSRA believes that bringing definable VA activities within its regulatory perimeter ensures greater oversight and mitigation of the risks inherent in the sector. This approach also addresses the expectations of both best-in-class innovators and traditional financial institutions that seek the transparency and consistency of a regulated environment for a nascent asset class. 3.2 The framework encompasses a suite of regulations, activity-specific rules and supporting guidance that delivers protection to investors, maintains market integrity and future-proofs against financial stability risks. In particular, it introduces a clear taxonomy defining VAs as commodities within the wider Digital Asset universe and requires the licensing of entities engaged in regulated activities that use VAs within ADGM. 3.3 These licensed firms are assigned the same regulatory status within ADGM as any other licensed entity. Therefore product-specific conduct of business rules apply in addition to any others that are applicable to a regulated firm, such as those that are asset class agnostic.

VER01.120922 2 3.4 The FSRA’s commitment to exhibit agility in the face of new trends, products and terminology in the industry ensures a dynamic regulatory framework from which further innovation, which ADGM is keen to foster, can occur. Principle 2 – High Standards for Authorisation 3.5 ADGM has become the destination of choice for many start-ups and investors in the VA sector as well as extant financial institutions looking to expand into this area. Since 2018 the FSRA has issued a number of Financial Services Permissions (FSPs) to trading venues (e.g. multilateral trading facilities (MTFs)) and market intermediaries, such as broker dealers, custodians and asset managers, and continues to provide the regulatory architecture for a vibrant, VA ecosystem. 3.6 As the gatekeeper of this ecosystem, the FSRA commits to proactive engagement with aspirants seeking authorisation in ADGM. Our sandbox-type initiatives, such as the RegLab and the DigitalLab, enable close collaboration not only with the regulator but between start￾ups offering innovative solutions and traditional financial institutions. 3.7 Following the review of a regulatory licence application, if an applicant’s business model and controls are deemed to be within our risk appetite and they meet all applicable rules and requirements, we can provide an ‘in-principle’ approval. This outlines conditions that are required to be met prior to granting the applicant the appropriate Financial Services Permission. An applicant will only progress to a launch when it has completed its operational testing to the FSRA’s satisfaction, which may include third-party verification of the applicant’s systems. 3.8 The FSRA’s risk appetite for VA activities is such that it will only admit operators to its jurisdiction who at the outset can unequivocally meet the transparent, high standards outlined in its framework. This will maintain the best-in-class reputation of the ADGM ecosystem and instil market confidence to promote growth and investment. 3.9 This discerning approach is shown by the FSRA’s power to only permit VAs that it deems ‘acceptable’, as determined by risk factors such as security and traceability, in order to prevent the build-up of risk from illiquid or immature assets. For stablecoins, in addition to this requirement, we only permit those tokens where price stability is maintained by the issuer holding the same fiat currency it purports to be tokenising on a fully backed 1:1 basis. This therefore currently prevents the use within ADGM of other types of stablecoins, such as algorithmic stablecoins. 3.10 With regard to trading venues, the FSRA recognises that the operation of exchange-type activities is key to improving connectivity of VAs to the mainstream financial system and the sector’s expansion in ADGM specifically. Its oversight of MTFs as centralised platforms for VA transactions is calibrated to ensure fair and orderly markets and to prevent market abuse. Principle 3 – Preventing Money Laundering and Other Financial Crime 3.11 The VA industry exhibits structural features that make it susceptible to money laundering and terrorism financing outside the reach of law enforcement. These features include user anonymity, ease of access, infrastructure segmentation and jurisdictional location. As a result, the scrutiny of VAs by regulators to date has included a focus on the heightened money laundering and terrorist financing risks. The FSRA’s dedicated Financial & Cyber Crime Prevention Unit acts as a centre of expertise and leads ADGM’s efforts in promoting sound

VER01.120922 3 practices in financial crime compliance. 3.12 In recognition of the underlying risk profile in this area, the FSRA requires that its comprehensive Anti-Money Laundering/Combatting the Financing of Terrorism (AML/CFT) rules are equally applicable to VA activities, in addition to UAE-wide Federal Laws and Cabinet Resolutions on AML/CFT. Critically, the FSRA also expects full compliance with FATF Guidance and Recommendations in this area. 3.13 The strength of these requirements, taken all together, should promote an effective AML/CFT culture within ADGM’s VA firms and ensure the centre aligns with international best practice for beneficial ownership transparency. To demonstrate this, the FSRA requires those firms to avoid VA transactions where a counterparty’s identity is unknown at any stage in the process. 3.14 With regard to taxation, the FSRA expects authorised firms to be fully cognisant of applicable reporting obligations under the FATCA and Common Reporting Standards regimes. Principle 4 – Risk-Sensitive Supervision 3.15 Consistent with its principles on regulation and authorisation, the FSRA’s risk-based approach to supervision of authorised firms is equally applicable to VA firms. This includes setting the risk rating of a firm based on its size, nature and complexity, undertaking a continuous risk assessment cycle and utilising its supervisory toolkit to minimise the impact of a firm failure or conduct risk crystallisation. Ultimately, we require our authorised firms to have sound risk management and appropriate controls that are also proportionate to the nature and materiality of their business. 3.16 Whilst financial crime is seen as a primary risk in the sector at this point in its growth, ADGM’s framework also includes safeguards aligned with its mandate to ensure market integrity, investor protection and financial stability. As a forward-looking regulator, the FSRA implemented these safeguards at the outset to prevent the commensurate increase in risk as the sector undergoes expansion within ADGM. Therefore, the following risk drivers receive heightened focus from the FSRA in its supervisory programme: (a) Custody of VAs – even where outsourced to a third party, a VA custodian is held to the requirements applicable to client monies and client investments. Enhanced reconciliation and reporting requirements are also in place. (b) Technology and Governance Controls – whilst being ‘technology-neutral’, we have bespoke requirements reflecting the intensive technology-related operations of VA firms, including: the maintenance of operating systems; cryptographic keys and wallet storage; password encryption; origin/destination of VA funds; and fork protocols. (c) Exchange-Type Operations – the ‘fair and orderly trading’ and Market Abuse requirements for Financial Instruments admitted to trading on trading venues in ADGM are equally applicable to VAs traded on an MTF in ADGM. Real time reporting is required for all transactions on such platforms. Requirements relating to settlement, transaction recording, rulebooks and access, among many others, also apply. (d) Investor Protection – we have set high standards around product suitability, communication of material risks to clients and resolution of perceived client conflicts. VA firms are required to monitor and update their risk disclosures on a continuous basis.

VER01.120922 4 3.17 To ensure the robust execution of its supervisory strategy, the FSRA has actively recruited a supervisory team with the appropriate experience in the VA industry. This is complemented by investment in its SupTech capabilities to proactively identify and mitigate emerging risks, a key example being its market surveillance system to monitor market abuse. The FSRA also supports the adoption of effective RegTech to maintain compliance standards within ADGM, such as those that help adherence to the FATF ‘travel rule’ for cross-border VA transactions. Principle 5 – Commitment to Enforce on Regulatory Breaches 3.18 To enable the FSRA to meet its statutory objectives, ADGM legislation empowers us with a range of supervisory and enforcement tools and actions to identify, address and deter regulatory breaches, regardless of sector or regulated activity. We will act decisively to address non-compliance with our regulations and rules and eliminate any potential benefit that might arise from it. Our approach to enforcement is outlined below: (a) We have comprehensive powers to gather evidence and information on a compulsory basis. This includes requiring: (i) production of information and documentation from a firm; and (ii) a skilled person report on any perceived deficiencies within a firm. (b) We also have a legal basis to conduct investigations: (i) into the nature, conduct or state of business and the ownership or control of the entities that we regulate; (ii) into suspected contraventions by any person of the regulations and rules that we administrate; and (iii) to further requests for assistance from other regulatory authorities. (c) Our comprehensive powers of investigation, which are exercised where a formal investigation has been commenced and can apply to any person, includes powers to: (i) compel testimony under oath; (ii) require production of information and documents; (iii) require assistance; and (iv) enter business premises to inspect and copy documents. (d) Furthermore, a range of regulatory and disciplinary actions are available to address and remedy non-compliance with our framework. These include the ability to: (i) impose requirements or conditions on a firm in the course of its business e.g. to not hold Client Money or trade in certain Specified Investments; (ii) withdraw the status of an individual in a Controlled Function; (iii) cancel a Financial Services Permission or Recognition Order; (iv) suspend a Financial Services Permission; (v) impose financial penalties or public censure;

VER01.120922 5 (vi) ban individuals from performing functions in the ADGM; and (vii) apply to the ADGM Courts for a wide range of injunctive or final relief, including to seek compensation for victims of misconduct and to require restitution and damages. (e) We publish full details of formal regulatory actions that are undertaken. 3.19 We are committed to providing the fullest assistance possible to other regulatory authorities, including on regulatory investigations undertaken by other jurisdictions. As part of this commitment, we are a signatory to the IOSCO Enhanced Multilateral Memorandum of Understanding. Principle 6 – International Cooperation 3.20 Considering the global reach of VA activities, the FSRA believes that collaboration between regulators internationally is imperative to mitigate the variety of risks they pose. To support this, the FSRA has entered into a material number of bilateral and multilateral Memorandum of Understandings (MoUs) to support the exchange of information between regulators. 3.21 In addition to being agile to market-based trends, the FSRA remains vigilant to emerging risks and opportunities in the sector by undertaking gap analyses against the regimes of other regulators and international best practices. 3.22 Likewise, as a high watermark regime, the FSRA supports the development of international minimum standards that can drive the sector’s growth to be sustainable, risk sensitive and consistent across markets. Although they may require ongoing revision to keep pace with industry developments, the FSRA stands ready to contribute to the design of principles by international bodies such as IOSCO, the Basel Consultative Group and FATF. 3.23 Being one of the first regulators to proactively engage with the sector, the FSRA has built a deep understanding and practical experience on its risks and potential regulatory models. Therefore, it is seen as a thought leader in the MENA region and continues to expand this recognition to the global stage through engagement with other regulatory bodies in North America, Europe and Asia, industry forums and by providing its insights to newer International Finance Centres.