Central Bank of UAE Introduced New Payment Token Services Regulation

What is a Payment Token Service?

Payment Token Services facilitate transactions using digital tokens instead of traditional money. These tokens represent a specific value and can be used to purchase goods and services or transfer money. Introducing these services aims to enhance the efficiency and security of digital payments, providing a seamless transaction experience for both businesses and consumers.

Benefits of Payment Token Services:

Enhanced Security:

• Digital tokens reduce the risk of fraud and theft by incorporating advanced encryption and security protocols.

Faster Transactions:

• Transactions using payment tokens are processed more quickly compared to traditional banking methods.

Cost Efficiency:

• Lower transaction fees make it a cost-effective option for both businesses and consumers.

Global Accessibility:

• Payment tokens enable cross-border transactions without the need for currency exchange, making international trade simpler and more efficient.

Licensing Process:

• The Central Bank now requires face-to-face meetings between their staff and the Applicant’s Board and Senior Management as part of the licensing process.
• Applicants must submit an independent assessment report, no older than six months, covering critical areas such as capital requirements, corporate governance, risk management, asset reserve management, technology risk management, payment security management, business continuity management, business conduct, customer protection, and AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) control systems.

Governance and Compliance:

• A clear governance framework with board-level accountability is essential.
• Staff must possess relevant professional knowledge and experience.
• Independence from business units must be maintained.
• There should be direct and unfettered access to the Board.
• Comprehensive compliance and internal audit programs are mandatory.
• Timely corrective actions must be taken upon identifying non-compliance or other control deficiencies.

Risk Assessment:

• Payment Token Service Providers must perform an annual risk assessment through their own risk management.
• When necessary, a detailed independent assessment must be conducted, covering the business model, corporate governance, risk management, asset reserve management, technology risk management, security management, business continuity management, business conduct, consumer protection, business exit plan, and AML/CFT control systems.

Publication and Application:

• The new regulations will be published in the Official Gazette in both Arabic and English, coming into effect one month from the date of publication.

Reporting and Rectification:

• Immediate reporting to the Central Bank is required if the annual risk assessment indicates that the provider cannot meet its obligations.
• Providers must submit assessment reports to the Central Bank post Board approval, including an executive summary highlighting key risks, findings, and corrective actions.

Stay informed with Al Dhaheri International Advocates & Legal Consultants, one of the esteemed Dubai law firms, with the best lawyers in UAE. We will continue to keep you updated on essential regulatory changes and their implications.