UAE Edition 
MENA+ Edition 
Egypt Edition 
Saudi Edition 
MENA <> India Corridors 
Logistics (MENA) 
Climate (MENA) 
Share
Read Full Issue 
The UAE’s capital markets watchdog is moving to bring order and oversight to a fast-evolving sector. If you missed our earlier coverage, the Capital Market Authority (CMA) has rolled out a new virtual assets framework that pulls trading, custody, advisory, and platform activity under a single, consolidated rulebook.
Refresher: The reset expands the regulatory perimeter from three to eight activities, now covering dealing, custody, investment advice, portfolio management, arranging transactions, and operating trading platforms. It also introduces more granular modules spanning conduct, AML, prudential rules, and trading systems.
Let’s unpack what this means in practice
Who’s now in scope: The framework “will bring more firms within licensing requirements,” particularly those whose models were previously only indirectly captured, such as advisory or portfolio management, the CMA told EnterpriseAM in an emailed statement.
Firms will need to assess their activities holistically, as “multiple regulated activities may apply simultaneously,” meaning a single business model could now trigger several licenses.
Regulation is also tightening in how risk is treated: The CMA is shifting toward a “same activity, same risk, same regulatory outcome” approach — so firms performing functions comparable to traditional finance will face equivalent scrutiny.
In other words, there’s no special treatment for crypto: “If a firm performs a function that is exposed to the same type and level of risk [...] it should be subject to an equivalent level of regulatory scrutiny,” the CMA said.
One key shift is how tokenized assets are treated
“Not everything that uses DLT will automatically fall under the VA regime,” the CMA noted, stressing that firms must assess the legal nature of the instrument and not just the technology. That should drive “more disciplined classification” and closer coordination with regulators before products are launched.
As for timelines…
There’s a one-year grace period running to 27 February 2027, but it’s not a pass. The CMA said firms “should pay close attention to the transition arrangements,” which will determine how existing business models are treated, with circulars already issued outlining the impact on applicants and license holders.
Who needs to do what: Firms with in-principle approval can continue under the old framework, subject to conditions, while those without it must realign and resubmit under the new regime. Existing license holders are undergoing a CMA-led gap analysis and will be required to “regularize their status” in line with updated requirements.
No waiting it out: Crucially, firms must comply with conduct rules from day one. The CMA cautioned that the grace period should not be treated “as a delay in meeting core regulatory expectations,” underscoring that supervision is already live as the transition unfolds.
