With the DFSA dismantling its recognized crypto token list and shifting the responsibility for token suitability assessments onto firms, the crypto market in Dubai is now more open than ever. The good news is that it makes crypto much more scalable and allows firms to become more innovative in their investments and expansion of their crypto strategies, but with that comes a catch: A much larger compliance burden for firms.

We spoke with several law experts to break down what the move means for the industry at large, and how firms will need to pivot their compliance strategies to bring them in tune with the changes.

The amendments represent “a meaningful liberalization of the DIFC crypto market” rather than a simple transfer of regulatory friction, Clyde & Co’s fintech and financial services team — Partner Tom Bicknell, Senior Associate Barkha Doshi, and Trainee Solicitor Afreen Abedin — wrote in a note to EnterpriseAM UAE.

The DFSA’s centralized token list had acted as a “bottleneck for innovation,” the team at Clyde & Co and CEO and founder of SAJA Legal Consultants Carolina Rios both agreed. Allowing firms to assess tokens based on their own business models and client profiles removes a structural constraint without weakening supervisory oversight, Clyde & Co added.

Are firms ready? The move in itself reflects the crypto sector’s maturity, Rios told EnterpriseAM UAE. “At this stage of market development, regulated firms are sufficiently equipped to identify, assess, and document suitability criteria — and, crucially, to bear direct accountability for the products and services they offer to clients,” Rios said.

What firms need to do

The focus should now be on the quality of internal documentation and governance, M&Co Associate Pedro Seabra Caeiro wrote.

The ingredients making up a strong suitability assessment? It would need to include an analysis of the token’s characteristics as well as its technical infrastructure, governance structures, founder identity and experience, on-chain traceability, concentration of holdings, and regulatory status across jurisdictions, Rios said. Clarification on market liquidity and trading history are also important to include, according to Caeiro.

Other indicators, such as prior approvals by other regulators and the robustness of AML and compliance controls, are also an important cross-jurisdictional benchmark for assessing crypto projects, Rios added.

Crucially, DFSA-ready assessments must read as “defensible” and “audit-ready” rather than checklists, Clyde & Co added. The firm said supervisors are likely to scrutinize whether firms can evidence how conclusions were reached, who conducted the review, what expertise was relied on, and how negative indicators were weighed — particularly where firms proceed despite identifiable risks.

Suitability assessments will also change according to what your role is in the industry, M&Co noted. For example, exchanges would need to document tokens’ liquidity, market history, and operational resilience, while custodians would have to assess technological risks, governance, and client suitability.

Another key change in the DFSA framework: Crypto caps were removed for DIFC funds

While the DFSA has removed caps on the amount funds can invest in crypto tokens, this comes with implicit constraints like suitability assessments and disclosure requirements, though it’s not clear how often they are required to file returns.

Fund managers will still need to justify allocations, but the boundaries have shifted from percentages to principles, the Clyde & Co team said.

Where enforcement is most likely to land, and how

Token selection failures would most likely be the first enforcement focus, Clyde & Co said, arguing that suitability has become the “foundation of the new regime” and is where evidentiary gaps will be most visible. Governance and disclosure failures may follow, the firm said, but token assessment is where the DFSA has most clearly shifted responsibility.

High-traction crypto narratives with complex suitability assessments would be the most vulnerable to early regulatory pressures — think real-world asset tokenization, memecoins, decentralized physical infrastructure networks, and AI-driven crypto agents, Rios said. These segments see heightened investor interest but also come with fresh governance and technical risks, raising the bar for defensible suitability determinations, she added.

Non-compliance with DFSA rules can expose firms to fines, public censure, and supervisory restrictions, Caeiro said. DFSA issued some USD 2.5 mn in fines in 2024 alone, along with cases that have led to USD 720.9k in penalties and USD 186k in individual fines.

The bottom line

Boards now face higher reputational and economic stakes when it comes to crypto exposure and compliance. Superficial suitability assessments can trigger regulatory sanctions, investor losses, and lasting reputational damage, while on the other side of the coin, rigorous, defensible frameworks build trust, attract institutional capital, and signal market leadership, Rios said.

Rigorous, defensible frameworks will become a competitive differentiator moving forward, especially in a market where regulatory credibility remains uneven, Clyde & Co noted.

(** Tap or click the headline above to read this story with all of the links to our background as well as external sources.)

Tags: