This article first appeared in the December 2020 edition of The Oath Middle East Law Journal
As the use and scope of digital payments continues to grow exponentially in the Middle East, regulators have the unenviable task of trying to keep up. Joby Beretta, founder of The Bench takes a look at the latest regulations issued by the UAE Central Bank.
Last month the UAE Central Bank (Central Bank)’s new Stored Value Facilities (SVF) Regulations 6/2020 (2020 Regs) came into effect. The Central Bank decided it was time to repeal the previous Regulatory Framework for Stored Values and E-Payment Systems Regulations 2017 (2017 Regs) to take into consideration:
· technological advancements,
· the rapid development of stored value products and services; and
· to align with the new UAE Banking Law (Federal Law No. 14 of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities (UAE Banking Law).
The 2020 Regs have been streamlined and split into the following three distinct parts:
· Part 1 (Licensing), which sets out in detail (Articles 2 to 6) the licensing requirements and the application process (including an Annex with a detailed list of the documents to be provided);
· Part 2 (Ongoing Regulatory Requirements): This comprises the vast bulk of the Regs (Articles 7 to 14) and includes the ongoing requirements on licensees such as share capital requirements (reduced from AED50m to AED15m), corporate governance, outsourcing, risk management, data protection, float management, IT security, business continuity, consumer protection, operating rules, AML requirements etc;
· Part 3 (Enforcement): This provides that the Central Bank may impose such supervisory and financial sanctions as deemed appropriate (Articles 15 to 18). These may include replacing or restricting the powers of the management of a Licensee, providing interim management, fines or baring individuals from the UAE financial sector.
The 2020 Regs substantially widened the previous definition of SVF, as follows:
“a facility (other than cash) for or in relation to which a Customer, or another person on the Customer’s behalf, pays a sum of money (including Money’s Worth such as values, reward points, Crypto-Assets or Virtual Assets) to the issuer, whether directly or indirectly, in exchange for:
(a) the storage of the value of that money (including Money’s Worth such as values, reward points, Crypto-Assets or Virtual Assets), whether in whole or in part on the facility; and
(b) the Relevant Undertaking.”
SVF’s are acknowledged to include both “Device-based SVF” (e.g. stored in an electronic chip on a card or physical device such as pre-paid card or watches) and “Non-device based SVF” (e.g. stored on a network such as internet based payment platforms or digital/mobile wallets).
The 2020 Regs specify that a licence is required from the Central Bank before issuing or operating a SVF in the UAE.
It is worth noting that the 2020 Regs:
· have relaxed the ownership requirements and the previous requirements to partner with a local bank or telecom providers for certain services have been removed;
· now include the detailed licensing requirements rather than being set out in a separate licensing manual whereas some elements of the oversight of payment systems are now included in the UAE Banking Law instead;
· have also moved away from the term “Payment Service Provider (PSP)”and simplified the licensing categories by replacing the previous categories (Retail PSP, Micropayments PSP, Government PSP and Non-issuing PSP) with one definition of SVF and one category of “Licensee”;
· still make some distinction between licensed banks (which are exempt from certain requirements but still need a no objection letter from the Central Bank before commencing a SVF business) and other SVFs;
· have removed the previous limits on payments (e.g. AED25k for retail) and there is now no hard limit provided by the Central Bank (although the SVF must set its own reasonable limits); and
· prohibit overseas SVFs from advertising or soliciting in the UAE without a licence and contain detailed provisions on relevant factors that will be taken into consideration in assessing such activities. Such international companies would therefore need to set up an entity in the UAE and apply for a licence.
Article 2 of the 2020 Regs makes provision for certain types of SVF to be exempt, which include:
· Single-purpose SVFs or Closed Loop Payment Schemes, e.g. where the issuer/retailer accepts the facility as a means of payment for goods or services (not being money or Money’s worth) provided from that particular issuer/retailer only;
· Cash reward schemes, e.g. loyalty schemes provided by shops which offer cash rewards;
· Digital products, such as purchase of ringtones, music, video, e-books, e-games that can be used on mobile phones etc.;
· Bonus point schemes, such as airline mile programs and loyalty schemes providing non-cash points;
· Limited Group SVFs, similar to a Single-purpose SVF but goods or services can be provided by the issuer and/or a wider group of companies that have entered into an agreement with the issuer; and
· Small schemes, less than AED 500k and 100 customers (available only the Central Bank FinTech Office’s sandbox participants).
Other than Single-purpose SVF’s, exemption is not automatic and companies providing any of the above activities which fall within the definition of SVF will need to apply to the UAE Central Bank for exemption (or alternatively a SVF licence).
The 2020 Regs also exclude companies in the Financial Free Zones (i.e. DIFC and ADGM) however states that such financial institutions may conduct SVF business onshore in the UAE after obtaining a license from the Central Bank. It is somewhat unclear however whether such SVF’s would also need to establish a legal entity onshore to meet the requirements in Article 3(2) of the 2020 Regulations.
The 2017 Regs previously stated that cryptocurrencies were prohibited but this stance has been amended in the new regs, with a new definition of “Crypto-Assets” being expressly acknowledged as a valid form of value. However, since the issuance of the 2020 Regs, the Central Bank issued a press release confirming “such [crypto] assets are not recognized by the Central Bank as a means of payment and can only be used as assets for investment with a potential high risk." The Central Bank also confirmed that it is working on a new Retail Payment Services Regulation that will regulate crypto-assets backed by a fiat currency to be used for payment purposes.
Existing licence holders will have until November 15, 2021 to ensure compliance with the new requirements and submit an independent assessment report to validate this.