Key Updates to the DFSA Crypto Token Regime

On 12 January 2026, the Dubai Financial Services Authority (DFSA) brought into force amendments to its Crypto Token regime in the Dubai International Financial Centre (DIFC), following Consultation Paper 168 (October 2025), with subsequent policy materials and supervisory guidance.

The reforms do not constitute an integral change to the DFSA’s approach to digital assets. Rather, they focus on offering greater operational flexibility for firms, coupled with clearer accountability, enhanced transparency, and more structured supervisory reporting.

1. Legal and regulatory context

The DFSA’s regime distinguishes between:

• Investment Tokens (tokenized versions of traditional financial instruments, regulated largely through the securities and funds framework); and
• Crypto Tokens (a defined category covering certain cryptocurrencies and certain stablecoins, but not all digital tokens).

Separately, certain token types (often described as utility tokens and NFTs) sit outside the Crypto Token perimeter as regulated financial products; however, businesses involved with them may still have AML/CFT registration and compliance obligations in the DIFC.

The January 2026 amendments affect how authorized firms may engage with Crypto Tokens, and how those activities are supervised.

2. The main reform: shifting suitability assessment from the DFSA to firms

a. Recognized token regime

The most material change is the removal of the DFSA-maintained list of “Recognized Crypto Tokens” as the central gateway for most Crypto Token activities.

Instead, firms must now determine, on a reasoned and documented basis, whether each Crypto Token they engage with is suitable for the particular activity and business model in the DIFC (for example: dealing, advising, arranging, managing assets, managing or operating a fund, or using tokens in derivatives exposures, as applicable).

This constitutes a firm-level instrument suitability assessment. It is distinct from client-by-client suitability or appropriateness analysis under conduct rules when recommending products to clients. As the token recognition process is no longer a core feature of the framework, the DFSA has removed the corresponding application fee for recognition of a Crypto Token.

b. Suitability criteria

The DFSA has set criteria that firms must consider. Firms are expected to evaluate matters such as:

• the token’s purpose, governance arrangements and transparency;

• regulatory status or treatment in other jurisdictions;

• liquidity, market history and market integrity considerations;

• technology and operational risks; and

• whether use of the token could impede compliance with DFSA requirements (including financial crime controls, custody safeguards and market conduct).

The DFSA’s supervisory guidance emphasize that the assessment is risk-based and contextual: firms with different business models, client profiles and risk appetites may reach different conclusions on the same token, and both can be defensible if properly governed and evidenced.

*Prior versions of the framework allowed firms, in certain circumstances, to place reliance on DFSA recognition of specified foreign jurisdictions as part of the suitability analysis. That concept has been removed. Token suitability is no longer anchored to a jurisdictional recognition mechanism. Instead, firms must apply their own assessment framework to tokens they propose to use (except for the DFSA-led approval approach retained for Fiat Crypto Tokens).

c. Recordkeeping and governance expectations

A core feature of the new model is that firms must be able to evidence their decision-making. The DFSA expects:

• formal policies and procedures covering assessment methodology and triggers for reassessment;

• clear governance and accountability (including appropriate escalation and sign-off); and

• the ability to produce supporting records promptly (within 3 business days) if requested.

3. Separate controls for stablecoins

The DFSA has retained a more cautious approach for Fiat Crypto Tokens (stablecoins referencing a single fiat currency).

In contrast to other Crypto Tokens, the DFSA remains responsible for determining whether a Fiat Crypto Token is suitable for use in the DIFC, and it publishes a policy statement describing the assessment approach and the tokens it has assessed as suitable.

This reflects the DFSA’s stated concern regarding potential systemic issues, reserve quality and redemption arrangements, and financial crime risks associated with stablecoin-like instruments.

To date, the only suitable stablecoins as per DFSA guidance are USDC, EURC and RLUSD. However, firms and investors should look out for future additions or changes to this list.

4. Funds: amendments to investment thresholds and restrictions

Another significant change concerns funds with Crypto Token exposure.

Earlier versions of the regime imposed fixed thresholds and structural conditions. The updated approach removes those fixed thresholds and restrictions, allowing domestic, external and foreign funds to invest directly or indirectly in Crypto Tokens, provided the relevant tokens are assessed as suitable and the firm applies appropriate risk management.

Importantly, this increased flexibility does not remove the broader protections that typically apply in a funds context. Requirements around custody arrangements, valuation, disclosure, governance, and borrowing/leverage constraints remain central to the DFSA’s overall investor protection framework.

The changes are therefore best understood as removing a blunt quantitative limiter, while maintaining (and, in places, strengthening) qualitative controls.

5. Conduct and investor safeguards

The January 2026 amendments include conduct changes, two of which are particularly relevant in practice:

a. Key features documents and custody activities

The conduct framework has been adjusted so that key features documents are not required solely because a firm is providing or arranging custody of crypto or investment tokens. This is a practical refinement aimed at avoiding duplicative documentation in custody-only contexts, while leaving broader disclosure and governance requirements intact.

b. Professional client classification and the net asset test

Previous rules constrained how Crypto Tokens could be counted toward an individual’s net asset threshold for professional client classification, and differentiated based on whether tokens were deemed recognized. The amended approach removes that structure. Firms may take token holdings into account more fully, provided the overall classification decision remains appropriate and properly supported.

6. New transparency obligations: publication of suitable token lists

Firms must maintain and publish on their website a list of the Crypto Tokens they have assessed as suitable, with identifying details. If a token is reassessed as unsuitable, activities must cease and the token removed.

7. Periodic reporting

In the context of the shift to firm-led suitability, the DFSA has introduced a monthly reporting requirement for authorized firms conducting Crypto Token activities.

In broad terms, firms must submit a return through the DFSA portal within a prescribed period after month-end, covering matters such as:

• which tokens the firm treats as suitable (and which have been removed);
• which activities are undertaken with those tokens; and
• high-level activity metrics (including client numbers and transaction volumes/values, depending on activity).

Late filings are subject to the DFSA’s fixed penalty framework, reinforcing that this reporting is intended to support active supervisory monitoring.

8. Transitional arrangements

To support implementation, the DFSA provided a three-month transition from 12 January 2026 to 12 April 2026, during which tokens that had previously been recognized are treated as deemed suitable, giving firms time to complete internal assessments, website disclosures and reporting readiness.

If a firm becomes aware of a significant adverse event affecting a token during this period, the firm is expected to act consistently with the ongoing suitability and risk management expectations.

What this means for market participants

The practical consequence of the January 2026 reforms is that operating in the DIFC now requires firms to treat token selection as a governed risk decision, rather than a compliance step satisfied primarily by reference to a regulator list.

Firms active in brokerage, dealing, advisory, asset management, fund management, trading venues and related activities should ensure they have:

• a documented suitability assessment framework aligned to DFSA criteria and supervisory expectations;
• clear governance and accountability for token approval and ongoing monitoring;
• operational readiness to withdraw tokens and cease activities where suitability changes;
• accurate website disclosure of the firm’s suitable tokens; and
• systems capable of producing the monthly return reliably and on time.

How Rasma Legal can help

Rasma Legal advises clients on regulatory and structuring matters relating to Crypto Tokens and broader digital asset activities, with a particular focus on the evolving DFSA framework in the DIFC. The firm supports market participants in designing and implementing suitability assessment frameworks, governance arrangements and compliance policies aligned with supervisory expectations, while ensuring that commercial objectives remain viable within the regulatory perimeter. Drawing on experience across the DIFC and the wider UAE regulatory landscape, Rasma Legal assists financial institutions, fund managers and digital asset businesses in navigating DFSA requirements and broader regional developments with a clear, risk-focused legal approach.