The Virtual Assets and FinTech industry is booming, and it’s no secret why. These innovative companies are shaking up the financial world, offering everything from mobile payment solutions for cross-border transactions, to the Tokenization of both liquid and illiquid assets that have traditionally only been available to institutional investors (finally, I might get to own a Picasso – in part). With the rise of DAOs and NFTs, even a developer’s time can be tokenized and contracted for through smart contracts…But with great innovation comes great responsibility, and regulatory compliance and good governance are key to ensuring that FinTech firms in this space are maximising their value to customers, and enhancing their valuation.
For start-ups, regulatory compliance can seem like a daunting task. As a financial regulatory and compliance lawyer having spent 10 years here in Dubai, working with a diversity of clients from start-ups, accelerator programs, BigTechs, VCs, PEs, asset managers, banks, and even governments & regulatory authorities around the world – I get it. After all, regulations are constantly changing, and it can be challenging to address. But the truth is, regulatory compliance is critical for start-ups. By complying with regulations, start-ups can build trust with customers, investors and key government stakeholders alike. Plus, it can help avoid costly penalties, complaints and legal battles down the line. These are not just “nice to haves” – compliance is the law with financial implications, and in the case of AML compliance, potential criminal liability.
In the case of the UAE – this is no longer becoming an option. Within the Emirate of Dubai (apart from the DIFC), the Virtual Asset Regulatory Authority (VARA – the world’s first dedicated Virtual Asset sector regulator) deadline for businesses operating and providing services within the VA sector to submit their initial disclosure questionnaires passed on 30th April 2023 – with the deadline for those qualifying for a Full Market Product (FMP) license falling on 31 August 2023. The grace period for those falling within the UAE Securities and Commodities Authority (SCA) remit for Virtual Asset Service Providers (VASPs) ended on 14 April 2023. I promised myself that I would not make this a standard legal article filled with legalese, but for those in the UAE or looking to the UAE, I’ll take a brief side step just to outline the lay of the land (I sometimes do this with props when asked about this at conferences!):
VARA’s remit covers the Emirate of Dubai (including all Dubai-based Free Zones, such as the Dubai World Trade Centre (DWTC), the Dubai Multi Commodities Centre (DMCC), Dubai Silicon Oasis (DSO), Dubai Internet City, and others)
With the exception of Dubai’s Financial Free Zone, the DIFC (Dubai International Financial Centre), which has its own regime under the Dubai Financial Services Authority (DFSA)
The SCA (which is the Federal-level securities, commodities and now VASP regulator) has a remit over Virtual Assets covering all Emirates that make up the UAE, including the Emirate of Abu Dhabi (and again all Free Zones contained across all 7 Emirates), and in relation to the Emirate of Dubai (apart from the DIFC) where (VARA has remit) it’s supervisory remit also overlaps jointly with VARA;
With the exception of Abu Dhabi’s Financial Free Zone, the Abu Dhabi Global Market (ADGM), which has its own regime under the ADGM Financial Services Regulatory Authority (FSRA);
The Central Bank of The UAE (CBUAE), the Federal-level banking, insurance and payment services regulator (which covers all of the UAE – including VARA territory, but again, excluding the DIFC and ADGM) has regulatory remit over Payment Tokens (although watch this space, since VARA’s own rules have yet to be issued on this, but are in the pipeline); and
The SCA still having remit (including over VARA territory in Dubai, but again, excluding the DIFC and ADGM) over “digital securities” and “digital commodities”.
I appreciate those are a lot of acronyms to get familiar with. With VARA already issuing a written reprimand for unregulated activity, compliance (which covers amongst other things technology, marketing, conduct, audits, etc.) is evermore important.
Good governance is equally as important. We only need to look to the industry’s recent history to see how failing to have proper oversight and audit functions, and controls on issues such as related party transactions, can wipe billions of balance sheets and customer accounts in a matter of days. We have all heard how these issues are not intrinsically tied to Cryptocurrencies or other Blockchain technologies (which can actually help trace steps through immutable ledgers), and that such situations are caused by human failures – I say, such situations often are the result of compliance and governance failures. Start-ups who aim to become the unicorns of tomorrow can help create a ‘culture of compliance’ in their organisations through establishing clear policies and procedures, and hold themselves accountable to them. This not only improves decision-making processes, but also promotes transparency and integrity throughout the organisation. Let’s face it, who doesn’t want to work for a company that’s committed to doing the right thing?
VC funds play a crucial role in the success of FinTech start-ups. By investing in these companies, they provide the necessary funding for growth and development. I would argue that, like in other areas of traditional institutional investment, they also have a responsibility to advocate for and support positive change. This means pushing for and supporting regulatory and financial crime compliance, good governance, and responsible business practices. VCs are in a prime place to help foster good culture, and may even be under requirements by their own investors to invest in regulated entities that offer a lower risk profile.
So, why is regulatory compliance and good governance so important for the virtual assets space? For one, in light of recent news, it helps builds trust with its user base. In a world where cybercrime and data breaches are becoming increasingly common, users want to know that their information and assets are secure. By complying with regulations and establishing good governance practices, FinTech firms can give customers an added level of security.