The UAE’s fintech surge

Marco Boldini of BonelliErede shares his thoughts on the rise of fintech in the country: enabling cross-border payment solutions without compromising on compliance and how legal advisors can support new startups.

 The UAE is shaping up to be one of the world’s most attractive financial innovation labs. For various reasons, Abu Dhabi and Dubai are becoming top choices for innovative fintech and payment solutions.

The pace of regulatory and digital innovation easily puts the UAE at the forefront of every initiative in the fintech field, as does its regulatory architecture, which is built to lead innovation securely, considering that money and data travel internationally through digital platforms in mere seconds.

In fast growing places like the UAE, legal advisors are called on to help fintech and startups devise digital solutions that are legally robust and reliable. In the fintech sector, legal advisors need new, different skills compared to 10–20 years ago – on top of a solid legal background, proficiency with technology, compliance and knowledge of financial intricacies are must-haves to provide effective advice.

Licensing pathways, onshore and in the financial free zones, coupled with regulatory sandboxes and wallet interoperability, make legal advisors key players in every project.

But what should an effective legal advisor do when tasked with a complex new fintech project?

MAPPING THE REGULATORY PERIMETER IN THE UAE…AND ABROAD

For new entrants to the market seeking to build or implement a model for cross-border services (e.g., cross-border payments), the foremost decision to address is where (and by whom) these services will be regulated:

• Onshore UAE (excluding financial free zones): Generally speaking, retail payment services, card schemes, and related services must be authorised and licensed by the Central Bank of the UAE. To that end, specific rules to follow and limits on promotion initiatives by unlicensed companies exist and must be assessed before beginning any project. Associated costs can be high, and the relatively long timeline to obtain a licence can be a determining factor from a strategic standpoint.
• Dubai Financial Services Authority (DFSA): The DFSA regulates financial services in the DIFC. In this zone, many options are available for startups and innovators keen to use regulatory sandboxes for their ideas before they apply for full authorisation (the Innovation Testing Licence is a very successful example[1]).
• Abu Dhabi Global Market (ADGM): The Financial Services Regulatory Authority (FSRA) offers many options for newcomers, startups and fintech companies. Good examples include RegLab,[2] which can be very helpful when dealing with money services, virtual assets, and the like.

Early structuring discussions should identify key touchpoints for each regime/region/regulator chosen, e.g., where the customer is located or contracted, where funds are held or settled, and who controls wallets or payment accounts. Proper planning of the activities to be carried out, coupled with deep knowledge of the applicable regulatory regimes, prevents issues in the authorisation phase and helps test a project’s feasibility and scalability.

DECONSTRUCTING IDEAS: THE LICENSING PATHWAY

Cross-border projects typically involve several steps and activities. The added value that strong legal advisors bring to the table involves breaking down the entire process and matching each step to the right licence.

The process begins with identifying customer type. In other words, is the solution aimed at bridging gaps in the retail market (e.g., personal or savings accounts), or does it target institutional customers? If it is for institutional customers, do those include corporations, financial institutions, or both?

Depending on the answer, different licences are required, and proper business plans should be drafted accordingly to explain the envisaged project’s sustainability to the competent regulator and show how the company has planned for stress scenarios.

The Retail Payment Services and Card Schemes Regulation (RPSCS Regulation), for example, introduced requirements for a licence with respect to various retail payment services and for participation in a card scheme, whereas the Stored Value Facilities (SVF) Regulation governs the issuance and operation of SVF such as e-money and digital wallets. The above examples give a sense of the broad scope of these types of regulations, which cover vastly different topics, e.g., asset segregation, outsourcing, transparency, and customer protection. They also cover service advertising by non-licensed entities in the UAE, which is a key element for cross-border operators whose marketing plans and campaigns target the UAE and other countries in the region.

PARTNERSHIPS VS. SANDBOXES

Very often, startups are not adequately prepared to apply for a full licence and thus embark on a tiresome journey that involves meeting numerous compliance requirements and finding the resources to secure a successful outcome, among other things.

In this case, a partnership with a licensed bank or payment institution can be a great starting point to explore the market and its possibilities, without committing to a long-term plan as required when applying for the startup’s own full licence. Legal advisors are crucial in these situations: their due diligence is a key element that determines whether the envisaged activity can lawfully be delegated (and, conversely, any activity that must be performed directly by the startup), what outsourcing agreements (if any) can be implemented under the relevant rulebooks, and so on.

Typically, a logical, risk-based approach is taken, but tight scrutiny is necessary when deciding where responsibility is ultimately allocated to ensure that the activity concerned is fully compliant with the rules and regulations applicable from time to time.

Ongoing mapping and monitoring of the most relevant developments in the regulatory arena thus becomes key if a startup wants to establish a strong and reliable partnership with another institution.

The other possibility involves sandboxes. In the UAE, sandboxes are not simply ‘promotional tools’ but rather concrete regulatory solutions that can de-risk a business. They are used especially, though not exclusively, when a business model or technology does not fit into an existing licence (new wallet ideas, etc.).

Contrary to what happened in the EU (where they had very little success), in the UAE (similarly to the UK) sandboxes show great potential and are a good platform for innovative players. In addition, regulators – through the secure environment that sandboxes provide – can keep a close eye on how the market is evolving and intervene when potential issues arise.

The above is clear, and many other similar ideas are being tested. The ADGM RegLab, for example, provides a safe environment with boundaries and rigorous regulatory supervision, without compromising on innovation.

BEYOND THE UAE – CROSS-BORDER REGULATION

Regulators across the globe are joining forces to develop common standards and best practices, with a view to helping new entrants to the market avoid excessive fragmentation in terms of cross-border regulation. A truly international legal advisor should be in a position to advise companies on the best options available and, by leveraging on his/her international experience, provide the client best practices to pave the way for a successful start.

One very interesting example is the Global Financial Innovation Network (GFIN), which facilitates joint work on pilots related to payment propositions that, by virtue of the services offered, concern multiple jurisdictions.

Legal advisors should thus monitor these emerging working groups closely and try to facilitate interaction with the sector, with the aim of creating a strong fintech ecosystem made up of professionals with different skillsets and from different countries. Regulators must be seen as partners for every business, so as to create a healthy dialogue among the various players involved.

The latest trend concerning interoperability for wallets offers a great opportunity in that sense.

Indeed, building a global interoperability model for companies and institutions that provide payment services could potentially start in the UAE, which – as briefly explained in this article – offers a modern, resilient and strong base. Developing strong models would allow for a real-time transaction flow between different systems. Although this is a great advantage, too many cross-border potential issues remain on the table, such as scheme rules, FX handling, dispute resolution, and consumer disclosures across different legal systems (being privacy, frauds detection and safety of data, some of the most pressing issues now).

Legal advisors could, e.g., provide their clients templates to facilitate the exploration of cross-border structures. An example could be a structure that tries to address the following basic checklist to understand the type of licences required:

• What are the payment rails and settlement models involved? Wallet-to-wallet, card-based, or remittance through correspondent banking?
• Where is the customer onboarded?
• What are the controls needed from an AML/KYC standpoint?
• What additional features (if any) need to be assessed against the applicable regulations before a project can start (privacy, ESG, ICT, etc.)?

Detailed answers to the above questions help companies avoid the vast majority of mistakes that occur in the initial planning phase, e.g., determining whether a financial passport is needed, evaluating promotional and marketing rules, and assessing data-transfer gaps. Moreover, determining the legal, technological and compliance structures needed can shed light on the initial costs to be budgeted, to avoid unwelcome surprises.

THE ROAD AHEAD

The UAE’s approach is clearly to promote new payment methods that provide international links and offer robust consumer protection and financial crime control.

From an onshore standpoint, stable regimes have opened an efficient pathway. In the meantime, new players are moving the market towards an instant, interoperable domestic experience and are increasingly pushing across borders.

Legal advisors have a unique opportunity to mix regulatory fluency with product thinking, detailed payment-flow mapping, and choosing the right licence and corporate structure depending on clients’ needs and aspirations.

All the above must occur within a robust compliance framework. To that end, cross-border payment solutions in the UAE can be truly innovative and secure, which unlocks growth for companies while protecting consumers and the financial system.

A new era has begun for lawyers who operate in the financial services sector. Only those who are truly open to embrace it will be regarded by the industry as valuable and effective.

The final goal must be the same for everyone: a joint effort aimed at building a strong ecosystem made up of strong professionals, players, and innovative regulators.

This article is for general information purposes only and is not intended to be construed as legal or financial advice. Specific projects should be assessed against the latest regulatory developments and versions of the cited examples, in consultation with the competent regulators.

Text by:

Marco Boldini, of counsel, member of debt capital markets focus team, BonelliErede and director, Hamilton Court FX SIM

Footnotes:

[1] The DIFC innovation licence is described as follows: “The DIFC innovation licence is a commercial licence with a 90% subsidised fee structure open to all technology and innovation firms, enabling growth at any stage. This licence caters to firms interested in developing or testing new, novel, or innovative products. We welcome start-ups, growth-stage firms and unicorns”. (https://landing.difc.ae/innovation-license-offer)

[2] The RegLab is described as follows: “FSRA has created the RegLab, which is a specially tailored regulatory framework that provides a controlled environment for FinTech Participants to develop and test innovative FinTech solutions without immediately being subject to all the regulatory requirements that would otherwise apply to Authorised Persons”. (https://assets.adgm.com/download/assets/fintech-reglab-guidance.pdf/800da29e606c11ef9c36e210a144be73)