If you carry on a regulated activity – dealing in or advising on investments, managing assets or a fund, arranging deals, providing credit, money services, insurance, or a virtual-asset business – by way of business in or from the ADGM, you must be authorised by the FSRA and hold a Financial Services Permission (FSP). The perimeter is set by the Financial Services and Markets Regulations 2015 (FSMR), modelled on the UK’s FSMA 2000. Authorisation turns on threshold conditions and a fit-and-proper assessment, brings conduct and prudential-capital obligations scaled by a prudential category, and requires the individuals running the firm to be FSRA-approved. A firm also needs a Registration Authority commercial licence alongside its FSRA permission. Carrying on a regulated activity without permission is a serious – and potentially criminal – breach. Positions are current to mid-2026; the FSRA rulebook moves frequently, so verify specifics at use.
At a glance
- Perimeter statute: Financial Services and Markets Regulations 2015 (FSMR), modelled on the UK FSMA 2000
- Trigger: Carrying on a Regulated Activity (FSMR Schedule 1) “by way of business” in or from the ADGM
- Licence: Financial Services Permission (FSP) from the FSRA; the firm becomes an Authorised Person
- People: Individuals in Controlled Functions must be FSRA-approved (Approved Persons)
- Prudential: Capital scaled by category – 1, 2, 3A, 3B, 3C, 4 and 5 – under the PRU rules
- Two authorisations: A Registration Authority commercial licence and an FSRA permission
- Breach: Regulatory and potentially criminal; affected agreements may be unenforceable
1. What the regulatory perimeter is
The FSRA administers the Financial Services and Markets Regulations 2015 (FSMR), the ADGM’s core financial-services law, which was broadly modelled on the UK’s Financial Services and Markets Act 2000. The “perimeter” is the line between activity that requires FSRA authorisation and activity that does not. The FSMR contains a general prohibition: no person may carry on a Regulated Activity by way of business in or from the ADGM unless they are an Authorised Person (holding a Financial Services Permission) or an Exempt Person. Cross that line without permission and you commit a regulatory – and potentially criminal – breach. For any financial-services or fintech business looking at the ADGM, “where do we sit relative to the perimeter?” is therefore the first legal question, before incorporation, premises or capital.
2. What counts as a regulated activity
An activity is a Regulated Activity only if it is specified as one in Schedule 1 to the FSMR. The main classes are:
- dealing in investments, as principal or agent;
- arranging deals in investments;
- advising on investments or credit;
- managing assets, or managing/administering a collective investment fund;
- providing or arranging custody;
- accepting deposits; providing or arranging credit;
- insurance – effecting/carrying out contracts, intermediation and management;
- providing money services (remittance, payment accounts, stored value);
- operating an exchange or a multilateral trading facility;
- trust services and acting as trustee of an investment trust;
- operating a private financing platform; benchmark activities;
- virtual-asset activities (exchange, custody, dealing, broker-dealer).
Virtual-asset activities sit inside the FSMR perimeter – they are Regulated Activities requiring an FSP – under a framework that is itself fast-moving; we cover it on virtual-asset regulation & FSRA authorisation. The precise scope of each class, and the defined “Specified Investments” they bite on, are set out in Schedule 1 and should be checked against the live rulebook for a borderline activity.
3. The Financial Services Permission
An authorised firm holds a Financial Services Permission that specifies exactly which Regulated Activities it may conduct, in relation to which Specified Investments, and on what conditions. The FSP is not a general banking-style licence: its scope, the firm’s prudential category and its capital requirement all flow from the precise activities permitted. Getting the scope right at the outset matters in both directions – too narrow and the firm cannot do what it intends without a variation; too broad and it carries capital, systems and supervisory obligations it does not need. Scoping the permission to the actual business model is the core of the authorisation exercise.
4. Getting authorised: the application and threshold conditions
A firm applies to the FSRA principally through the General Information for Regulated Activities (GIRA) form together with activity-specific supplements (for banking, asset management, dealing and advisory, insurance, money services and so on), supported by a detailed Regulatory Business Plan, financial projections and compliance and risk frameworks. The FSRA assesses the applicant against the threshold conditions for authorisation and a fit-and-proper standard – integrity, competence and capability, and financial soundness – and its readiness, willingness and ability to comply on an ongoing basis with the FSRA Rulebook, principally the GEN (General), COBS (Conduct of Business), PRU (Prudential) and AML (Anti-Money Laundering and Sanctions) modules. Authorisation is the start of a continuing relationship with the regulator, not a one-off gate, and the application is best built with that supervisory relationship in mind.
5. The people: Approved Persons and controlled functions
Authorisation is not only about the firm. Individuals who perform a Controlled Function must be approved by the FSRA as Approved Persons (the ADGM term – not the DFSA’s “recognised individuals”). The controlled functions include the Senior Executive Officer, Licensed Director or Licensed Partner, Compliance Officer, Money Laundering Reporting Officer, Finance Officer, Responsible Officer and Senior Manager. Approved Persons are bound by the FSRA’s principles for approved persons and, in defined cases, by residency expectations. The practical point is that an FSP application stands or falls partly on its people: the FSRA expects a credible, fit-and-proper senior team with genuine substance in the ADGM, and a thin or absentee management line is a common reason an application stalls.
6. Prudential categories and capital
How much capital a firm must hold, and which prudential rules apply, depends on its prudential category, determined under the PRU rules by the activities in its permission. The ADGM uses seven categories – 1, 2, 3A, 3B, 3C, 4 and 5 – broadly: Category 1 for deposit-taking/banking; Category 2 for dealing as principal and credit providers; Category 3A for dealing as matched principal; Category 3B for fund custody and trustee activity; Category 3C for asset and fund managers; Category 4 for advisory and arranging firms that do not hold client assets; and Category 5 for Islamic (profit-sharing) banking. The binding capital requirement is generally the highest of the base-capital requirement, an expenditure-based minimum, a risk-based requirement or (for money services) a variable requirement.
The figures move – treat them as verify-at-use. As a marker, Category 1 carries a base-capital requirement of USD 10 million; and following the FSRA’s 2025 reform of the framework for lower-risk firms (effective 19 August 2025), the Category 4 base capital was raised to USD 50,000 (private-financing-platform operators to USD 150,000) and the custody requirement for non-public-fund custodians reduced to USD 250,000. The current figures for every category should be confirmed against the live PRU rules before they are relied upon.
7. Two authorisations: the Registration Authority and the FSRA
It is easy to conflate the ADGM’s authorities, so it is worth being precise. The Registration Authority (RA) incorporates and registers companies and grants the commercial licence; the FSRA is the financial-services regulator that grants the Financial Services Permission and supervises Regulated Activities (the third authority, the ADGM Courts, resolves disputes). All three rest on Abu Dhabi Law No. 4 of 2013. In practice a regulated firm needs both: the usual sequence is to obtain (or align) the RA commercial licence and the FSRA permission together, with the FSP defining what the firm may actually do once licensed. The FSRA is also the ADGM’s AML/CFT supervisor for financial firms – covered, with the latest framework changes, on AML & sanctions in the ADGM.
8. Exclusions, exemptions and Exempt Persons
Not everything that looks regulated is. Some activity falls outside the Schedule 1 definitions; some benefits from exclusions (for example certain incidental or intra-group activity); and certain bodies are Exempt Persons who may carry on a Regulated Activity without an FSP. These must be assessed carefully and conservatively: assuming an exclusion applies when it does not is one of the most common – and most costly – errors a business makes at the perimeter, because the consequence is unauthorised activity rather than a mere technical breach. A short, documented perimeter analysis at the outset is far cheaper than unwinding an unauthorised business later.
9. Operating outside or in breach of the perimeter
Carrying on a Regulated Activity without permission, or beyond the scope of an FSP, exposes the firm and its managers to FSRA enforcement – financial penalties, public censure, restrictions on or withdrawal of the permission, and prohibitions on individuals – and can render affected agreements unenforceable. It can also attract criminal liability. The boundary is not a soft one, and supervisory interest in a possible perimeter breach should be treated as seriously as a formal investigation. We set out the enforcement process and sanctions on ADGM enforcement & penalties.
10. The ADGM financial-regulatory practice
ATB Legal assesses whether a proposed activity falls within the FSRA perimeter, scopes the right Financial Services Permission to the business model, and manages the FSRA authorisation process end to end – the GIRA application and supplements, the Regulatory Business Plan, the prudential-category and capital analysis, and the approved-person applications for the senior team – alongside the Registration Authority licensing, and advises on exclusions and exemptions, perimeter breaches, variations and the regulatory dimension of corporate transactions.
Frequently asked questions
Do I need FSRA authorisation?
If you carry on a Regulated Activity by way of business in or from the ADGM, yes – you need a Financial Services Permission scoped to those activities, unless you are an Exempt Person or the activity falls outside the FSMR perimeter.
What is a Financial Services Permission?
It is the authorisation the FSRA grants, specifying exactly which Regulated Activities a firm may conduct, in relation to which investments, and on what conditions. The firm’s prudential category and capital requirement flow from those activities.
What counts as a “regulated activity” in the ADGM?
An activity specified in Schedule 1 to the FSMR – for example dealing in, arranging or advising on investments, managing assets or a fund, providing custody or credit, money services, insurance, operating an exchange, and virtual-asset activities. The precise definitions are in Schedule 1.
How does a firm get authorised, and what are the threshold conditions?
By applying to the FSRA through the GIRA form and activity supplements, with a Regulatory Business Plan and financial and compliance frameworks. The FSRA assesses the applicant against the threshold conditions and a fit-and-proper standard (integrity, competence, financial soundness) and its ability to comply with the GEN, COBS, PRU and AML rules.
Who needs to be an “Approved Person”?
Any individual performing a Controlled Function – including the Senior Executive Officer, a Licensed Director or Partner, the Compliance Officer, the MLRO, the Finance Officer and Senior Managers – must be approved by the FSRA as an Approved Person before acting.
What are the ADGM prudential categories and capital requirements?
Capital is scaled by a prudential category set under the PRU rules – the ADGM uses seven (1, 2, 3A, 3B, 3C, 4 and 5), from deposit-taking (Category 1) to advisory/arranging firms that do not hold client assets (Category 4). The capital requirement is generally the highest of a base, expenditure-based, risk-based or variable requirement; the exact figures change and should be verified against the live PRU rules.
Do I need both a Registration Authority licence and an FSRA permission?
Yes. The Registration Authority grants the commercial licence and registers the company; the FSRA grants the Financial Services Permission to carry on Regulated Activities. A regulated firm needs both, usually obtained in a coordinated process.
Do virtual-asset businesses need FSRA authorisation?
Yes. Virtual-asset activities – operating an exchange, providing custody, dealing or broker-dealer activity – are Regulated Activities within the FSMR perimeter and require an FSP. The detailed framework is fast-moving and is covered on our virtual-asset regulation page.
What happens if I operate without authorisation or beyond my permission?
It exposes the firm and its managers to FSRA enforcement – penalties, public censure, restriction or withdrawal of the permission, and individual prohibitions – can render affected agreements unenforceable, and can attract criminal liability.
Can intra-group or incidental activity be excluded from the perimeter?
Sometimes. Certain activity falls outside the Schedule 1 definitions or benefits from exclusions (for example some incidental or intra-group activity), and certain bodies are Exempt Persons. These must be assessed carefully – wrongly assuming an exclusion applies results in unauthorised activity.