ATB LEGAL
Dispute Resolution Employment Corporate & Commercial Personal Status Intellectual Property Regulatory & Compliance International Trade Insights People About Contact Us

ADGM Virtual-Asset Regulation & FSRA Authorisation

The ADGM is a leading hub for regulated virtual-asset activity. A virtual-asset business operating in or from the ADGM – an exchange, custodian, broker-dealer or manager – needs FSRA authorisation (a Financial Services Permission) and may only use “Accepted Virtual Assets”. Under the framework in force from June 2025, firms self-assess each virtual asset against the FSRA’s criteria and notify the regulator before use (rather than seeking prior approval); privacy tokens and algorithmic stablecoins are prohibited; a Fiat-Referenced Token (stablecoin) framework applies; and a staking framework has been finalised. This is the ADGM’s fastest-moving area – the Accepted-Virtual-Asset list, the stablecoin rules and the staking detail all change; treat everything here as verify-at-use against the live FSRA rulebook.

What an exchange, custodian, broker or manager needs for an FSRA application.

At a glance

  • Regulator: FSRA, under the FSMR – virtual-asset activities are Regulated Activities
  • Licence: A Financial Services Permission scoped to the specific VA activity
  • Usable assets: Only Accepted Virtual Assets (AVAs)
  • Process: Self-assess against the FSRA’s criteria and notify the FSRA before use (from June 2025)
  • Prohibited: Privacy tokens, algorithmic stablecoins and similar
  • Recent: Fiat-Referenced Token rules (from 1 Jan 2026); staking framework finalised (2026) – verify at use

1. Who needs FSRA authorisation?

Operating a virtual-asset exchange or multilateral trading facility, providing custody of virtual assets, acting as a broker-dealer in virtual assets, and managing or advising on virtual assets are all Regulated Activities requiring a Financial Services Permission from the FSRA – virtual assets sit squarely inside the FSMR perimeter, not in a separate regime. The first question for any token, exchange or custody project is therefore the perimeter question: which regulated activity does it involve, and is the business within or outside the line? We set out the perimeter and the authorisation process generally on the FSRA regulatory perimeter & authorisation; this page covers what is specific to virtual assets.

2. Accepted Virtual Assets

A defining feature of the ADGM regime is that only “Accepted Virtual Assets” (AVAs) may be used in regulated activities – whether for trading, custody or investment management. A virtual asset qualifies as an AVA only if it meets the FSRA’s criteria, which look to factors such as the asset’s maturity and market depth, security and traceability, and broader risk. The practical effect is a whitelist model: a firm cannot simply list any token its customers want; it must work within the set of assets that satisfy the criteria. The composition of that set changes over time, so which specific assets are usable is a verify-at-use question, not a fixed list to be stated on a page.

3. The framework from June 2025: notification, not approval

The FSRA materially changed how AVAs are handled with effect from June 2025, moving from an approval-based model to a notification one. An Authorised Person must now self-assess each virtual asset it proposes to use against the FSRA’s criteria (in its conduct rules, COBS) and notify the FSRA on completing that assessment – generally at least five business days before using the asset – rather than waiting for a prior token-by-token approval. The onus sits firmly with the firm: it must be able to evidence a rigorous assessment, and the FSRA retains the power to object or intervene. The exact rule reference and notice period should be confirmed against the current COBS rules, as this framework is amended on a short cycle.

4. Prohibited assets

The framework expressly prohibits certain virtual assets from use in regulated financial services – notably privacy tokens (whose anonymity features defeat the traceability AML compliance requires) and algorithmic stablecoins (whose stability is not backed by reserves and has proved fragile), together with assets employing similar technology. The prohibitions reflect the two risks the FSRA is least willing to take on: untraceable value transfer and unbacked “stable” value. A project relying on either should expect not to be authorised for it in the ADGM.

5. Fiat-Referenced Tokens (stablecoins)

Stablecoins are regulated through a dedicated Fiat-Referenced Token (FRT) framework. Building on the FSRA’s earlier FRT rules, amendments taking effect from 1 January 2026 expanded the regulated activities that may be carried on using FRTs – reflecting the growing use of reserve-backed tokens in payments and settlement. An FRT is a different animal from an algorithmic stablecoin (which is prohibited): it is expected to be fully backed by reserves and subject to issuance, reserve and disclosure requirements. Firms issuing or using FRTs should map their activity against the current FRT rules, which – like the rest of the digital-asset framework – continue to be developed; treat the position as verify-at-use.

6. Staking

Following Consultation Paper No. 10 of 2025, the FSRA finalised a framework for the staking of virtual assets in 2026, setting out which categories of Authorised Person may stake clients’ assets and the conditions that apply – including that staking rewards are limited to Accepted Virtual Assets (and accepted FRTs) and that client-asset protections apply to staked holdings. Staking had previously sat in a grey area; the framework brings it within the regulated perimeter on defined terms. As this was finalised very recently, the commencement date and the precise conditions should be confirmed against the live rulebook before a firm offers or relies on a staking service.

7. Getting authorised

Authorisation requires a Financial Services Permission scoped to the specific virtual-asset activities, supported by the governance, capital, custody, AML and technology-risk controls the FSRA expects of a VA business – which are, in several respects, more demanding than for a comparable traditional-finance firm, given the operational and cyber risks unique to digital assets. The application is built on the same GIRA process as any FSP (covered on the perimeter page), with VA-specific supplements and a credible, fit-and-proper senior team resident in the UAE. Scoping the permission to the actual business model – exchange, custody, broker-dealer or management – is, as ever, the core of the exercise.

8. AML, custody and the FATF travel rule

Two compliance layers bear especially hard on VA businesses. First, AML/CFT: VA firms are within the FSRA’s AML and Sanctions Rulebook, and the FATF “travel rule” applies to virtual-asset transfers – originator and beneficiary information must travel with a transfer above the threshold – on top of the usual customer due diligence, sanctions screening and suspicious-activity reporting (see AML & sanctions in the ADGM). Second, custody: where a firm holds clients’ virtual assets, the FSRA expects rigorous safeguarding – segregation, secure key management, and resilience against loss or theft – because the irreversibility of on-chain transfers makes custody failures uniquely damaging. These two areas are where VA authorisations are most often tested.

At a glance

TopicPosition (current to mid-2026 – verify at use)
Regulated activitiesVA exchange/MTF, custody, broker-dealer, managing/advising – all need an FSP
Usable assetsOnly Accepted Virtual Assets (AVAs)
Process (from Jun 2025)Self-assess against the FSRA criteria and notify the FSRA before use (generally ≥ 5 business days)
ProhibitedPrivacy tokens, algorithmic stablecoins and similar
StablecoinsFiat-Referenced Token framework; expanded activities from 1 Jan 2026
StakingFramework finalised (2026); defined Authorised Persons; rewards limited to AVAs – confirm commencement
ComplianceAML + FATF travel rule; rigorous custody / technology-risk controls

The ADGM virtual-asset practice

ATB Legal advises virtual-asset and fintech businesses on whether they need authorisation, manages the FSRA application, and advises on the Accepted-Virtual-Asset assessment and notification, the FRT and staking frameworks, and the custody, AML, travel-rule and technology-risk controls the FSRA expects.

Frequently asked questions

Do I need FSRA authorisation to run a crypto business in the ADGM?

Yes, if you carry on a regulated virtual-asset activity – operating an exchange or MTF, providing custody, broker-dealing, or managing or advising on virtual assets – you need a Financial Services Permission. Virtual-asset activities sit inside the FSMR perimeter.

What virtual-asset activities are regulated in the ADGM?

Operating a virtual-asset exchange or multilateral trading facility, providing custody, acting as a broker-dealer, and managing or advising on virtual assets – each requiring an FSP scoped to that activity.

What is an Accepted Virtual Asset?

A virtual asset that meets the FSRA’s criteria (maturity, security, traceability and risk) and may therefore be used in regulated activities in the ADGM. The ADGM operates a whitelist model, and the set of usable assets changes over time.

Do I need FSRA approval for each token?

No longer a prior approval. Since June 2025 the firm self-assesses each asset against the FSRA’s criteria (in its COBS conduct rules) and notifies the FSRA, generally at least five business days before using it. The onus is on the firm, and the FSRA can object.

Are any virtual assets banned?

Yes – privacy tokens, algorithmic stablecoins and assets using similar technology are prohibited in regulated financial services, because they defeat traceability or lack reserve backing.

How are stablecoins (Fiat-Referenced Tokens) regulated?

Through a dedicated Fiat-Referenced Token framework, with amendments expanding the regulated activities that may be carried on using FRTs taking effect from 1 January 2026. An FRT is reserve-backed and subject to issuance, reserve and disclosure requirements – unlike the prohibited algorithmic stablecoins.

Can an ADGM firm offer staking?

Yes, under the staking framework the FSRA finalised in 2026 (following Consultation Paper No. 10 of 2025), which sets out which Authorised Persons may stake clients’ assets and the conditions, with rewards limited to Accepted Virtual Assets. Confirm the commencement date and conditions against the live rulebook.

Does the FATF travel rule apply to virtual-asset transfers?

Yes. VA firms are within the FSRA’s AML and Sanctions Rulebook, and the FATF travel rule requires originator and beneficiary information to accompany virtual-asset transfers above the threshold, alongside the usual CDD, sanctions screening and suspicious-activity reporting.

What does the FSRA expect on custody of client virtual assets?

Rigorous safeguarding – segregation of client assets, secure key management, and resilience against loss or theft – because the irreversibility of on-chain transfers makes custody failures uniquely damaging. Custody is one of the areas the FSRA scrutinises most closely on a VA application.

How often does the ADGM digital-asset framework change?

Frequently – this is the fastest-moving part of ADGM law, with material changes through 2024, 2025 and 2026 to the Accepted-Virtual-Asset model, the stablecoin rules and staking. Any specific position should be confirmed against the live FSRA rulebook at the time of use.