Dubai: The UAE is moving towards one of the toughest regulatory regimes on crypto-based transactions, whether that’s peer-to-peer or for wider real-world transactions. The latter point was made quite clear by the new rules where any property transaction done in the UAE beyond a specific sum using virtual assets should be declared before the relevant authorities.
And the rules keep getting tightened across the board, as the authorities work on closing any gaps that could be used by criminals or those who want to engage in these transactions under-the-radar.
Samir Kanaan and Halim Kanaan of Dubai-based Kanaan Advocates & Legal Consultants - one of the oldest law firms in the country - offer an overview of what the UAE’s regulators are doing and what this means for investors and businesses.
There has been a spike in crypto-related scams and UAE-based investors getting hit. Judgments have been passed against offenders. Are these tried under local criminal laws?
Samir Kanaan: There is criminal liability. An unlicensed promoter of unregistered crypto currencies could be subject to criminal prosecution under Article 48 of the Federal Law No. 34 of 2021 on Combatting Rumors and Cybercrimes.
Scams associated with crypto-currencies could involve other criminal acts for which there are separate provisions. Phishing schemes to obtain personal data under false pretenses are a good example.
Often, to recover losses or damages which a victim suffered, it may be necessary to file a case before the civil courts, and not just file a criminal complaint. One should also consider legal jurisdiction, and how best to prosecute the perpetrators if they are based outside the UAE.
Do you reckon there will be separate laws governing crypto investments and investor protection?
Samir Kanaan: To the extent that crypto-currencies are used to store wealth, raise capital, make digital payment or as a means of exchange for other assets; these activities are largely regulated. Regulators in the UAE have adopted and expanded their regulations to expressly include crypto and virtual assets. The UAE has been an early mover.
However, their use is popping up in new online realms – the Metaverse. With NFTs, we are also seeing a new asset class. I suspect that more specialized laws and regulations will be required to protect investors and establish legal jurisdiction.
The Dubai Virtual Assets Regulatory Authority (VARA) appears to have been established with fairly wide regulatory ambit for these purposes. Existing regulators such as the ADGM are also updating their laws regularly.
Does VARA and ADGM in Abu Dhabi provide an indication of specific rules on crypto trading and asset protection?
Halim Kanaan: VARA is tasked, among other things, with organizing the issuance and trading of virtual assets and virtual tokens, as well as their service providers. They are already active in this regard. They are also empowered to monitor trading, prevent price manipulation, and develop the rules and regulations to identify suspicious practices and protect investors.
More businesses in the UAE are taking crypto payments – are the laws clear for both the consumer and the business when it comes to such transactions?
Halim Kanaan: There is no doubt the underlying regulations and technologies are sophisticated; but so are the laws regarding various other traditional banking and financial practices. For example, the regulations concerning online trading of shares in publicly listed companies are sophisticated.
If businesses wish to be involved in this sector, they should educate themselves on the relevant regulations to ensure that they do not run afoul of their legal obligations. Consumers should also do their due diligence.
For example, consumers should identify the regulators of the service providers. If the service provider is locally licensed and regulated, consumers would be able to file complaints with local authorities for a service provider’s misconduct.
There’s been lots of talk about data privacy – where do the UAE laws stand on this aspect?
Samir Kanaan: There already exists a number of laws relating to data privacy within the financial and health sector. The most recent federal law, Data Protection Law No. 45 of 2021, extends data protection requirements to private companies which were not regulated previously. This field is still evolving. We are expecting more detailed regulations soon.
Could you provide an overview of the UAE Data Protection Law? If an individual wants to secure his online privacy data-wise, what should he be doing?
Samir Kanaan: The law governs how private companies operating in the UAE may collect and manage our personal data. It is important because many of our day-to-day chores have transitioned online. We share our data with businesses without much thought.
Companies covered by the law must now obtain individuals’ consent prior to collecting and handling his or her personal data. A person’s consent should be obtained in a clear and simple manner, whether in writing or electronically.
Companies must also limit their usage of personal data to their legitimate business purposes and are restricted from sharing their data with others except in accordance with the law.
Notwithstanding this law, individuals should consider carefully the circumstances when sharing their personal data. As the adage goes, prevention is still the best medicine.
