• Compliance, Crypto and Virtual Assets, Governance & Risk Advisory

Crypto Tokens under DFSA: Suitability Assessment  

6 minutes read

The New Regulatory Update 

On 12th January 2026, the Dubai Financial Services Authority (DFSA) brought into force a materially updated Crypto Token framework for activities conducted in or from the Dubai International Financial Centre (DIFC). Under the new update, the DFSA has shifted from a DFSA-led suitability assessment to a firm-led suitability assessment for Crypto Tokens. Firms providing Financial Services involving Crypto Tokens must now determine, on a reasoned and documented basis, whether each Crypto Token they engage with meets the DFSA’s suitability criteria. As a direct consequence, the DFSA will no longer publish a list of Recognised Crypto Tokens. 

In this article, we examine what Crypto Tokens mean under the DFSA regulatory framework, how different categories of Tokens are defined and distinguished, the regulatory requirements for assessing Crypto Token suitability, and the practical challenges and expertise required for firms to implement the new firm-led suitability regime in DIFC. 

What is a Crypto Token under the DFSA framework? 

Under the DFSA framework, a Token is classified as a Crypto Token if it: 

  1. is used, or is intended to be used, as a medium of exchange or for payment or investment purposes; or 
  2. confers a right or interest in another Token that meets the requirement above. 

The Token’s “intended use” will normally be evident from developer materials such as the white paper or other concept papers prepared and published for the Token. 

It is equally important to understand what does not qualify as a Crypto Token under the DFSA framework. A Token is not treated as a Crypto Token if it is classified as an Excluded Token, or as an Investment Token. 

The DFSA expressly treats the following as Excluded Tokens: 

  • Non-Fungible Tokens (NFTs) 
  • Utility Tokens 
  • Digital currency issued by a government, government agency, central bank, or other monetary authority 

Within the category of Crypto Tokens, the DFSA recognises that the most common types are cryptocurrencies and stablecoins. This categorisation is important because different regulatory treatment now applies depending on the type of token involved. As part of the January 2026 amendments, the DFSA removed its prescribed list of Recognised Crypto Tokens and shifted responsibility for assessing suitability to firms for Crypto Tokens generally. However, this shift does not apply to Fiat Crypto Tokens. For these tokens, whose value is determined by reference to a single fiat currency, the DFSA has retained a regulator-led approval approach, and they remain subject to specific regulatory assessment and recognition under the DFSA’s Policy Statement on Fiat Crypto Token dated 15 December 2025. 

The Firm-led Suitability Assessment 

Under the updated framework, a firm must conclude, on reasonable grounds, that a Crypto Token is suitable for use by that firm in relation to the relevant activity. The DFSA has published Supervisory Guidelines to facilitate this assessment. 

In this context, two features of the DFSA’s approach are especially consequential: 

  1. Contextual suitability is expected.
    A firm must consider the relative importance of each criterion in light of factors such as the firm’s proposed activity, customer base, and the nature, scale, and complexity of its DIFC operations. Suitability is not a universal label. It is a reasoned conclusion in context. 
  2. Negative indicators shift the burden onto the firm.
    Where a firm identifies one or more negative indicators against any of the Crypto Token suitability criteria set out in the Supervisory Guidelines, the onus is on the firm to satisfy itself that the Crypto Token can nonetheless be demonstrated to be suitable in accordance with the suitability requirements. The firm’s reasoning must be documented and supported by objective evidence, showing how the relevant risks have been identified, assessed and found to be acceptable 

Suitability Criteria 

A Crypto Token must be assessed against multiple suitability criteria, including: 

  1. Token characteristics, incorporating purpose, governance arrangements, and founders. 
  2. Regulatory status in other jurisdictions, including whether it has been assessed or approved by another financial services regulator. 
  3. The size, liquidity, and trading history of the market for the Crypto Token globally. 
  4. The technology used in connection with the Crypto Token. 
  5. Whether the use of the Crypto Token could prevent the firm from complying with legislation administered by the DFSA. 
  6. The Supervisory Guidelines further prescribe detailed indicators, providing practical guidance on how firms should perform, evidence and justify their suitability assessments. 

Suitability Implementation Challenges 

The transition to firm-led suitability elevates the assessment process into a core regulatory obligation. Essentially, relevant firms might face a number of new and material implementation challenges, including: 

  • Building a defensible suitability methodology that is activity-specific: The DFSA expects conclusions that are both specific and context-driven. A methodology that looks identical regardless of whether the firm is advising, trading, managing funds, or acting as an agent for Retail Clients will not align with the DFSA’s stated approach. Firms will need expertise in structuring a suitability framework that explicitly ties risk acceptance to the proposed activity, client segment, and operational footprint in DIFC.
  • Evidence collection and documentation that can withstand supervisory review: The Guidelines repeatedly emphasise reasoned and documented conclusions supported by objective evidence, particularly where negative indicators exist, and require firms to record how each criterion was assessed and why the associated risks were considered acceptable. Firms will therefore need a strong analytical and documentation capability. 
  • Traceability, monitoring, and financial crime alignment in real conditions: The indicators are explicit that privacy features can make monitoring impractical. Firms will need the capability to assess whether transfers, balances, and historical activity can be monitored in real time for AML screening, risk analysis, and compliance reporting, including Travel Rule-related expectations. 
  • Dual expertise in technology and risk management: The criteria and indicators require firms to assess the resilience of the underlying technology and governance arrangements. Firms will need both technical and risk management expertise to interpret how protocol design and operational events translate into risk, and to define appropriate governance and escalation arrangements. 
  • Ongoing monitoring and re-assessment: The DFSA expects ongoing monitoring of suitability assessments, with triggers for reassessment, clear accountability for decisions, and senior management oversight, supported by a cross-functional governance model that links compliance, risk, technology, and business owners. 

How AKW Consultants Supports Assessing Crypto Token Suitability and Implementation 

One of the fundamental requirements of Crypto Token suitability is that the firm reaches its conclusion on a reasoned and documented basis. That means suitability assessment will require deep critical thinking, clear rationale, and structured argumentation that links the token’s features and risks in a way that can be defended during internal governance reviews and DFSA supervisory engagement. This is exactly where AKW Consultants supports firms. We combine deep, practical expertise in DFSA Crypto Token requirements with the capability to design the governance structures, controls, and evidence trails that make a suitability decision credible. We support firms across the full lifecycle, from designing the suitability methodology and decision workflow to building monitoring triggers, review documentation standards, and ongoing oversight.

Related Articles