EST · MMXXVI
Home/Jurisdictions/Uae Adgm/Crypto exchange setup in Abu Dhabi Global Market (ADGM)
Licensing & Registration

Crypto exchange setup in Abu Dhabi Global Market (ADGM)

Crypto exchange setup in Abu Dhabi Global Market (ADGM). Cross-border digital-asset legal counsel for business – licensing, disputes and structuring. Talk to OB

Crypto exchange setup in Abu Dhabi Global Market (ADGM)

Setting up a crypto exchange (a platform enabling digital-asset trading) inside Abu Dhabi Global Market (ADGM) gives an operator direct access to a common-law financial centre regulated by the Financial Services Regulatory Authority (FSRA) – the dedicated regulator for financial services within the ADGM free zone. The FSRA operates a principles-based, activity-specific regime for virtual assets. Authorization is not optional: operating a trading platform for digital assets within ADGM without the required FSRA licence carries immediate enforcement exposure, threatens your banking relationships and puts the entire commercial structure at risk. This page sets out the regulated basis for a crypto exchange in ADGM, the authorization process for an inbound business, the cross-border tax and banking considerations, and the decision points that determine whether ADGM is the right jurisdiction for your build.

What the FSRA actually regulates – and why it matters for your exchange

The FSRA authorizes virtual-asset activities as regulated financial services under the ADGM Financial Services and Markets Regulations, applying the same standards as its broader financial-services regime. A crypto exchange within ADGM requires authorization to conduct activities including the operation of a virtual-asset trading platform, dealing in virtual assets as principal or agent, and, where relevant, providing custody. The FSRA maintains a concept of "recognized virtual assets" – a defined list of digital assets the regulator has assessed as suitable for regulated activity within the ADGM perimeter. Operating with assets outside that recognized list is a compliance risk that many inbound operators underestimate.

This is not a registration-light regime. The FSRA expects a fully capitalized, governed entity with a demonstrable management structure, a credible technology and risk-control framework, and AML/CFT policies aligned to FATF standards, including obligations equivalent to the Travel Rule (the requirement to pass originator and beneficiary information with each qualifying virtual-asset transfer). In our practice, operators who treat ADGM as a "fast offshore ticket" consistently misjudge the depth of the FSRA review.

The cross-border dimension is immediate. Most inbound businesses setting up in ADGM are not serving only Abu Dhabi clients. They are building a UAE base of operations to serve the wider Gulf, South Asia, or global user base. The FSRA authorization covers activities conducted from ADGM; it does not automatically extend to users in other jurisdictions. Any business serving users across borders must map the regulatory position in each relevant market from the outset – not as an afterthought.

ADGM versus VARA: choosing the right Dubai or Abu Dhabi vehicle

The most frequent decision an inbound operator faces in the UAE is whether to seek authorization under the FSRA within ADGM or under the Virtual Assets Regulatory Authority (VARA) regime in mainland Dubai. These are distinct regulators with distinct perimeters: ADGM is a financial free zone in Abu Dhabi governed by English common law and the FSRA; VARA covers mainland Dubai and is an activity-based licensing regime operating under its own rulebooks.

The choice is not purely geographic. Operators building an institutional or fund-servicing exchange generally find the ADGM model more aligned with their governance expectations – the common-law foundation, the FSRA's experience with sophisticated financial instruments, and the broader ADGM financial ecosystem all weigh in favor of ADGM for that profile. Operators targeting retail volume in the broader UAE and wider Middle East market sometimes find the VARA regime more directly suited to their commercial model, given VARA's activity-specific rulebooks for exchange services.

A third category of operator attempts to run both structures in parallel. We regularly advise on whether a dual structure – an ADGM entity for institutional activity and a VARA-licensed entity for retail – is proportionate to the business plan. The overhead of maintaining two licensed entities in the UAE is real. The analysis turns on client mix, asset scope and the regulatory risk profile the founders can sustain.

For a scoped comparison of the ADGM and VARA licensing paths for your specific exchange model, contact OBOLUS at info@oboluslaw.com. The process above describes the standard path. Your facts – the entity, the user base, the asset scope, the banking – change the analysis materially.

How does the FSRA authorization process work for an exchange?

The FSRA authorization process for a virtual-asset exchange runs in defined stages, beginning with an in-principle application and culminating in a final authorization with conditions. The process is thorough and document-intensive. An operator should expect the review to span multiple months, with the precise duration varying by the complexity of the proposed activities and the quality of the initial submission.

The application package the FSRA expects includes: a detailed business plan covering technology architecture, governance, asset scope and commercial projections; a regulatory business plan addressing how the firm will meet each relevant FSRA requirement; biographical questionnaires and fitness-and-propriety materials for controllers, senior managers and key function holders; a technology assessment and cybersecurity framework; AML/CFT policies, controls and Travel Rule implementation detail; and capital adequacy evidence. The FSRA conducts face-to-face engagement with applicant management at the in-principle stage. This is not a paper review in isolation.

One step that many inbound operators undervalue is the pre-application engagement with the FSRA. The regulator encourages applicants to engage informally before submitting, and that dialogue shapes whether the application is positioned correctly from the outset. In our experience, applications submitted without prior engagement frequently encounter avoidable requests for information that extend the timeline.

Post-authorization, an ADGM-licensed exchange operates within the FSRA's ongoing supervisory framework: periodic regulatory returns, notification obligations for material changes, capital maintenance requirements and compliance audit expectations. These are the operational overheads a board should model before deciding to incorporate in ADGM.

What capital and governance requirements apply?

The FSRA sets minimum capital requirements that vary by the regulated activities being authorized; the specific figures are confirmed through the application process and should be verified directly with current FSRA materials before any commitment. Operators should plan for capital requirements that are meaningful relative to the scale of their proposed operations – the FSRA's approach is calibrated to the activity profile, not a flat registration fee.

On governance, the FSRA expects a locally resident senior manager or approved person with substantive decision-making authority – not a nominee director arrangement with management sitting entirely offshore. The regulator has tightened its expectations on this point in recent years. Operators who attempt to satisfy the governance test with a single part-time director based outside the UAE consistently attract heightened scrutiny.

The technology governance layer matters independently. The FSRA expects an exchange to demonstrate resilience standards, penetration testing, incident-response procedures and cold/warm storage ratios for custodied client assets. For an exchange that also intends to provide custody, these requirements compound: the FSRA treats custody as a distinct regulated activity, and an operator conducting both exchange and custody functions under a single authorization will face a correspondingly broader review scope.

How do AML and the Travel Rule operate in ADGM?

AML and CFT compliance under the FSRA regime is aligned to FATF Recommendation 15 and the FATF guidance on virtual assets and virtual asset service providers (VASPs). The Travel Rule applies to qualifying virtual-asset transfers: an ADGM-licensed exchange is required to obtain, hold and transmit originator and beneficiary information for transfers above the applicable threshold. The precise de-minimis threshold should be verified against current FSRA guidance, as it may be adjusted over time.

In practice, Travel Rule compliance requires a technical integration decision: the exchange must select or build a mechanism for transmitting the required data to counterparty VASPs, many of which may be in other jurisdictions with different Travel Rule implementations. This is a live interoperability problem, not a solved compliance checkbox. The UAE financial intelligence unit, the UAEFIU, operates within the broader AML supervisory architecture, and ADGM-licensed entities are subject to UAE-wide AML reporting obligations alongside FSRA-specific requirements.

For operators already licensed in another FATF-member jurisdiction, ADGM AML compliance is conceptually familiar – but the FSRA's expectations on documentation depth, the quality of customer due diligence policies and the practical mechanics of Travel Rule delivery can still catch well-intentioned operators short. We have seen applications delayed because the AML framework submitted was adequate in its principles but insufficiently granular on VASP-to-VASP data transfer procedures.

What are the banking and tax considerations for an ADGM exchange?

Banking for a crypto exchange licensed in ADGM is achievable but requires deliberate management. A number of UAE-headquartered banks and branches of international institutions operating within or alongside ADGM maintain banking relationships with FSRA-authorized virtual-asset businesses. The operative word is "authorized": the banking relationship is substantially easier to establish once the FSRA license is in place rather than during the application period. Operators who arrive in ADGM expecting to open a full operational account before authorization is granted frequently encounter longer timelines than anticipated.

The cross-border banking dimension is a frequent source of friction. An ADGM exchange serving clients in multiple jurisdictions will need banking infrastructure that can receive fiat in multiple currencies and, in many cases, interact with payment rails that are not yet comfortable with virtual-asset counterparties. Some operators in our practice maintain a UAE bank account for ADGM-related activity and a separate account in a jurisdiction with a more developed crypto-banking ecosystem – such as Singapore or Switzerland – for broader operational flows. Whether that structure is appropriate depends on the entity's corporate setup, transfer-pricing position and the regulatory obligations in each banking jurisdiction.

On tax: ADGM businesses benefit from the UAE's corporate-tax environment, which introduced a federal corporate tax rate applicable generally to businesses from the financial year beginning June 2023. Free-zone entities, including those in ADGM, may qualify for a preferential rate on qualifying income, subject to meeting substance requirements. The substance requirements matter: a shell entity with no genuine local activity and no local employees is unlikely to maintain preferential treatment. The specifics of UAE corporate tax for ADGM entities should be verified against current Federal Tax Authority guidance and ADGM-specific rules – the regime is relatively new, and interpretive guidance continues to develop.

VAT in the UAE applies at the standard federal rate; the VAT treatment of specific virtual-asset transactions – exchange services, custody fees, token issuance – requires analysis against the Federal Tax Authority's current position. This is an area where the law is still developing, and an operator should not assume that the treatment which applied in an earlier period will hold prospectively without verification.

If your exchange is already operational elsewhere and you are mapping the ADGM expansion, message OBOLUS via t.me/oboluslaw to scope the tax and banking stack before you commit. If a prior application in another jurisdiction stalled or a banking account was closed, a second read of your structure can surface the reason and the route forward.

Which operator profile is best suited to ADGM?

ADGM is well suited to a defined set of exchange operator profiles. It is not the right answer for every business, and a candid assessment of fit is more useful to a decision-maker than a uniform endorsement of any single jurisdiction.

Institutional or professional-investor-focused exchanges – platforms whose primary counterparties are funds, corporates, family offices and professional traders rather than retail clients – typically find the ADGM model a strong fit. The common-law legal environment, the FSRA's calibrated approach to sophisticated-investor products, and the ability to interact directly with Abu Dhabi's asset-management and sovereign-wealth ecosystem all align with this profile. The application process is correspondingly more intensive, and the timeline is longer; but the authorization, once granted, carries institutional credibility.

Exchange operators seeking a UAE presence as part of a multi-jurisdictional structure – for example, a business that holds a MiCA CASP authorization in the EU, a Singapore MAS Payment Services Act licence, and is adding a Gulf hub – will find that ADGM's legal architecture integrates well with other common-law and civil-law regimes. The regulatory interaction between ADGM and, say, a Singapore or UK authorization is substantially more predictable than interactions involving less recognized offshore structures.

Operators primarily targeting UAE retail volume may find the VARA regime in mainland Dubai a more direct path, given VARA's activity-specific rulebooks designed around retail exchange services. This is not a quality judgment – VARA is a credible regulatory regime – but a structural fit analysis.

From practice: mapping a multi-layer ADGM structure

In a recent cross-border structuring matter, an institutional exchange operator based in a South Asian jurisdiction retained OBOLUS to assess whether ADGM or an alternative Gulf hub was the correct anchor for its planned expansion. The operator had an existing AML framework and a functioning banking relationship, but had received conflicting advice on whether its proposed asset scope – including certain tokenized securities – would fall within the FSRA's recognized virtual asset list. We conducted a regulatory mapping exercise across the ADGM and VARA regimes, identified that the tokenized securities component required a distinct securities-related authorization rather than a standalone virtual-asset licence, and structured the application sequence accordingly. The operator entered pre-application engagement with the FSRA in the following quarter with a correctly scoped application, materially reducing the risk of mid-process requests for information. The matter illustrated that ADGM rewards careful pre-application preparation and penalizes submissions that treat the regime as a lighter-touch alternative to a regulated financial centre.

Decision matrix: licensing paths and operator profiles

The following analysis maps the principal decision paths for a business evaluating an ADGM crypto exchange setup.

Profile A: Institutional exchange, UAE-anchored. The operator serves professional and institutional counterparties. Its asset scope is likely to include recognized virtual assets and possibly tokenized instruments. The correct instrument is a full FSRA authorization for the relevant activities. The timeline is measured in months, not weeks; the capital requirement is set by activity category; the key risk is a governance structure that does not satisfy the FSRA's approved-person and local-presence expectations at the point of submission.

Profile B: Retail or mixed-audience exchange, UAE-anchored. The operator intends to serve a mixed retail and institutional base from a UAE entity. The most direct path to serving this profile from a single UAE entity is via VARA's exchange licence; an ADGM authorization could cover institutional activity with a VARA entity running alongside for retail access. The key risk is the overhead of operating two licensed entities in parallel.

Profile C: Multi-jurisdictional group adding a UAE node. An operator with existing authorizations in one or more jurisdictions is adding ADGM as a Gulf hub. The application benefits from the documented AML/CFT framework and governance infrastructure already in place for other regulated entities. The FSRA will, however, conduct an independent review – a prior authorization elsewhere does not substitute for the ADGM process. The key risk is underestimating the FSRA's appetite for granular information even where much of the underlying material already exists in a different regulatory format.

Self-assessment checklist before engaging ADGM counsel

Before instructing counsel on an ADGM crypto exchange setup, an operator should be able to answer the following questions with substantive – not placeholder – responses.

  • Which specific activities will the ADGM entity conduct: trading platform operation, dealing as principal, dealing as agent, custody, or a combination?
  • Which digital assets are in scope, and have they been assessed against the FSRA's recognized virtual assets concept?
  • Who are the proposed approved persons, where are they resident, and are they able to commit to a genuine local-presence obligation?
  • What is the technology architecture – centralized order book, hybrid, OTC desk – and does the existing cybersecurity framework meet institutional standards?
  • What is the AML/CFT framework, and does it include a Travel Rule implementation plan at the VASP-to-VASP data-transfer level?
  • Is the entity structure (holding company, operating entity, capital source) defined and documented?
  • Is there an existing banking relationship that can be migrated or replicated for the ADGM entity?

An operator who cannot answer these questions at the point of engagement will spend the first phase of the advisory relationship on structure, not on the application itself. Investing in pre-application preparation is consistently more efficient than discovering gaps after the FSRA review begins.

A common assumption: one offshore licence covers global operations

A common assumption among operators approaching ADGM for the first time is that a single well-regarded authorization covers their entire client-facing activity, regardless of where users are located. This is not the position of the FSRA, and it is not the position of any other major regulator. An ADGM authorization licenses activities conducted from within ADGM and, to the extent the FSRA regime extends, from the ADGM entity to its clients – but it does not substitute for the regulatory requirements that apply in the jurisdiction where those clients are domiciled. A user base in the EU triggers MiCA CASP considerations. A user base in Singapore triggers MAS Payment Services Act analysis. A user base in the UK triggers FCA registration and financial-promotion obligations. The ADGM licence is one layer of a stack, not the entire stack.

Operators who proceed on the assumption that ADGM covers everything eventually encounter the same enforcement risk they were trying to avoid: a foreign regulator taking the position that the operator is conducting unlicensed activity in its jurisdiction. We map the multi-jurisdiction position as part of the initial scoping exercise so that the licensing programme addresses the real commercial footprint, not just the domicile of the holding entity.

Related at OBOLUS

FAQ

How long does a crypto licence take to obtain?

The FSRA authorization timeline for an ADGM crypto exchange varies by the scope and complexity of the proposed activities and the quality of the application submission. In our practice, operators who enter well-prepared – with governance, AML/CFT and technology documentation complete – move through the process materially faster than those who submit prematurely. As a qualitative guide, the process typically spans several months from initial submission to final authorization. Pre-application engagement with the FSRA can reduce avoidable delays.

Which jurisdiction is best for licensing my crypto business?

There is no universal answer. ADGM suits institutional, professional-investor-focused exchanges and multi-jurisdictional operators adding a Gulf hub. VARA in mainland Dubai suits operators targeting retail volume. Singapore and the EU's MiCA regime serve different profiles again. The right jurisdiction is a function of your asset scope, client base, governance structure and banking requirements. A mismatch between the jurisdiction and the business model produces regulatory friction, not protection.

Do I need a separate custody licence?

Under the FSRA regime in ADGM, custody of virtual assets is a regulated activity distinct from operating a trading platform. An exchange that also holds client assets requires authorization covering both activities. Regulators in other leading jurisdictions – including Singapore's MAS, the SFC in Hong Kong and VARA in Dubai – take comparable positions. Operators who assume that an exchange authorization automatically covers custody typically discover the gap during the supervisory review or, worse, after a client complaint.

OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance structures that sit around them. Digital assets are the entirety of our practice, and we act only for businesses. We map the licence stack across operating, custody and payment layers before you commit – because operating without the right authorization risks enforcement, frozen banking rails and the entire commercial structure. To discuss your ADGM exchange setup or a multi-jurisdiction licensing programme, contact info@oboluslaw.com.

By Aisha Tan, Licensing & Jurisdictions Analyst – specialises in ADGM, VARA and multi-hub licensing structures for digital-asset exchanges and custodians entering the UAE and Gulf markets.

This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.

Tell us the task — we'll map your options in 30 minutes.

Fixed-fee packages with defined scope and SLAs. The first call is free and under NDA. Business clients only.

Map your optionsinfo@oboluslaw.com · t.me/oboluslaw · reply < 2 hours