It was almost divine to start the day, with the news of Indian Supreme Court setting aside the impugned Reserve Bank of India (RBI) circular last week which directed the RBI regulated entities to not deal in virtual currencies and also exit existing relationships in this regard! And so began the India’s Crypto Winter with a forced break up.

While India was  made to leash its crypto dreams, other jurisdictions marched full throttle to become the leading blockchain/crypto “valleys” “hubs” “islands” and “nations”, including India’s largest trading partner: The UAE.

But letting bygones be bygones, now that India is ‘springing’ back into the crypto market, it might be the right time to speak of the looming concerns and areas which might deserve a focus from an Indian perspective.

In this piece we haven’t attempted to comment or critique on the Indian SC judgement! The judgement is what legends are made of, so should remain untouched and unscathed of any remarks and tittle-tattles.

But we have tried to simply share some of our experiences as a firm, of the growth and mistakes of crypto market in the Middle East in the last few years – by keeping legalese to minimum and where possible, mapping it with the Indian developments or lack thereof.

LICENSING: Ring Fence where necessary

For the uninitiated, UAE works on a activity based licensing model for setting up of companies. A legal entity can be incorporated on mainland or in one of the 45 freezones based on the intended activities that the entity proposes to carry out., In the past Many companies in UAE have tried to operate out of wrong licenses and conduct crypto related activities basis such licenses.  One such crown jewel being the case of a crypto exchange which tried to operate out of a software portal license from one of the freezones which has since been mandated to switch to a regulated model..

Currently, ADGM through its regulatory arm the FSRA has a fully operational licensing regime for virtual assets and related activities[i]. Speaking of exchanges, ADGM through its erstwhile Crypto-Assets Framework  regulated the crypto-assets exchanges at par with multilateral trading facilities (MTF). Which meant that the set-up and governance obligations for a crypto-exchange were as rigorous under the markets and infrastructure rules of the FSRA- as that of an MTF or OTF.[ii]

ADGM now covers the crypto exchanges under the ambit of multi-lateral trading facilities. Similarly, many jurisdictions treat crypto-asset exchanges at par with the available trading facilities-  Eg.- MiFID II [iii]

This is not to say that India should switch to ‘activities based licensing’ model for all the activities, but it might be helpful to introduce or draw a parallel with existing laws for MTFs (if any); as the same will determine India’s treatment of crypto-exchanges. It’ll be helpful to identify and monitor exchange’s market surveillance mechanisms; trading mechanisms; settlement processes; transaction recording and risk management mechanisms.

More so, it’ll help India determine its approach towards those that do not qualify as exchanges but are pure order routing facilities or market intermediaries, such as: OTC Desks, crypto brokerage, custodians and other acting in principle or agent services. Such services in our experience at likely to outnumber the crypto-exchanges.

It has been our experience with representing the exchanges and OTC Desks, that it is never easy to ensure the activities do not step into each other’s territories and become a regulatory nightmare.

India might want to look at this golden opportunity sooner, as crypto-exchanges will either try to revive their operations or existing exchanges globally would want to penetrate the Indian market.

TOKENISATION OF SECURITIES: Time to make friends with SEBI

We have seen a massive surge in projects based on tokenization of securities in the Middle Eastern region lately. With increasing trend of tokenization of SPVs, fund units and real estate investment trusts. While ADGM already has a framework for issuance of virtual-assets, digitized securities and fiat tokens, UAE’s Securities and Commodities Authority (SCA) is likely to give a green signal on the proposed crypto-asset regulation soon. Despite having one of the most robust real estate frameworks, UAE is hoping to fix liquidity issues by permitting tokenization of- securities, title and rights associated with real estate.

As a part of Fintech Working group for the Arab Monetary fund, KARM has also had a chance to interact with Central Banks and Capital Market Authorities of 22 (twenty-two) other MENA region countries- all exploring ways to best implement/introduce regulations for digital assets including ways to tokenize securities, real estate and natural resources. Some countries are also contemplating issuance of CBDCs, which to our understanding has also been proposed in India vide the draft regulations. 

One of the finest examples (and often less celebrated) in this context is the Central Bank of Bahrain which introduced a Crypto Asset Module in Capital Markets volume of its rulebook.

Bearing that in mind, India’s SEBI is yet to make an appearance in the debate. Once there is a (re)surge in the demand and supply of token-based projects in India, SEBI will have a much larger role to play than RBI, Department of Economic Affairs or Enforcement Directorate- Similarly, multiple sectors like tourism, hospitality, real-estate are likely to witness a penetration of tokenization models and will require a collective focus from regulators in areas of consumer protection and product liability.

Some of the practical problems that we have faced and require diligence from a Capital Markets Authority are:

Other aspects like fractionalization of ownership, listing, secondary trading will all require a much thought out approach.  While technology may eventually come up with answers for most of these problems, currently the technology isn’t self- sufficient and will require a higher degree of regulatory oversight to get it in order.

CROWDFUNDING: ICOs have died, the ICO mentality hasn’t!

India is likely to witness a surge in tokenization-based projects which will try to evade the private-placement rounds and issue tokenized securities. The urge to find alternatives to IPOs has not subsided and possibly never will. But the solution isn’t to force a plain vanilla private placement on such entities rather provide options for operating and regulating crowdfunding platforms (specifically the ones facilitating token subscriptions/offerings). For India SEBI’s coveted consultation paper on crowdfunding possibly needs more attention.

In UAE for instance both the IFCs , DIFC and ADGM provide options for crowdfunding (CF) or private financing platforms (PFP). ADGM  also provide possibilities of financing through and for- securities and virtual assets.

DIFC offers equity, loan and property crowdfunding licenses and is home to some of the leading crowdfunding platforms like and FundedbyME. Only recently that DIFC has also permitted capital raise on crowdfunding platforms through tokens. Two of such projects have been inducted in the sandbox model of DIFC and KARM has had the privilege of advising both.

Which brings us to our next area of interest: Sandboxes. Both DIFC and ADGM’s Sandboxeshave received overwhelming response from start-ups around the globe Time might be ripe to extend RBI’s sandbox to virtual assets and tokenization-based projects. A sandbox will atleast ensure that projects do not shift bases to other jurisdictions- case in point being UAE and Singapore which have had a history of successful sandboxes.

AML/KYC/CFT- It’s a concern, not a deal breaker

India should pat itself for having one of the strongest ID systems in the world (happy to debate this on facts and figures).Yes, AML/ KYC is a major problem- but India has already achieved what remains a distant dream for many countries- a nationalized identification system! Again, this is not to say that linking Aadhar with your digital wallets will solve all the problems, but it’s not a bad start either. Take it a notch higher by having clearly defined rules for API integration and one might achieve a great solution.  During the course of KARM’s surveys for drafting guidelines on ‘Digital Identity and E-KYC’ for the Arab Monetary Fund, most regulators in the MENA region have portrayed a desire for utilizing an ‘Aadhar’ style model for use and implementation of CBDCs, Open Banking/Finance and Fintech solution. An observation to be proud of!

A regulator’s involvement- Further, a regulator can get into the details of client onboarding, business continuity, disaster recovery plans and security operating procedures of a project. In our experience, a defining factor in such projects has also been the responsibility and obligations of the money-laundering reporting officer (MLRO) which is required to be appointed by each and every regulated entity in the freezone, hence hedging the risk of the regulator to a greater extent.


It’s high time that jurisdictions start taking compliance functions and enforcement measures seriously. IT, Cyber and Information security, together with Situational Awareness with threat intelligence at the heart thereof, are areas which have unfortunately never received the necessary attention.. India, factually being a technologically strong country, with abundant  and relative easy access to a skilled workforce, can easily create, manage, test and evolve in the sphere of Cyber Resilience.

In so far as the protection of personal data is concerned, well.. pass that bill already! In repeatedly discussing and deliberating on aspects and issues of personal data and the protection thereof, such like the GDPR, India might just delay a golden opportunity of formalizing the personal data protection law. So far as Blockchain is concerned, Blockchain and Data Protection conceptually are at logger heads with each other- so market dynamics might turn out to be way different than what the law anticipated them to be.

As lawyers to a project providing data storage through a public permissionless blockchain, we have witnessed the lack of clarity available 'globally' on the hierarchy and accountability of different category of nodes on the blockchain from the persepctive of data processing, anonymity and ring fencing of personal data. While we have managed to find solutions, such solutions qualify only as good governance practices- until formally recognized by the legislature. UAE currently has no law to this effect barring a few sectoral regulations leaving a room for interpretation. Therefore, if India is so close to having one- then might just expedite on it to save industry of Round 2 of regulatory confusions.


From a UAE perspective, opening up of Indian crypto markets is on most accounts great for its largest trading partner- UAE. UAE has witnessed a surge in projects getting hosted from its freezones in the last 2 quarters. What is now needs is a market to usher in a crypto summer and ripen its trade. What better than a market 1.2 Billion people strong?




[i]  Financial Service Regulatory Authority, 'Guidance – Regulation Of Virtual Asset Activities In ADGM' (2020), Available at:,  accessed 10 March 2020.


[ii] Abu Dhabi Global Markets, 'FSRA Updates Its Virtual Asset Regulatory Framework' (2020) Available at:,  accessed 10 March 2020





To stay updated,

subscribe to our newsletter