The Riffle
On 15 December 2025, the Dubai Financial Services Authority (DFSA) issued its Supervisory Guidelines on Assessing the Suitability of Crypto Tokens, providing much-needed clarity on how regulated entities should evaluate whether a Crypto Token is appropriate for use within the DIFC.
These guidelines support compliance with GEN Rule 3A.2.1(2)(a) of the DFSA Rulebook, which requires firms to conduct a formal and documented suitability assessment before using any Crypto Token in a regulated activity. Importantly, the DFSA reinforces that suitability is context-specific, not universal, and cannot be assumed based on market popularity or third-party assessments .
Key Highlights
1. Suitability Is Mandatory — and Contextual
The DFSA makes it clear that every regulated Person must independently conclude, on reasonable grounds, that a Crypto Token is suitable for a specific activity. The depth and outcome of the assessment must reflect:
The nature of the regulated activity
The target customer base (Professional vs Retail Clients)
The scale and complexity of the firm’s DIFC operations
A token suitable for a professional-only fund may be wholly unsuitable for retail distribution — even within the same firm .
2. No ‘One-Size-Fits-All’ or Transferable Findings
A key message running through the guidelines is non-transferability. A suitability determination:
Cannot be reused across different activities
Cannot be relied upon simply because another firm or fund manager has approved the token
While firms may consider third-party assessments, the ultimate regulatory responsibility always remains with the Person conducting the activity .
3. Five Core Assessment Criteria
The DFSA outlines five mandatory assessment pillars, each supported by positive and negative indicators:
Token Characteristics
Clear real-world use case
Transparent governance and documentation
Publicly identifiable development team
Low concentration risk among token holders
Regulatory Status in Other Jurisdictions
Formal regulatory approval (e.g. under EU MiCA)
Issuer subject to ongoing regulatory supervision
Clean enforcement history
Market, Liquidity & Trading History
Sufficient market capitalisation and liquidity
Stable and observable pricing across exchanges
Transparent and verifiable supply metrics
Technology & Blockchain Infrastructure
Issued on a mature, secure blockchain
Proven incident response and upgrade mechanisms
Compatibility with DFSA Rules
Ability to comply with AML, Travel Rule, monitoring, and reporting obligations
No technological features that obstruct regulatory compliance
Where negative indicators are identified, firms must provide documented, objective evidence showing that the associated risks have been properly assessed and deemed acceptable .
4. Heightened Focus on Monitoring and Transparency
The DFSA explicitly flags concerns around:
Privacy-enhancing technologies that inhibit transaction monitoring
Meme coins or tokens lacking genuine economic purpose
High insider or affiliate token concentration
Tokens that prevent effective AML monitoring or Travel Rule compliance will face significantly higher regulatory scrutiny.
Conclusion
The DFSA’s supervisory guidance signals a clear shift from theoretical compliance to evidence-based decision-making in the DIFC’s digital asset ecosystem. Firms can no longer rely on market presence, exchange listings, or external approvals alone — suitability must be demonstrated, documented, and defensible.
For regulated entities, this means strengthening internal governance, enhancing crypto due-diligence frameworks, and ensuring suitability assessments remain dynamic and activity-specific.
Next Steps for Firms
Review existing Crypto Token usage against the DFSA’s five assessment criteria
Update internal suitability assessment frameworks and documentation
Re-evaluate reliance on third-party or historic assessments
Ensure alignment with GEN Rule 3A.2.1 and related AML obligations
