Living & Working in UAE

CBUAE Open Finance Licence: UAE TPP, SVF and PSP Routes

June 13, 2026 No comments yet

A CBUAE Open Finance licence is the authorisation most onshore UAE fintechs look to when they want to access account data or initiate payments on a regulated basis. The Central Bank of the UAE (CBUAE) is the regulator that matters for activity conducted onshore, and its frameworks for third-party providers, stored value and retail payments determine which permission you actually need. This guide explains how the main pathways fit together, how to scope the right category, and how to sequence an onshore application against a free-zone base.

What a CBUAE Open Finance licence covers

Open Finance is a framework rather than a single product. Firms pursuing a CBUAE Open Finance licence are typically authorised as third-party providers (TPPs) under that framework, which lets them access customer financial data and initiate payments with explicit consent. There are two broad TPP roles to understand:

  • Account information services — aggregating and presenting a customer’s financial data across providers, with consent, to power budgeting, lending decisions or onboarding.
  • Payment initiation services — instructing a payment directly from a customer’s account, without handling the funds yourself.

The distinction matters because the obligations, technical integration and risk profile differ. Many founders assume they need the broadest permission available; in practice, scoping to the narrowest role that supports your product reduces cost, shortens preparation and simplifies ongoing compliance.

Stored Value Facilities (SVF)

An SVF licence covers wallets and stored-value products where customer funds are actually held before they are spent. Because you are holding customer money, this route carries heavier safeguarding, governance and capital expectations than data-only models. You are likely in SVF territory if your product:

  • Holds a balance customers top up and draw down over time.
  • Issues a wallet, prepaid instrument or stored-value instrument usable across merchants.
  • Sits between payer and payee in a way that puts customer funds on your books.

If, by contrast, money only ever passes through regulated rails and never rests with you, a different framework may be the better fit. Getting this classification right early is one of the highest-leverage decisions you will make, because rebuilding a product to change its regulatory footing is expensive.

Retail Payment Services (PSP)

The CBUAE Retail Payment Services framework licenses payment activities such as acquiring, aggregation, payment-account services and money transfer. It is organised into categories, and the one you need depends precisely on which payment functions you perform and whether you touch customer funds. A useful first question is functional: are you moving money, holding money, providing the technical rails, or simply presenting data? Your honest answer usually points to one or two candidate categories rather than the whole menu.

How to scope the right category

Before any application, work through a short diagnostic. It saves weeks of back-and-forth and avoids applying for a permission you do not need.

  • Map the money flow. Draw exactly where funds originate, where they rest (if anywhere), and where they settle. Whether customer money touches your balance sheet is the single biggest driver of which licence applies.
  • Separate data from funds. Data-access models and funds-holding models sit under different regimes with very different obligations. Many products do one but think they need both.
  • Define the customer. Consumer-facing products carry consumer-protection expectations that pure B2B infrastructure may not.
  • Check substance requirements. Governance, local presence, fit-and-proper management and operational resilience are assessed, not just the product itself.
  • Confirm current thresholds. Capital and safeguarding figures vary by category and activity and are updated by the CBUAE — always confirm the current requirement rather than relying on a figure you read once.

Onshore CBUAE vs free-zone routes

CBUAE authorisation governs onshore activity, while ADGM (through the FSRA) and DIFC (through the DFSA) regulate within their respective financial free zones. These are different regulators with different rulebooks, not interchangeable doors to the same room. Each route has trade-offs:

  • Onshore CBUAE gives the most direct access to the domestic UAE market and its payment infrastructure, with a regime tailored to onshore retail activity.
  • Free zones (ADGM / DIFC) offer an English-common-law environment, familiar to international investors, and can be well suited to infrastructure, B2B and regional-hub models.

Many fintechs combine a free-zone base with CBUAE engagement to reach onshore customers. That can be the right structure — but it has to be designed deliberately, because retrofitting your corporate and regulatory structure after launch is one of the most costly forms of rework in this sector. Decide early, document the rationale, and keep the structure consistent with how money actually moves through your product.

Preparing a strong application

Whichever route you take, regulators look for the same fundamentals. Prepare these before you file:

  • A clear business and revenue model, with realistic projections.
  • A defined risk and compliance framework covering AML, fraud and operational resilience.
  • Fit-and-proper, experienced leadership and a credible governance structure.
  • Safeguarding arrangements appropriate to whether and how you hold customer funds.
  • Technology, data-protection and information-security controls that match your activity.

Strong applications are coherent: the licence you request, the money flow you describe, the capital you hold and the controls you operate all tell one consistent story. Inconsistency is what triggers questions and delay.

How TruVis helps

TruVis helps you choose the right onshore or free-zone route, scope the TPP, SVF or PSP permission you actually need, and manage the CBUAE engagement end to end — from structuring and documentation to liaison through the assessment. If you are weighing a CBUAE Open Finance licence against a free-zone base, start at licensing.truvis.ae and we will map the route to your product.

Frequently asked questions

Is there a single CBUAE Open Finance licence?

Not exactly. Open Finance is a regulated framework under which firms are authorised as third-party providers for account-information or payment-initiation services. The permission you hold reflects the specific role you perform rather than one blanket licence.

Do I need a free-zone entity as well as CBUAE authorisation?

It depends on your model and target market. Some firms operate fully onshore; others combine a free-zone base with CBUAE engagement for onshore reach. The right answer follows from how money moves through your product and who your customers are — it should be designed deliberately, not assumed.

How much capital do I need?

Capital and safeguarding requirements vary by category and activity and are set and updated by the CBUAE. Rather than rely on a fixed figure, confirm the current requirement for your specific licence category before you build your plan.

TruVis provides strategy-led advisory and managed business services; we are not a broker. The information above is general and indicative, may change with regulatory updates, and is not legal, tax or financial advice. Approvals for licences, visas, banking, Ejari or Tawtheeq are never guaranteed and remain subject to the relevant authority. Speak to our team for guidance tailored to your case.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts

Let's get started

Give us a call or fill in the form below and we will contact you. We endeavor to answer all inquiries within 24 hours.