Four Financial Centres Racing to Lead on Crypto Regulation
Dubai, Hong Kong, Paris and London are not waiting for a single global standard to emerge. Each has built, or is actively building, a licensing regime serious enough to attract regulated crypto businesses at scale. For accounting firms, auditors and CFOs advising digital asset clients, understanding the practical differences between these frameworks is no longer optional; it shapes where clients incorporate, which rules govern their books, and what compliance infrastructure they need in place.
Why Regulatory Clarity Has Become a Competitive Asset
The collapse of a major crypto exchange in late 2022 accelerated calls from the G7 and the Financial Stability Board for countries to bring crypto oversight in line with traditional financial services standards. The consensus from global watchdogs is that robust rules protect consumers and reduce the risk of financial contagion spreading from crypto markets into the broader system.
The Case for Clear Rules
Clear regulation does more than tick societal boxes. It reduces legal uncertainty for market participants, which in turn lowers compliance costs and encourages firms to commit capital and headcount to a jurisdiction. The four centres discussed below have each recognised this and positioned their frameworks accordingly. None has adopted a deliberately light-touch approach; all four are pitching serious oversight as the selling point, not the obstacle.
Dubai: First Mover With a Comprehensive Licensing Regime
Dubai's Virtual Assets Regulatory Authority (VARA) has been operational since April 2022, making it one of the earliest major financial centres to require mandatory licensing for virtual asset service providers (VASPs), including exchanges and custodians. Any firm seeking to operate from the Emirate of Dubai must apply to VARA and demonstrate compliance with requirements spanning AML and counter-terrorist financing (AML/CFT), consumer protection and market integrity.
AML/CFT Obligations Under VARA
VARA's AML/CFT requirements are substantive. Applicants must show they use blockchain analytics tools capable of identifying financial crime risk across wallets and transactions, and that they can comply with Travel Rule obligations, gathering and transmitting originator and beneficiary data on transfers. These are not aspirational guidelines; they are licensing conditions.
It is worth noting that VARA's remit covers the Emirate of Dubai specifically, excluding the Dubai International Financial Centre, which operates its own regulatory framework. Across the wider UAE, other regulators have also rolled out comprehensive digital asset rules, and the country has articulated a national strategy to position itself as a technology and innovation leader. Early signs suggest the strategy is attracting institutional interest: Standard Chartered's crypto custody arm, Zodia, announced plans to offer custody services from Dubai in May 2023.
Hong Kong: From Institutional-Only to Retail Licensing
Hong Kong's path to becoming a crypto hub has been more circuitous. The Securities and Futures Commission (SFC) has operated a voluntary licensing regime for crypto firms since 2018, but with a significant constraint: VASPs were prohibited from serving retail customers and could only service professional and institutional investors. This restriction led many Asia-Pacific operators to look elsewhere.
The Shift Toward Retail Access
In late 2022, Hong Kong policymakers signalled a willingness to revisit the retail trading ban. The SFC launched a consultation in February 2023 on a new framework that would permit licensed exchanges to serve retail customers, subject to strict consumer protection and market conduct requirements. That regime launched on 1 June 2023, and it prompted several crypto firms to announce Hong Kong as their regional operational base. A jurisdiction that had appeared largely closed to retail crypto is now actively competing for business.
The shift has compliance implications. Firms moving to Hong Kong must meet SFC requirements designed around retail investor protection, which include conduct rules and disclosure standards that will demand careful documentation and audit trails. Accounting teams and auditors working with clients in the region should familiarise themselves with the SFC's published guidelines before advising on entity structure or financial reporting.
Paris and the EU: MiCA as the Backdrop
European regulatory developments are inseparable from the EU's Markets in Crypto-Assets Regulation (MiCA). MiCA requires crypto-asset service providers (CASPs) across the EU to meet harmonised regulatory standards covering authorisation, consumer protection, market integrity and prudential requirements. The framework rolled out on a staggered timeline from mid-2024, and the transitional period for CASPs has now expired, meaning MiCA CASP authorization is now mandatory across the EU.
France's Active Positioning
Within the EU, France has been the most vocal in pitching Paris as a preferred base for crypto firms considering their European structure. French regulators publicly signalled openness to crypto businesses seeking alternatives to the US market, and major exchanges including OKX and Binance have indicated France is on their shortlist. The Autorité des marchés financiers (AMF) had already established an optional registration regime for digital asset service providers ahead of MiCA, giving France a head start in familiarity with crypto oversight.
For accounting firms advising clients on EU structuring, France's active recruitment of crypto firms means it will likely generate a significant share of MiCA authorisation and compliance work. The passporting benefit of a MiCA licence, which allows a CASP authorised in one EU member state to operate across the bloc, makes the choice of home jurisdiction a material commercial and compliance decision.
Our coverage of ESMA's Q&A on the MiCA white paper exemption sets out related classification questions firms will need to resolve alongside their authorisation applications.
London: Rebuilding Its Crypto Reputation
The UK's relationship with crypto regulation has been complicated. The Financial Conduct Authority (FCA) drew criticism for a high rate of refusals and withdrawals in its early crypto registration process, leading some firms to characterise the UK as unwelcoming. That perception is now being actively contested.
The Financial Services and Markets Act Framework
Amendments to the Financial Services and Markets Bill gave the UK a statutory basis for a comprehensive crypto regulatory framework. The government framed a well-regulated crypto sector as central to the UK's continued leadership in financial services. The FCA has since been developing detailed rules covering trading platforms, custody, lending and staking, and our earlier reporting on how the FCA finalized the UK crypto regulatory framework sets out the key obligations for firms.
Coinbase publicly described the UK as a more promising environment than it had previously been, and the FCA's published consultation papers suggest a framework that is substantive but designed to be workable for well-run firms. The UK's approach differs from MiCA in that it is developed through FCA rule-making rather than directly applicable EU legislation, which gives the FCA more flexibility but also means the rules will evolve through multiple consultations over time. Firms and their advisers need to track these consultations actively; missing a comment window or a policy shift can create gaps in compliance planning.
What This Means for Accounting Firms and CFOs
Four serious licensing regimes across two continents create a fragmented but navigable landscape. The practical implications for professional advisers cluster around a few key areas.
Client Entity Structuring
Where a client chooses to incorporate or obtain its operating licence determines which accounting standards, audit requirements and regulatory reporting obligations apply. A CASP licensed in France under MiCA operates under different financial reporting expectations than one licensed by VARA in Dubai or the SFC in Hong Kong. Digital asset accounting software used for client engagements must be capable of generating records that satisfy each regime's specific requirements, not just producing a generic transaction history.
AML/CFT Documentation and Audit Trails
All four jurisdictions place significant weight on AML/CFT compliance as a licensing condition. For auditors and compliance teams, this means clients need documented policies, transaction monitoring evidence and Travel Rule compliance records that can withstand regulatory scrutiny. The quality of underlying blockchain analytics data is a recurring issue; our piece on blockchain analytics data quality and due diligence questions is directly relevant to any firm reviewing a client's AML infrastructure across these jurisdictions.
Ongoing Regulatory Monitoring
None of these frameworks is static. VARA issues additional guidance, the SFC publishes circulars, MiCA is supplemented by regulatory technical standards from ESMA, and the FCA continues to consult. Accounting firms that advise crypto clients need monitoring processes in place, not just point-in-time assessments. The same applies to firms selecting crypto bookkeeping software or digital asset accounting software for their own practice: the tooling needs to accommodate evolving reporting requirements across multiple jurisdictions without manual rework at each regulatory update.
Source: Elliptic
FAQ
Dubai's VARA framework is among the earliest to require mandatory licensing, with detailed AML/CFT, Travel Rule and market integrity conditions as licensing prerequisites rather than aspirational standards. Hong Kong, France and the UK have each developed substantive regimes, but VARA's early implementation gives Dubai a head start in practical experience.
Yes. MiCA includes a passporting mechanism, so a CASP authorised by the AMF in France can provide services across the EU without needing a separate licence in each member state. This makes the choice of home member state a significant commercial decision for firms structuring their European operations.
Licensed exchanges in Hong Kong that now serve retail customers must meet additional SFC requirements on consumer protection, suitability, disclosure and market conduct. These obligations generate documentation and audit trail requirements that go beyond what was needed under the prior institutional-only regime.
Under VARA's AML/CFT framework, licensed VASPs must collect and transmit data identifying the originators and beneficiaries of virtual asset transfers, in line with the Financial Action Task Force's Travel Rule. VARA requires applicants to demonstrate they have technical solutions in place to fulfil this obligation before a licence is granted.
Firms should evaluate whether their digital asset accounting software can produce jurisdiction-specific records, accommodate different regulatory reporting formats, and integrate with AML and Travel Rule compliance data. A tool built around a single regulatory model will create manual overhead as client licences span Dubai, Hong Kong, the EU and the UK simultaneously.
