Oman

**No specific license exists.** Oman does not currently have a licensing regime for digital asset custody providers. Financial institutions operating under CBO licenses are generally advised against involvement with virtual currencies.

**Reference:** While a direct "licensing law" for crypto custodians doesn't exist, the CBO's general advisories against virtual currencies imply that such activities are not sanctioned for regulated entities.

**Central Bank of Oman Official Website:** https://www.cbo.gov.om/ - While specific crypto regulation is absent, the site provides information on regulated financial activities, none of which currently include virtual asset custody. Public warnings have been widely reported by news outlets referencing the CBO's stance.

**Segregation of Client Assets Rules:**

**Not applicable.** Since there is no framework for licensing crypto custodians, there are no specific rules regarding the segregation of client assets for such services.

**Not applicable.** Similarly, in the absence of a licensing regime, there are no specific insurance or bonding requirements for crypto custody providers.

**Not applicable.** There are no specific mandates for cold storage, as the regulatory framework for crypto custody does not exist.

**No definition exists.** Oman's regulatory landscape does not currently define "qualified custodians" in the context of digital assets.

There is **no publicly available information** or announced specific pending legislation in Oman that would introduce a regulatory framework for digital asset custody.

While Oman, like other countries, explores blockchain technology for various industrial applications and government services, this is distinct from regulating cryptocurrencies and virtual asset service providers. The focus remains on a cautious approach to the broader crypto market.

**Capital Market Authority (CMA) Virtual Assets Regulatory Framework (2023):** The CMA issued a comprehensive regulatory framework for virtual assets in July 2023. This framework aims to regulate the activities of VASPs, including issuance, listing, and trading of virtual assets, ensuring compliance with international AML/CFT standards. It covers licensing requirements, corporate governance, market conduct, and crucial for this discussion, AML/CFT obligations.

**Legal Reference:** While the full official text is often subject to specific publication (e.g., in the Official Gazette), announcements from the CMA confirm its promulgation.

*CMA Announcement:* CMA Oman News - Issuance of Virtual Assets Regulatory Framework (This link might change or be archived; search CMA Oman for "Virtual Assets Regulatory Framework 2023")

**Central Bank of Oman (CBO):** The CBO has previously issued warnings regarding the risks of virtual currencies. However, in parallel with the CMA, it has also been working on developing its own regulatory framework for digital assets, particularly concerning digital currencies and payments.

**Royal Decree No. 30/2016 on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Law), amended by Royal Decree No. 112/2020:** This is the foundational law for AML/CFT in Oman. While it predates explicit crypto regulations, its broad definitions of "funds," "financial institutions," and "financial activities" are intended to encompass new technologies and virtual assets once they fall under a regulated scope. VASPs, once licensed, will be designated as financial institutions or designated non-financial businesses and professions (DNFBPs) under this law.

Royal Decree No. 30/2016 (Official Gazette) - *Finding a direct English translation with a permanent public link can be challenging. It's often referenced through legal databases.*

Royal Decree No. 112/2020 (Amending some provisions of the AML/CFT Law) - *Similar challenge for direct public link.*

**Oman's Adherence to FATF Standards:** Oman is a member of the Middle East and North Africa Financial Action Task Force (MENAFATF) and is committed to implementing the recommendations of the Financial Action Task Force (FATF). FATF Recommendation 15 specifically addresses new technologies, urging countries to regulate and supervise VASPs for AML/CFT purposes, including sanctions compliance.

**Legal Reference:** FATF Recommendations (updated 2023) - particularly Recommendation 15 and the VASP Guidance

**Represents an Investment Contract:** The primary purpose of the token issuance is to raise capital from investors who contribute funds with the expectation of generating profit or return.

**Confers Rights Akin to Traditional Securities:** The token grants the holder rights typically associated with traditional securities, such as:

**Ownership or equity rights** in an underlying entity or project.

**Debt claims** or entitlement to repayment from an issuer.

**Rights to share in profits, revenues, or assets** of an enterprise.

**Voting rights** or other governance rights in a distributed autonomous organization (DAO) or company.

**Entitlement to future dividends, interest, or other economic benefits** derived from the efforts of others.

**Expectation of Profit from the Efforts of Others:** The token holder expects to derive profit, income, or appreciation in value primarily from the managerial or entrepreneurial efforts of the issuer or a third party, rather than from their own efforts or consumption of a product/service.

**Transferability:** The token is designed to be traded or transferred, indicating its nature as an investment instrument.

**Equity Tokens:** Tokens representing fractional ownership or shares in a company, granting rights like voting, dividends, or liquidation preferences.

**Debt Tokens:** Tokens representing a loan or debt instrument, entitling the holder to interest payments and principal repayment.

**Asset-Backed Tokens:** Tokens representing fractional ownership or a claim on tangible (e.g., real estate, commodities, art) or intangible assets, where the token holder's return is tied to the performance of the underlying asset.

**Revenue/Profit-Sharing Tokens:** Tokens that grant holders a share of the profits or revenues generated by a project or enterprise.

**Fund Tokens:** Tokens representing an interest in a collective investment scheme or fund.

**Tokens from Initial Coin Offerings (ICOs) or Security Token Offerings (STOs):** If the primary purpose of the offering is capital raising, and investors expect a financial return based on the efforts of the issuer or others.

**CMA Approval:** Prior approval from the CMA is mandatory for the issuance of security tokens.

**Prospectus and Disclosure Requirements:** Issuers must provide a comprehensive prospectus or offering document, containing detailed information about:

The issuer (financials, management, corporate governance).

The project or underlying asset.

The nature, rights, and risks associated with the security token.

Compliance with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulations.

**Governance and Operational Requirements:** Issuers must comply with robust corporate governance, risk management, and cybersecurity standards.

**Regulatory Sandbox:** The CMA operates a Regulatory Sandbox, which token issuers may utilize to test innovative security token offerings in a controlled environment, potentially with tailored or relaxed requirements, before full market launch.

**Exemptions:** Limited exemptions may exist for private placements to sophisticated investors or accredited investors, but these are typically on a case-by-case basis and still require notification or approval from the CMA.

**Licensed VASPs Only:** Security tokens can only be traded on Virtual Asset Service Providers (VASPs) that are specifically licensed and regulated by the CMA to operate a virtual asset exchange or trading platform.

**Market Integrity:** Licensed exchanges must implement measures to prevent market manipulation, ensure fair and orderly trading, and provide transparent pricing.

**Investor Protection:** VASPs must have robust mechanisms for safeguarding client assets, managing conflicts of interest, and handling complaints. This includes segregation of client funds and assets.

**AML/CFT Compliance:** Exchanges are subject to strict AML/CFT obligations, including customer due diligence (KYC), transaction monitoring, and suspicious activity reporting.

**Real-time Reporting:** VASPs are typically required to provide real-time trading data and regular reports to the CMA.

**Fines and Penalties:** For non-compliance with licensing, disclosure, operational, or AML/CFT requirements.

**Cease and Desist Orders:** To halt unauthorized virtual asset offerings or activities, including illegal STOs or operation of unlicensed exchanges.

**Revocation of Licenses:** For serious breaches of regulatory requirements by licensed VASPs or issuers.

**Referral for Criminal Prosecution:** In cases involving fraud, market manipulation, or severe violations of financial laws.

**Capital Market Authority (CMA) Official Website:**

**CMA Regulatory Frameworks / Publications (Arabic):** Official documents are typically published here first. You may need to navigate or search for specific decisions.

**CMA Decision No. E/127/2023 on the Regulation of Virtual Asset Service Providers:** While a direct public English PDF link to the full official decision can be challenging to find immediately on the CMA's main site (as decisions are often published in Arabic first in the official gazette), it is the pivotal legal instrument governing virtual assets. Reputable legal firms and financial news outlets have published summaries and analyses of this decision in English. You would typically access the official version via the Omani Official Gazette or direct request to the CMA if needed.

*Note:* As of current knowledge, a direct, freely accessible English version of the full CMA Decision E/127/2023 on the CMA website is not consistently available. For the most accurate and up-to-date information, consulting the official Arabic text or seeking advice from local legal counsel is recommended.

**Royal Decree No. 30/2016 (Law on Combating Money Laundering and Terrorism Financing):** This is the foundational AML/CFT law in Oman, outlining the obligations for financial institutions and designated non-financial businesses and professions (DNFBPs).

**Ministerial Decision No. 63/2016 (Implementing Regulations of the Law on Combating Money Laundering and Terrorism Financing):** This decision provides detailed regulations and guidelines for implementing Royal Decree 30/2016.

**Stablecoins:** Virtual assets designed to maintain a stable value relative to a fiat currency or other asset.

**Asset-Backed Tokens:** Virtual assets representing a claim on an underlying asset (e.g., real estate, commodities).

**Utility Tokens:** Virtual assets providing access to a product or service.

**Identification and Verification (ID&V) of Customers:**

Collecting identifying information such as name, address, date of birth, nationality, and unique identification number (e.g., passport, national ID card).

Verifying this information using reliable, independent source documents, data, or information (e.g., government-issued IDs, utility bills, biometric data).

For legal entities, this includes obtaining company name, legal form, address, proof of incorporation, and names of directors/senior management.

Identifying and verifying the identity of the natural persons who ultimately own or control the customer (typically individuals holding 25% or more of the shares or voting rights, or otherwise exercising control).

**Understanding the Purpose and Intended Nature of the Business Relationship:**

Gathering information about the customer's anticipated activity, the source of funds, and the purpose of the virtual asset transactions.

Conducting ongoing scrutiny of transactions undertaken throughout the course of the business relationship to ensure consistency with the VASP's knowledge of the customer, their business, and risk profile.

Ensuring that documents, data, or information obtained under the CDD process are kept up-to-date.

Implementing procedures to determine whether a customer or beneficial owner is a PEP.

Applying Enhanced Due Diligence (EDD) for PEPs, including obtaining senior management approval for establishing business relationships and conducting enhanced ongoing monitoring.

Screening customers and transactions against national and international sanctions lists (e.g., UN, OFAC).

Applying EDD for higher-risk categories of customers, business relationships, or transactions (e.g., non-face-to-face relationships, complex ownership structures, high-value transactions, cross-border correspondent virtual asset relationships, transactions involving high-risk jurisdictions).

**Obligation to Report:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds are proceeds of a criminal activity or are related to terrorism financing, it must promptly file a Suspicious Transaction Report (STR) with the Oman Financial Intelligence Unit (OMAFIU).

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that an STR is being, or has been, submitted, or that an investigation is being conducted.

**Transaction Records:** All records of domestic and international transactions, including information on the origin and destination of the funds/virtual assets, transaction amount, date, and type.

**CDD Records:** Records of all information obtained through the CDD process (identification data, beneficial ownership information, business relationship purpose, etc.).

**STRs and Internal Reports:** Copies of all STRs filed and any internal reports generated concerning suspicious activities.

**Duration:** Records must typically be maintained for a minimum of **five (5) years** after the completion of the transaction or the end of the business relationship.

**Oman Financial Intelligence Unit (OMAFIU):**

**Role:** The central national authority responsible for receiving, analyzing, and disseminating STRs to law enforcement agencies. It is the primary point of contact for suspicious transaction reporting.

**URL:** https://www.oma-fiu.gov.om/ (Note: The website is primarily in Arabic, but an English version may be available or linked).

**Central Bank of Oman (CBO):**

**Role:** While the CBO primarily regulates traditional banks and financial institutions, it also plays a critical role in overall financial stability and AML/CFT oversight. Historically, the CBO has maintained a cautious stance on cryptocurrencies, banning banks from dealing with them in 2018. It would likely continue to oversee any VASP activities that intersect with the traditional banking system.

**Role:** With the introduction of its Virtual Assets Regulatory Framework in July 2023, the CMA is emerging as the primary regulatory and licensing authority for **certain types of VASPs** in Oman (specifically those dealing with stablecoins, asset-backed tokens, and utility tokens). It will be responsible for ensuring that these licensed VASPs comply with AML/CFT requirements in addition to other regulatory mandates.

**National Committee for Combating Money Laundering and Terrorism Financing (NCCMLTF):**

**Role:** This inter-agency committee coordinates national efforts to combat money laundering and terrorism financing, including policy formulation and oversight of implementation.

**UN Sanctions Compliance:** As a member state of the United Nations, Oman is legally obligated to implement all UN Security Council Resolutions (UNSCRs), which include targeted financial sanctions against individuals and entities involved in terrorism financing and proliferation of weapons of mass destruction.

**Obligation for VASPs:** VASPs must screen all customers, beneficial owners, and transaction counterparties against the UN Consolidated List.

**Legal Reference:** UN Security Council Consolidated List

**OFAC (U.S.) Sanctions Compliance:** While OFAC sanctions are not Omani law, they have significant extraterritorial reach.

**Obligation for VASPs:** Any VASP operating in Oman that:

Deals with U.S. persons (citizens, residents, entities).

Processes transactions in U.S. dollars (even if not directly involving a U.S. person).

Uses U.S.-origin software or services.

Is part of a global group with U.S. operations.

**Legal Reference:** U.S. Department of the Treasury - OFAC Sanctions Programs and Information

**EU Sanctions Compliance:** Similar to OFAC, EU sanctions are not Omani law but are relevant for VASPs with any nexus to the European Union (e.g., customers, counterparties, funding, business operations within the EU).

**Obligation for VASPs:** If an Omani VASP has EU connections, it must screen against the EU Consolidated List of persons, groups, and entities subject to financial sanctions.

**Legal Reference:** EU Sanctions Map / Consolidated List

**Central Bank of Oman (CBO):** Has consistently issued warnings against dealing in cryptocurrencies for financial institutions under its supervision, citing risks such as volatility, money laundering, and lack of regulatory oversight. These warnings essentially act as a prohibition for banks and payment service providers. While these warnings are a form of regulatory action, they haven't been followed by publicly disclosed, named enforcement actions with specific fines against a particular entity *for crypto-related violations* that are distinct from broader financial regulations.

**Capital Market Authority (CMA):** This is where the most significant *development* has occurred recently. The CMA has been working on and recently issued a regulatory framework for Virtual Assets, marking a shift towards controlled legitimization rather than outright prohibition in certain sectors.

**CBO Warnings against Crypto (Ongoing/Recurring)**

**Regulator Name:** Central Bank of Oman (CBO)

**Entity Targeted:** Financial institutions regulated by CBO (e.g., banks, payment service providers) and the general public.

**Violation Type (Implied):** Engaging in or facilitating cryptocurrency transactions, promoting crypto investments, or operating without proper licenses/oversight. These warnings aim to prevent such activities.

**Penalty Amount:** Not applicable to a general warning. Any penalties for non-compliance by regulated entities would fall under existing financial regulations, but specific crypto-related fines haven't been publicly detailed.

**Date:** Ongoing, with several advisories issued over the past few years. A prominent one was in late 2022/early 2023.

**Outcome:** Prohibition for supervised entities and strong discouragement for the public, aiming to mitigate financial and systemic risks.

While specific CBO press releases on *individual* warnings are hard to find archived publicly in English, their general stance is widely reported by Omani media and financial news outlets. Here's a relevant article discussing their position:

**CMA Issuance of Virtual Asset Regulatory Framework**

**Regulator Name:** Capital Market Authority (CMA)

**Entity Targeted:** Future Virtual Asset Service Providers (VASPs) wishing to operate in Oman, and potentially entities currently operating without oversight.

**Violation Type (Implied for Future):** Operating as a VASP in Oman without a license once the framework is fully implemented, or non-compliance with the new regulations.

**Penalty Amount:** The framework itself details potential fines and sanctions for non-compliance, but these are part of the *new regulations* rather than penalties for past violations. No specific amounts have been levied yet under this framework against a named entity.

**Date:** Announced and issued in **November 2023**.

**Outcome:** Establishes a comprehensive legal and regulatory environment for virtual assets in Oman, paving the way for licensed crypto activities and, importantly, future enforcement actions against non-compliant entities. This is a move towards legitimization under strict control.

**CMA Oman Official Announcement (English):** https://cma.gov.om/Home/News/NewsDetails/638363765101683416

**LexisNexis Article discussing the framework:** https://www.lexisnexis.com/research/attachments/20240321_042456_861_LexisNexisMiddleEast_Oman_VirtualAssetFramework_032024.pdf