Pakistan -- Licensing Requirements Regulatory Overview

A standing prohibition by the State Bank of Pakistan (SBP) for regulated financial institutions to deal in or facilitate virtual assets.

Ongoing discussions and proposed legislative efforts, primarily driven by the need to comply with Financial Action Task Force (FATF) recommendations, to eventually introduce a regulatory framework.

**SBP BPRD Circular No. 03 of 2018:** Issued on April 06, 2018, this circular explicitly prohibits all banks, Microfinance Banks (MFBs), and Payment System Operators (PSOs)/Payment Service Providers (PSPs) from:

Dealing in Virtual Currencies/Coins/Tokens (VCs/VCOs/VCTs).

Facilitating any transaction involving VCs/VCOs/VCTs.

Maintaining accounts of individuals/entities involved in VCs/VCOs/VCTs.

**Implication:** This circular effectively creates a de facto ban on any regulated financial institution in Pakistan from engaging with or facilitating cryptocurrency activities. This means that:

**Cryptocurrency exchanges, custody providers, and payment processors cannot legally operate with bank accounts in Pakistan or integrate with the traditional financial system.**

Any individual or entity involved in crypto transactions faces significant challenges in dealing with their funds through regulated financial channels.

**State Bank of Pakistan BPRD Circular No. 03 of 2018: "Caution against usage of Virtual Currencies/Coins/Tokens (VCs/VCOs/VCTs)"**

**Exchanges:** No license. Cannot lawfully connect to the banking system.

**Custody Providers:** No license. Cannot lawfully connect to the banking system.

**Payment Processors (Crypto-related):** If processing fiat for crypto, no license and prohibited for regulated entities. If purely crypto-to-crypto, it operates outside the formal financial system but still in a legally ambiguous and high-risk environment.

**FATF Recommendation 15:** Which requires countries to regulate and supervise Virtual Asset Service Providers (VASPs) for Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) purposes. Pakistan's compliance with FATF recommendations is critical for its international financial standing.

**Proposed Drafts:** Various draft bills and frameworks have been reported in the media, suggesting that a future regime might include:

**Registration:** Likely for smaller or lower-risk VASP activities.

**Licensing:** For higher-risk activities, larger entities, or specific types of virtual assets (e.g., security tokens, if classified as securities).

**SECP (Securities and Exchange Commission of Pakistan):** Likely to regulate VAs, especially those that may fall under the definition of securities. https://www.secp.gov.pk/

**SBP (State Bank of Pakistan):** Would likely maintain oversight for payment systems and potentially for stablecoins or central bank digital currencies (CBDCs) if introduced.

VASPs would likely need to maintain a minimum paid-up capital to ensure financial stability and solvency. The exact amounts would vary based on the type and scope of services (e.g., higher for exchanges vs. simple transfer services).

**AML/KYC (Anti-Money Laundering / Know Your Customer):** This will be the cornerstone of any future regulation, driven by FATF compliance.

**Customer Due Diligence (CDD):** Robust procedures for identifying and verifying customer identities (KYC).

**Enhanced Due Diligence (EDD):** For higher-risk customers or transactions.

**Transaction Monitoring:** Systems to detect unusual or suspicious transaction patterns.

**Record Keeping:** Maintenance of transaction and customer data for prescribed periods.

**Reporting Obligations:** Reporting of suspicious transactions (STRs) and potentially cash transaction reports (CTRs) to the Financial Monitoring Unit (FMU).

Likely requirement for a physical office and local management (e.g., CEO, AML Officer) to ensure local oversight and accountability.

Management, directors, and significant beneficial owners of the VASP would need to meet "fit and proper" criteria, including checks on their financial standing, reputation, and experience.

Robust cybersecurity frameworks, data protection measures, and secure storage solutions for virtual assets (e.g., hot/cold wallet management).

Business continuity and disaster recovery plans.

Clear organizational structure, risk management policies, and internal audit functions.

Requirements for transparent disclosures, fair trading practices, and mechanisms for handling customer complaints.

**Pre-Application Consultation:** Optional or mandatory meetings with the regulator (e.g., SECP) to discuss the proposed business model.

**Submission of Application Package:** A comprehensive submission including:

Detailed business plan and financial projections.

Shareholding structure and beneficial ownership information.

Profiles of key personnel (management, directors, compliance officers).

Comprehensive AML/CFT manual and policies.

Technology architecture and security frameworks.

**Due Diligence by Regulator:** The regulator would conduct thorough background checks on the applicant entity, its management, and beneficial owners.

**Interviews:** Potential interviews with key personnel.

**Review and Approval/Rejection:** The regulator would review the application and, if satisfied, grant the license/registration, subject to ongoing compliance.

**Post-Licensing Obligations:** Continuous reporting, audits, and adherence to all regulatory requirements.

**Investment Contract / Collective Investment Scheme:** If a digital asset represents an investment contract, it is likely to be considered a security. This generally involves:

**Investment of money/value:** Funds or assets are committed.

**Common enterprise:** The investment is pooled with others.

**Expectation of profit:** The investor anticipates financial gain.

**Reliance on the efforts of others:** The profit is derived from the managerial or entrepreneurial efforts of the issuer or a third party, rather than the investor's own efforts.

**Other Defined Securities:** The Securities Act, 2015, defines "security" broadly to include:

Shares, scrips, stocks, bonds, debentures, debenture stock.

Modaraba certificates, sukuk, and other instruments creating or acknowledging indebtedness.

Any certificate of interest or participation in profit sharing, whether or not redeemable.

Any transferable share, script, stock, bond, debenture, debenture stock, or other marketable security of a like nature.

Any instrument declared by the SECP to be a security.

**Security Tokens:** These are digital assets that represent traditional securities like equity, debt, or funds. Examples include:

**Tokenized Shares:** Representing ownership in a company.

**Tokenized Bonds/Sukuk:** Representing a debt instrument.

**Revenue-Sharing Tokens:** Giving holders a right to a portion of an entity's future revenues or profits.

**Investment Fund Tokens:** Representing an interest in a collective investment scheme.

**Tokens providing voting rights or dividends:** Indicating corporate governance or profit distribution.

**Utility Tokens (with investment characteristics):** While intrinsically designed to provide access to a product or service, if a utility token is marketed, sold, or structured with a prominent expectation of future profit based on the issuer's efforts (especially during an initial offering), it may be reclassified as a security. The "substance over form" analysis is critical here.

**Certain types of Stablecoins (depending on structure):** While stablecoins are generally intended to maintain a stable value, if they are structured in a way that provides an expectation of profit from their management (e.g., through lending or staking of underlying reserves beyond simple stability mechanisms), or if they represent an interest in a pooled fund, they *could* potentially be deemed securities. However, the SBP's primary concern with stablecoins is their potential use as currency or e-money, and their AML/CFT implications.

**Non-Fungible Tokens (NFTs):** While most NFTs are considered unique digital collectibles, if an NFT is offered as part of an investment scheme with an expectation of profit from the efforts of others (e.g., fractionalized NFTs managed by a central entity, or NFTs linked to future revenue streams), it could potentially fall under the definition of a security.

**Pure Payment/Currency Tokens (e.g., Bitcoin, Ethereum):** Unless part of a specific investment scheme, widely decentralized cryptocurrencies are generally not considered securities by the SECP, but rather digital assets with no legal tender status by the SBP.

**Public Offerings:** Any public offer of a security token would require mandatory registration with the SECP. This involves filing a detailed prospectus, comprehensive disclosures about the issuer, the token, the underlying project, risks, financial statements, and other material information.

**Licensing:** Issuers or intermediaries involved in the offering (e.g., investment banks, brokers) must be appropriately licensed by the SECP.

The Securities Act, 2015, provides for certain exemptions from prospectus requirements, such as:

**Private placements:** Offerings to a limited number of sophisticated investors or institutional investors.

**Small offerings:** Offerings below a certain threshold (if defined by SECP rules).

**Offers to existing security holders:** Under specific conditions.

However, specific exemptions tailored for digital asset security offerings are yet to be fully developed and operationalized.

**Licensed Exchanges:** Trading would need to occur on a licensed stock exchange (e.g., Pakistan Stock Exchange) or a specifically authorized "Digital Asset Exchange" if such an entity were to be licensed by the SECP in the future. No such dedicated "Digital Asset Exchange" for security tokens currently exists.

**Regulatory Oversight:** All trading activities would be under the direct oversight of the SECP, ensuring market integrity, transparency, and fairness.

**Market Conduct Rules:** Adherence to rules against insider trading, market manipulation, and other unfair trading practices.

**AML/CFT & KYC:** Strict compliance with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations, including Know-Your-Customer (KYC) procedures for all participants.

**Central Depository:** Security tokens, like other securities, might be required to be dematerialized and held in a central depository system (e.g., Central Depository Company of Pakistan Limited).

**State Bank of Pakistan (SBP) Warnings:** The SBP has repeatedly issued circulars and public warnings, advising financial institutions and the public against engaging in transactions involving virtual currencies, stating they are not legal tender and carry significant risks. Financial institutions are prohibited from processing transactions related to virtual currencies.

**Federal Investigation Agency (FIA) Actions:** The FIA, Pakistan's premier investigation agency, has taken action against individuals and entities involved in operating unauthorized cryptocurrency exchanges or alleged crypto scams. These actions are primarily based on unauthorized foreign exchange dealings, fraud, or money laundering, rather than specifically *securities violations* related to tokens.

**Example:** The FIA has investigated and arrested individuals involved in operating peer-to-peer crypto exchanges or alleged investment schemes promising high returns through crypto, branding them as fraudulent or illegal money laundering operations. This demonstrates a willingness to act against *any* unauthorized crypto activity.

**SECP's Cautionary Stance:** While developing the regulatory framework, the SECP itself has issued investor alerts warning against the risks associated with investing in unregulated digital assets.

Accessible via the SECP website or various legal databases.

*Direct Link (SECP source usually reliable):* https://www.secp.gov.pk/laws/securities-laws/ (Look for "Securities Act, 2015")

**SECP's Digital Asset Regulatory Framework / Consultation Paper:**

The SECP issued a consultation paper titled "Proposed Regulatory Framework for Digital Asset Trading Platforms" and other related documents. While a final, fully implemented framework for security tokens is still evolving, these documents outline their approach.

*SECP's dedicated page for "Digital Assets":* https://www.secp.gov.pk/digital-assets/

**State Bank of Pakistan (SBP) Circulars/Press Releases:**

The SBP frequently issues warnings against virtual currencies.

*SBP's main page for press releases/circulars:* https://www.sbp.org.pk/press/index.asp

You would need to search their archives for specific circulars regarding virtual currencies, which have been issued over the years. A prominent one was PR.17/2018-SBP dated April 6, 2018, prohibiting financial institutions from dealing in virtual currencies.