What does a DFSA Category 1 licence authorise?

Category 1 authorises Accepting Deposits in or from the DIFC — the activity that defines an institution as a bank in the DFSA regulatory framework. The scope, capital and supervisory profile is the most demanding of any DFSA authorisation.

What is the capital requirement?

Capital sits in the DFSA Prudential — Investment, Insurance Intermediation and Banking (PIB) Rulebook, implementing Basel III for DIFC-licensed banks. Branches of established international banks operate under home-state prudential standards with DFSA branch-specific oversight; DIFC-incorporated subsidiaries face the full PIB regime on a stand-alone basis.

Branch or subsidiary?

A branch is an extension of the home-state bank; a subsidiary is a separate DIFC-incorporated entity. Branch operates under home-state Basel III at group level; subsidiary requires stand-alone PIB capital. The choice has consequential capital, tax and ring-fencing implications and should be modelled at the structuring stage.

Who must be in-country?

The Senior Executive Officer (SEO), Compliance Officer and MLRO must be UAE-resident and personally accountable. Finance Officer, Risk Officer and Internal Audit roles are also mandatory. Outsourcing of certain functions to the home-state group is permitted under the DFSA outsourcing framework with retained DIFC accountability.

Does Cat 1 cover virtual-asset banking?

Cat 1 itself covers Accepting Deposits. Where the bank also holds virtual assets, runs a virtual-asset desk or facilitates virtual-asset transactions for clients, additional licensing may be required — DFSA Crypto Token regime, or in the case of Dubai operations, VARA licensing. The cross-regulator design must be made at the start.

How is ongoing supervision conducted?

Category 1 firms are in the most intensive DFSA supervision tier — quarterly prudential returns, annual ICAAP and ILAAP, ongoing regulator engagement and themed reviews. The expectation is that the bank operates at parity with international standards.

Dubai DFSA Category 1 Banking Licence (DIFC)

Q: How long does the application take?

A well-prepared Cat 1 application takes 12-18 months from kick-off to authorisation. Branch applications by established international banks tend to be at the shorter end; de novo subsidiary applications can run 18-24 months.

The Category 1 licence is the most demanding authorisation the Dubai Financial Services Authority issues. It authorises the regulated activity of Accepting Deposits in or from the Dubai International Financial Centre — the activity that makes an institution a bank in the DFSA regulatory sense.

The scope, capital, governance and ongoing supervisory expectations are Basel III aligned and sit at the same level applied to international banks across mature financial centres. For groups considering a DIFC banking presence, the structural choice is between a branch of an established home-state bank and a subsidiary incorporated in the DIFC. Each has distinct regulatory, capital and operational consequences that should be analysed before the licence application kicks off.

The regulated activity of Accepting Deposits.

The DFSA defines Accepting Deposits in the GEN module: the receipt of money by way of deposit where the money received is lent to others or used to finance any other activity of the person accepting the deposit. The definition is read against a list of carve-outs — receipts that are not deposits — covering retained-money intermediation, capital contributions, securities issuance proceeds and certain agency receipts. Where the firm's activity is fact-pattern adjacent to deposit-taking (custodial cash holding, payment-account balances, structured deposit notes), the analysis must be precise because Cat 1 carries the most demanding capital and supervisory profile of any DFSA authorisation.

Capital and liquidity under the DFSA PIB Rulebook.

The DFSA Prudential — Investment, Insurance Intermediation and Banking (PIB) Rulebook sets the capital regime for Category 1 firms. The PIB module implements Basel III for DIFC-licensed banks: a hierarchy of Common Equity Tier 1, Additional Tier 1 and Tier 2 capital; risk-weighted asset calculation across credit, market and operational risk; capital conservation and counter-cyclical buffers; leverage ratio; and Liquidity Coverage Ratio and Net Stable Funding Ratio liquidity tests.

For a branch of an established international bank, the home-state prudential regime largely governs the institution; the DFSA imposes branch-specific oversight under PIB chapter 9. For a DIFC-incorporated subsidiary, the full PIB regime applies on a stand-alone basis. The capital implications between the two structures are materially different and need to be modelled at the structuring stage.

Approved Persons and governance.

Category 1 firms operate under the DFSA Approved Persons regime. The mandatory controlled functions are:

Senior Executive Officer (SEO) — the firm's most senior executive in or for the DIFC. UAE-resident.
Finance Officer — accountable for financial controls and prudential reporting.
Compliance Officer — accountable for the firm's compliance with the DFSA Rulebook.
Money Laundering Reporting Officer (MLRO) — accountable for AML/CFT compliance.
Risk Officer — mandatory at this scale.
Internal Audit function — an independent internal audit capability is expected.

The DFSA also expects a board with substantive independent representation, a clear three-lines-of-defence model, and integrated risk and compliance functions. The home-state group can supply some of the functions via outsourcing — under the DFSA outsourcing framework — but the SEO, Compliance Officer and MLRO must be UAE-resident and personally accountable in the DIFC.

The licensing pathway.

Pre-application engagement with the DFSA — informal discussion of the proposed entity, scope, capital plan and governance. Strongly recommended.
Initial Approval submission — regulatory business plan, ownership chain, controllers, three-year financial projections, capital plan, proposed Approved Persons.
In-Principle Approval from the DFSA.
Detailed application — full Rulebook-compliant policy and procedure suite covering credit, market, operational and liquidity risk frameworks, AML/CFT, conduct, conflicts, complaints, outsourcing, technology governance, business continuity.
Approved Persons applications with individual fit-and-proper review.
Final authorisation conditional on capital injection and operational readiness.

The realistic timeline from kick-off to authorisation is 12-18 months for a well-prepared Cat 1 application. Branch applications by established international banks tend to be at the shorter end; de novo subsidiary applications can extend toward 18-24 months where the group is new to common-law financial centre regulation.

Branch versus subsidiary.

Structural feature	DIFC branch	DIFC subsidiary
Legal status	Extension of the home-state bank; not a separate legal entity	Separate DIFC-incorporated entity
Capital regime	Home-state Basel III at the group level; DFSA branch oversight under PIB ch.9	Stand-alone PIB capital requirement
Customer-facing	Trades under home-state bank brand; no separate insurance / depositor protection	Stand-alone DIFC bank brand
Tax exposure	Branch profits attributable under UAE corporate tax; treaty access at home-state level	UAE tax-resident bank; DIFC-applicable rate
Ring-fencing	No ring-fencing — group exposure flows through	Ring-fenced; group exposure limited to subsidiary capital

Conduct, AML and ongoing supervision.

The Conduct of Business (COB) module and the AML/CFT Sourcebook apply across the firm's operations. Category 1 firms are subject to the most intensive DFSA supervision tier — quarterly prudential returns, annual Internal Capital Adequacy Assessment Process (ICAAP), annual Internal Liquidity Adequacy Assessment Process (ILAAP), ongoing regulator engagement and themed reviews. The expectation is that the bank's prudential and risk frameworks are at parity with the highest standards applied to international banks operating in mature financial centres.

Cross-regulator coordination.

Category 1 firms operating from the DIFC frequently coordinate across other UAE regulators — the Central Bank of the UAE on payment-system access and onshore correspondent banking; the Securities and Commodities Authority where the bank operates capital-markets desks reaching onshore investors; VARA where the bank engages with the virtual-asset side of the market. The cross-regulator architecture has to be designed at the start, not patched on later. Neo Legal advises across the full UAE regulator perimeter and integrates the cross-regulator design into the DFSA licence application.

Conclusion.

DFSA Category 1 is the most demanding UAE banking authorisation. The capital, governance and supervisory profile is at international parity. The structural choice — branch versus subsidiary — has consequential capital and tax implications. Neo Legal supports international banking groups through the full Cat 1 pathway, the cross-regulator coordination, and the parallel structuring decisions that determine the long-run efficiency of the DIFC presence.

DFSA Category 1
banking licence.

The regulated activity of Accepting Deposits.

Capital and liquidity under the DFSA PIB Rulebook.

Approved Persons and governance.

The licensing pathway.

Branch versus subsidiary.

Conduct, AML and ongoing supervision.

Cross-regulator coordination.

Conclusion.

Harly Zappino

Have a related matter?
Speak with senior counsel directly.

The regulated activity of Accepting Deposits.

Capital and liquidity under the DFSA PIB Rulebook.

Approved Persons and governance.

The licensing pathway.

Branch versus subsidiary.

Conduct, AML and ongoing supervision.

Cross-regulator coordination.

Conclusion.

Harly Zappino

Have a related matter?Speak with senior counsel directly.

Have a related matter?
Speak with senior counsel directly.