The CBB Crypto-Asset Module (CRA) is Bahrain’s in-force regulatory module for crypto-asset services under Volume 6 (Capital Markets) of the Central Bank of Bahrain Rulebook. The CBB describes CRA as a Directive for licensees providing regulated crypto-asset services, issued under Article 38 and supported by the CBB Law. The module was first issued in February 2019, and its contents or later changes are effective from the release date unless a provision says otherwise.
As of July 10, 2026, the module remains the core CBB framework for crypto-asset service providers operating within or from Bahrain. The latest visible Rulebook history records a May 2026 deletion of CRA-1.7 (Approved Persons). Earlier important changes include April 2023 amendments adding digital-token-offering rules and July 2025 addition of CRA-4.1.10, which links approved-stablecoin service reporting to the separate SIO Module.
Scope of the CBB Crypto-Asset Module
CRA applies to activities undertaken by way of business within or from Bahrain. The module covers trading, dealing, advisory services, portfolio management, custody and exchange operations in accepted crypto-assets, and requires CBB licensing before market or regulated crypto-asset services are undertaken. CBB’s 2019 announcement says the rules brought crypto-asset activities into the regulatory perimeter and address licensing, governance, minimum capital, AML/CFT, conduct, reporting, cyber security, supervision and enforcement.
Key provisions for crypto-asset services and exchanges
The module is organized around authorization and continuing obligations. It contains licensing standards, application documentation, minimum capital, business standards, custody, technology governance, risk management, AML/CFT, reporting, CBB information-gathering powers, conduct of business and market-abuse controls. For exchanges, CRA separately addresses listing and trading controls, including risk assessment of crypto-assets proposed for listing and factors such as issuer and developer background, wallet arrangements, protocol, market, cybersecurity, traceability, market-risk and legal-risk considerations.
- Licensing and prior approval for regulated crypto-asset services and expanded services.
- Business standards for listing accepted crypto-assets and operating trading venues.
- Custody, cyber security, risk management, AML/CFT, reporting and market surveillance obligations.
Custody, cybersecurity and client protection
The custody chapter requires operational controls for crypto-assets held for clients, including documented transfer mechanisms between hot, cold and other storage arrangements. The cyber chapter requires an effective cyber security program covering identification, protection, detection, response and recovery, and later amendments add a robust cyber risk management framework aligned with the NIST cyber security framework. These provisions sit alongside broader client safeguards, conduct obligations and reporting duties.
Digital tokens and stablecoins
In March 2023, CBB issued amendments that expanded CRA to cover digital token offerings. Under the rulebook, digital tokens issued under CRA are treated as securities for purposes of the module, and potential issuers are encouraged to discuss proposed offerings with CBB for an initial assessment. The documentation provisions require submission materials such as a draft whitepaper, corporate documents, board approval and other materials through the appointed digital token advisor. In July 2025, CRA-4.1.10 added SIO-linked reporting for licensees providing approved-stablecoin services.
Status and timeline
The module should be profiled as In force for CryptoSlate taxonomy purposes. It is an agency regulation rather than an Act or bill. The most reliable status points are CBB’s February 25, 2019 final-rules announcement, the Rulebook statement that CRA was first issued in February 2019, the April 2023 amended module history, the July 2025 stablecoin-reporting addition and the May 2026 deletion of CRA-1.7. Exact days are not available for all module-history entries, so month-only updates are recorded in notes rather than date fields.
Editorial treatment
This profile should be presented as a legal-reference overview, not compliance guidance. Readers should be directed to the CBB Rulebook for operative text, definitions and application procedures. Related CryptoSlate internal links may include Bahrain, stablecoin issuance, digital-token offerings, crypto custody, AML/CFT and crypto exchange licensing.