Crypto Law Profile

CBB Crypto-Asset Module (CRA) — Bahrain

Bahrain’s in-force CBB Crypto-Asset Module regulates crypto-asset services, exchanges and digital token offerings, covering licensing, custody, AML/CFT, cyber risk, conduct, market abuse and related stablecoin reporting.

Bahrain Effective Regulation Feb 25, 2019

At a glance

Status In force in Bahrain under CBB Rulebook Volume 6.
Regulator Central Bank of Bahrain; applies within or from Bahrain.
Core scope Licensing, conduct, custody, AML/CFT, cyber, market-abuse and digital-token rules.
Latest visible change May 2026 Rulebook snippets show CRA-1.7 deleted; July 2025 added SIO-linked reporting.

Overview

The CBB Crypto-Asset Module (CRA) is Bahrain’s in-force regulatory module for crypto-asset services under Volume 6 (Capital Markets) of the Central Bank of Bahrain Rulebook. The CBB describes CRA as a Directive for licensees providing regulated crypto-asset services, issued under Article 38 and supported by the CBB Law. The module was first issued in February 2019, and its contents or later changes are effective from the release date unless a provision says otherwise.

As of July 10, 2026, the module remains the core CBB framework for crypto-asset service providers operating within or from Bahrain. The latest visible Rulebook history records a May 2026 deletion of CRA-1.7 (Approved Persons). Earlier important changes include April 2023 amendments adding digital-token-offering rules and July 2025 addition of CRA-4.1.10, which links approved-stablecoin service reporting to the separate SIO Module.

Scope of the CBB Crypto-Asset Module

CRA applies to activities undertaken by way of business within or from Bahrain. The module covers trading, dealing, advisory services, portfolio management, custody and exchange operations in accepted crypto-assets, and requires CBB licensing before market or regulated crypto-asset services are undertaken. CBB’s 2019 announcement says the rules brought crypto-asset activities into the regulatory perimeter and address licensing, governance, minimum capital, AML/CFT, conduct, reporting, cyber security, supervision and enforcement.

Key provisions for crypto-asset services and exchanges

The module is organized around authorization and continuing obligations. It contains licensing standards, application documentation, minimum capital, business standards, custody, technology governance, risk management, AML/CFT, reporting, CBB information-gathering powers, conduct of business and market-abuse controls. For exchanges, CRA separately addresses listing and trading controls, including risk assessment of crypto-assets proposed for listing and factors such as issuer and developer background, wallet arrangements, protocol, market, cybersecurity, traceability, market-risk and legal-risk considerations.

  • Licensing and prior approval for regulated crypto-asset services and expanded services.
  • Business standards for listing accepted crypto-assets and operating trading venues.
  • Custody, cyber security, risk management, AML/CFT, reporting and market surveillance obligations.

Custody, cybersecurity and client protection

The custody chapter requires operational controls for crypto-assets held for clients, including documented transfer mechanisms between hot, cold and other storage arrangements. The cyber chapter requires an effective cyber security program covering identification, protection, detection, response and recovery, and later amendments add a robust cyber risk management framework aligned with the NIST cyber security framework. These provisions sit alongside broader client safeguards, conduct obligations and reporting duties.

Digital tokens and stablecoins

In March 2023, CBB issued amendments that expanded CRA to cover digital token offerings. Under the rulebook, digital tokens issued under CRA are treated as securities for purposes of the module, and potential issuers are encouraged to discuss proposed offerings with CBB for an initial assessment. The documentation provisions require submission materials such as a draft whitepaper, corporate documents, board approval and other materials through the appointed digital token advisor. In July 2025, CRA-4.1.10 added SIO-linked reporting for licensees providing approved-stablecoin services.

Status and timeline

The module should be profiled as In force for CryptoSlate taxonomy purposes. It is an agency regulation rather than an Act or bill. The most reliable status points are CBB’s February 25, 2019 final-rules announcement, the Rulebook statement that CRA was first issued in February 2019, the April 2023 amended module history, the July 2025 stablecoin-reporting addition and the May 2026 deletion of CRA-1.7. Exact days are not available for all module-history entries, so month-only updates are recorded in notes rather than date fields.

Editorial treatment

This profile should be presented as a legal-reference overview, not compliance guidance. Readers should be directed to the CBB Rulebook for operative text, definitions and application procedures. Related CryptoSlate internal links may include Bahrain, stablecoin issuance, digital-token offerings, crypto custody, AML/CFT and crypto exchange licensing.

Key provisions

CBB licensing perimeter

Regulated crypto-asset services undertaken by way of business within or from Bahrain require a CBB crypto-asset service license.

Licensing & Registration Feb 25, 2019 Source

Service categories and approvals

The module covers activity categories such as advice, order transmission, trading as agent or principal, portfolio management, custody and exchange operation.

Licensing & Registration Feb 25, 2019 Source

Business standards and listings

Crypto-asset listings require a risk assessment covering issuer, protocol, wallet, cybersecurity, traceability, market-risk and legal-risk factors.

Market abuse Source

Custody controls

Crypto-asset custody rules include documented controls for transfers among hot, cold and other storage arrangements.

Custody Source

Cybersecurity framework

Licensees must maintain an effective cyber program and a robust cyber risk framework aligned with the NIST cybersecurity framework.

Privacy & Cybersecurity Source

Digital token offerings

April 2023 amendments expanded CRA to digital token offerings; tokens issued under the module are treated as securities for CRA purposes.

Token Issuance Mar 30, 2023 Source

Approved stablecoin reporting link

CRA-4.1.10 links approved-stablecoin service reporting to SIO Module reporting dates and information delivery to stablecoin issuers.

Stablecoins Source

Timeline

  1. Final CRA rules announced

    CBB announced final rules for crypto-asset services and exchanges, bringing these activities into its regulatory perimeter.

    Enacted Source
  2. Module first issued

    Rulebook history states the CRA Module was first issued in February 2019; exact day is not stated in the history table.

    In force Source
  3. CRA amendments consultation

    CBB consultations page lists amendments to the CRA Module with consultation documents and digital-token appendices.

    Under consultation Source
  4. Digital-token amendments issued

    CBB issued amendments expanding CRA to digital token offerings and adding client-asset safeguarding requirements.

    Enacted Source
  5. Stablecoin reporting reference added

    Rulebook CRA-4.1.10 records a July 2025 SIO-linked reporting reference for approved-stablecoin services.

    In force Source
  6. CRA-1.7 deleted in Rulebook

    Current CBB e-Rulebook snippets indicate CRA-1.7, Approved Persons, was deleted in May 2026.

    In force Source

Who it affects

Actors

Central Bank of Bahrain

Asset classes

Crypto assets, Digital tokens, Stablecoins

Official sources

Editorial note

Status verified on 2026-07-10. Month-only Rulebook history entries are not mapped to exact-date ACF fields unless an official source states a day. Treat this profile as a legal-reference summary, not compliance guidance.