The Astana International Financial Centre (AIFC) represents Kazakhstan’s most advanced regulatory environment for blockchain and digital asset activity. Operating as a special legal jurisdiction based on English common law principles, it is supervised by the Astana Financial Services Authority (AFSA) and designed specifically for institutional financial services rather than retail crypto markets.
By 2026, AIFC blockchain regulation has matured into a fully codified Digital Asset Service Provider (DASP) regime, integrating:
- Unified licensing under AFSA Digital Asset Activities Rules (DAF Rules)
- FATF-aligned AML/CFT enforcement architecture
- Institutional capital and governance requirements
- Strict custody, reporting, and audit obligations
- Controlled token market access through approved asset lists
Unlike mainstream crypto frameworks, the AIFC model is explicitly designed for regulated institutional blockchain finance, tokenization platforms, custody providers, and exchange infrastructure operators.
Legal Status of Blockchain Activities in the AIFC (DAF Rules Framework)
Statutory Baseline (2026 Unified DASP Regime)
Digital asset operations in the AIFC are governed by the AIFC Rules on Digital Asset Activities (DAF Rules) under AFSA supervision.
Following the January 1, 2026 regulatory reform, AFSA eliminated fragmented classifications and introduced a unified legal principle:
Any entity conducting digital asset-related activity is classified as a Digital Asset Service Provider (DASP).
This includes exchanges, custodians, token issuers, brokers, and blockchain infrastructure providers.
Regulation is therefore function-based rather than technology-based, meaning identical blockchain systems may fall inside or outside regulation depending on use case.
Custody-Based Regulatory Scaling
AFSA applies risk-tiered supervision based on custody exposure:
- Firms with direct custody/control of client assets → full prudential regulation
- Firms operating non-custodial or DLT-only infrastructure → reduced but still regulated oversight
This creates a graduated compliance burden model based on systemic risk exposure.
AFSA Licensing Framework: DASP Authorization System
Capital Requirements and Financial Baselines (Hard Compliance Thresholds)
To operate in the AIFC, firms must meet strict financial entry requirements.
Minimum Corporate Capital Requirements
AFSA capital requirements range from:
$10,000 USD to $250,000 USD, depending on the DASP risk category
- Low-risk infrastructure providers → lower capital tier
- Exchanges and custodians → highest capital tier
Additional Financial Requirements
Applicants must also maintain:
- $70,000 USD baseline AFSA authorization fee (non-refundable regulatory cost)
- A cash buffer equal to 6 months of operational expenses
- Ongoing capital adequacy proportional to risk exposure
Strategic Implication
This creates a high institutional entry barrier, ensuring only financially stable entities can operate regulated blockchain services.
Licensing Requirement
All DASPs must be licensed by AFSA before conducting any regulated activity.
Unlicensed operation is strictly prohibited.
Operationalizing AML & The Travel Rule
AIFC AML/CFT rules directly implement FATF standards.
Travel Rule Threshold
Any transaction equal to or exceeding:
$1,000 USD / EUR
requires DASPs to:
- Collect sender and receiver full legal identity
- Verify national ID or business registration number (BIN)
- Capture wallet address and transaction metadata
- Transmit compliance data to receiving institution
Approved Asset Gate (Listing Restrictions)
DASPs may only support assets listed on:
AFSA Table of Digital Assets Approved for Trading
This includes:
- Bitcoin (BTC)
- Ethereum (ETH)
- Approved stablecoins
- Other vetted digital assets
No discretionary token listing is allowed.
Step-by-Step DASP Authorization Pathway (Full Execution Timeline)
Step 1: Pre-Incorporation & FinTech Lab Entry (Weeks 1–4)
- Incorporate AIFC legal entity
- Choose between full licensing or AFSA sandbox (FinTech Lab) entry
Step 2: Mandatory Local Hiring (Weeks 5–8)
- Appoint MLRO (Money Laundering Reporting Officer)
- Appoint Chief Compliance Officer (CCO)
- Ensure locally based controlled functions
Step 3: Statutory Documentation (Weeks 9–12)
- AML/CFT policies
- Custody segregation architecture
- Multi-signature wallet frameworks
- Cybersecurity governance systems
Step 4: Application + In-Principle Approval (Months 4–6)
- Submit AFSA application
- Respond to regulatory queries
- Obtain In-Principle Approval (IPA)
At this stage:
Firms may build infrastructure but cannot onboard customers.
Step 5: Bank Onboarding Bottleneck + Final Authorization (Month 7+)
- Mandatory cybersecurity audit
- Smart contract architecture review
- Asset reconciliation validation
- Final operational testing
Critical Real-World Bottleneck
The most significant operational friction is not AFSA approval.
The real constraint is passing Enhanced Due Diligence (EDD) by second-tier commercial banks
Banks require:
- Deep background verification of shareholders
- Source-of-funds validation
- Crypto-risk exposure assessment
- Compliance with internal de-risking policies
Without successful banking integration, fiat-to-crypto rails cannot function.
AML/CFT Governance Framework
FATF-Aligned Compliance System
All DASPs must implement:
- Customer Due Diligence (CDD)
- Enhanced Due Diligence (EDD)
- Continuous transaction monitoring
- Beneficial ownership identification
- Suspicious Transaction Reporting (STR)
Sanctions Compliance Architecture
Mandatory controls include:
- Real-time screening against global sanctions lists (UN, OFAC, EU, UK)
- Blockchain analytics integration
- Cross-border transaction risk scoring
- Indirect exposure detection systems
Financial Integrity Principle
Compliance must be embedded directly into transaction infrastructure:
AML is not procedural—it is architectural.
Governance and Risk Management Standards
Corporate Governance Requirements
DASPs must maintain:
- Independent board oversight
- Internal audit functions
- Compliance independence
- Documented governance frameworks
Risk Management Categories
- Market risk
- Operational risk
- Cybersecurity risk
- Liquidity risk
Technology Risk Oversight
- Vendor due diligence
- Continuous system monitoring
- Full regulatory accountability retained by DASP
Custody and Safekeeping Standards
Asset Segregation Rules
- Client funds must be separated from corporate funds
- Legal ring-fencing is mandatory
Security Architecture Requirements
- Cold storage systems
- Multi-signature wallets
- Private key governance systems
- Incident response protocols
Audit Requirements
- Daily reconciliation
- External audits
- AFSA reporting transparency
Token Issuance and Market Controls
Token Classification
- Utility tokens → disclosure + AML compliance
- Security tokens → regulated financial instruments
- Asset-backed tokens → structured approval process
Issuer Obligations
- Full disclosure documentation
- Tokenomics transparency
- Risk disclosures
- Governance framework clarity
Reporting, Supervision, and Enforcement
Reporting Obligations
- Financial statements
- AML reports
- Transaction summaries
- Risk disclosures
AFSA Inspections
- Routine audits
- Thematic compliance reviews
- Cybersecurity inspections
- Infrastructure assessments
Enforcement Actions
- Monetary penalties
- Operational suspension
- License revocation
AML, Sanctions, and Cross-Border Compliance Expansion
Enhanced Monitoring Framework
- Blockchain analytics integration
- Real-time transaction monitoring
- Institutional-grade risk systems
Cross-Border Controls
- Monitoring of crypto capital flows
- High-risk jurisdiction filtering
- Counterparty risk analysis
Secondary Sanctions Filtering
- Automated sanctions screening
- Transaction-level geopolitical risk scoring
- Compliance blocking mechanisms
Jurisdictional Separation: AIFC vs Mainland Kazakhstan
Structural Separation Principle
- AIFC applies only within free zone jurisdiction
- Mainland Kazakhstan operates under National Bank regulation
- Licenses are non-transferable
Mainland Retail Investment Restriction (Critical Market Constraint)
Retail Protection Cap
Mainland Kazakhstan imposes strict investor protection limits:
Individual retail investors are capped at $1,000 USD per month across all digital asset platforms.
This significantly reduces:
- Retail speculation
- Market overheating risk
- Systemic exposure to volatility
This rule does not apply to AIFC institutional entities.
Emerging Regulatory Trends (2026 Outlook)
- Expansion of blockchain analytics compliance
- Tokenized asset market growth
- Increased sanctions enforcement automation
- Integration with global digital identity systems
- Stronger banking compliance tightening via EDD frameworks
Frequently Asked Questions (FAQ)
What is the minimum capital to start a DASP?
Between $10,000 and $250,000 USD, depending on risk tier.
What is the AFSA licensing fee?
Approximately $70,000 USD baseline authorization cost, plus operational compliance costs.
What is the biggest barrier to entry?
Bank onboarding via Enhanced Due Diligence (EDD) is often harder than AFSA approval.
Are retail investors restricted in Kazakhstan?
Yes. Mainland retail investors are capped at $1,000 USD per month in crypto exposure.
Can AIFC firms operate freely in Kazakhstan mainland?
No. Jurisdictions are strictly separated.
Blockchain compliance under AIFC rules in 2026 represents a highly structured institutional regulatory system combining unified DASP classification, strict capital thresholds, FATF-aligned AML enforcement, and advanced sanctions compliance frameworks.
Its defining features include:
- Unified Digital Asset Service Provider regime (post-2026 reform)
- Capital requirements ranging from $10,000 to $250,000
- $70,000 licensing baseline cost plus liquidity buffers
- Strict Travel Rule enforcement at $1,000 thresholds
- Approved asset listing restrictions
- Multi-stage licensing pathway with FinTech sandbox option
- Real-world banking EDD onboarding constraints
- Strong separation between AIFC and mainland retail markets
Overall, the AIFC functions as a high-barrier, institutionally governed blockchain financial hub designed for regulated global capital participation rather than retail crypto activity.