Blockchain Compliance Under AIFC Rules (2026)

The Astana International Financial Centre (AIFC) represents Kazakhstan’s most advanced regulatory environment for blockchain and digital asset activity. Operating as a special legal jurisdiction based on English common law principles, it is supervised by the Astana Financial Services Authority (AFSA) and designed specifically for institutional financial services rather than retail crypto markets.

By 2026, AIFC blockchain regulation has matured into a fully codified Digital Asset Service Provider (DASP) regime, integrating:

  • Unified licensing under AFSA Digital Asset Activities Rules (DAF Rules)
  • FATF-aligned AML/CFT enforcement architecture
  • Institutional capital and governance requirements
  • Strict custody, reporting, and audit obligations
  • Controlled token market access through approved asset lists

Unlike mainstream crypto frameworks, the AIFC model is explicitly designed for regulated institutional blockchain finance, tokenization platforms, custody providers, and exchange infrastructure operators.

Legal Status of Blockchain Activities in the AIFC (DAF Rules Framework)

Statutory Baseline (2026 Unified DASP Regime)

Digital asset operations in the AIFC are governed by the AIFC Rules on Digital Asset Activities (DAF Rules) under AFSA supervision.

Following the January 1, 2026 regulatory reform, AFSA eliminated fragmented classifications and introduced a unified legal principle:

Any entity conducting digital asset-related activity is classified as a Digital Asset Service Provider (DASP).

This includes exchanges, custodians, token issuers, brokers, and blockchain infrastructure providers.

Regulation is therefore function-based rather than technology-based, meaning identical blockchain systems may fall inside or outside regulation depending on use case.

Custody-Based Regulatory Scaling

AFSA applies risk-tiered supervision based on custody exposure:

  • Firms with direct custody/control of client assets → full prudential regulation
  • Firms operating non-custodial or DLT-only infrastructure → reduced but still regulated oversight

This creates a graduated compliance burden model based on systemic risk exposure.

AFSA Licensing Framework: DASP Authorization System

Capital Requirements and Financial Baselines (Hard Compliance Thresholds)

To operate in the AIFC, firms must meet strict financial entry requirements.

Minimum Corporate Capital Requirements

AFSA capital requirements range from:

$10,000 USD to $250,000 USD, depending on the DASP risk category

  • Low-risk infrastructure providers → lower capital tier
  • Exchanges and custodians → highest capital tier

Additional Financial Requirements

Applicants must also maintain:

  • $70,000 USD baseline AFSA authorization fee (non-refundable regulatory cost)
  • A cash buffer equal to 6 months of operational expenses
  • Ongoing capital adequacy proportional to risk exposure

Strategic Implication

This creates a high institutional entry barrier, ensuring only financially stable entities can operate regulated blockchain services.

Licensing Requirement

All DASPs must be licensed by AFSA before conducting any regulated activity.

Unlicensed operation is strictly prohibited.

Operationalizing AML & The Travel Rule

AIFC AML/CFT rules directly implement FATF standards.

Travel Rule Threshold

Any transaction equal to or exceeding:

$1,000 USD / EUR

requires DASPs to:

  • Collect sender and receiver full legal identity
  • Verify national ID or business registration number (BIN)
  • Capture wallet address and transaction metadata
  • Transmit compliance data to receiving institution

Approved Asset Gate (Listing Restrictions)

DASPs may only support assets listed on:

AFSA Table of Digital Assets Approved for Trading

This includes:

  • Bitcoin (BTC)
  • Ethereum (ETH)
  • Approved stablecoins
  • Other vetted digital assets

No discretionary token listing is allowed.

Step-by-Step DASP Authorization Pathway (Full Execution Timeline)

Step 1: Pre-Incorporation & FinTech Lab Entry (Weeks 1–4)

  • Incorporate AIFC legal entity
  • Choose between full licensing or AFSA sandbox (FinTech Lab) entry

Step 2: Mandatory Local Hiring (Weeks 5–8)

  • Appoint MLRO (Money Laundering Reporting Officer)
  • Appoint Chief Compliance Officer (CCO)
  • Ensure locally based controlled functions

Step 3: Statutory Documentation (Weeks 9–12)

  • AML/CFT policies
  • Custody segregation architecture
  • Multi-signature wallet frameworks
  • Cybersecurity governance systems

Step 4: Application + In-Principle Approval (Months 4–6)

  • Submit AFSA application
  • Respond to regulatory queries
  • Obtain In-Principle Approval (IPA)

At this stage:

Firms may build infrastructure but cannot onboard customers.

Step 5: Bank Onboarding Bottleneck + Final Authorization (Month 7+)

  • Mandatory cybersecurity audit
  • Smart contract architecture review
  • Asset reconciliation validation
  • Final operational testing

Critical Real-World Bottleneck

The most significant operational friction is not AFSA approval.

The real constraint is passing Enhanced Due Diligence (EDD) by second-tier commercial banks

Banks require:

  • Deep background verification of shareholders
  • Source-of-funds validation
  • Crypto-risk exposure assessment
  • Compliance with internal de-risking policies

Without successful banking integration, fiat-to-crypto rails cannot function.

AML/CFT Governance Framework

FATF-Aligned Compliance System

All DASPs must implement:

  • Customer Due Diligence (CDD)
  • Enhanced Due Diligence (EDD)
  • Continuous transaction monitoring
  • Beneficial ownership identification
  • Suspicious Transaction Reporting (STR)

Sanctions Compliance Architecture

Mandatory controls include:

  • Real-time screening against global sanctions lists (UN, OFAC, EU, UK)
  • Blockchain analytics integration
  • Cross-border transaction risk scoring
  • Indirect exposure detection systems

Financial Integrity Principle

Compliance must be embedded directly into transaction infrastructure:

AML is not procedural—it is architectural.

Governance and Risk Management Standards

Corporate Governance Requirements

DASPs must maintain:

  • Independent board oversight
  • Internal audit functions
  • Compliance independence
  • Documented governance frameworks

Risk Management Categories

  • Market risk
  • Operational risk
  • Cybersecurity risk
  • Liquidity risk

Technology Risk Oversight

  • Vendor due diligence
  • Continuous system monitoring
  • Full regulatory accountability retained by DASP

Custody and Safekeeping Standards

Asset Segregation Rules

  • Client funds must be separated from corporate funds
  • Legal ring-fencing is mandatory

Security Architecture Requirements

  • Cold storage systems
  • Multi-signature wallets
  • Private key governance systems
  • Incident response protocols

Audit Requirements

  • Daily reconciliation
  • External audits
  • AFSA reporting transparency

Token Issuance and Market Controls

Token Classification

  • Utility tokens → disclosure + AML compliance
  • Security tokens → regulated financial instruments
  • Asset-backed tokens → structured approval process

Issuer Obligations

  • Full disclosure documentation
  • Tokenomics transparency
  • Risk disclosures
  • Governance framework clarity

Reporting, Supervision, and Enforcement

Reporting Obligations

  • Financial statements
  • AML reports
  • Transaction summaries
  • Risk disclosures

AFSA Inspections

  • Routine audits
  • Thematic compliance reviews
  • Cybersecurity inspections
  • Infrastructure assessments

Enforcement Actions

  • Monetary penalties
  • Operational suspension
  • License revocation

AML, Sanctions, and Cross-Border Compliance Expansion

Enhanced Monitoring Framework

  • Blockchain analytics integration
  • Real-time transaction monitoring
  • Institutional-grade risk systems

Cross-Border Controls

  • Monitoring of crypto capital flows
  • High-risk jurisdiction filtering
  • Counterparty risk analysis

Secondary Sanctions Filtering

  • Automated sanctions screening
  • Transaction-level geopolitical risk scoring
  • Compliance blocking mechanisms

Jurisdictional Separation: AIFC vs Mainland Kazakhstan

Structural Separation Principle

  • AIFC applies only within free zone jurisdiction
  • Mainland Kazakhstan operates under National Bank regulation
  • Licenses are non-transferable

Mainland Retail Investment Restriction (Critical Market Constraint)

Retail Protection Cap

Mainland Kazakhstan imposes strict investor protection limits:

Individual retail investors are capped at $1,000 USD per month across all digital asset platforms.

This significantly reduces:

  • Retail speculation
  • Market overheating risk
  • Systemic exposure to volatility

This rule does not apply to AIFC institutional entities.

Emerging Regulatory Trends (2026 Outlook)

  • Expansion of blockchain analytics compliance
  • Tokenized asset market growth
  • Increased sanctions enforcement automation
  • Integration with global digital identity systems
  • Stronger banking compliance tightening via EDD frameworks

Frequently Asked Questions (FAQ)

What is the minimum capital to start a DASP?

Between $10,000 and $250,000 USD, depending on risk tier.

What is the AFSA licensing fee?

Approximately $70,000 USD baseline authorization cost, plus operational compliance costs.

What is the biggest barrier to entry?

Bank onboarding via Enhanced Due Diligence (EDD) is often harder than AFSA approval.

Are retail investors restricted in Kazakhstan?

Yes. Mainland retail investors are capped at $1,000 USD per month in crypto exposure.

Can AIFC firms operate freely in Kazakhstan mainland?

No. Jurisdictions are strictly separated.

Blockchain compliance under AIFC rules in 2026 represents a highly structured institutional regulatory system combining unified DASP classification, strict capital thresholds, FATF-aligned AML enforcement, and advanced sanctions compliance frameworks.

Its defining features include:

  • Unified Digital Asset Service Provider regime (post-2026 reform)
  • Capital requirements ranging from $10,000 to $250,000
  • $70,000 licensing baseline cost plus liquidity buffers
  • Strict Travel Rule enforcement at $1,000 thresholds
  • Approved asset listing restrictions
  • Multi-stage licensing pathway with FinTech sandbox option
  • Real-world banking EDD onboarding constraints
  • Strong separation between AIFC and mainland retail markets

Overall, the AIFC functions as a high-barrier, institutionally governed blockchain financial hub designed for regulated global capital participation rather than retail crypto activity.

Syuzanna Li

Syuzanna Li

Partner (Central Asia Desk)

Syuzanna heads the Astana and Tashkent offices. She has advised financial investors and corporate clients on a wide range of matters, including M&A, joint ventures, restructuring. Syuzanna has also particular experience in the energy sector.

View LinkedIn Profile
Other blog posts
Domestic vs Cross-Border M&A Deals – Institutional Legal & Deal Strategy Analysis

Read Article

Read Article

Overview of Intellectual Property Rights in Kazakhstan

Read Article

Read Article

POSH Compliance for Employers in India (2026): Complete Legal & Regulatory Guide

Read Article

Read Article

Trademark Registration Process in India (2026): Complete Legal & Practical Guide

Read Article

Read Article