REGULATIONS

Crypto Travel Rule in

Dubai

by

the Virtual Assets Regulatory Authority

🇦🇪
Travel Rule required from
Travel Rule regulation still pending
February 7, 2023
Content last updated
April 11, 2023

On February 28, 2022, the Government of Dubai enacted “Law No. (4) of 2022 Regulating Virtual Assets in the Emirate of Dubai,” establishing the Virtual Assets Regulatory Authority (VARA) to regulate VAs and VASPs.

On February 7, 2023, VARA released the “Virtual Assets and Related Activities Regulations 2023” and 13 accompanying Rulebooks, including the Compliance and Risk Management Rulebook. The Compliance and Risk Management Rulebook provides a comprehensive regulatory framework for Dubai’s virtual assets, covering licensing, customer due diligence, risk management, and Crypto Travel Rule compliance. 

Timeline of regulatory action

  • February 28, 2022: The Government of Dubai passed “Law No. (4) of 2022 Regulating Virtual Assets in the Emirate of Dubai,” establishing VARA and giving it authority to regulate VAs and VASPs. 
  • March 11, 2022: Law No. [4] of 2022 Regulating VAs in the Emirate of Dubai entered into force.
  • February 7, 2023: ​​VARA issues the Virtual Assets and Related Activities Regulations 2023. The Compliance and Risk Management Rulebook specified Crypto Travel Rule requirements for Dubai VASPs.

Download the FATF Travel Rule Requirements in Dubai

Get the PDF

1. Is cryptocurrency legal in Dubai?

It is legal to hold, sell, and trade cryptocurrency in Dubai.

2. Are there any AML crypto regulations in Dubai?

Yes. Dubai VASPs must establish and follow implement policies and procedures to comply with all anti-money laundering / countering terrorism financing (AML/CTF) requirements and existing applicable laws, regulatory requirements, and guidelines, including but not limited to those from the Federal AML/CTF Laws, FATF’s reviews and guidance on VAs, and the UAE’s regulations on terrorism financing. Dubai VASPs must also follow the UAE Executive Office for Control & Non-Proliferation (EOCN)’s guidance on counter-proliferation financing and its local terrorist list. (VARA 2023, p. 22, para B1.)

3. Who regulates cryptocurrency in Dubai?

The Virtual Assets Regulatory Authority (VARA) is the crypto regulator in Dubai.

4. Are there licensing or registration requirements for VASPs in Dubai?

No person can conduct certain virtual asset activities in the Emirate without obtaining a permit from VARA. (SLC 2022, §15.a.) The following virtual asset activities that require permits and are subject to VARA oversight are as follows: 

  • virtual asset platform operation and management services, 
  • virtual asset exchange services, 
  • virtual asset transfer services, 
  • virtual asset safekeeping, management, or control services, 
  • virtual asset wallet services, and 
  • services related to offering and trading in virtual tokens. (SLC 2022, §16.a)

View UAE VASPs on the Notabene Network

Explore the Network

FATF Travel Rule Requirements in Dubai


1. Is the Crypto Travel Rule mandated in Dubai?

Yes. VARA’s Compliance and Risk Management Rulebook states that VASPs must demonstrate their Crypto Travel Rule compliance and submit relevant policies and controls during licensing. Dubai VASPs should also include their plan to comply with the Travel Rule in jurisdictions where it’s not mandatory.

“VASPs shall be required to demonstrate to VARA how they comply with the Travel Rule during the licensing process and submit to VARA relevant policies and controls. VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement [i.e. the “sunrise issue”].” (VARA 2023, p. 30, para 7.)

2. Does Dubai permit a grace period to comply with the crypto Travel Rule?

There is no formal grace period mentioned in VARA’s Compliance and Risk Management Rulebook, which enforces the Crypto Travel Rule. 

Complying with the Crypto Travel Rule in Dubai

1. What is the minimum threshold for the Crypto Travel Rule in Dubai?

The minimum threshold for crypto Travel Rule compliance is AED 3,500. (VARA 2023, p. 29, para G1.)

2. What personally identifiable information is required to be shared for the Crypto Travel Rule in Dubai?

VARA’s Compliance and Risk Management Rulebook states that VASPs must obtain the Originator and Beneficiary information prior to initiating an outbound transaction and prior to permitting any clients to access funds received in inbound transactions. 

Required Originator and Beneficiary information shall include, but is not limited to:

3. What are the non-custodial or self-hosted wallet requirements in Dubai?

VARA urges local VASPs to consider how to manage the risks involved in transactions with self-hosted wallets. However, VARA has not provided specific guidelines or instructions for VASPs on how to handle these risks. (VARA 2023, p. 29, para 6.)

4. What are the counterparty due diligence requirements for Dubai VASPs?

Before entering into any transaction with a counterparty VASP, VASPs must complete risk-based due diligence on the counterparty to mitigate AML/CFT risks.

“Prior to entering into any transaction with a counterparty VASP or virtual asset service provider in any other jurisdiction, VASPs must complete risk-based due diligence on such counterparty in order to mitigate AML/CFT risks. This due diligence does not need to be completed for every subsequent transaction with the counterparty unless a heightened counterparty risk is assessed or identified. (VARA 2023, p. 29, para 5.

5. How does VARA approach the sunrise issue? 

VARA’s Compliance and Risk Management Rulebook explicitly mentions the Sunrise Issue, stating:

“VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement [i.e. the “sunrise issue”].” (VARA 2023, p. 30, para 7.)

Why choose Notabene for Crypto Travel Rule Compliance in Dubai?

Counterparty due diligence is an essential component of Travel Rule compliance. Often, financial regulators fail to spell out counterparty due diligence requirements in local implementations explicitly, so we welcome the explicit reference to this in the VARA regulations. 

As the crypto industry's only pre-transaction decision making platform, we have integrated the industry standard VASP due diligence questionnaire (DDQ). This allows VASPs upload and share their due diligence information 1:1 between parties, removing friction from an already complex process.

Notabene Network members can:

  • Request access to a VASP's DDQ within the Notabene Network, even if they haven’t yet filled it out. This request will trigger an email to the VASP, inviting them to complete the DDQ.
  • Share and Decline access to the questionnaire.
  • Revoke access to the questionnaire at any time.
  • View the document’s share history.

Click here to access the Notabene Network.

Relevant links:

SLC (The Supreme Legislation Committee in the Emirate of Dubai). 2022. Law No. (4) of 2022. 

Dubai, UAE. Issued February 28, 2022.

VARA (Dubai Virtual Assets Regulatory Authority). 2023. Compliance and Risk Management

Rulebook. Dubai, UAE. Published February 7, 2023

This content is provided for general informational purposes only. By using the content, you agree that the information on this content does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this content. The content is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this content may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.

Help us keep this page up to date! Any comments, corrections or suggestions on this page can be sent to
catarina@notabene.id.

This Week in Crypto Law.
Stay up-to-date on crypto regulatory news.

New legislation
Legal trends watcher
Long-form regulatory reads
Sign up for this week in crypto law

Notabene's commitment to privacy + security:

Bank-grade security for an insecure world
  • Passed rigorous security reviews by more than 50 institutions, including global banks and top 20 crypto exchanges
  • Annual SOC 2 Type II Audit for Security and Data Privacy Categories
  • Regular penetration testing by security audit leader Cobalt
Industry’s strongest protection for your customer data
  • Industry’s only escrowed exchange of encrypted PII
  • Compliant with EU GDPR, Singapore PDA
  • Plug-and-play Travel Rule end-user data consent component
Enterprise White Glove features
  • 24h/7 days a week uptime
  • Configurable enterprise SLA
  • SOC2 compliant disaster recovery and business continuity plans
Learn more about our commitment to security