REGULATIONS

Crypto Travel Rule Regulations in

Dubai

by

Virtual Assets Regulatory Authority

🇦🇪
Travel Rule required from
Travel Rule regulation still pending
February 7, 2023
Content last updated
April 11, 2023

In February 2022,  the Government of Dubai enacted a new law, creating the Virtual Assets Regulatory Authority (VARA) to oversee virtual assets and related service providers. A year later, in 2023, VARA launched a set of regulations and 13 rulebooks, including the Compliance and Risk Management Rulebook.  The Compliance and Risk Management Rulebook provides a comprehensive regulatory framework for Dubai’s virtual assets, covering licensing, customer due diligence, risk management, and Crypto Travel Rule compliance. 

Timeline of regulatory action

Download the FATF Travel Rule Requirements in Dubai

Get the PDF

‍

1. Is cryptocurrency legal in Dubai?

It is legal to hold, sell, and trade cryptocurrency in Dubai.

2. Are there any AML crypto regulations in Dubai?

Yes. Dubai VASPs must establish and follow implement policies and procedures to comply with all anti-money laundering / countering terrorism financing (AML/CTF) requirements and existing applicable laws, regulatory requirements, and guidelines, including but not limited to those from the Federal AML/CTF Laws, FATF’s reviews and guidance on VAs, and the UAE’s regulations on terrorism financing. Dubai VASPs must also follow the UAE Executive Office for Control & Non-Proliferation (EOCN)’s guidance on counter-proliferation financing and its local terrorist list. [1]

3. Who regulates cryptocurrency in Dubai?

The Virtual Assets Regulatory Authority (VARA) is the crypto regulator in Dubai.

4. Are there licensing or registration requirements for VASPs in Dubai?

No person can conduct certain virtual asset activities in the Emirate without obtaining a permit from VARA. [2] The following virtual asset activities that require permits and are subject to VARA oversight are as follows: 

  • virtual asset platform operation and management services, 
  • virtual asset exchange services, 
  • virtual asset transfer services, 
  • virtual asset safekeeping, management, or control services, 
  • virtual asset wallet services, and 
  • services related to offering and trading in virtual tokens. [3]

View UAE VASPs on the Notabene Network

Explore the Network

‍

FATF Travel Rule Requirements in Dubai


1. Is the Crypto Travel Rule mandated in Dubai?

Yes. VARA’s Compliance and Risk Management Rulebook states that VASPs must demonstrate their Crypto Travel Rule compliance and submit relevant policies and controls during licensing. Dubai VASPs should also include their plan to comply with the Travel Rule in jurisdictions where it’s not mandatory.

“VASPs shall be required to demonstrate to VARA how they comply with the Travel Rule during the licensing process and submit to VARA relevant policies and controls. VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement [i.e. the “sunrise issue”].” [4]

2. Does Dubai permit a grace period to comply with the crypto Travel Rule?

There is no formal grace period mentioned in VARA’s Compliance and Risk Management Rulebook, which enforces the Crypto Travel Rule. 

‍

{{training2="/cta-components"}}

‍

Complying with the Crypto Travel Rule in Dubai

‍

1. What is the minimum threshold for the Crypto Travel Rule in Dubai?

The minimum threshold for crypto Travel Rule compliance is AED 3,500. [5]

2. What personally identifiable information is required to be shared for the Crypto Travel Rule in Dubai?

VARA’s Compliance and Risk Management Rulebook states that VASPs must obtain the Originator and Beneficiary information prior to initiating an outbound transaction and prior to permitting any clients to access funds received in inbound transactions. 

Required Originator and Beneficiary information shall include, but is not limited to:

‍

3. What are the non-custodial or self-hosted wallet requirements in Dubai?

VARA urges local VASPs to consider how to manage the risks involved in transactions with self-hosted wallets. However, VARA has not provided specific guidelines or instructions for VASPs on how to handle these risks. [6]

4. What are the counterparty due diligence requirements for Dubai VASPs?

Before entering into any transaction with a counterparty VASP, VASPs must complete risk-based due diligence on the counterparty to mitigate AML/CFT risks.

“Prior to entering into any transaction with a counterparty VASP or virtual asset service provider in any other jurisdiction, VASPs must complete risk-based due diligence on such counterparty in order to mitigate AML/CFT risks. This due diligence does not need to be completed for every subsequent transaction with the counterparty unless a heightened counterparty risk is assessed or identified. [7]

5. How does VARA approach the sunrise issue? 

VARA’s Compliance and Risk Management Rulebook explicitly mentions the Sunrise Issue, stating:

“VASPs should also include their plan to comply with the Travel Rule with virtual asset service providers in jurisdictions where the Travel Rule is not a legislative requirement [i.e. the “sunrise issue”].” [4]

Why choose Notabene for Crypto Travel Rule Compliance in Dubai?

Counterparty due diligence is an essential component of Travel Rule compliance. Often, financial regulators fail to spell out counterparty due diligence requirements in local implementations explicitly, so we welcome the explicit reference to this in the VARA regulations. 

As the crypto industry's only pre-transaction decision making platform, we have integrated the industry standard VASP due diligence questionnaire (DDQ). This allows VASPs upload and share their due diligence information 1:1 between parties, removing friction from an already complex process.

Notabene Network members can:

  • Request access to a VASP's DDQ within the Notabene Network, even if they haven’t yet filled it out. This request will trigger an email to the VASP, inviting them to complete the DDQ.
  • Share and Decline access to the questionnaire.
  • Revoke access to the questionnaire at any time.
  • View the document’s share history.

‍Click here to access the Notabene Network.

References

[1] Dubai Virtual Assets Regulatory Authority (VARA) (2023), Compliance and Risk Management Rulebook, p. 22, paragraph B1  
[2] The Supreme Legislation Committee in the Emirate of Dubai (SLC) (2022). Law No. (4) of 2022, Regulating Virtual Assets in the Emirate of Dubai, §15.a.
[3] The Supreme Legislation Committee in the Emirate of Dubai (SLC) (2022). Law No. (4) of 2022, Regulating Virtual Assets in the Emirate of Dubai, §16.a.
[4] VARA (2023), Compliance and Risk Management Rulebook, p. 30, paragraph 7  
[5] VARA (2023), Compliance and Risk Management Rulebook, p. 29, paragraph G1-4 
[6] VARA (2023), Compliance and Risk Management Rulebook, p. 29, paragraph 6  
[7] VARA (2023), Compliance and Risk Management Rulebook, p. 29, paragraph 5  

Notabene's commitment to privacy + security:

‍Bank-grade security for an insecure world‍
  • Passed rigorous security reviews by more than 150 institutions, including global banks and top 20 crypto exchanges
  • Annual SOC 2 Type II Audit for Security and Data Privacy Categories
  • Regular penetration testing by security audit leader Cobalt
‍Industry’s strongest protection for your customer data‍
  • Industry’s only escrowed exchange of encrypted PII
  • Compliant with EU GDPR, Singapore PDA
  • Plug-and-play Travel Rule end-user data consent component
‍Enterprise White Glove features‍
  • 24h/7 days a week uptime
  • Configurable enterprise SLA
  • SOC2 compliant disaster recovery and business continuity plans
Learn more about our commitment to security
This content is provided for general informational purposes only. By using the content, you agree that the information on this content does not constitute legal, financial or any other form of professional advice. No relationship is created with you, nor any duty of care assumed to you, when you use this content. The content is not a substitute for obtaining any legal, financial or any other form of professional advice from a suitably qualified and licensed advisor. The information on this content may be changed without notice and is not guaranteed to be complete, accurate, correct or up-to-date.

Help us keep this page up to date! Any comments, corrections or suggestions on this page can be sent to
catarina@notabene.id.