Dubai's VARA Issues Compliance and Risk Management Rulebook

In order to oversee and regulate the virtual assets industry, the government of Dubai established the Virtual Assets Regulatory Authority (VARA). For virtual asset service providers (VASPs) operating in Dubai, VARA has issued a number of rules, including the Compliance and Risk Management Rulebook. An overview of the Compliance and Risk Management Rulebook is provided in this brief, as well as an analysis of its implications for Dubai-based VASPs.

Introduction to the Compliance and Risk Management Rulebook

For VASPs to operate in Dubai, they must comply with several Compulsory Rulebooks, including the Compliance and Risk Management Rulebook, a comprehensive regulatory framework. Among the topics covered by the Compliance and Risk Management Rulebook are licensing, due diligence on customers, risk management, compliance, and reporting.

Regulations on Licensing

In order to operate in Dubai, all VASPs are required to be licensed by VARA .  

Due Diligence for Customers

To identify and verify their customers' identities, VASPs must implement robust due diligence procedures. Under the rulebook, customer due diligence must meet the following minimum requirements:

• Verifying the identity of the customer.
• Gathering information about the business relationship's purpose and nature;
• Monitoring the activities and transactions of the customer on an ongoing basis;
• A system for detecting and reporting suspicious transactions related to money laundering or terrorism financing.

A decentralized platform and exchange, a private wallet, and other products and services that enable or allow reduced transparency and enhanced obfuscation of fund flows are integral to the virtual asset ecosystem, enabling or allowing complete anonymity. Upon commencing business with a customer, VASPs must ensure that they understand the nature of their relationships as outlined in the Compliance and Risk Management Rulebook. It will be interesting to see how VASPS in Dubai, in particular, VASPS that are not providing exchange or custody services, will comply with the customer due diligence requirements set forth in the Compliance and Risk Management Rulebook.

Risk Management

• Identifying, assessing, and mitigating the risks associated with virtual assets is the responsibility of VASPs. Risk management requirements are outlined in the Compliance and Risk Management Rulebook, which includes:
•  Analyzing the business and customers of the VASPs;
• Assessing the risks and establishing policies and procedures to manage them;
• Monitoring and managing virtual asset risks effectively;
• Ensure that the VASPs' risk management policies and procedures are regularly reviewed and updated.

Compliance

All laws, regulations, and standards must be adhered to by VASPs through effective compliance policies and procedures. According to the Compliance and Risk Management Rulebook, certain minimum requirements must be met, including:

• Overseeing the compliance program of VASPs through a compliance officer;
• Compliance issues should be monitored and reported in accordance with effective policies and procedures;
• Providing staff with regular compliance training;
• Auditing the compliance programs of VASPs on a regular basis.

Reporting

According to the Compliance and Risk Management Rulebook , reporting requirements include:

•  Reporting to VARA regularly on financial matters.
•  VARA and UAE FIU should be notified of any suspicious transactions or activities;  
•  Monitoring and updating the risk management and compliance programs of the VASPs.
• VARA may require additional information or reports.

As a result of the issues raised by VASPs elsewhere, it is welcome to see VARA taking the initiative toward developing a comprehensive and sound regulatory and compliance framework.

VASP implications

VASPs operating in Dubai should pay particular attention to the Compliance and Risk Management Rulebook. VASPs must adhere to the Compliance and Risk Management Rulebook to obtain and maintain a license to operate in Dubai.

• Increased Compliance Costs

Taking steps to comply with the Compliance and Risk Management Rulebook will incur high compliance costs for VASPs. For example, a VASP must invest in a robust compliance, risk management, and governance system and train and educate its employees in compliance. In addition, the implementation of new systems and procedures may require VASPs to hire additional staff and incur additional costs.

• Increased Regulatory Scrutiny

The Compliance and Risk Management Rulebook will increase regulatory scrutiny and oversight for VASPs operating in Dubai. VARA will conduct a regular inspection and audit to ensure that VASPs are in compliance with the Compliance and Risk Management Rulebook's requirements.

• Improved Customer Protection

To protect customers, a robust customer due diligence procedure and other risk management measures are required as part of the Compliance and Risk Management Rulebook. In addition to protecting customers from financial harm, this measure will help prevent money laundering, terrorist financing, and other financial crimes.

• Increased Confidence in the Virtual Assets Industry

As part of the Compliance and Risk Management Rulebook, the UAE virtual asset industry is further aiming to enhance its credibility and reputation. Dubai's virtual asset market will benefit from the introduction of clear regulatory standards and requirements in the Compliance and Risk Management Rulebook, improving public confidence in the industry and attracting more investors and businesses.

A comprehensive regulatory framework is provided in the Compliance and Risk Management Rulebook, which outlines the requirements and standards that VASPs must follow to operate in Dubai. This Compliance and Risk Management Rulebook aims to increase public confidence in the virtual assets industry, improve customer protection, and enhance industry integrity. Nevertheless, adherence to the Compliance and Risk Management Rulebook will involve high compliance costs for VASPs. Therefore, in order to meet their requirements, VASPs must carefully review their compliance and risk management rulebooks and ensure that they have robust compliance, risk management, and governance systems in place.