Guide to the Dubai VARA Regulation
VARA is the key crypto regulation and license in Dubai. LegalBison explains the requirements of VARA rulebooks and their application to the Dubai VASPs, VA issuers, and related businesses.
Background of the VARA Regulation
The Dubai Virtual Assets Regulatory Authority (VARA) presented its Virtual Assets and Related Activities Regulations, which are now the legal basis for all crypto companies in Dubai. Its main goal is to establish rules, licensing requirements, exemptions, and sanctions for non-compliance for all Dubai VASPs, VA issuers, and other related businesses.
History of the VARA Regulation
The Law on Regulating Virtual Assets in the Emirate of Dubai established and authorized the Dubai Virtual Assets Regulatory Authority (VARA) in 2022 with the purpose of regulating Virtual Assets and Virtual Asset Providers (VASPs). Consequently, VARA issued its Virtual Assets and Related Activities Regulations in 2023. The final version of VARA was published on February 7, 2023, after the approval of the Board of Directors, setting forth a comprehensive framework for virtual asset issuers and VASPs licensed in Dubai.
Summary of the VARA implementation
VARA is affiliated with the Dubai World Trade Centre Authority (DWTCA) and is in charge of overseeing and regulating all the VA activities across the Emirate of Dubai including Special Development Zones and Free Zones but excluding the Dubai International Financial Centre. The main goals of VARA implementation include:
- Promoting Dubai as the international hub for crypto assets and boosting its competitive edge on the market;
- Increasing awareness toward the VA sector in the Emirate and encouraging innovation;
- Attracting young businesses to invest and license their companies in the Emirate;
- Developing an adequate set of regulations, rules, and standards for the protection of customers and VA dealers in the Emirate.
The Dubai VA law and the VARA regulations apply to all Virtual Assets and VA activities in Dubai. While there are exemptions as to which entities are entitled to a license before commencing their operations and which are not, all of them must comply with the general regulations and directives of VARA, including AML-CFT policies, risk assessment, data management and security, and tax reporting.
They reached success and shared it with us:
As a result of the fruitful cooperation with LegalBison, Yellow Card obtained a VASP registration, fast and without any legal complications.
LegalBison excels at adapting to challenges and demonstrates a perfect understanding of our business needs.
Quick set-up and straightforward process. It was a smooth process, we are happy to have chosen LegalBison as our Partner for incorporations, globally.
How to get a VARA crypto license in Dubai
The general licensing procedure for VASPs and related entities is thoroughly described in VARA regulations. While the majority of business models are obliged to secure a license before commencing their operations, some are exempt from this rule.
- VARA Rulebooks
- AML-CFT
- Supervision & Examination
- Sanctions & Fees
Implementation of the VARA framework
All entities that seek to provide one or more VA activities in Dubai must obtain a license by complying with the licensing requirements of VARA. Before carrying out any VA activities in the Emirate, future VASPs must fulfill the VARA conditions as set out in the Rulebook designed for their particular business model.
Rulebooks are an indispensable part of the VARA framework in Dubai since they lay out the licensing requirements for different types of VA activities. Companies can provide the following services under the VARA license:
- Advisory Services;
- Broker-Dealer Services;
- Custody Services;
- Exchange Services;
- Lending and Borrowing Services;
- VA Management and Investment Services;
- VA Transfer and Settlement Services;
- Virtual Asset Issuance.
For each business model, VARA provides a Rulebook with general licensing requirements, policies, procedures, public disclosures, licensing fees, and possible sanctions for non-compliance.
AML Compliance under VARA
VARA is compiled with the recognition of Federal Decree-Law No. [20] of 2018 on Anti Money Laundering, Combating the Financing of Terrorism and Financing of Illegal Organisations, Federal Law No. [7] of 2014 on Combating Terrorism Offences, and any other Federal AML-CFT Law present and recognized in the Emirate.
Consequently, VARA is responsible for regulating and supervising compliance with the relevant AML-CFT laws of every licensed entity engaged in VA activities.
Under the VARA license, VASPs must comply with all Federal AML-CFT Laws as well as all other regulations, Rulebooks, and FATF recommendations that may further be incorporated by VARA into the legal framework.
Supervision and examination under VARA
All licensed entities in the Emirate must comply with four basic Rulebooks, in addition to the specific Rulebook laying out the licensing and compliance criteria for their business model. These Rulebooks include:
- Company Rulebook;
- Compliance and Risk Management Rulebook;
- Technology and Information Rulebook;
- Market Conduct Rulebook.
In order to fulfill its obligations under the Dubai VA law, VARA must conduct regular investigations and/or examinations of the licensed bodies to ensure compliance with all four Rulebooks. At any time when VARA conducts an examination, the licensee must be able to provide it with all requested books and records in order to enhance and facilitate the examination.
VASPs and other licensed entities must ensure that VARA is able to determine the following:
- The financial condition of the VASP or Issuer;
- The safety and soundness of the conduct of its business, VA Activities, or Virtual Asset;
- All management and/or operational policies of the VASP or Issuer;
- Whether the VASP or Issuer has complied with the requirements of all applicable laws, Regulations, Rules and Directives;
- Other matters as determined by VARA which may affect a VASP’s conduct of VA;
- Activities and/or compliance with its licensing conditions.
Sanctions and fees under VARA
At its sole discretion, VARA may impose sanctions on licensed entities in the event of the following breaches or misconduct:
- For violation of any law [including the Dubai VA Law and Federal AML-CFT Laws];
- For any violation of these Regulations, or any Rules or Directives;
- On any ground on which VARA might refuse to issue a Licence under these Regulations;
- For Good Cause, when an Entity has defaulted or is likely to default in performing its obligations or engages in unlawful conduct or practices that may cause harm to the public;
- For other grounds determined by VARA in exercising its powers, performing its functions, or fulfilling its objectives under the Dubai VA Law.
Is VARA ideal for you?
If you license your crypto company under VARA, many advantages come along.
But is Dubai the perfect destination for your crypto project? Let’s have a conversation with our legal experts.
LegalBison will assist in choosing the best course of action for your business.
What is possible with the VARA license
What is possible with the VARA license
VARA has implemented rulebooks for such activities as advisory services, broker-dealer services, custody services, exchange services, lending and borrowing services, VA management and investment services, VA transfer and settlement services, and VA issuance services.
For each activity associated with virtual assets, a corresponding rulebook provides a list of obligatory requirements. It is noteworthy that not all types of services require a VARA license in order to operate legally in Dubai.
For more information and a prior consultation on the requirements to your particular business model according to VARA, we recommend contacting our legal team.
Issuing assets under VARA
There are 2 main categories of VA issuance under VARA:
- Category 1 VA issuances that require a VARA Licence;
- Category 2 VA issuances that require VARA approval prior to issuance.
Category 1 VA issuances deal with the issuance of fiat-referenced virtual assets (FRVAs), which maintain a stable value in relation to the value of one or more fiat currencies, but do not have legal tender status in any jurisdiction. The prior requirement for this category is securing a VARA license. All other issuances that are not associated with FRVAs fall into the 2nd category, which requires approval from VARA (though not in the form of a license) in order to operate in a legally compliant manner.
Whitepaper for VA issuers
Prior to offering or selling a VA, it is important that both categories provide VARA with a list of required information in the form of a Whitepaper. The components of the Whitepaper include but are not limited to:
- A detailed description of the Issuer and an overview of the main Entities involved in the design, development, offering or Marketing of the Virtual Asset, including whether any individual has been convicted of any offence of dishonesty, fraud, financial crime or an offence under laws relating to companies, banking, insolvency, money laundering and insider dealing;
- A detailed description of the VA to be issued by the company;
- A detailed description of the rights and obligations attached to the VA issued;
- A detailed description of the VA issuance structure;
- Information on all underlying technology including, but not limited to, which DLTs the VA is compatible with, all relevant DLT-related standards used in its creation and all information required by holders in respect of the custody and transfer of such Virtual Assets;
- Detailed descriptions of any fees or charges associated with the VA;
- The estimated VA price (if applicable);
- A statement on the environmental and climate-related impact of the VA.
Issuers of the VA must ensure at all times that the information presented in the Whitepaper is relevant and true to life. It is possible to make any necessary changes to the Whitepaper or update the information it contains but only on the condition that holders of VAs are notified of any updates prior to any changes taking effect, except that, prior notification shall not be required where an Issuer needs to implement any update in response to a security or other threat or which is in the best interests of maintaining the integrity of the VA.
Compliance obligations of VA issuers under VARA
According to the VA issuance services rulebook, all VA issuers under VARA, whether applying for a license or not, must comply with the set of obligations related to risk management, testing and audit, AML-CFT policies, marketing regulations, personal data protection, and tax reporting.
- Risk assessment and controls: VA issues must ensure that they implement necessary systems for risk management, including cybersecurity risks, with such factors as the nature, scale, and complexity of the risks associated with the VA. They must implement an adequate risk assessment framework that comply with the international standards and industry best practices.
- Testing and audit: Issuers must assign an expert third-party auditor to conduct comprehensive audits of the effectiveness, enforceability and robustness of all smart contracts used for the purposes of the VA, as well as vulnerability assessments and penetration testing.
- AML-CFT: Issuers must comply with all Federal AML-CFT Laws as well as all other laws, regulation, rules and guidelines in respect of AML/CFT applicable to their business or operations in any jurisdiction at all times. Effective AML-CFT controls and systems must be in place for efficient risk management, as well as the AML-CFT policies and procedures.
- Marketing: Issuers must comply at all times with Administrative Order No. [01] of 2022: Relating to Regulation of Marketing, Advertising and Promotions Related to Virtual Assets and Administrative Order No. [02] of 2022: Pursuant to Issued Administrative Order No. [01] of 2022: Relating to Regulation of Marketing, Advertising and Promotions Related to Virtual Assets, as may be amended or superseded from time to time [the Marketing Regulations].
- Personal data protection: Issuers must comply with such data protection and privacy requirements within the UAE as the PDPL and any sectoral or free zones laws and regulations respectively.
- Tax reporting: Issuers must comply with the tax reporting obligations, including those established under the Foreign Account Tax Compliance Act [FATCA] where applicable.
- Books and records: Issuers must keep and preserve adequate books and records relating to all VA that they issue and, as a minimum, all necessary information to demonstrate compliance with the VARA VA Issuance Rulebook.
Exemptions under VARA
No legal entity must carry out any VA-related activity in the Emirate unless it is authorized and licensed by VARA for the VA activity. VARA has established the notion of an Exempt Entity, which covers duly registered practising lawyers, accountants, and/or other professionally licensed business consultants that carry out any VA Activity in a manner that is wholly incidental to their professional practice.
Exempt Entities do not require a license provided that they are authorized by a competent professional body to operate in the Emirate and maintain professional indemnity insurance. This is known as the Professional Exemption.
VARA has the sole discretion in deciding whether an entity can be considered an Exempt Entity. Such entities must notify VARA and obtain confirmation of their Exempt Entity status, as well as a no-objection confirmation from VARA, before commencing any activity.
In order to define whether your company might be considered an Exempt Entity under VARA, we highly recommend contacting a professional. LegalBison is an experienced team of lawyers well-versed in the complexities and subtleties of the VARA regulation, having a long history of assisting crypto projects with full compliance and licensing.
- VA Activities
- Category 1 & 2 VA issuances
- Whitepaper
- Compliance
- Prohibitions and exemptions
What is possible with the VARA license
VARA has implemented rulebooks for such activities as advisory services, broker-dealer services, custody services, exchange services, lending and borrowing services, VA management and investment services, VA transfer and settlement services, and VA issuance services.
For each activity associated with virtual assets, a corresponding rulebook provides a list of obligatory requirements. It is noteworthy that not all types of services require a VARA license in order to operate legally in Dubai.
For more information and a prior consultation on the requirements to your particular business model according to VARA, we recommend contacting our legal team.
Issuing assets under VARA
There are 2 main categories of VA issuance under VARA:
- Category 1 VA issuances that require a VARA Licence;
- Category 2 VA issuances that require VARA approval prior to issuance.
Category 1 VA issuances deal with the issuance of fiat-referenced virtual assets (FRVAs), which maintain a stable value in relation to the value of one or more fiat currencies, but do not have legal tender status in any jurisdiction. The prior requirement for this category is securing a VARA license. All other issuances that are not associated with FRVAs fall into the 2nd category, which requires approval from VARA (though not in the form of a license) in order to operate in a legally compliant manner.
Whitepaper for VA issuers
Prior to offering or selling a VA, it is important that both categories provide VARA with a list of required information in the form of a Whitepaper. The components of the Whitepaper include but are not limited to:
- A detailed description of the Issuer and an overview of the main Entities involved in the design, development, offering or Marketing of the Virtual Asset, including whether any individual has been convicted of any offence of dishonesty, fraud, financial crime or an offence under laws relating to companies, banking, insolvency, money laundering and insider dealing;
- A detailed description of the VA to be issued by the company;
- A detailed description of the rights and obligations attached to the VA issued;
- A detailed description of the VA issuance structure;
- Information on all underlying technology including, but not limited to, which DLTs the VA is compatible with, all relevant DLT-related standards used in its creation and all information required by holders in respect of the custody and transfer of such Virtual Assets;
- Detailed descriptions of any fees or charges associated with the VA;
- The estimated VA price (if applicable);
- A statement on the environmental and climate-related impact of the VA.
Issuers of the VA must ensure at all times that the information presented in the Whitepaper is relevant and true to life. It is possible to make any necessary changes to the Whitepaper or update the information it contains but only on the condition that holders of VAs are notified of any updates prior to any changes taking effect, except that, prior notification shall not be required where an Issuer needs to implement any update in response to a security or other threat or which is in the best interests of maintaining the integrity of the VA.
Compliance obligations of VA issuers under VARA
According to the VA issuance services rulebook, all VA issuers under VARA, whether applying for a license or not, must comply with the set of obligations related to risk management, testing and audit, AML-CFT policies, marketing regulations, personal data protection, and tax reporting.
- Risk assessment and controls: VA issues must ensure that they implement necessary systems for risk management, including cybersecurity risks, with such factors as the nature, scale, and complexity of the risks associated with the VA. They must implement an adequate risk assessment framework that comply with the international standards and industry best practices.
- Testing and audit: Issuers must assign an expert third-party auditor to conduct comprehensive audits of the effectiveness, enforceability and robustness of all smart contracts used for the purposes of the VA, as well as vulnerability assessments and penetration testing.
- AML-CFT: Issuers must comply with all Federal AML-CFT Laws as well as all other laws, regulation, rules and guidelines in respect of AML/CFT applicable to their business or operations in any jurisdiction at all times. Effective AML-CFT controls and systems must be in place for efficient risk management, as well as the AML-CFT policies and procedures.
- Marketing: Issuers must comply at all times with Administrative Order No. [01] of 2022: Relating to Regulation of Marketing, Advertising and Promotions Related to Virtual Assets and Administrative Order No. [02] of 2022: Pursuant to Issued Administrative Order No. [01] of 2022: Relating to Regulation of Marketing, Advertising and Promotions Related to Virtual Assets, as may be amended or superseded from time to time [the Marketing Regulations].
- Personal data protection: Issuers must comply with such data protection and privacy requirements within the UAE as the PDPL and any sectoral or free zones laws and regulations respectively.
- Tax reporting: Issuers must comply with the tax reporting obligations, including those established under the Foreign Account Tax Compliance Act [FATCA] where applicable.
- Books and records: Issuers must keep and preserve adequate books and records relating to all VA that they issue and, as a minimum, all necessary information to demonstrate compliance with the VARA VA Issuance Rulebook.
Exemptions under VARA
No legal entity must carry out any VA-related activity in the Emirate unless it is authorized and licensed by VARA for the VA activity. VARA has established the notion of an Exempt Entity, which covers duly registered practising lawyers, accountants, and/or other professionally licensed business consultants that carry out any VA Activity in a manner that is wholly incidental to their professional practice.
Exempt Entities do not require a license provided that they are authorized by a competent professional body to operate in the Emirate and maintain professional indemnity insurance. This is known as the Professional Exemption.
VARA has the sole discretion in deciding whether an entity can be considered an Exempt Entity. Such entities must notify VARA and obtain confirmation of their Exempt Entity status, as well as a no-objection confirmation from VARA, before commencing any activity.
In order to define whether your company might be considered an Exempt Entity under VARA, we highly recommend contacting a professional. LegalBison is an experienced team of lawyers well-versed in the complexities and subtleties of the VARA regulation, having a long history of assisting crypto projects with full compliance and licensing.
FAQ about the VARA license and regulation
Firstly, you must define whether your project is subject to licensing under VARA, needs sole approval instead of a license, or is considered an Exempt Entity. To do this properly, contact LegalBison for a profound legal analysis of your project. You can find detailed information on the VARA licensing process and requirements on our dedicated page.
There are three stages of a fee required for licensing under VARA: the license application fee, the license extension fee, and the annual supervision fee (for each regulated activity).
While there are established fees for every type of VA activity, some companies tend to combine several business models under the same umbrella, which, consequently, affects the VARA license cost.
In order to calculate the fee for your particular project properly, contact LegalBison for a free primary consultation.
The Dubai Virtual Assets Regulatory Authority (VARA), established in 2022 under the Law on Regulating Virtual Assets in the Emirate of Dubai, is the sole regulatory authority for all cryptocurrency activities in the Emirate.
Get in touch with our VARA lawyers
Before issuing virtual assets and offering other services with VAs in Dubai, authorization from VARA is required. Benefit from a free consultation with a dedicated LegalBison expert. Receive assistance with licensing under VARA.
Leave a request now for more information and a personalized consultation.
Legal experts in designing solutions for crypto licensing worldwide.
Corporate finance specialist and expert about FinTech regulations worldwide.
