Dubai’s Virtual Assets Regulatory Authority (VARA) has issued new anti-money laundering guidance that requires licensed crypto firms to integrate Financial Action Task Force (FATF) high-risk and increased-monitoring jurisdictions into their compliance processes in real time.
The updated framework mandates that virtual asset service providers (VASPs) move beyond static compliance checklists and maintain risk assessments that reflect current business activity, including customer profiles, transaction types, and geographic exposure. Risk assessments must be reviewed at least every three months or sooner upon changes in products, services, or ownership.
VARA also expects firms to distinguish between money laundering, terrorist financing, and proliferation financing risks, and to account for emerging threats from AI, anonymity-enhancing transactions, and crowdfunding. Senior management and board members must understand the firm’s residual risk rating.
With over 100 VASPs licensed across UAE regulators, Dubai, a major crypto hub, now imposes higher operational obligations. The guidance aligns with FATF standards but goes further, requiring automated screening, wallet-address analysis, and distributed ledger analytics. This comes as UAE authorities have levied over $100 million in AML penalties on financial institutions since early 2025, signaling a stricter enforcement environment.
