Overview of AML Obligations of VASPs under VARA Regulations

Overview of AML Obligations of VASPs under VARA Regulations

The Virtual Assets and Related Activities Regulations 2023 recognises the Federal AML/CFT Laws (Federal Decree-Law No. [20] of 2018 on Anti Money Laundering, Combating the Financing of Terrorism and Financing of Illegal Organisations, and its implementing Cabinet Decision No. [10] of 2019; and Federal Law No. [7] of 2014 on Combating Terrorism Offences).

Part VI of the Regulations contains AML/CFT obligations that VASPs must follow, in line with the Federal AML/CFT laws, Rulebooks and the FATF Recommendations in relation to virtual asset activities.

VARA: VASP’s AML Supervisory Authority

For Federal AML/CFT Laws, the Dubai Virtual Asset Law (Law No. [4] of 2022 Regulating Virtual Assets in the Emirate of Dubai), Virtual Asset Regulatory Authority (VARA) is –

  1. Designated as an AML Supervisory Authority for all Virtual Assets Service Providers (VASPs) operating in and Virtual Assets (VA) activities carried out in or from the Emirates of Dubai,
  2. Responsible for issuing regulations in relation to combating money laundering in Dubai concerning VA activities,
  3. Having powers to supervise the Dubai-based VASP’s compliance with Federal AML/CFT Laws.

In addition, VARA is also responsible for reporting any suspicious conduct to the relevant authorities functioning under the directives of Federal AML-CFT Laws.

Overview of AML/CFT obligations of VASPs

VASPs must fulfil AML/CFT-related compliance obligations prescribed under the Federal AML/CFT laws, Compliance and Risk Management Rulebook issued by VARA, and FATF Recommendations about virtual assets.

The essential AML/CFT obligations imposed upon VASPs under VARA’s Compliance and Risk Management Rulebook are as follows:

Part III of Compliance and Risk Management Rulebook

A. Appointment of MLRO

Appointing a Fit and Proper Person with 2+ years of experience handling AML/CFT compliance as the Money Laundering Reporting Officer (MLRO).

B. Policies and Procedures

Developing and implementing policies and procedures aligned with Federal AML/CFT laws, FATF standards, guidance, and recommendations for VASPs and virtual assets activities, EOCN Guidance on Counter Proliferation Financing.

C. AML/CFT Controls

Implement adequate controls to adequately address the money laundering, terrorism financing, and proliferation financing risks associated with virtual assets activities.

D. Risk Assessment

Performing ML/FT Business Risk Assessments to identify and assess the risk exposure arising from virtual asset activities and deploying the necessary resources to mitigate the identified risk.

E. Customer Due Diligence

Applying adequate CDD measures for all the customers, adopting a risk-based approach, which includes identifying and verifying the customer’s and ultimate beneficial owners’ identity, assessing the risk associated with each customer and performing ongoing CDD.

F. Suspicious Transaction Monitoring & Reporting

Monitoring the business relationships and the virtual asset transactions to identify the red flags and reporting the same to FIU through the goAML Portal.

G. FATF Travel Rule

Acquiring originator and beneficiary details concerning specified virtual asset transactions (exceeding AED 3,500) and exchanging the information with the corresponding VASP.

H. Record Keeping

Maintaining the AML records for a minimum period of eight [8] years.