21.8 C
New York

Key Points of the “VARA Company Rulebook” (Updated May 2025) – Mandatory for VASPs

ComplianceUAE ComplianceGCCUAEUAE RegulatorVARA

Published:

Reading time: 5 min.

The Dubai Virtual Assets Regulatory Authority (VARA) governs the licensing and ongoing supervision of Virtual Asset Service Providers (VASPs).
The Company Rulebook forms part of the regulatory obligations VASPs must meet in addition to activity-specific rulebooks, market conduct requirements, and technology/information frameworks. For financial professionals—including compliance officers, institutional investors, due-diligence teams, corporate finance advisers, auditors, and risk managers—the Rulebook provides critical criteria shaping governance, prudential soundness, operational resilience, management accountability and transparency for all VARA-licensed entities. The VARA Company Rulebook sets a high bar for governance, operational resilience, and prudential strength, aligning Dubai’s virtual asset regulatory environment with global financial standards.

Original source: VARA_EN_36_VER20250519

1. Corporate Structure and Governance Framework

1.1 Transparent Legal Structure

VASPs must maintain a clear, traceable ownership chain, disclosing all controlling entities, UBOs, and the rationale behind any complex arrangements (e.g., DAOs, trusts, nominees).
VARA reserves approval rights over any material changes, ensuring regulatory visibility over influence and control.

1.2 Board Composition & Responsibilities

Boards must consist of Fit and Proper Persons, formally assessed at onboarding and annually.
Boards are responsible for:

  • Strategic oversight and setting organisational policy
  • Ensuring regulatory compliance across all operations
  • Establishing clear reporting lines and internal controls
  • Overseeing delegated authority and managing conflicts
  • Annual performance and governance evaluations

Boards must maintain clear documentation, strong compliance culture, and continuous risk awareness aligned to the global VA market.

1.3 Senior Management & Responsible Individuals

Key officers must:

  • Demonstrate sector competence and relevant leadership experience
  • Act under Board oversight and execute daily operations in line with regulatory obligations
  • Include at least two Responsible Individuals, full-time UAE-based, approved by VARA
  • Maintain transparent information flow to the Board and regulators

1.4 Company Secretary

An independent Company Secretary (internal or outsourced) manages:

  • Board meetings, minutes, and documentation
  • Ensuring board compliance with procedures
  • Managing information flows between Board and management
  • Supporting disclosure and governance processes

2. Fit and Proper Requirements

2.1 Assessment Criteria

VARA assesses individuals based on:

  • Qualifications relevant to the role
  • Industry & management experience (global VA sector preferred but not mandatory)
  • Financial soundness (no current bankruptcy, judgments, etc.)
  • Integrity and reputation (criminal, regulatory, civil, or employment history considered)
  • Understanding of the regulatory environment

2.2 Ongoing Obligations

VASPs must continually reassess fitness and properness.
VARA may impose sanctions including suspension, removal, fines, or license revocation if individuals no longer meet standards.

3. Corporate Governance Requirements

3.1 Competence & Training

VASPs must ensure staff, management, and Board members are suitably qualified, resourced, and provided ongoing training.

3.2 Segregation of Duties

Critical functions—operations, custody, dealing, compliance, audit—must be properly separated to avoid conflicts, errors, and misconduct.

3.3 Conflict-of-Interest Framework

VASPs need clear policies, registers, remediation measures, information barriers, and disclosure requirements when conflicts arise.

3.4 Transaction Governance

  • Related-party transactions above 5% of share capital require Board pre-approval and VARA notification.
  • Comprehensive record-keeping, fairness assessment, and transparency to shareholders and VARA are mandatory.

3.5 Information Disclosure

VASPs must maintain a robust disclosure regime, including public disclosures on their website in line with VARA and market conduct rules.

4. Outsourcing – Operational Risk & Third-Party Management

Outsourcing is heavily regulated due to risks around data, confidentiality, continuity, and regulatory oversight.

4.1 Scope

Covers nearly all outsourced functions except:

  • Statutory services (e.g., audits)
  • Utility, office, or minor services
  • Non-core systems without regulatory impact

4.2 Key Financial-Sector Expectations

  • Risk-based assessments prior to contracting
  • Due diligence on service providers (financial, operational, reputation, regulatory status)
  • Annual reassessment of all outsourced services
  • Specific contractual clauses for data, confidentiality, termination rights, audit rights, sub-outsourcing controls
  • Material outsourcing requires VARA pre-notification and regulatory approval

4.3 Cross-Border Outsourcing

VASPs must consider:

  • Jurisdictional risk
  • Data protection constraints
  • Regulatory access and auditability
  • Client disclosures regarding offshore processing

5. ESG Expectations (Environmental, Social, Governance)

VARA outlines three levels of ESG disclosure:

  1. Voluntary
  2. Compliance-driven
  3. Mandatory (in specific cases)

VASPs engaged in VA mining or data-intensive operations face heightened obligations relating to:

  • Energy usage reporting
  • Environmental impact transparency
  • Infrastructure sustainability

These requirements reflect VARA’s alignment with global sustainable finance trends and investor expectations.

6. Capital & Prudential Requirements

For financial practitioners, this section is critical for assessing solvency and liquidity of Dubai-licensed VASPs.

6.1 Paid-Up Capital

Minimum capital levels vary by VA Activity category and must be maintained on a continuous basis.

6.2 Net Liquid Assets (NLA)

VASPs must:

  • Maintain sufficient liquid assets to cover operational expenses
  • Monitor NLA levels daily
  • Notify VARA of any shortfall

6.3 Insurance

Depending on the activity, VASPs may need:

  • Professional indemnity insurance
  • Crime insurance
  • Cyber and IT security coverage
  • Custody/asset protection insurance (for custodial VASPs)

6.4 Reserve Assets

VASPs dealing with client assets must hold appropriate reserve assets aligned to their VA activities and risk profile.

7. Insolvency & Wind-Down Planning

Financial practitioners should note VARA’s requirements for:

7.1 Wind-Down Plans

VASPs must maintain documented strategies for:

  • Orderly exit from the market
  • Client asset protection
  • Continuity of essential services
  • Communication to clients and regulators

7.2 Insolvency Obligations

VASPs must:

  • Notify VARA at earliest sign of insolvency
  • Cooperate with appointed administrators
  • Ensure segregation and protection of client assets throughout insolvency events

8. Material Change to Business or Control

Material changes require prior VARA approval, including:

  • Cessation or suspension of business operations
  • Change of ownership or control
  • Group restructurings, M&A activity
  • Shifts in governance models (e.g., introducing DAO-connected components)

VARA reserves the right to impose conditions, request enhanced due diligence, or block changes.

What This Means for Financial Practitioners

1. For Investors and Due-Diligence Professionals

  • VARA-licensed VASPs operate under heavy transparency and control standards.
  • Governance failures, outsourcing weaknesses, or capital deficiencies will trigger regulatory intervention quickly.
  • Related-party transactions and complex structures are subject to strict oversight, lowering governance risk.

2. For Compliance, Legal, and Risk Officers

  • Companies must embed bank-grade controls, especially in segregation of duties, data governance, outsourcing, and conflict management.
  • Continuous Fit-and-Proper evaluation and documented governance processes are mandatory.
  • Cross-border data/operations require additional legal and risk assessments.

3. For Corporate Finance & M&A Advisers

  • Any restructuring, acquisition, or change of control involves mandatory VARA approvals, affecting deal timelines.
  • Buyers must evaluate compliance with governance, outsourcing, and prudential obligations before acquiring a VASP.

4. For Auditors and Assurance Providers

  • VARA requires enhanced audit rights and expects auditors to evaluate complex outsourcing, ESG compliance, and control frameworks.
  • Material outsourcing creates mandatory review and documentation obligations.

Dr. Nick
Dr. Nick

Related articles

spot_img

Recent articles

spot_img
Premium Content

© Newspaper WordPress Theme by TagDiv