The VARA Market Conduct Rulebook establishes binding behavioral, disclosure, and governance standards for Virtual Asset Service Providers (VASPs) licensed in Dubai. These rules operate alongside the full regulatory stack (Company Rulebook, Compliance & Risk, Technology & Information, and activity-specific rulebooks). For financial practitioners, this rulebook is the operational backbone governing how crypto-related services must be marketed, contracted, disclosed, and supervised in the Emirate.
Original source: VARA_EN_190_VER20250519
1. Marketing, Advertising and Promotions
Core Requirement
VASPs must comply with the separate Marketing Regulations at all times.
Practical Impact for Financial Firms
- Marketing messages must be fair, balanced, non-misleading, and clearly identify risks.
- Promotions cannot create unrealistic expectations of returns or imply regulatory guarantees.
- All client-facing communications (websites, banners, KOL promotions, social media, paid placements) fall under scrutiny.
2. Client Agreements – Mandatory Contractual Framework
Mandatory Written Agreements
VASPs must enter a written contract with each client before delivering any VA service. The contract must reflect fairness, transparency, accuracy, and adherence to consumer protection laws.
Key Requirements for Agreements
Contracts must include:
- Legal identities and contact details
- Group structure disclosure
- Full service description
- Communication channels
- Fees breakdown
- Governing law
- Identification of third-party service providers
- Disclosure when assets move out of the VASP’s control (e.g., custodians, liquidity venues)
- A statement that Client Money and Client VAs have no deposit protection
- Clarification that clients retain ownership over their assets unless explicitly agreed otherwise
Special Provisions
Client agreements must address—
- supported virtual assets
- treatment of forks, airdrops, or discontinued assets
- how the VASP mitigates operational loss risks, especially in custody models
Importance for Financial Institutions
This section resembles MiFID-style client agreement standards, ensuring full transparency and mitigating litigation/complaint risks.
3. Complaints Handling
Timelines
VASPs must:
- acknowledge complaints within 1 week
- resolve within 4 weeks, extendable to 8 weeks only under exceptional documented circumstances
Requirements
- Provide a template and multiple channels for complaints
- No fees for complaint submission
- Maintain detailed records of all complaints and resolutions
- Manage disputes involving third-party providers while retaining responsibility
Operational Implication
VASPs must implement a formal complaint-handling unit, apply root-cause analysis, and embed remediation procedures similar to conventional financial institutions.
4. Investor Classification
VARA divides investors into Retail, Qualified, and Institutional, with strict criteria governing access to services.
Retail Investors
Default category – lowest risk tolerance, highest regulatory protection.
Qualified Investors
Must have both knowledge and financial capacity, e.g.:
- Individuals:
- AED 3.5 million net assets (excluding primary residence; only 50% of VA value counts), or
- AED 700,000+ annual income
- Legal entities: same AED 3.5 million requirement + knowledgeable directors
Institutional Investors
Includes:
- regulated financial institutions
- VASPs
- governments, central banks
- multilateral agencies with relevant VA expertise
Why This Matters
This classification governs product eligibility, suitability obligations, and risk disclosure standards, mirroring global financial regulatory frameworks.
5. Public Disclosures
VASPs must publish on their website:
- Licence number
- All authorised VA activities and restrictions
- Responsible Individuals
- Comprehensive risk disclosure statements detailing volatility, irreversibility of transfers, lack of liquidity, privacy limitations, susceptibility to fraud/hacks, and lack of legal protections
Impact
This parallels securities regulators’ disclosure regimes. Failing to maintain updated information exposes firms to enforcement risk.
6. Market Transparency
Insider Lists
VASPs must maintain robust Insider Lists capturing:
- All persons/entities with access to Inside Information
- Reason for inclusion
- Access timestamps
- Update timestamps
- Written acknowledgments of obligations and sanctions
Retention requirement: 8 years.
Board & Staff Monitoring
- Firms must set policies governing staff trading, prohibited assets, off-limits shareholdings, and external directorships.
- Prior approval required for personal trading or external directorships.
- Semi-annual reporting of all personal VA positions and related investments.
Implications
These rules replicate traditional financial-market insider-trading and conflict-of-interest frameworks, adapted for virtual assets.
7. Trading on Own Account – Strict Prohibition
General Rule
VASPs cannot actively invest their own or their Group’s VA portfolios.
Permitted Activities
Only transactions required for
- treasury management
- net liquid asset maintenance
are allowed, with complete records preserved for 8 years.
VARA independently determines if activity constitutes proprietary trading based on frequency, volume, asset type, duration, and profitability.
Operational Impact
This rule aims to prevent:
- conflicts of interest between VASPs and clients
- VASPs acting like proprietary trading desks
- market manipulation risks
8. VA Standards – Due Diligence and Continuous Monitoring
VASPs must establish and publish standards for evaluating virtual assets they list, trade, or otherwise support. These standards must include criteria such as:
- market cap, FDV, liquidity trends
- design, use cases, and technical architecture
- AML/CFT compliance risks
- regulatory treatment domestically & internationally
- susceptibility to manipulation
- issuer credibility and history
- enforceability of rights
- asset-backing sufficiency (if applicable)
- correlation to physical markets (if applicable)
Ongoing Duty
- Continuous monitoring of assets
- 8-year record retention
- Capability to suspend VA activities for assets failing standards
- Immediate notification to VARA when an asset no longer meets standards
