On February 7, Dubai’s new crypto-asset regulatory agency released a landmark set of guidelines that the United Arab Emirates (UAE) financial hub hopes will bolster its goals to become a leader in crypto-asset innovation.
The Virtual Asset Regulatory Authority (VARA) was established late last year as the world’s first cryptocurrency-specific regulatory agency, and a comprehensive set of guidelines it published will define Dubai’s framework for virtual assets and virtual asset service providers (VASPs). Through more than a dozen regulatory ordinances published last week, VARA has put in place guardrails that seek to protect investors and ensure proper conduct in crypto markets while promoting innovation.
The regulations issued by VARA set out key principles related to the issuance of virtual assets, licensing requirements for VASPs, and requirements related to compliance with anti-money laundering and terrorist financing (AML/CFT), consumer protection, and market conduct rules.
The AML/CFT measures that VARA requires of VASPs are aligned with the standards set by the Financial Action Task Force (FATF). In addition to conducting customer due diligence and monitoring suspicious transactions, VARA-supervised VASPs must adhere to the Travel Rules. They must also demonstrate how they intend to manage the risks associated with non-hosted wallets – or transactions with private wallets that are not hosted in another VASP.
The compliance guidance also states that VASPs must be able to monitor blockchain information for risk indicators related to their clients’ transactions, and should assess the effectiveness of available blockchain analytics solutions to ensure they can engage in effective monitoring activities.
The regulations also govern how VASPs can market and advertise to their clients, and must also have compliance arrangements in place to prevent abuses such as insider trading, illegal disclosures and market manipulation. These measures are in line with similar regulatory proposals from the UK and the EU, which aim to make crypto markets safer for investors.
The VARA rules of market conduct also state that VASPs may not trade on their own account, and must segregate client assets from their proprietary assets – a measure that seeks to prevent the misappropriation of client funds that is alleged to have occurred on the FTX exchange prior to its collapsed in November. The requirements also include specifying cyber security measures and custody rules for virtual assets that VASPs hold on behalf of their clients – designed to ensure that client assets are not compromised by inadequate custody arrangements.
In addition to these general requirements, VARA also set detailed guidelines for certain specific types of activities, such as exchange, custody, brokerage and lending. For example, specific guidelines for exchanges indicate that exchanges will need to share information with VARA to enable market surveillance and must also be able to ensure the continuity of their trading systems.
Among the more contentious measures in the regulations is a ban on VASPs that offer trading in anonymity-enhanced cryptocurrencies (AECs), or so-called “privacy coins” such as Monero and Zcash, which have privacy built in. The move puts VARA alongside other regulators, such as the Japan Financial Services Agency (JFSA), which have banned crypto exchanges and other service providers from conducting activities involving privacy coins.
However, some regulators – such as the New York Department of Financial Services (NYDFS) – have allowed VASPs to offer limited services in privacy coins such as Zcash, where VASPs can apply blockchain analytics capabilities to track unsecured transactions in those coins.
VARA’s new cryptocurrency guidelines are one of the world’s most comprehensive and forward-looking regulatory frameworks globally – offering similarity to the comprehensive regulatory measures outlined in the EU Markets in Crypto-assets (MiCA), as well as positioning Dubai as a leader in crypto-asset regulation alongside a nearby global market Abu Dhabi.
The new VARA measures will require VASPs to make significant compliance investments to meet the extensive requirements, but the breadth and clarity of the measures introduced by VARA may also serve to give the industry confidence that it intends to offer a home for safe and well-regulated crypto services.
At Elliptic, we are experienced in enabling VASPs to navigate and successfully address compliance challenges from new regulatory regimes such as VARA. Contact us for a call with our experts to discuss how we can help your business meet VARA expectations – especially those related to the use of blockchain analytics to track transactions.
In the meantime, you can also read our UAE country guide to learn more about local cryptocurrency regulatory requirements.
The SEC’s move against Kraken has industry concerns as the agency continues to prioritize enforcement
On February 9, the U.S. Securities and Exchange Commission (SEC) settled with crypto exchange Kraken over a crypto investment program it offered — a move that raised concerns throughout the crypto industry that the U.S. regulator is stepping up its already intense application efforts.
In a press release, it said Kraken agreed to pay $30 million to settle SEC allegations that its investment-as-a-service program was unregistered securities because it involved taking over and pooling clients’ assets for extremely high values. returns.
As part of the settlement, Kraken agreed to no longer offer similar services to US investors. In announcing the settlement, SEC Chairman Gary Gensler said that: “Today’s action should make clear to the market that share-as-a-service providers must register and provide full, fair and truthful disclosure and investor protection.”
While the SEC’s findings are case-specific and don’t mean other exchanges are barred from offering staking services, others in the industry — like Coinbase CEO Brian Armstrong — are concerned that the action could be the start of an effort to keep staking products. offered to small investors.
The settlement follows other SEC actions taken since the start of the year aimed at cracking down on unregistered high-yield products that the regulator claims are securities. These include charges brought by the regulator against Gemini and Genesis related to their Earn program, and a $45 million settlement the SEC reached with crypto exchange Nexo.
Earlier this week, on February 7, the SEC’s Division of Examinations announced its priorities for the coming year and noted that it will prioritize assessments of whether registered broker-dealers are taking appropriate steps to comply with crypto-asset products. All signs point to a continued aggressive stance by the SEC, which previous Elliptic research found led U.S. regulators in handing down billions of dollars in enforcement fines.
US and UK sanctions target Russian cybercriminals
For the first time, the US and the UK have taken joint sanctions action against Russian cybercriminals. On February 9, the United States Office of Foreign Assets Control (OFAC) and the United Kingdom’s Office of Foreign Sanctions Enforcement (OFSI) issued sanctions against seven members of the Trickbot cybercriminal gang in Russia who have been involved in major ransomware attacks such as Conti and Ryuk ransomware campaigns.
The action targeting ransomware networks is the latest in a series of OFAC sanctions targeting the ransomware ecosystem, but it was the first for OFSI, which issued new guidance explaining the implications of paying ransomware for sanctions compliance.
While neither OFAC nor OFSI included any crypto addresses on their sanctions lists belonging to named individuals, our team at Elliptic did some quick research and identified 53 crypto addresses belonging to six sanctioned individuals. Elliptic’s clients can use our wallet and transaction verification solutions to identify prohibited activities and ensure their compliance with OFAC and OFSI sanctions requirements.
Kazakhstan’s financial hub launches crypto consultancy
The Astana Financial Services Authority (AFSA) has launched a consultation on a proposed crypto regulatory framework for the capital of Kazakhstan. AFSA, which is the independent regulator of the Astana International Financial Center, seeks to strengthen local regulatory standards for cryptocurrencies with the aim of providing greater clarity that can attract investment while mitigating perceived risks.
The proposed framework would expand the current AFSA framework, which is limited to the regulation of exchange platforms, to cover a wider range of crypto service providers and strengthen compliance requirements, for example mandating the implementation of the Travel Rule and adherence to standards to prevent market manipulation. Consultations last until February 25.
British regulators are warning the industry about advertising violations
The UK’s Financial Conduct Authority (FCA) has issued a stern warning to crypto companies about the consequences of breaching financial advertising requirements. On February 6, it released a statement stating that it will seek to implement planned policy changes related to how crypto firms can promote their offerings to the public.
The FCA’s statement follows a policy statement issued by the UK government on 1 February on financial promotions. The government has taken the view that crypto firms registered with the FCA will be allowed to promote their products and services without having to obtain third-party approval for their ads.
The position represents a change in approach for the UK government, which previously indicated that registered firms would need third-party approval. Under the revised approach, only unregistered crypto firms – including overseas crypto companies – will need to obtain third-party approval for their ads.
The FCA has made it clear that it will not take a light approach to enforcing the rules. The announcement stated that anyone engaged in advertising crypto products and services who violates any of the upcoming rules may be sentenced to up to two years in prison.
South Korea Introduces Guidelines for Security Tokens
On February 6, the Financial Services Commission of South Korea (FSC) issued guidelines clarifying the rules for the treatment of security tokens. The updated rules will set disclosure requirements to be provided to investors by issuers of security tokens – or the digital assets that represent the investment.
Sanctions Regulation Global