The Riffle
The UAE has strengthened its anti-money laundering and counter-terrorist financing framework for Virtual Asset Service Providers (VASPs) through the implementation of the Travel Rule. The regime requires VASPs to collect, verify, and transmit detailed originator and beneficiary information for virtual asset transfers, bringing virtual asset activity firmly within the scope of regulated financial crime controls.
The Travel Rule applies across all UAE jurisdictions—including free zones and financial free zones—and places clear operational, technical, and governance obligations on originator VASPs, beneficiary VASPs, and intermediary providers. The framework reflects the UAE’s continued alignment with FATF standards while signalling a stricter supervisory stance on anonymity, unhosted wallets, and privacy-enhancing technologies.
Key Findings | Core Regulatory Requirements
1. Universal Applicability
The Travel Rule applies to all VASPs operating within:
UAE federal and emirate-level jurisdictions
UAE free zones
Financial free zones (subject to Federal Law No. 8 of 2004)
There are no carve-outs based on licensing location or business model.
2. Mandatory Information Collection and Transmission
VASPs must not execute virtual asset transfers unless specific information is collected, verified, and transmitted securely to the counterparty VASP.
Required information includes:
Originator: Full name, wallet/account number (or unique reference), plus one official identifier (address, ID number, travel document number, customer ID, or date/place of birth).
Beneficiary: Full name and wallet/account number (or traceable unique reference).
Transaction or “gas” fees are explicitly excluded from scope.
3. Verification Thresholds
Transfers of AED 3,500 or more: Beneficiary identity verification is mandatory if not already completed.
Transfers below AED 3,500: Verification is not required unless there is suspicion of financial crime.
This introduces tiered compliance obligations based on transaction value.
4. Role-Based Obligations
Originator VASPs must verify that counterparty VASPs are properly regulated and must not transact with unregulated entities.
Beneficiary VASPs must monitor for missing data, request corrective information, and consider delaying or rejecting transfers where gaps persist.
Intermediary providers must preserve data integrity, verify both VASPs in the transfer chain, and maintain comprehensive transaction logs.
Systemic failures must be reported to supervisory authorities.
5. Heightened Controls for Unhosted Wallets
Transfers involving unhosted wallets are treated as higher-risk and trigger:
Enhanced due diligence (EDD)
Source of funds verification
Mandatory refusal of outbound transfers if required data is not provided
Inbound transfers with missing information require reasonable efforts to obtain the data from the beneficiary.
6. Prohibition of Privacy Tokens
VASPs are prohibited from executing transfers involving privacy tokens designed to obscure ownership or transaction history, reflecting heightened concerns around money laundering and proliferation financing risks.
What Next | What Firms Should Be Doing Now
VASPs should move beyond policy-level compliance and focus on operational readiness. Key actions include:
Mapping transaction flows to identify Travel Rule data capture points
Reviewing counterparty VASP onboarding and regulatory verification processes
Enhancing systems to support secure data transmission and logging
Strengthening controls around unhosted wallet interactions
Training compliance, operations, and technology teams on escalation and reporting requirements
Firms should also conduct gap assessments to ensure alignment between technical infrastructure, compliance policies, and real-time transaction monitoring.
Conclusion:
The UAE Travel Rule marks a decisive shift in how virtual asset activity is regulated, placing transparency, accountability, and traceability at the core of VASP operations. Compliance is no longer optional or theoretical—it is embedded in transaction execution itself. VASPs that proactively adapt their systems, governance frameworks, and risk controls will be better positioned to operate sustainably within the UAE’s evolving regulatory landscape.
