Trust Graphic

🛎New: Built-in Access to the TRUST Network

X
21 Analytics logo
Request a Demo
UAE flag and regulation clipboard on grey background

Dubai’s Travel Rule: What VASPs Need to Know

20 May, 2026

Dubai has adopted the Financial Action Task Force’s Recommendation 16 (Travel Rule) along with additional regulations and guidelines of its own.


TL;DR

  • Dubai has implemented the FATF Travel Rule alongside additional VARA-specific requirements for VASPs.
  • The rules apply to transfers between VASPs, including certain self-hosted wallet transactions.
  • VASPs must conduct counterparty due diligence and ensure counterparties are properly regulated.
  • Required originator and beneficiary information must be collected and transmitted for virtual asset transfers.
  • Verification is mandatory for transfers above AED 3,500 and where suspicious activity is identified.
  • VASPs must monitor transactions, report suspicious activity, and comply with UAE AML/CFT obligations.
  • Transfers involving privacy tokens are prohibited under Dubai’s Travel Rule framework.
  • Enhanced due diligence is required for self-hosted wallet transactions.
  • Failure to comply may result in supervisory or enforcement action by VARA.


Understanding the Regulatory Obligations for Virtual Asset Service Providers

Scope of the Travel Rule in Dubai

Under Law No. (4) of 2022 Regulating Virtual Assets in the Emirate of Dubai, the Travel Rule applies to all virtual asset transfers where a virtual asset service provider (VASP) acts on behalf of an originator and transfers virtual assets to a VASP acting on behalf of a beneficiary; or when virtual assets are received by a VASP acting on behalf of a beneficiary from a VASP acting on behalf of an originator.

Additionally it includes self-hosted wallets within its scope if at least one regulated entity is involved in the transaction. 

Key obligations include:

  • Conducting due diligence on counterparties before executing transactions.
  • Ensuring counterparties are appropriately regulated.
  • Implementing internal controls, policies, and procedures aligned with VARA rulebooks.
  • Monitoring transactions and reporting suspicious activity to the relevant authorities.
  • Maintaining records for a minimum of 8 years.
  • Ensuring client asset segregation on a 1:1 basis.
  • Prohibiting transfers involving privacy tokens of the Travel Rule in Dubai.

Download the Dubai Travel Rule Overview

Download Now


Compliance Obligations for VASPs

All VASPs are required to: 

  • review the Travel Rule in full and assess its impact on virtual asset transfer-related controls; 
  • update policies, procedures, systems, and controls governing virtual asset transfers, counterparty due diligence, exception handling, and recordkeeping; 
  • ensure alignment between Travel Rule obligations and applicable VARA Rulebooks; and
  • provide appropriate training to relevant staff on Travel Rule requirements. VARA may assess implementation through supervision engagements, inspections, and thematic reviews. 

In line with implementation and supervision expectations, VASPs are expected to implement all necessary updates without delay, proportionate to the nature, scale, and risk profile of their virtual asset transfer activities.

Where deficiencies or implementation challenges are identified, VASPs should take timely remedial action and engage proactively with VARA where appropriate. 

Failure to comply with the Travel Rule may result in supervision or enforcement action in accordance with VARA’s regulatory mandates and applicable UAE law. 

All VASPs should take into account the information from both the originator and beneficiary sides of a transfer when assessing whether a suspicious transaction or activity report is required.

Where the applicable legal threshold is met, reports must be submitted to the UAE Financial Intelligence Unit in accordance with applicable AML/CFT requirements.

VASPs must not execute virtual asset transfers involving privacy tokens, due to their inherent obfuscation features and associated financial crime risks. This prohibition applies specifically to the execution of virtual asset transfers and does not affect other licensed activities that do not involve such execution.

VASPs are to also maintain customer records for a minimum of 8 years. Ensure that clients’ virtual assets are separated from their virtual assets and hold clients’ virtual assets on a 1-to-1 basis.


Required Travel Rule Data

VASPs must obtain and transmit Travel Rule data for all transactions. Verification is required where suspicious activity is identified and is mandatory for transfers at or above AED 3,500.

  • originator’s full name; 
  • originator’s account number or wallet address
  • originator’s address;
  • beneficiary’s full name;
  • beneficiary’s  account number or wallet address

In the instance of domestic transfers, where verified originator and beneficiary data is already available to the beneficiary VASP by other means, less data can be transmitted alongside the transaction. However, if requested, the full dataset must be made available within 3 working days. 


Self-Hosted Wallets 

Regarding self-hosted wallet transactions, VASPs must apply enhanced due diligence (EDD) processes. Which includes collecting additional customer identification as well as a source of funds verification. 

In the event that the required information cannot be provided or risks cannot be mitigated the transaction must be declined, delayed, or assets are to be returned. This plan of attack must be in line with the VASPs risk-based policies and procedures.


In Conclusion

Dubai’s Travel Rule framework establishes a comprehensive and enforceable compliance regime, embedding strict requirements for data exchange, risk management, and operational controls.

By combining FATF-aligned obligations with VARA’s detailed rulebooks, the Emirate ensures that VASPs operate within a secure, transparent, and globally interoperable environment, reinforcing its position as a leading international hub for virtual assets.


21 Analytics and Dubai’s Travel Rule

21 Analytics helps VASPs meet Dubai Travel Rule requirements by addressing key compliance challenges around interoperability, usability, privacy, and security.

Through connectivity to both TRUST, which includes the world’s largest exchanges, and open-network alternatives such as TRP, 21 Analytics enables broader interoperability and more reliable communication with counterparties across different Travel Rule ecosystems.

The solution also supports compliance with VARA’s enhanced due diligence and data governance expectations by allowing VASPs to retain control over how sensitive Travel Rule data is stored and processed through on-premises infrastructure.

By prioritising peer-to-peer data exchange rather than centralised data sharing, 21 Travel Rule reduces exposure risks, helps minimise single points of failure, and supports stronger cybersecurity, auditability, and governance controls aligned with Dubai’s regulatory framework.

Become Travel Rule Compliant with 21 Analytics

Request a Demo


Further Reading 

Law No. (4) of 2022 Regulating Virtual Assets in the Emirate of Dubai

VARA’s Rulebooks

Dubai’s Travel Rule Summary

Info Circle Outlined Icon

Disclaimer

This material is provided for educational and informational purposes only and is not intended to be a substitute for professional advice or detailed research.

Written by:
About Nicole
Nicole Giani
Content & Social Media Manager
LinkedIn
With an Honours in English Linguistics, Nicole started her career as an educator before transitioning to education management and curriculum development.  Thereafter, she moved to crypto writing - uniting her passion for education with crypto to educate the ecosystem on the Travel Rule.
Copy
Copy

Related Posts

South Africa Travel Rule Blog Image
06/05/2025

South Africa’s Travel Rule: What VASPs Need to Know

Read More
Turkish flag and regulation clipboard on grey background
11/02/2026

Türkiye’s Travel Rule: What CASPs Need to Know

Read More
Portuguese flag and regulation clipboard on grey background
06/01/2026

Portugal’s Travel Rule: What CASPs Need to Know

Read More
21 Analytics offers Software Solutions for Virtual Asset Service Providers.
Compliance Center      Privacy Policy      Press
Poststrasse 22, Zug, Switzerland     |     info@21analytics.co
X
Trust Graphic

New: TRUST Network

Transact with Coinbase, Kraken, Gemini and others.

Learn More