How to Get VARA License

To operate as a Virtual Asset Service Provider (VASP) in Dubai, entities must obtain a license from the Virtual Assets Regulatory Authority (VARA). VARA oversees virtual asset activities within Dubai, excluding the Dubai International Financial Centre (DIFC).

Licensing Process:

The licensing procedure is divided into two main stages:

Stage 1: Initial Approval

  1. Submission of Initial Disclosure Questionnaire (IDQ): Applicants must submit the IDQ to the Department of Economy and Tourism (DET) or the relevant Free Zone Authority (FZA).

Applicants must submit the IDQ to either:

  • The Department of Economy and Tourism (DET) if applying as a mainland entity.
  • The relevant Free Zone Authority (FZA) if establishing the entity within a free zone such as Dubai Multi Commodities Centre (DMCC) or Dubai Silicon Oasis (DSO).

The IDQ typically includes:

  1. Business Overview:
    1. Summary of the company’s core activities, business model, and target market.
    2. Description of the virtual asset services to be offered (e.g., brokerage, exchange, custody).
  2. Company Structure & Ownership:
    1. Details of shareholders, beneficial owners, and corporate structure.
    2. Organizational chart showing key personnel and their roles.
  3. Compliance and Risk Management Framework:
    1. Explanation of how the firm will comply with VARA’s regulations.
    2. Overview of AML (Anti-Money Laundering) and CFT (Counter-Terrorism Financing) policies.
  4. Financial Projections and Capitalization:
    1. Estimated capital reserves and proof of financial backing.
    2. Sources of initial funding and ongoing revenue models.
  5. Key Management Team and Experience:
    1. Profiles of directors, executives, and compliance officers.
    2. Demonstration of relevant financial, technology, or blockchain expertise.
  6. Technology and Cybersecurity Infrastructure:
    1. Details on the IT architecture, data security protocols, and storage of private keys (for custodial services).
    2. Cybersecurity risk management strategies.
  7. Proposed Business Location:
    1. Indication of whether the entity will be based in a free zone or mainland Dubai.
    2. Details of office premises and operational setup.

Processing Time & Next Steps:

  1. Once submitted, VARA reviews the IDQ and determines whether the applicant can proceed to the next stage.
  2. If approved, the applicant receives Initial Approval and can proceed with company incorporation and licensing steps.
  3. Provision of Additional Documentation: This includes a comprehensive business plan and detailed information about beneficial owners and senior management.
  4. Payment of Initial Fees: Typically, 50% of the total license application fee is required at this stage. (Approx 50% 27K USD)
  5. Receipt of Initial Approval: Upon approval, the entity can proceed with legal incorporation and operational setup, such as securing office space and hiring staff.

Stage 2: VASP License Application

1. Preparation and Submission of Documentation

A. Legal & Corporate Documents

  1. Certificate of Incorporation – If the company is already established.
  2. Memorandum & Articles of Association (MOA/AOA) – Governing the company’s structure and operational rules.
  3. Board Resolutions – Approving the application for a VASP license and designating responsible persons.
  4. Ultimate Beneficial Ownership (UBO) Declaration – Identifying individuals who own or control the business.

B. Financial Documents

  1. Capital Proof & Financial Statements
  • Proof of available capital to cover at least 2 times the monthly operating expenses as required by VARA.
  • Recent audited financial statements (if applicable for existing entities).
  • Bank statements confirming the company’s financial health.
  1. Business Plan & Financial Projections
  • A detailed financial plan covering at least 3–5 years.
  • Revenue models and sources of funding.
  • Operating expenses, expected profitability, and growth strategies.

C. Compliance & AML Documentation

  1. AML/CFT Policies & Procedures
  • Detailed Anti-Money Laundering (AML) and Counter-Terrorism Financing (CFT) procedures.
  • Customer due diligence (CDD) and enhanced due diligence (EDD) frameworks.
  • Reporting mechanisms for suspicious transactions.
  • Record-keeping and compliance monitoring policies.
  1. Know Your Customer (KYC) & Risk-Based Approach (RBA) Policies
  • A comprehensive KYC framework for onboarding clients.
  • Procedures for identifying high-risk individuals (e.g., politically exposed persons – PEPs).
  • Compliance monitoring mechanisms.
  1. Risk Management Framework
  • Identification and mitigation strategies for operational, financial, and cybersecurity risks.
  • Incident response plans for security breaches or fraud attempts.
  1. Sanctions Screening & Transaction Monitoring
  • Procedures to ensure compliance with international sanctions lists (e.g., OFAC, FATF, UN).
  • Ongoing transaction monitoring tools and alerts.

D. Technology & Cybersecurity Documentation

  1. IT & Data Security Framework
  • Security policies for data encryption, firewall protection, and access control.
  • Cloud infrastructure details (AWS, Azure, or local data centers).
  • Security audit results (e.g., penetration testing reports).
  1. Incident Response & Disaster Recovery Plan
  • Procedures for handling cyberattacks, system failures, or data breaches.
  • Recovery time objectives (RTO) and redundancy measures.
  1. Smart Contract & Custody Solutions
  • Security audits of smart contracts if blockchain technology is used.
  • Cold & hot wallet custody arrangements and key management procedures.

E. Senior Management & Key Personnel

  1. Fit & Proper Test Documents
  • Proof that key executives have relevant experience in financial services, blockchain, or cybersecurity.
  • Professional qualifications or certifications.
  1. CVs and Employment History
  • Detailed resumes of board members, compliance officers, and senior management.
  1. Police Clearance Certificates & Background Checks
  • Proof that key personnel have no criminal history related to financial crimes.

F. Governance & Operational Documents

  1. Corporate Governance Structure
  • Defined responsibilities for directors, committees, and compliance teams.
  1. Policies on Market Integrity & Consumer Protection
  • Customer protection measures, dispute resolution mechanisms, and investor education policies.
  1. Engagement with VARA: This may involve providing additional information, attending meetings, or participating in interviews as requested by VARA.
  2. Payment of Remaining Fees: The balance of the license application fee and the first year’s supervision fee are due at this stage.
  3. Issuance of VASP License: Once all requirements are met, VARA will issue the VASP license, which may include specific operational conditions

For full-time assistance with obtaining a VARA crypto license, feel free to contact us.