Dubai's VARA requires crypto businesses to use data-driven risk models and update their risk assessments every three months.

CoinFeed reported on June 16th that, according to Bitcoin.com, the Dubai Virtual Asset Regulatory Authority (VARA) has issued new guidelines requiring crypto companies to use quantitative business data to build real-time risk scoring models, replacing static tracking. The new regulations require crypto companies to update their risk assessments at least every three months, or immediately upon significant changes to their operational structure or product lines. Companies must promptly incorporate risks from Financial Action Task Force (FATF) high-risk and blacklisted countries into their assessment systems, distinguishing between risks related to proliferation financing and targeted financial sanctions, and not conflating them with general anti-money laundering measures. VARA emphasizes that companies must formally document and explain the risks posed by emerging tools such as AI-driven operations and enhanced anonymity transactions, and demonstrate to regulators that assessment results directly influence resource allocation and daily compliance implementation.