LogoRegulatory Alerts
2025-12-16

The United Arab Emirates’ Virtual Assets Travel Rule

The United Arab Emirates mandates that Virtual Asset Service Providers collect and verify specific originator and beneficiary data for all qualifying virtual asset transfers to combat financial crime. The regulation requires enhanced due diligence for transactions involving unhosted wallets, prohibits the execution of privacy token transfers, and imposes strict record-keeping and reporting obligations on both service providers and intermediary providers. Additionally, it establishes risk-based procedures for handling missing information and allows for reduced data requirements in specific domestic transfer scenarios.

Central Bank of UAE logo

United Arab Emirates

Central Bank of UAE

Click to view thumbnail

The United Arab Emirates’ Virtual Assets Travel Rule Application The following provisions shall apply with respect to Virtual Asset Service Providers within the territorial scope of the UAE Federal and Emirate Laws, any Free Zone and any Financial Free Zone. Risk Based Approach (Section on Risk Assessment, Enhanced Due Diligence measures) Article no. (1):

  1. This Article applies in relation to any Virtual Asset Transfer which is: a. Executed by a Virtual Asset Service Provider acting on behalf of the Originator and in which a Virtual Asset is transferred to a Virtual Asset Service Provider acting on behalf of the Beneficiary; or b. Received by a Virtual Asset Service Provider acting on behalf of the Beneficiary and in which a Virtual Asset is Received from a Virtual Asset Service Provider acting on behalf of the Originator. Transaction fees (also known as ‘gas fees’) are excluded from the scope of this Article.

  2. Subject to paragraphs 6 to 8 and 11 of this Article, a Virtual Asset Service Provider must not Execute a Virtual Asset Transfer unless it collects, verifies and provides the following data immediately and securely to accompany the Virtual Asset Transfer: Information accompanying all qualifying Virtual Asset Transfers should always contain: a. the full name of the Originator and the Beneficiary; b. the Wallet or Account number of the Originator and the Beneficiary, and in the absence of such Wallet or Account number for either the Originator or the Beneficiary the Virtual Asset Transfer must include a unique reference number that allows the traceability of the transaction from the Originator to the Beneficiary; c. the Originator’s address, national identity number or travel document number, customer identification number, date and place of birth.

  3. Where several Virtual Asset Transfers are Executed on behalf of a single Originator for receipt by one or more Beneficiaries, and are batched into a single transfer before being sent to the Virtual Asset Service Provider of the Beneficiaries, the transfer must include the information set out in paragraph 2 above for each Virtual Asset Transfer.

  4. The Originator’s Virtual Asset Service Provider must, before executing a Virtual Asset Transfer to another Virtual Asset Service Provider, ensure that the Virtual Asset Service Provider is appropriately regulated in accordance with applicable law in the jurisdiction in which it is incorporated and located, and must not Execute a Virtual Asset Transfer to a Virtual Asset Service Provider which is not appropriately regulated either in the UAE or outside the UAE.

  5. A Virtual Asset Service Provider which Executes a Virtual Asset Transfer to another Virtual Asset Service Provider must ensure that the information referred to in paragraph 2 of this Article which accompanies the Virtual Asset Transfer has been verified by the Originator’s Virtual Asset Service Provider.

  6. In the case of domestic Virtual Asset Transfers and where the verified data referred to in paragraph 5, is available to the Beneficiary’s Virtual Asset Service Provider by other means: a. the Originator’s Virtual Asset Service Provider is only required to include the Wallet or Account number or the unique reference number of the Virtual Asset Transfer, provided that this number allows the tracing of transactions to the Originator and the Beneficiary; and b. for such a Virtual Asset Transfer, the Beneficiary’s Virtual Asset Service Provider or Supervisory Authority may request the full set of data in paragraph 2(a), (b) and (c), in which case the Originator’s Virtual Asset Service Provider must provide such data within three (3) working days of receiving the request from the Beneficiary’s Virtual Asset Service Provider or the concerned Supervisory Authority.

  7. The Originator’s Virtual Asset Service Provider (VASP A) must have risk-based policies and procedures to identify circumstances where the Beneficiary’s Virtual Asset Service Provider (VASP B) is unable to receive any of the information listed in paragraph 2 sent by VASP A.

  8. Where VASP A identifies circumstances where VASP B is unable to receive any information as set out in paragraph 7, VASP A must use best efforts to establish, as soon as reasonably practicable, alternative communication with VASP B which enables VASP B to receive the information listed in paragraph 2. If VASP A is unable to establish such communication, then VASP A must consider whether to decline the execution of any further Virtual Asset Transfer to VASP B, having regard to: a. if it is subject to the Decision, the risk assessments carried out by VASP A which must be appropriate and proportionate to the level of risks posed from the relevant relationship and transaction, as stipulated under Article 5 of the Decision; and b. its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the Virtual Asset Transfer. In assessing the level of risk, VASP A must take account of factors including: a. the purpose and nature of the relationship with the customer; b. the value of the Virtual Asset Transfer and any other Virtual Asset Transfer which appears to be linked; c. the frequency of Virtual Asset Transfers initiated or Received by the customer; and d. the reputation and regulated status of VASP B, and the adequacy of the financial crime laws applicable in the jurisdiction from which VASP B operates. VASP A must take into account its communications, if any, with VASP B when conducting and reviewing its risk assessment of VASP B pursuant to Article 5 of the Decision.

  9. Virtual Asset Service Providers which Receive a Virtual Asset Transfer on behalf of a Beneficiary must take reasonable measures to identify Virtual Asset Transfers that lack the required Originator information or required Beneficiary information, which may include real-time monitoring where feasible or post-event monitoring.

  10. For Virtual Asset Transfers of daily aggregated amounts of AED 3,500 or more for both occasional transactions or customers, and for customers with whom a Virtual Asset Service Provider has an ongoing business relationship, a Virtual Asset Service Provider which Receives a Virtual Asset Transfer on behalf of a Beneficiary must verify the identity of the Beneficiary in accordance with Section 3 of the Decision, if the identity has not been previously verified.

  11. If a Virtual Asset Transfer is for a value of less than the daily aggregated amounts of AED 3,500 for both occasional transactions or customers, and for customers with whom a Virtual Asset Service Provider has an ongoing business relationship, Virtual Asset Service Providers must comply with paragraph 2 of this Article but without the need to verify the validity of the referred data, unless the Virtual Asset Service Providers has suspicions concerning the commission of a crime.

  12. Virtual Asset Service Providers which Receive Virtual Asset Transfers on behalf of Beneficiaries must, to address the possibility of receiving a Virtual Asset Transfer which lacks the required Originator or Beneficiary information, have risk-based policies and procedures determining when to: a. reject (if technically possible) the Virtual Asset Transfer; b. permit Execution of the Virtual Asset Transfer; c. delay Execution of onward transfer of the Virtual Asset; d. return the Virtual Asset to the Virtual Asset Service Provider from which it was Received; e. as appropriate report to a Supervisory Authority; f. as appropriate take follow-up action (including following the Supervisory Authority’s response to any report made by the Virtual Asset Service Provider).

  13. Where the Virtual Asset Service Provider of a Beneficiary becomes aware that any required Originator or Beneficiary information is missing, the Virtual Asset Service Provider must: a. request that the Virtual Asset Service Provider from which it Received the Virtual Asset Transfer provide the missing information; and b. consider whether: i. to delay making the Virtual Asset available to the Beneficiary until the information is received; and ii. if the information is not received within a reasonable time, to return the Virtual Asset to the Virtual Asset Service Provider from which the Virtual Asset was Received.

  14. In deciding what action to take for the purposes of paragraphs 12 and 13, the Virtual Asset Service Provider must have regard to: a. if it is subject to the Decision, the risk assessments carried out by the Virtual Asset Service Provider under Article 5 of the Decision; and b. its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the Virtual Asset Transfer. In assessing the level of risk, the Virtual Asset Service Provider must take account of factors including: a. the purpose and nature of the business relationship with the Beneficiary; and b. the value and frequency of the Virtual Asset Transfer and any other Virtual Asset Transfer which appears to be linked.

  15. The Virtual Asset Service Provider of the Beneficiary must report to its Supervisory Authority any systemic failure by a Virtual Asset Service Provider of the Originator to provide any required Originator information as well as any steps the Virtual Asset Service Provider of the Beneficiary has taken in respect of such failures.

  16. Virtual Asset Service Providers must keep all the collected information about the Originator and the Beneficiary, in accordance with the provisions of Article No. (25) of the Decision. Article no. (2)

  17. This Article applies in relation to any Virtual Asset Transfer in which a Virtual Asset is Received or transferred by an Intermediary Provider. Transaction fees (also known as ‘gas fees’) are excluded from the scope of this Article.

  18. An Intermediary Provider must confirm and verify the regulatory status of both the Originator’s and Beneficiary’s VASPs before facilitating a transfer, and must maintain a log of all Virtual Asset Transfers, including attempts that were rejected due to non-compliance.

  19. An Intermediary Provider must ensure that all Originator and Beneficiary information that accompanies a Virtual Asset Transfer is retained by it in accordance with the provisions of Article No. (25) of the Decision.

  20. An Intermediary Provider must transfer all Originator and Beneficiary information received by it from the Originator’s Virtual Asset Service Provider (whether or not regulated as a Virtual Asset Service Provider in the UAE) to the Beneficiary’s Virtual Asset Service Provider (whether or not regulated as a Virtual Asset Service Provider in the UAE) or to another Intermediary Provider.

  21. Where technical limitations prevent the required Originator or Beneficiary information accompanying a Virtual Asset Transfer Received by an Intermediary Provider from remaining with a corresponding Virtual Asset Transfer Executed by that Intermediary Provider, the Intermediary Provider must keep a record of all the information received from the Originator’s Virtual Asset Service Provider or another Intermediary Provider, in accordance with the provisions of Article (25) of the Decision.

  22. Intermediary Providers must take reasonable measures, which are consistent with straight-through processing1 , to identify Virtual Asset Transfers that lack required Originator information or required Beneficiary information. Where an Intermediary Provider becomes aware that any required Originator or Beneficiary information is missing, the Intermediary Provider must: a. request that the Virtual Asset Service Provider or Intermediary Provider from which it Received the Virtual Asset Transfer provide the missing information; and b. consider whether: i. to delay the onward transfer of the Virtual Asset until the information is received; and 1 Straight-through processing describes the processing of payment transactions without manual / human intervention.

ii. if the information is not received within a reasonable time, to return the Virtual Asset to the Virtual Asset Service Provider or Intermediary Provider from which the Virtual Asset was Received. 7. An Intermediary Provider must have regard to: a. if it is subject to the Decision, the risk assessments carried out by the Intermediary Provider under Article 5 of the Decision; and b. its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the Virtual Asset Transfer. In assessing the level of risk, the Intermediary Provider must take account of factors including: a. the purpose and nature of the business relationship with the Originator’s Virtual Asset Service Provider, if any; and b. the value of the Virtual Asset Transfer and any other Virtual Asset Transfer which appears to be linked. 8. An Intermediary Provider must report to its Supervisory Authority any systemic failure by a Virtual Asset Service Provider (whether or not regulated as a Virtual Asset Service Provider in the UAE) or by another Intermediary Provider to provide any required Originator or Beneficiary information as well as any steps the Intermediary Provider has taken in respect of such failures. Article no. (3)

  1. This Article applies to any Virtual Asset Transfer which is: a. Executed by a Virtual Asset Service Provider acting on behalf of the Originator and in which a Virtual Asset is transferred to an Unhosted Wallet; or b. Received by a Virtual Asset Service Provider acting on behalf of the Beneficiary and in which a Virtual Asset is transferred from an Unhosted Wallet. Transaction fees (also known as ‘gas fees’) are excluded from the scope of this Article.

  2. A Virtual Asset Service Provider must perform enhanced due diligence on a customer before sending or receiving a Virtual Asset Transfer to or from an Unhosted Wallet on behalf of that customer, including by requesting additional identification documentation and source of funds verification from that customer.

  3. Virtual Asset Service Providers which Receive Virtual Asset Transfers on behalf of Beneficiaries from an Unhosted Wallet must, to address the possibility of receiving a Virtual Asset Transfer which lacks the required Originator or Beneficiary information, have risk-based policies and procedures determining when to: a. reject (if technically possible) the Virtual Asset Transfer; b. permit execution of the Virtual Asset Transfer; c. delay (if technically possible) execution of onward transfer of the Virtual Asset; d. return the Virtual Asset to the Unhosted Wallet from which it was Received; e. as appropriate report to its Supervisory Authority; f. as appropriate take follow-up action (including following the Supervisory Authority’s response to any report made by the Virtual Asset Service Provider).

  4. Where the Virtual Asset Service Provider of a Beneficiary Receives a Virtual Asset Transfer on behalf of a Beneficiary from an Unhosted Wallet and becomes aware that any required Originator or Beneficiary information is missing, the Virtual Asset Service Provider must: a. take reasonable steps to obtain the missing information from the Beneficiary; and b. consider whether: i. to delay (if technically possible) the execution of the Virtual Asset until the information is received; or ii. to return the Virtual Asset to the Unhosted Wallet from which the Virtual Asset was Received.

  5. If a Virtual Asset Service Provider is instructed by the Originator to Execute a Virtual Asset Transfer to an Unhosted Wallet, the Virtual Asset Service Provider must: a. request from the Originator such information specified in Article 1(2) as it does not already hold; and b. in the event that the Virtual Asset Service Provider does not receive the information requested it must decline to Execute the Virtual Asset Transfer.

  6. In deciding what action to take for the purposes of paragraphs (3) – (5), the Virtual Asset Service Provider must have regard to: a. if it is subject to the Decision, the risk assessments carried out by the Virtual Asset Service Provider which must be appropriate and proportionate to the level of risks posed from the relevant business relationship and transaction, as stipulated under Article 5 of the Decision; and b. its assessment of the level of risk of money laundering, terrorist financing and proliferation financing arising from the Virtual Asset Transfer. In assessing the level of risk, the Virtual Asset Service Provider must take account of factors including: a. the purpose and nature of the business relationship with the customer, if any; b. the value of the Virtual Asset Transfer and any other Virtual Asset Transfer which appears to be linked; and c. the frequency of Virtual Asset Transfers initiated or Received by the customer.

  7. The Virtual Asset Service Provider must hold any information collected pursuant to paragraphs (2) and (6) above in accordance with Article 1(16). Article no. (4)

  8. The Virtual Asset Service Provider must: a. Take into account all information from both the Originator and Beneficiary sides of the Virtual Asset Transfer in order to determine whether a suspicious activity or suspicious transaction report is to be filed in accordance with the Decision; and b. If it is decided, in accordance with the Decision, to file a suspicious activity or suspicious transaction report regarding the Virtual Asset Transfer, the STR/SAR must be sent to the UAE Financial Intelligence Unit, attaching all relevant transaction information.

Article no. (5) No UAE Virtual Asset Service Provider shall Execute a Virtual Asset Transfer of a Privacy Token due to their potential use in obscuring transaction details, thereby increasing the risk of money laundering, terrorist financing and proliferation financing. For the avoidance of doubt, this prohibition shall not prevent a Person from performing Virtual Asset activities for which it is licensed or regulated by a Supervisory Authority. Article no. (6) The Supervisory Authorities may provide joint guidance on interpretation of this document. Definitions: Account means a proprietary record maintained by a Virtual Asset Service Provider of an entitlement or interest that a customer has to or in a Virtual Asset. Beneficiary: means a Person who is the intended recipient of a Virtual Asset Transfer. Decision means Cabinet Decision No. 134/2025 on the Implementing Regulation of Federal Decree-Law No. 10/2025 on Combating Money Laundering, Counter-Terrorism Financing, and Countering the Financing of the Proliferation of Weapons. Distributed Ledger Technology: means a class of technologies that supports the distributed recording of encrypted data across a network and which is a type of decentralized database of which there are multiple identical copies distributed among multiple participants and accessible across different sites and locations, and which are updated in a synchronized manner by consensus of the participants, without involving a central authority or intermediary using a system other than the network or another distributed ledger. Execute a Virtual Asset Transfer means to effect or make available, or materially contribute to effecting or making available, a Virtual Asset Transfer. Execution has a corresponding meaning. Financial Free Zone: means any free zone subject to the provisions of Federal Law No (8) of 2004, regarding Financial Free Zones, as may be amended or substituted from time to time. Intermediary Provider means a Virtual Asset Service Provider which Receives and Executes Virtual Asset Transfers on behalf of one or more Virtual Asset Service Providers. Originator: means a Person who performs a Virtual Asset Transfer of a Virtual Asset for which it is the holder, or instructs a Virtual Asset Service Provider to perform such Virtual Asset Transfer on its behalf (by having the Virtual Asset Service Provider initiate, facilitate, effect or direct such transfer). Person means any natural or juridical person.

Privacy Token: means a Virtual Asset which, by design, disguises or otherwise obfuscates, or purports to hide or obfuscate, details of its Token holder or transaction history which would otherwise be visible to third parties through the Distributed Ledger Technology on which the Virtual Asset is hosted. Receive a Virtual Asset means to receive the Virtual Asset (or an interest in it) for the benefit of a customer (i) as recorded to an Account or (ii) to a Wallet operated, held, maintained or controlled by the Virtual Asset Service Provider for the purposes of a service it provides to the customer. STR means a suspicious transaction report, as defined in the Decision. Unhosted Wallet means a Wallet or address, including a 'smart contract’ or similar decentralised technology2 , which is operated, held, maintained or engaged with by a Originator or Beneficiary without the provision of any service to the Originator or Beneficiary by another third party, except the provision of the technology (including provision of updates to the technology, and support to address any technical issues with the technology) to a Originator or Beneficiary which enables them to safeguard or safeguard and administer their own Virtual Assets or the cryptographic keys for such Virtual Assets or the Wallet in which they are held, or to transfer such Virtual Assets on their own behalf. Virtual Asset means a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. “Virtual Asset” does not include: • any digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the UAE’s legislative framework; or • virtual assets which (a) is unique and not fungible with any other Virtual Assets (b) relate to an identified physical or digital asset; and (c) are used to prove the ownership of, entitlement to or provenance of such asset. Virtual Asset Service Provider means any natural or legal person who as a business conducts one or more of the following activities or operations for or on behalf of another Person (each, a Virtual Asset Service): • exchanges between a Virtual Asset and a fiat currency; • exchanges of one Virtual Asset for another; • participation in and provision of financial services related to an issuer’s offer and/or sale of a Virtual Asset; • safekeeping and/or administration of Virtual Asset or instruments enabling control over virtual assets; and • Virtual Asset Transfers. Virtual Asset Transfer means an act initiated by the Originator or Beneficiary or on either of their behalves of transferring a Virtual Asset(s) or an interest in a Virtual Asset(s), whether or not such transfer is performed using Distributed Ledger Technology and irrespective of any underlying obligations between the Originator and the Beneficiary. Wallet means a Distributed Ledger Technology address or account to which a Virtual Asset is attributed from time to time and in relation to which a Virtual Asset Transfer is performed. 2 Firms must consider how customer information can be incorporated into smart contracts and ensure the necessary data is shared securely and accurately when executing transactions.

Share