United Arab Emirates -- Sanctions Compliance Regulatory Overview

In the UAE, Virtual Asset Service Providers (VASPs) must comply with international sanctions regimes including OFAC, EU, and UN lists, alongside UAE-specific AML/CFT laws under Federal Decree No. 20 of 2018, with enforcement by regulators like the Virtual Assets Regulatory Authority (VARA) in Dubai. [4][6][8] VASPs are required to screen customers, transactions, wallets, and blockchain addresses against these lists as part of mandatory KYC, transaction monitoring, and suspicious activity reporting to the UAE Financial Intelligence Unit (FIU).[6][8]

OFAC, EU, and UN Sanctions Compliance for VASPs

UAE VASPs must align with global standards, screening against OFAC's Specially Designated Nationals (SDN) List (including 50% ownership rule), UN sanctions lists, EU sanctions (e.g., under MiCA/Regulation (EU) 2023/1113 and AMLD5/6AMLD), and UK HMT lists to block prohibited transactions and entities.[5][6][7][8] This includes counterparty screening for Travel Rule compliance (FATF R.15/16, applicable from ~USD 1,000 or no threshold per jurisdiction), with UAE adopting FATF-aligned rules since 2018.[2][6][8] VARA mandates on-chain monitoring, wallet screening, and goAML STR reporting.[8]

Sanctioned Entity Screening Obligations

VASPs must conduct real-time screening of all virtual asset transactions, customers, and investors against UAE and international lists (OFAC, UN, EU, UK), including due diligence to detect fabricated documents or unlicensed VASP use.[4][6][8] Controls involve advanced tech for intercepting high-risk patterns, PEP screening, and reporting suspicious activity to the FIU.[4][8]

Geographic Restrictions

UAE VASPs face secondary sanctions risks from dealings with OFAC-prohibited jurisdictions (e.g., Iran, Syria, Cuba, Sudan, North Korea) or entities facilitating evasion, as seen in global cases like ShapeShift's $12.57M penalties for unscreened sanctioned jurisdiction traffic.[3][7] No UAE-specific geographic bans are detailed beyond international alignment, but unlicensed VASP transactions are targeted.[4]

Penalties for Violations

Violations trigger fines, business restrictions, license revocation, or forced closure; operating without VARA licensing exposes firms to these, plus OFAC civil/criminal penalties for SDN dealings.[3][7][8] UAE AML/CFT breaches under Federal Decree No. 20/2018 escalate with FATF non-compliance risks.[4][6]

Country-Specific Sanctions Lists for Crypto

UAE lacks a standalone crypto sanctions list but mandates screening against consolidated UAE lists plus international ones (OFAC SDN, UN, EU, UK-HMT); VARA enforces this for Dubai-licensed VASPs.[6][8] FATF Recommendations 5-7 support asset-freezing for sanctions.[5]

Key Legal References (UAE-focused; international via alignment):

• Federal Decree No. 20/2018 (AML/CFT): https://www.centralbank.ae/media/g5bgxlz5/joint-guidance-on-combating-the-use-of-unlicensed-virtual-asset-providers-in-the-uae-en.pdf [4]
• VARA Licensing Rules (AML/CFT/Sanctions): https://www.securevisanow.com/vara-license-dubai [8]
• UAE Central Bank Joint Guidance: Same URL as [4]
• OFAC SDN (UAE-applicable): https://ofac.treasury.gov/faqs/topic/1626 [7]

Note: Regulations evolve rapidly (e.g., post-2025 escalations); consult official UAE regulators like VARA or Central Bank for latest.[1][6]