March 22, 2026
Methodology About Contact
DUBAI TOKENISATION
The Vanderbilt Terminal for Dubai Tokenization Ecosystem
INDEPENDENT GLOBAL INTELLIGENCE FOR DUBAI TOKENISATION
VARA Licensed VASPs: 21 ▲ +3 YTD | Enforcement Actions: 36 ▲ +2 in 2026 | VARA Rulebook Version: v2.0 ▲ May 2025 | Licensed Activities: 7 Categories ▲ Full Market | VARA Applications Pending: 147 ▲ +12 | AML/CFT Circulars: 41 ▲ +4 in 2026 | Free Zone Partners: DWTCA + DET ▲ Active | Unlicensed Firms Listed: 36+ ▲ Growing | VARA Licensed VASPs: 21 ▲ +3 YTD | Enforcement Actions: 36 ▲ +2 in 2026 | VARA Rulebook Version: v2.0 ▲ May 2025 | Licensed Activities: 7 Categories ▲ Full Market | VARA Applications Pending: 147 ▲ +12 | AML/CFT Circulars: 41 ▲ +4 in 2026 | Free Zone Partners: DWTCA + DET ▲ Active | Unlicensed Firms Listed: 36+ ▲ Growing |
Institution

EOCN Sanctions Screening for VASPs — Registration and Compliance Brief

Analysis of mandatory EOCN system registration for VARA-licensed VASPs and targeted financial sanctions compliance.

Summary

EOCN Sanctions Screening for VASPs — Registration and Compliance Brief represents a significant development in Dubai’s virtual asset regulatory landscape. This brief examines the regulatory implications for VARA-licensed VASPs and the broader virtual asset ecosystem operating under the Virtual Assets and Related Activities Regulations 2023.

Regulatory Context

The Virtual Assets Regulatory Authority (VARA) — the world’s first independent regulator for virtual assets — oversees all virtual asset activities in the Emirate of Dubai, excluding the Dubai International Financial Centre (DIFC). Since its establishment, VARA has published 41 circulars, announcements, and regulatory notices, each adding to the compliance framework that licensed VASPs must navigate.

This regulatory development emerged within a period of intensive regulatory activity. Throughout 2023-2026, VARA has progressively strengthened its framework through the initial Regulations 2023, the Version 2.0 rulebooks (May 2025), and continuous circular publication addressing AML/CFT requirements, FATF high-risk jurisdiction measures, Travel Rule implementation, and operational standards.

Detailed Analysis

The regulatory measure under examination reflects VARA’s systematic approach to building a comprehensive virtual asset regulatory framework. Each circular and announcement adds specificity to the foundational Regulations, creating an increasingly detailed obligation set for licensed entities.

Impact on Licensed Entities

Licensed VASPs — including Binance Dubai, OKX Middle East, BitOasis, Crypto.com Dubai, and other approved entities — must assess the new requirements against their existing compliance programmes and implement any necessary changes.

The compliance assessment process involves reviewing current policies and procedures against the regulatory requirements, identifying gaps, developing remediation plans, implementing changes, training staff, and documenting the compliance update for regulatory review.

Operational Considerations

From an operational perspective, this development requires attention to several areas:

Policy and Procedure Updates: Compliance documentation must be reviewed and updated to incorporate the new requirements. This includes updating compliance manuals, operational procedures, and training materials.

Technology Systems: Where the regulatory development affects monitoring, screening, or reporting systems, technology updates must be planned, implemented, and tested to ensure compliance.

Governance Reporting: Material regulatory developments should be reported to governance bodies, including the board of directors or relevant committees, ensuring senior management awareness and oversight.

Staff Training: All relevant staff must be trained on the new requirements, with training records maintained as evidence of compliance readiness.

Supervisory Expectations

VARA’s supervisory function will incorporate the new requirements into its ongoing oversight of licensed entities. The authority’s enforcement record — covering 36+ entities — demonstrates that compliance expectations carry real consequences. The MORPHEUS/FUZE case in August 2025 specifically cited compliance programme failures, establishing that VARA assesses the quality of compliance implementation, not merely the existence of compliance policies.

International Context

This development aligns with broader international trends in virtual asset regulation. Comparable frameworks are being developed and refined by regulators in Abu Dhabi (ADGM FSRA), Singapore (MAS), Hong Kong (SFC/HKMA), and the European Union (MiCA). The convergence of regulatory standards across major jurisdictions reflects the influence of FATF recommendations and G20 policy coordination on national regulatory approaches.

For VASPs operating across multiple jurisdictions, understanding the relationship between VARA’s requirements and comparable requirements in other jurisdictions supports efficient multi-jurisdictional compliance. See our comparisons section for detailed analysis.

Enforcement and Compliance Risks

Non-compliance with VARA’s regulatory requirements carries enforcement risk. VARA’s enforcement toolkit includes supervisory warnings, cease-and-desist orders, financial penalties, licensing measures, and the appointment of skilled persons.

The enforcement record through early 2026 demonstrates active and escalating enforcement activity:

  • 5 enforcement actions in 2024
  • 30+ enforcement actions in 2025
  • Continued enforcement in 2026 (VESTA PRIME PORTAL)

For the complete enforcement timeline, see our enforcement actions dashboard.

Recommendations

  1. Obtain and review the full regulatory instrument from VARA’s official channels
  2. Conduct a compliance gap analysis against current programmes
  3. Develop and implement remediation plans for identified gaps
  4. Update staff training to reflect new requirements
  5. Document compliance updates for regulatory review
  6. Monitor for subsequent circulars or guidance that may further clarify requirements

Further Reading

For federal-level regulatory intelligence, visit UAE Tokenization Regulations. For real-world asset regulatory analysis, see UAE Tokenized RWA.

EOCN Sanctions Framework for VASPs

The November 2025 VARA circular on Executive Office for Control and Non-Proliferation (EOCN) sanctions screening establishes specific obligations for all licensed VASPs regarding compliance with the UAE’s targeted financial sanctions regime. The EOCN is the UAE’s central authority for implementing UN Security Council sanctions and UAE-specific designations, making registration and compliance with its systems mandatory for all regulated entities in the virtual asset sector.

The EOCN System

The EOCN operates a digital platform that distributes sanctions alerts to registered entities. The platform provides:

  • Real-Time Alerts: Notifications when new designations or de-listings are published
  • Sanctions Lists: Access to consolidated lists of designated individuals, entities, and items subject to targeted financial sanctions
  • Reporting Mechanisms: Channels for entities to report matches, near-matches, and frozen assets
  • Compliance Guidance: Operational guidance on implementing targeted financial sanctions obligations

Mandatory Registration

The September 2024 circular first established mandatory registration on the EOCN system for sanctions alerts. The November 2025 circular provided updated guidance on implementation, reflecting evolving EOCN requirements and operational practices. All VARA-licensed VASPs must register on the EOCN system and implement procedures to act on sanctions alerts within prescribed timeframes.

Integration with AML/CFT Programmes

EOCN sanctions screening is one component of the broader AML/CFT compliance framework that VASPs must maintain. Sanctions screening intersects with:

  • Customer Due Diligence: Screening all customers and beneficial owners against EOCN lists during onboarding and at regular intervals
  • Transaction Monitoring: Screening all transactions for potential sanctions exposure, including both originator and beneficiary of virtual asset transfers
  • Travel Rule Compliance: The February 2026 Travel Rule implementation circular requires exchange of originator and beneficiary information, which supports sanctions screening of transfer counterparties
  • FATF High-Risk Jurisdiction Screening: FATF lists and EOCN designations may overlap, but serve different regulatory purposes (AML risk vs sanctions compliance)

Practical Implementation

For licensed entities including Binance Dubai, OKX Middle East, BitOasis, Crypto.com Dubai, Bybit Dubai, and Rain Financial, EOCN compliance requires:

  • Automated Screening: Integration of EOCN lists into automated screening systems that check customers, transactions, and counterparties
  • Alert Handling: Procedures for investigating potential matches, determining whether a true match exists, and taking appropriate action (including asset freezing)
  • Reporting: Filing reports with the EOCN when matches are confirmed or assets are frozen
  • Record-Keeping: Maintaining records of screening activity, alert investigations, and actions taken
  • Staff Training: Training compliance and operational staff on sanctions obligations, alert handling, and escalation procedures

Virtual Asset Sector Challenges

Sanctions screening in the virtual asset sector presents specific challenges compared to traditional financial services:

  • Pseudonymous Addresses: While VARA-licensed VASPs conduct KYC, transactions on public blockchains involve addresses that may be associated with sanctioned individuals or entities without the VASP’s knowledge
  • Blockchain Analytics: VASPs must deploy blockchain analytics tools to trace the provenance of virtual assets and identify transactions connected to sanctioned addresses
  • Cross-Border Speed: Virtual asset transfers execute rapidly across borders, requiring real-time screening rather than batch processing
  • Decentralised Protocols: Interactions with DeFi protocols and cross-chain bridges may create indirect exposure to sanctioned funds

Enforcement Context

VARA’s enforcement record — covering 36+ entities through early 2026 — demonstrates that the authority takes compliance systems seriously. The FUZE case (August 2025) penalised “failures in AML programme controls, related governance, compliance and internal systems and controls,” suggesting that sanctions screening deficiencies could form the basis for enforcement action.

The UAE Federal AML Decree-Law updated in November 2025 reinforces sanctions obligations at the federal level, meaning VASPs face both VARA-level and federal-level compliance requirements for sanctions screening.

International Coordination

UAE sanctions obligations operate alongside international sanctions regimes. VASPs must screen against:

  • EOCN/UAE Local Lists: UAE-specific designations
  • UN Security Council Lists: Consolidated list of designated individuals and entities
  • OFAC SDN List: While not directly applicable in the UAE, many VASPs screen against OFAC lists as part of global compliance programmes
  • EU Sanctions Lists: Relevant for entities with EU operations or customers

For VASPs operating across multiple jurisdictions, maintaining a consolidated screening programme that satisfies all applicable sanctions regimes is a significant compliance challenge.

varacomplianceregulatorybrief
Key Metrics
Crypto-Asset Reporting Framework (CARF) — UAE Public Consultation Brief
Qualified Investor Classification — VARA January 2026 Circular Brief
SCA-VARA Unified VA Sector Register — UAE Regulatory Coordination Brief
UAE Federal Decree-Law on AML/CFT/CPF 2025 — Mandatory GAP Assessment Brief
Related Institutions

Institutional Access

Coming Soon