March 22, 2026
Methodology About Contact
DUBAI TOKENISATION
The Vanderbilt Terminal for Dubai Tokenization Ecosystem
INDEPENDENT GLOBAL INTELLIGENCE FOR DUBAI TOKENISATION
VARA Licensed VASPs: 21 ▲ +3 YTD | Enforcement Actions: 36 ▲ +2 in 2026 | VARA Rulebook Version: v2.0 ▲ May 2025 | Licensed Activities: 7 Categories ▲ Full Market | VARA Applications Pending: 147 ▲ +12 | AML/CFT Circulars: 41 ▲ +4 in 2026 | Free Zone Partners: DWTCA + DET ▲ Active | Unlicensed Firms Listed: 36+ ▲ Growing | VARA Licensed VASPs: 21 ▲ +3 YTD | Enforcement Actions: 36 ▲ +2 in 2026 | VARA Rulebook Version: v2.0 ▲ May 2025 | Licensed Activities: 7 Categories ▲ Full Market | VARA Applications Pending: 147 ▲ +12 | AML/CFT Circulars: 41 ▲ +4 in 2026 | Free Zone Partners: DWTCA + DET ▲ Active | Unlicensed Firms Listed: 36+ ▲ Growing |

Cease-and-Desist Order

Definition

A cease-and-desist order is a regulatory directive issued by the Virtual Assets Regulatory Authority (VARA) requiring a virtual asset service provider or other entity to immediately stop conducting specified activities. Under the Virtual Assets and Related Activities Regulations 2023, VARA defines this enforcement tool as “requiring a VASP to cease any VA Activity or other business activity, either for a specified or indefinite period of time.”

Cease-and-desist orders represent one of VARA’s most frequently deployed enforcement tools. Of the 36+ enforcement actions published through early 2026, virtually every case has included a cease-and-desist order as part of the enforcement response, typically paired with financial penalties.

VARA’s authority to issue cease-and-desist orders derives from the Virtual Assets and Related Activities Regulations 2023, which grant the regulator a comprehensive enforcement toolkit. The Regulations specify several categories of enforcement action, of which cease-and-desist orders sit alongside supervisory warnings, enforcement notices, licensing measures, financial penalties, supervisory add-ons, take-down notices, and public interest orders.

The cease-and-desist power extends beyond licensed entities. VARA can issue these orders against any entity — including natural persons — conducting or advertising virtual asset activities within its jurisdiction without authorisation. This broad reach enables VARA to address unlicensed operations even when the entity has no formal relationship with the regulator.

Application in Enforcement Cases

VARA’s published enforcement record demonstrates systematic use of cease-and-desist orders across multiple categories of violation:

Unlicensed Activities

The majority of VARA’s enforcement actions target entities operating without a licence. In these cases, cease-and-desist orders require immediate cessation of all virtual asset activities:

  • Vesta Prime Portal (January 2026): Cease-and-desist order for advertising and marketing virtual asset activities in Dubai without a licence
  • UAEC Digital Fintech (August 2025): Cease-and-desist order for both engaging in and advertising unlicensed virtual asset activities
  • Batch enforcement actions (March 2025): Eleven entities simultaneously received cease-and-desist orders, including Mastercoin DMCC, Coin Aska DMCC, Airdance Global FZCO, Mercy Crypto DMCC, Marinacoins Technologies, Coinsbooth Payment Services, Tirupati Capitals (Paycio), I Teller Commercial Brokers, BlueAxis Commercial Brokers, and MyArbit

Regulatory Breaches by Known Entities

Cease-and-desist orders also apply to entities that, while potentially known in the industry, have violated specific regulatory requirements:

  • Morpheus Software Technology (FUZE) (August 2025): Cease-and-desist order alongside financial penalties and appointment of a skilled person, addressing failures in AML programme controls, unlicensed activities, and failure to disclose material information
  • The Open Network Foundation (July 2025): Cease-and-desist order for breaches of VARA’s marketing regulations

Distinction from Other Enforcement Tools

Cease-and-desist orders differ from other enforcement actions in VARA’s toolkit in several important ways:

  • vs Supervisory Warnings: Supervisory warnings (breach letters) notify an entity of non-compliance and may request remediation, but do not compel immediate cessation of activity. Cease-and-desist orders are directive — they require action.
  • vs Financial Penalties: Financial penalties impose monetary consequences but do not, by themselves, require cessation of activity. In practice, VARA combines both — issuing cease-and-desist orders and financial penalties simultaneously.
  • vs Enforcement Notices: Enforcement notices require non-compliance to be rectified within a specified period, potentially with daily financial penalties for ongoing non-compliance. They are corrective rather than cessation-focused.
  • vs Licensing Measures: VARA can also limit, suspend, or revoke licences. For licensed entities, licence suspension achieves a similar effect to a cease-and-desist order but operates through the licensing framework rather than enforcement.

Compliance Implications for Licensed Entities

For licensed VASPs such as Binance Dubai, OKX Middle East, BitOasis, and Crypto.com Dubai, understanding cease-and-desist orders is relevant to compliance risk management. While these orders have primarily been used against unlicensed entities, the FUZE case demonstrates that licensed or partially-licensed entities can also face enforcement action.

Compliance programmes should account for the risk of cease-and-desist orders by maintaining proper licensing for all activities, ensuring AML/CFT programme adequacy, and complying with the 41 circulars VARA has issued — including Travel Rule implementation, FATF high-risk jurisdiction screening, and qualified investor classification.

International Comparison

Cease-and-desist orders are a common regulatory enforcement tool across financial regulation globally. In the virtual asset context:

  • ADGM FSRA: The Financial Services Regulatory Authority in Abu Dhabi also has powers to issue directions requiring cessation of regulated activities
  • EU MiCA: Under the Markets in Crypto-Assets regulation, national competent authorities can prohibit the provision of crypto-asset services
  • Singapore MAS: The Monetary Authority of Singapore can issue prohibition orders against digital payment token service providers

For further analysis, see the enforcement actions dashboard, our guide to navigating VARA enforcement, and the VARA Framework section. Browse our complete glossary for related terms.

Practical Impact on Market Participants

For entities receiving a cease-and-desist order, the practical consequences extend beyond the immediate cessation of activities. The order typically requires the entity to notify customers, unwind open positions, return customer assets, and potentially engage with VARA to discuss remediation or wind-down procedures. These operational requirements can be complex, particularly for entities that have built significant customer bases before enforcement action.

For the broader market, each published cease-and-desist order serves as a public signal about VARA’s enforcement priorities and capabilities. The progression from individual enforcement actions in 2024 to batch actions targeting 11 entities simultaneously in March 2025 demonstrated that VARA’s enforcement capacity was scaling to address the full population of unlicensed operators, not just isolated cases.

The January 2026 action against Vesta Prime Portal — the most recent published enforcement — confirmed that VARA’s enforcement activity continues to intensify, with new cease-and-desist orders being issued at a regular cadence.

Institutional Access

Coming Soon