Arrow Icon
X Icon

Left arrow icon
Blog

VARA’s 2025 Rulebook Update: A New Era for VASP Compliance in Dubai

Solidus Labs
June 5, 2025

On May 19th, Virtual Assets Regulatory Authority (VARA) released updates to its existing activity Rulebooks, and issued a new rulebook covering Virtual Asset Issuance. The results have been broadly welcomed by the market, in as much as they provide further clarity and more detailed, rule-bound frameworks for Virtual Asset Service Provider (VASP) activities in Dubai. 

The updated rulebooks intensify the focus on potential collusion and cross-platform typologies, and again emphasize the requirement that VASPs incorporate onchain and offchain signals into a single unified picture of client behaviour. Solids Labs HALO is uniquely positioned to help VASPs and other market participants meet these challenges.  

Why It Matters: The United Arab Emirates (UAE)’s Crypto Momentum

As the dedicated virtual asset regulator in Dubai, VARA is a key player in the UAE’s broader strategy to position itself as a global leader in digital assets. Over the past five years, the UAE has emerged as a magnet for crypto businesses—thanks to its forward-looking regulation and its ecosystem of digital-asset-friendly free zones. From Abu Dhabi’s Hub71+ Digital Assets ecosystem to the Dubai Multi Commodities Centre (DMCC) Crypto Centre and Dubai’s Metaverse Strategy, the Emirates are actively investing in Web3 infrastructure. With regulatory clarity, tax advantages, and vibrant Web3 communities, firms are flocking to the UAE to build and scale their digital asset operations.

Reaffirmed Commitment to Detecting & Preventing Market Manipulation

Before exploring what's new, it's worth noting what remains unchanged. VARA’s Virtual Assets & Regulated Activities rulebook—first published in 2023 and reaffirmed in the 2025 update—continues to define a series of explicit Market Offenses. While section references have been updated, the core prohibitions around market manipulation remain firm.

Market Manipulation Prohibitions (VARA 2023/2025)

Solidus HALO Covers the Full Range of Requirements

Market Offense Rulebook Ref. Solidus Alert Solidus Explanation
False or misleading trading signals; price manipulation H.1.a Pump and Dump, Enhanced Layering & Spoofing, Cornering The Market, Quote Stuffing, Wash Trading, Momentum Ignition, Ramping, Excessive Messaging HALO covers a comprehensive list of order, price, and volume manipulation typologies, including pump and dumps, layering, spoofing, cornering the market, and more.
Deceptive price manipulation using fictitious behavior H.1.b Account Takeover, Enhanced Layering & Spoofing, Quote Stuffing, Excessive Messaging, Irregular Activity HALO uses pattern recognition to detect deceptive activities such as spoofing and account takeovers, analyzing transaction and behavioral anomalies in real time.
Media dissemination of false or misleading information H.1.c Pump and Dump, Similar Orders, Cornering The Market, Touting, Bashing HALO detects pump-and-dump schemes, coordinated media manipulation, and sentiment shifts on social media, including touting and bashing by traders with undisclosed positions.
Manipulating benchmark inputs or calculation H.1.d Touting, Bashing, Cross Product Layering, Price Deviation, Insider Trading HALO covers touting/bashing, cross-product manipulation, and insider trading to identify manipulation of benchmarks and price feeds.
Inflating asset price via dominant market position H.1.e Collusion, Similar Orders, Cornering The Market HALO detects collusion and cornering the market, especially in low-liquidity coins, by analyzing trading patterns and identifying coordinated activity.
Price misleading during specific trading cycles H.1.f Price Deviation, Pump and Dump, Enhanced Layering & Spoofing, Cornering The Market, Similar Orders, Quote Stuffing, Wash Trading, Momentum Ignition HALO covers price and volume manipulation typologies, monitoring for misleading activity around settlement or display prices.
Placing disruptive or misleading orders H.1.g Collusion, Touting, Bashing, Irregular Activity, Cross Product Layering, Excessive Messaging, Quote Stuffing, Momentum Ignition, Ramping, Enhanced Layering, Spoofing HALO covers all order-based manipulation typologies, including layering, spoofing, quote stuffing, and ramping, with detection for systematic order entry/cancellation patterns.
Media influence with undisclosed conflict of interest H.1.h Touting, Bashing, Insider Trading, News Window HALO’s touting and bashing algorithms flag sentiment manipulation and undisclosed conflicts of interest, enabling detection of coordinated media influence.
Failure to act on identified manipulative behaviors H.1.i Compliance Internal Program HALO supports comprehensive monitoring and escalation for all market manipulation typologies described in the regulations.
Use/distribution of software aiding manipulation H.1.j Compliance Internal Program HALO enables detection of algorithmic and programmatic trading behaviors designed to facilitate market manipulation.

New and More Explicit Requirements for STRs

The Compliance and Risk Management Rulebook also codifies previously inferred expectations around:

  • Real-time transaction monitoring
  • Timely filing of Suspicious Transaction Reports (STRs)
  • Mandatory use of the goAML portal 
  • A 48-hour response requirement for regulatory information requests
  • Continuous monitoring of accounts flagged in STRs

Solidus HALO addresses all of these requirements by providing a unified case management tool, as well as providing alert management and case assignment designation that will allow compliance and risk management to be updated on a real-time basis on the status of open alerts, with daily summaries automatically mailed to designated officers.

Suspicious Transactions Reports (STRs) can be easily and quickly produced using data from HALO’s case management tool, with clear audit records to demonstrate the required follow-up for the regulator.

Compliance & Risk Management Workbook Reporting Workflow

Step Responsibility Rulebook Section Action Required
Internal reporting All staff to MLRO III.F.1 – Suspicious Transaction Monitoring and Reporting Immediately report suspected STR to the MLRO
External filing MLRO III.F.3.a, III.F.4.a – Suspicious Transaction Monitoring and Reporting File STR with UAE FIU (GoAML)
Regulatory coordination MLRO III.F.3.b–c – Suspicious Transaction Monitoring and Reporting Respond to info requests from UAE FIU/VARA within 48 hours
Post-filing monitoring Compliance team III.F.5 – Suspicious Transaction Monitoring and Reporting Monitor affected accounts in near real-time after STR submission

Combining Onchain & Offchain Signals

VARA has taken a very progressive approach to creating a holistic surveillance workflow, something that Solidus Labs has been working with clients on for several years. Part III.C.1 of the Compliance and Risk Management Handbook specifies that monitoring of DLT transactions be combined with AML typologies such as unusual deposit/withdrawal patterns and other behaviour analytics to inform the overall process.

HALO meets these requirements in an unique fashion by ingesting data from onchain KYT providers such as Elliptic or Chainalysis, and presenting wallet ratings in a KYC overview of the client, as well as alerts from onchain activity within the unified case management dashboard.

Solidus presents these alerts side-by-side in a unified case management 

What’s Next: Are You VARA-Ready?

With regulatory expectations now crystal clear, the question isn’t if your firm needs to upgrade its compliance systems—it’s how soon you can act.

Solidus Labs helps VASPs stay ahead of the curve with:

  • Comprehensive market abuse coverage aligned with VARA’s 2025 rulebook
  • Real-time behavioral and transaction monitoring
  • STR reporting workflows built for goAML
  • Unified case management across onchain and offchain signals

Ready to see how HALO can help you meet VARA’s evolving expectations?

Glossary

VARA (Virtual Assets Regulatory Authority)

The regulatory body overseeing virtual asset activities in Dubai. Established to foster innovation while protecting consumers and market integrity across the UAE’s digital asset ecosystem.

VASP (Virtual Asset Service Provider)

An entity that conducts activities such as exchange, custody, or transfer of virtual assets on behalf of clients. VARA’s rules apply to all VASPs operating in Dubai.

Market Manipulation

Any intentional conduct or scheme designed to distort the price, supply, or demand of a virtual asset. Examples include wash trading, spoofing, and pump-and-dump strategies.

STR (Suspicious Transaction Report)

A formal report filed to financial authorities (like the UAE FIU) when a transaction appears linked to fraud, money laundering, or market manipulation. STRs must be filed through the goAML portal.

goAML

The UAE’s official platform for submitting STRs and related compliance data to the Financial Intelligence Unit (FIU). Use of this portal is mandatory under VARA’s 2025 rulebook.

Onchain Signals

Compliance-relevant data collected from public blockchain activity, such as wallet transfers, transaction patterns, or smart contract interactions.

Offchain Signals

Data sourced from centralized systems like KYC databases, order books, or behavioral analytics within a trading platform.

HALO

Solidus Labs’ proprietary compliance and trade surveillance platform, built to unify onchain and offchain data, detect complex manipulation typologies, and streamline regulatory reporting.

Enhanced Layering

A form of spoofing where traders place and cancel multiple orders across assets or venues to mislead others about market activity.

Momentum Ignition

A strategy where a trader attempts to spark a price movement in an asset to benefit from resulting volatility.

Collusion

Coordinated action between traders or entities to manipulate market outcomes—such as artificially inflating prices or creating misleading demand.

FAQs

What is the main takeaway from VARA’s 2025 Rulebook Update?

The update tightens rules around market manipulation, introduces more explicit requirements for STRs, and reinforces the need for unified onchain-offchain monitoring for VASPs in Dubai.

Who needs to comply with the new VARA rulebooks?

All VASPs operating in Dubai, including centralized exchanges, custodians, brokerages, and DeFi protocols offering regulated services.

What’s new in the STR reporting process?

VARA now mandates near real-time STR submission via goAML, a 48-hour response time to regulator queries, and continuous monitoring of flagged accounts.

Tags:
Policy & Regulation
Solidus Sync
Get our latest insights and analysis
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Continue reading
Solidus Labs
June 2, 2025
Solidus Labs Unveils Agentic-Based Compliance: A New Model for Trade Surveillance Operations
Solidus Labs
May 7, 2025
Trump’s First 100 Days on Crypto: Momentum Achieved, Now Comes the Hard Part
Solidus Labs
March 26, 2025
Buy vs. Build: Weighing the Costs and Challenges of Trade Surveillance
Solutions
Trade SurveillanceTransaction MonitoringProfessional ServicesWhy Choose SolidusAgentic-Based Compliance
Company
AboutCareersNews & MediaDACOM Summit
Resources
BlogReportsHelp CenterDocumentationTokenSnifferTrade Surveillance Academy
Legal
Terms of UseCookie PolicyPrivacy PolicyData Processing Addendum
FOllow us
101 Greenwich St Ste 10 A, New York, NY, 10006
Loader Animation