Creating ‘Suitability Assessment’ algorithms for Dubai’s new VARA regime isn’t just a bonus anymore--it’s absolutely crucial. The control plane really plays a vital role in figuring out who you can guide, what you can showcase, and when it’s time to take a step back. Here’s a simple plan to get things rolling quickly, show how effective it can be, and turn compliance into a real advantage for your go-to-market strategy as we approach 2026.

Building “Suitability Assessment” Algorithms for Dubai’s New Crypto Regime

Hey there! We’re getting in touch with the Heads of Compliance or MLROs, CTOs, and Heads of Engineering, along with Product Owners in Advisory, Prime, and Broker-Dealer roles. We’re also reaching out to General Counsels and Procurement Leads at VASPs located in Dubai. Just wanted to connect with the right folks!

• What we’re working on improving:
• "Client suitability rules from VARA Advisory Services." Check out the "Market Conduct Rulebook - Investor Classifications."
• "The criteria for being a Qualified Investor start at AED 3." 5m / AED 700k”.
• "So, there's this Travel Rule that kicks in when you hit a threshold of AED 3,500."
• "So, we're talking about the integration of the UAE Financial Intelligence Unit's IEMS."
• "Heads up on 2024 marketing regulations and the risk warnings that come with them!"
  • “8-year record-keeping VARA”
• “Taking a break on the client upgrade process.”
• "Using ZK proof to check if investors are eligible."

---

• Let’s get that suitability engine fired up and ready to go! Alright, here’s the scoop on what you need to do: Alright, let's kick things off by sorting investors into three groups based on VARA guidelines: Retail, Qualified, and Institutional. Hey, just a quick reminder to make sure you set up those access gates for your advisory tools and trading user experience. It’s super important! Alright, so now it's time to introduce the new thresholds for Qualified Investors. So, basically, you need to have at least AED 3,500,000 in net assets to qualify for this, but keep in mind that only half of that can come from volatile assets. Alternatively, if you’re pulling in an annual income of AED 700,000, that works too! Don’t forget to gather all the required paperwork, keep up with regular checks, and make sure you get a straightforward “yes” from clients. It really helps to keep everything smooth and transparent!
• And hey, don't forget to add a one-week cooling-off period before you have anyone retest if they didn’t pass the first time. Also, make sure there’s a solid “upgrade” process in place for when a client’s financial or risk situation shifts. If you want to dive deeper into the details, just head over to the full guidelines here: vara.thomsonreuters.com. Happy reading!

Alright, so here’s the deal: as you’re working on your workflows, there are a few key guidelines you really need to keep in mind. First off, make sure you’re following the Travel Rule for any transactions that are over AED 3,500. It’s super important!

Also, hang onto that suitability data for a solid eight years. It might feel like a long time, but trust me, it’s necessary. And when it comes to marketing, remember VARA has some specific dos and don'ts--like steering clear of any promotions for anonymity-enhanced cryptocurrencies.

You’ll also want to make sure you’re connected to the UAE Financial Intelligence Unit through IEMS; that's a must. And keep an eye out for any enhanced due diligence triggers based on the FATF updates coming your way in October 2025. These are outlined in VARA’s circular from January 22, 2026. Just stay on top of these things! You've got this! (rulebooks.vara.ae).

• Since the launch of Rulebook v2, things have really changed. So, ever since June 19, 2025, things have really changed. It’s gone from just having policies written down to actually implementing tech-driven controls that make a difference.
  VARA has definitely made it clear that they're not messing around when it comes to penalties and cease-and-desist orders. If someone is caught doing unlicensed activities or messing up their marketing, they’re going to face some serious consequences. If you can't prove that your end-to-end suitability process is solid during inspections, you're putting your license on the line. (vara.thomsonreuters.com).

Hey, just a heads up about those marketing gaps! You really want to keep an eye on stuff like skipping risk warnings or targeting investor groups that aren’t supposed to get your marketing. The 2024 Marketing Regulations are definitely going to be keeping tabs on those issues! If you screw this up, it could end up costing a lot to fix and might mean some public notice, too.
(rulebooks.vara.ae).

When it comes to your AML/CTF programs, you really can’t afford to cut corners. So, here’s the deal with the Travel Rule thresholds: they apply no matter if we're talking about money coming in or going out. VARA is really interested in how you handle unhosted wallets, especially when it comes to those high-risk areas. The circular from January 2026 really stepped things up when it comes to enhanced due diligence in these areas. Make sure your suitability engine is actually connected to your AML processes and not just hanging out nearby. (rulebooks.vara.ae).

We combine protocol-level engineering--think Solidity, data pipelines, and ZK stuff--with smart regulatory productization. This blend helps us reach what we like to call “provable compliance.” It's all about making sure everything's above board while still leveraging the latest tech. This way, we can make sure those annoying manual workarounds don’t creep back in.

1) Regulatory Canon to Machine-Readable Controls

Alright, let's take those obligations and turn them into controls we can actually check.

• Client Suitability: It's really important to think about a person’s background and how much they know about investing. We should also consider their goals, how much risk they're comfortable with, how long they plan to invest, and of course, their overall financial situation. Oh, and just a heads up--make sure you remember that there's an eight-year rule for keeping all that collected data! Take a look at the details right here: Client Suitability. You’ll find everything you need!
• Investor Classifications: So, we need to sort investors into three categories: Retail, Qualified, and Institutional. Just keep in mind the different thresholds and rules that apply to each group. So, just to give you an idea, there’s actually a 50% limit on how we value virtual assets based on net assets. And on top of that, we've got to keep checking in on that info regularly to make sure it stays accurate. If you’re looking for more details, check out the Investor Classifications page here: Investor Classifications. Happy exploring!
• Travel Rule: So, here's the deal--there's a limit of AED 3,500 you need to keep in mind. It touches on how to handle transactions with unhosted wallets, and it's a good idea to have some plans lined up for the future too. We’ll also need some integration hooks for the IEMS. If you want to dive deeper into the topic, check this out: Travel Rule. It's got all the details you need!
• Marketing Restrictions: There's some marketing stuff we have to be careful about. For instance, we should avoid anything related to anonymity-enhanced cryptocurrencies, and we also need to keep in mind the guidelines around risk warnings. If you want to dive deeper into this topic, just click right here: Marketing Prohibitions. Happy reading!
• Output:
• We’ve got a super detailed control register that links each algorithmic rule back to its original clause and version. It even includes effective dates, like “Advisory Services Rulebook effective June 19, 2025.” How cool is that? (vara.thomsonreuters.com).

2) Data and Identity Architecture Tailored for VARA

• Financial Eligibility Signals: So, we’re focusing on net assets and giving a 50% weight to VA. We're pulling the fiat balances straight from bank statements and APIs, and we're not including any equity from primary residence real estate in this.
  Don't forget about income thresholds and the freshness of evidence service level agreements--they're important factors to consider too! (vara.thomsonreuters.com).
• Knowledge/Experience:
• For certain roles, there are specific assessments to tackle virtual assets or complicated products. It’s kind of like a pass/fail setup. If you don’t quite make the grade, don’t worry! We’ve got your back with automatic suggestions to help you improve. Plus, you’ll have a week to take a breather before you can jump back in and retest.
  (media.umbraco.io).
• Objectives/Risk: We're taking a good look at your timeline, any limitations from the product venue, and even how much stress you can handle when it comes to losses. So, just to give you an example, what's the most you’re comfortable with when it comes to a maximum drawdown over a 24-hour period?
• AML/CTF Coupling: So, just a heads up: if you're making a transaction that's more than AED 3,500, that's when the real-time Travel Rule enrichment comes into play. We're always on the lookout for any flagged counterparties, and if we come across any high-risk areas, we jump into action with our dynamic Enhanced Due Diligence (EDD). This is all in line with VARA’s circular from January 22, 2026. (rulebooks.vara.ae).
• Record-Keeping: We’ve got an event-sourced ledger that tracks everything--from suitability inputs and rule versions to decisions and the reasons behind our advice. And don’t worry, we hold onto all that information for at least eight years! (vara.thomsonreuters.com).

3) Rules Engine and Orchestration (What We’re Building)

• Policy-as-Code: We've created a straightforward and easy-to-follow scoring graph that takes into account all the important regulatory factors. On top of that, we’ve got some really useful explainability tools that help break down why a client is deemed Qualified or not.
• Upgrade/Downgrade Automations: So, here’s the deal: when a client asks for access to those Qualified-only products, we pay attention. If we notice a significant shift in their net assets or income, a surprising jump in trading volume, or if it’s just time for a routine checkup, that’s when we really kick things into gear. We always make it a point to get clear permission from the client before diving into any upgrades. Plus, we’ll hold off on Qualified-only access until we’ve got everything sorted out. If you want to dive into the details, just click here. Happy reading!
• Retest Safeguards: We really value fairness here! So, if someone’s assessment doesn’t quite make the cut, they’ll have to wait for a week before giving it another shot. It’s all about making sure everyone gets a fair chance! No need to stress! We’ve got it covered, and we’ll make sure clients don’t have to go through the same test over and over again. You can check out more details here.

4) On-Chain Enforcement Patterns (Solidity-First)

• For Instruments Just for Qualified Clients (like structured yield products and perpetuals that are tailored for advisory clients): You can go for attestation-gated access, which basically means you'll be depending on EIP-712 signed payloads from your compliance attester. Pretty straightforward! The contracts will take care of checking both signatures and expiration dates. If you're using institutional wallets, also known as smart accounts, there's a handy option called EIP-1271 that you can consider. It's totally optional, but it might be worth looking into!
• For example: Picture a allowlist that gets updated every day using a Merkle root. So, there’s this off-chain engine that’s going to send Merkle proofs directly to the wallets of the clients. Before you can unlock any methods, the contract checks both the proof and the attester's signature to make sure everything's legit.

// Simplified illustration: gating a riskyMethod() to Qualified Investors (QI)
pragma solidity ^0.8.24;

interface IAttester {
    function validateQI(bytes32 digest, bytes calldata sig) external view returns (bool);
}

contract QualifiedGate {
    IAttester public attester;
    bytes32 public merkleRoot; // daily-rotated list of QI wallet leafs

    constructor(address _attester) { attester = IAttester(_attester); }

    function updateRoot(bytes32 newRoot) external { 
        // restricted to governance in production
        merkleRoot = newRoot; 
    }

    function riskyMethod(
        bytes32 leaf,
        bytes32[] calldata proof,
        bytes calldata attesterSig,  // EIP-712 signature over (leaf, root, expiry)
        uint256 expiry
    ) external {
        require(block.timestamp < expiry, "attestation expired");
        require(_verifyMerkle(leaf, proof), "not QI");
        bytes32 digest = keccak256(abi.encode(leaf, merkleRoot, expiry));
        require(attester.validateQI(digest, attesterSig), "invalid attestation");
        // ... gated logic
    }

    function _verifyMerkle(bytes32 leaf, bytes32[] memory proof) internal view returns (bool) {
        bytes32 hash = leaf;
        for (uint i = 0; i < proof.length; i++) {
            hash = (hash <= proof[i]) ? keccak256(abi.encode(hash, proof[i]))
                                      : keccak256(abi.encode(proof[i], hash));
        }
        return hash == merkleRoot;
    }
}

To eliminate any chances of policy-bypassing, we take an extra step by pairing this approach with formal verification. Plus, our security audit services go through a detailed review to catch any potential issues. Hey there! If you're curious about smart contract development or want to know more about our security audit services, feel free to check out the links. We’ve got all the info you need right here: smart contract development and security audit services. Happy exploring!

5) Zero‑knowledge (ZK) proofs where privacy matters in conversion

When we're working with high-net-worth clients who might be a little reluctant to share their documents, we've got some pretty neat solutions to make things easier. We can totally use range-proof circuits for this! They let clients show something like "my net assets are at least AED 3,500,000" without having to reveal all their details. It keeps things private while still proving the point. Here's the way we handle things:

• We always make it a point to leave out their main home.
• We put a limit on valuations for other assets at 50%.

This way, they can keep their raw balances private. Oh, and by the way, some recent studies have really shed light on some handy zero-knowledge patterns for compliance attestations, especially when using those Circom/PLONK-like stacks. It's pretty interesting stuff! We adjust those to align with Dubai's unique standards and regulations regarding evidence. If you’re interested, feel free to take a look at the research right here: (researchgate.net). It’s pretty intriguing stuff!

Our circuit strategy:

First up, we've got this off-chain attester that's responsible for gathering bank and custodian attestations. It takes the various asset categories and levels them out, figures out the allowed VA weighting, and then generates a ZK proof to demonstrate that it meets the required threshold. So, when it comes to the on-chain side of things, your policy contracts will check either a short proof or an EIP-712 attestation that points to a proof hash. It really just depends on what’s going to save you the most on gas fees.

6) Marketing Compliance Automation

Just a heads up--only licensed folks should be the ones promoting VA activities. It's really important to keep things legit! We're going to automatically include risk warnings tailored for each channel, and just a heads-up--we won't be allowing any content that mentions anonymity-enhanced cryptocurrencies. This setup is all about keeping things sorted. It makes sure that the creatives intended for the Qualified audiences don’t unintentionally end up in the Retail retargeting groups. (rulebooks.vara.ae).

7) Supervision Readiness (More Than Just "Passing an Audit")

• Hey, take a look at these dashboards! They give some pretty cool insights on:
• The percentage of advice packages that clearly outline the suitability factors required by VARA.
• We're looking at how well the Travel Rule covers transactions over AED 3,500, broken down by different corridors.
• We're expecting some improvements in EDD thanks to the FATF update that's set to roll out in October 2025.
• So, here’s how we handle our eight-year retention policy, complete with some examples for clarity. (vara.thomsonreuters.com).
• We’ve added IEMS alerts, making it super easy for your MLRO to check out what’s been sent to the FIU. They can see not just the timing, but also the reasons behind each alert. (vara.ae).

Classifying a Client as a “Qualified Investor”

When we welcome a new client to our advisory firm, we like to follow a few important steps to determine if they qualify as a "Qualified Investor."

• What We Check Out During Onboarding: We collect details about the client's net assets, which covers things like cash, investments, digital assets, and real estate. Just a heads up, we don’t include their main home in this assessment. We've got this info backed up with documents, and we also take some time to check out what they know. So, our system takes a look at their net assets. Just so you know, we put a cap on the virtual asset portion at 50%. It also checks to see if their income hits at least AED 700,000. Both of these factors fit right in with what the Qualified Investor definition says in the Market Conduct Rulebook. Feel free to take a look at it here: vara.thomsonreuters.com. Enjoy exploring!
• What Happens If They Don’t Make the Grade: If they don’t hit the required scores, there are a few things that could happen. They might need to retake the exam or take a different course to get back on track. It's not the end of the world, though! They can always seek help to boost their understanding or even consider tutoring options. It’s all about finding the right support and making a plan to get where they need to be. So, if a client doesn’t quite make it through the knowledge or financial tests, the system will automatically set up a week-long “cooling-off” period. This gives them a little break before they get another shot at the test. While this is happening, they’re still considered retail. When they retest, they'll have a whole new set of questions to tackle, giving them a fresh chance to show what they know. If you're looking for more info, check this out: (media.umbraco.io). It's got all the details you need!
• Documenting Our Advice: We make sure to explain why each piece of advice matters. We pull in specific points from the Advisory Services Rulebook to back it up. Hey! Just a heads-up--we hang onto these records for about eight years. If you want to dive deeper into this, you can check it out here: vara.thomsonreuters.com.

Exchange Triggering AML/CTF & Suitability at Deposit

• When you make inbound deposits that are over AED 3,500: Hey, before we can access the funds, we’ve got to make sure we’ve got all the Travel Rule info figured out. The beneficiary VASP will take a look at both the originator and beneficiary details and make sure to hang on to a record of this compliance evidence. If you want to dive deeper into it, just check it out here.
• If the counterparty's jurisdiction is listed in the most recent FATF updates:
• That’s when we dive into the Enhanced Due Diligence (EDD) process. This involves making sure we verify who someone is and who really benefits from their assets (that's known as ultimate beneficial ownership, or UBO). We also need to check where their money comes from, explain the nature of the relationship, and increase our monitoring and reporting efforts. Hey there! Just wanted to give you a quick heads-up: we're going to pause the suitability score for now until we get the EDD results back. Thanks for your patience! If you want to dive deeper into the details, just click on this link to check out the document!

Product Access Upgrade

• So, a client is looking to get their hands on a Qualified-only product, like that structured yield leg. So, let me break down what the engine actually does for you:
• Starts an "upgrade" evaluation process.
• Make sure to get clear consent from the client, and really take the time to ensure they fully grasp what’s on the line.
• It only opens the on-chain gates after all the financial and suitability checks are taken care of. (media.umbraco.io).

Best Emerging Practices We're Rolling Out in 2026

We're excited to announce that we're bringing the 50% VA weighting into the asset-normalization pipeline. This means we won't have to depend on the front end for that anymore! To keep things steady, we’ll track a rolling 90-day median valuation for the VAs. This should help us even out any fluctuations before we tackle those threshold checks. Hey! If you want to dive into the details, just click here. Happy reading!

Hey, how about we include a little more context for “advice appropriateness”? It’d be great to directly reference the three VARA factors by their IDs to make it clearer. What do you think? Just a heads up, this text is locked for edits by advisors, but Compliance can make changes to it from their end. Take a look here.

We're really pumped to put together an event-sourced "Suitability Ledger" that features hash-chained entries. We’re planning to anchor daily Merkle roots on-chain, which will give us some solid evidence against tampering. It’s like having a lightweight way to prove everything’s legit!

We'll get everything ready to tackle any sunrise issues that come up with the Travel Rule. This will be especially helpful for those routes where our counterparts aren't fully prepared just yet. Let's set up those automated exception queues and pause any settlements until we have everything figured out. If you’re curious and want to dive deeper into it, you can check it out here.

• We’ll make sure our approach for high-risk areas matches up with the circular from January 22, 2026. We’ll be treating these flags as strict inputs for our suitability throttles. This means they’ll help us decide things like limiting leverage or requiring manual reviews. If you’re interested in learning more, you can take a look at this link: here. Happy exploring!

Let's get our marketing governance aligned with the same categories: Retail and Qualified creative libraries. We’ll automatically add risk warnings and set up programmatic blocks for conversations about anonymity-enhanced cryptocurrencies. For more info, you can check it out here.

How Procurement Should Score Vendors (and Us)

When it comes to checking out vendors, it’s super important for procurement teams to have a good scoring system ready to go. Not only does this help us find the best partners, but it also keeps us on our toes when it comes to our own performance. Let’s dive into how procurement can really nail down scoring vendors - and even take a good look at ourselves while we’re at it!

1. Establish Clear Criteria

Alright, let’s get to the heart of the matter--figure out what really matters to you. Let’s chat about some important things to keep in mind:

• Price: How do they stack up against the competition?
• Quality: So, how does their product or service really measure up?
• Delivery: Are they able to stick to deadlines on a regular basis?
• Service: How’s their customer support?
• Reputation: How do people feel about them? What’s the buzz?

2. Create a Scoring System

Now that you’ve got your criteria sorted out, it’s time to start assigning some values. Here's an easy 1-5 scale you can check out:

• 1: Poor
• 2: Fair
• 3: Good
• 4: Very Good
• 5: Excellent

Go ahead and tweak the scale however you need!

3. Weighting Factors

Not all criteria are made the same. Figure out which ones really matter to you and give those a bit more focus. For instance:.

• Price: 30%
• Quality: 30%
• Delivery: 20%
• Service: 10%
• Reputation: 10%

This lets you zoom in on the things that really count.

4. Use a Scoring Matrix

Once you've got your scores and weights sorted out, just toss them all into a scoring matrix. Here’s the scoop on how you can bring the data to life and make decisions that really count! You can easily check out vendors side by side! It's super convenient!

| Vendor        | Price | Quality | Delivery | Service | Reputation | Total Score |
|---------------|-------|---------|----------|---------|------------|-------------|
| Vendor A     | 4     | 5       | 4        | 3       | 5          | 4.2         |
| Vendor B     | 3     | 4       | 5        | 4       | 3          | 3.8         |

5. Self-Assessment

Hey, let's remember to take a look at ourselves too! Along with checking out our vendors, we should definitely rate our own performance as well. This can really shine a light on where our procurement team can improve.

Self-Assessment Criteria:

• Efficiency: Are we making our processes smoother?
• Communication: Are we still in touch with our vendors?
• Feedback: Are we actually using what we pick up from evaluations?

We can totally use the same scoring system and give things the same weight to keep everything consistent. It just makes life easier, right?

6. Review and Adjust

Alright, let’s turn this into a regular thing! Make sure to check in on the scoring criteria, how much weight each factor carries, and don’t forget to take a look at the vendors, too. It's good to keep everything fresh and updated! It's really all about being flexible and adapting to a shifting market.

If procurement teams stick to these steps, they can evaluate vendors (and even themselves) in a way that feels fair and really sheds light on the whole process. Going through this process can really help us build stronger partnerships and boost our overall performance. And honestly, who doesn't enjoy a bit of friendly competition, right?

If you want to dive deeper into the topic, take a look at this article on vendor management best practices. It’s packed with useful tips!

Mandatory capabilities

• Check out these "money phrases" that you might want to think about adding to your RFP:
• "Make sure you show how you’re enforcing the Qualified Investor standards: that means having at least AED 3,500,000 in net assets (with a 50% cap on value-added tax) or earning AED 700,000 in income. Don’t forget to back it up with proof of the latest information and make sure you have clear consent from your clients!" ” (vara.thomsonreuters.com). How about we start by introducing a one-week cooling-off period before students can retake their tests? We should also make sure to use a fresh set of questions each time, so they aren’t just seeing the same ones over and over again. ” (media.umbraco.io).
• “Make sure you're following the Travel Rule for transactions over AED 3,500, and keep an eye on unhosted wallets, especially in those sunrise jurisdictions.” ” (rulebooks.vara.ae).
• "Make sure we keep everything for eight years and have solid, unchangeable audit trails in place. Oh, and don’t forget to include advice appropriateness mapping too!" ” (vara.thomsonreuters.com). Sure! So, we need to show how the IEMS integration works alongside the EDD workflows, following the guidelines from the FATF update circular that came out on January 22, 2026. ” (media.umbraco.io). "Implement contract-level access controls using Solidity, and consider adding optional ZK proofs to help with meeting threshold compliance." ” (researchgate.net).

ROI levers we design for

• Reduce the time spent on manual reviews for each client by 40-60% by using policy-as-code and making smart decisions that really add up. Let's aim to boost that qualified conversion rate by 15-30%! We can make this happen by cutting down on all those document headaches through ZK and attestation flows, and don’t worry--we’ll still be following the VARA guidelines. Let’s aim to boost the Travel Rule data completeness to more than 99% for all eligible transfers. We can do this by using some solid deterministic enrichment techniques and setting up those pre-trade blocks for transfers over AED 3,500.
• Cut down the marketing lead time by a whopping 70% for “Qualified-only” campaigns by using smart state-aware risk-warning injectors and audience gating. Let’s make supervision prep way easier! Instead of everyone running around like crazy for weeks, we can just export those cryptographic integrity proofs and dashboards in just a few hours. How cool is that?

Where We Plug In

• Architecture and Build: Take a look at our web3 development services and blockchain development services to discover how we can help you build a strong foundation for your project. We’re here to make your vision a reality!
• Integrations: Looking to link up with the blockchain? Check out our blockchain integration services - we’re here to help you out!
• Smart Contracts and Audits: Check out our smart contract development services! And for peace of mind, don’t forget to look into our thorough security audit services to keep everything safe and sound.

What Your Day-1 Backlog Looks Like (Copy/Paste)

• Controls Mapping:
• Advisory Services: First off, we like to get to know our clients really well. That means diving into your insights, experiences, goals, and financial details. We hold onto that information for 8 years just in case we need to revisit it down the road. Plus, we always make sure to consider these important factors in every piece of advice we hand over to you. Learn more here.
• Market Conduct: Let’s get the Retail, Qualified, and Institutional classifications going using the AED/weight system. We should also establish some regular check-ins to keep everything on track. Oh, and we need to manage explicit consent smoothly - we’ve got this! Check out the details.
• Travel Rule: Keep it under that AED 3,500 limit when you're making transfers. If you're working with unhosted wallets, make sure to handle them properly. And hey, don't forget to jot down any exceptions for sunrise! More info here.
• Marketing: Make sure only licensed companies can get in on this; automatically add risk warnings; and don’t even think about mentioning any anonymity-enhanced cryptocurrencies. Find out more.
• High-Risk Areas: Make sure to create those EDD playbooks based on the guidelines from the January 22, 2026 circular. Get the details here.
• Engineering:
• Set up those Merkle-attested QI allowlists, connect the EIP-712 verification, and make sure to commit the daily roots on-chain. Hey there! We're excited to roll out a new ZK module that handles threshold proofs, specifically for net assets of at least AED 3. Can't wait to see how this enhances our capabilities! You can go ahead and use off-chain evidence with a $5 million limit and a 50% VA cap. Just make sure to verify it on-chain or through an attestation hash. This way, you can keep those gas fees in check! Explore more here. Hey there! So, here’s the plan: we need to get an event-sourced ledger up and running. Let’s aim for an eight-year retention policy, which should be plenty of time to keep everything organized. And don’t forget, we should also make sure there’s an exportable supervision pack included. Sounds good? Read more here.
• Ops:
• Make sure to give advisors some solid training on suitability factors and keep an eye on how well they're grasping the material. Remember, the Rulebook says they need to be pretty familiar with the framework! Learn more about it. Alright, let’s get the IEMS integrated and make sure we’ve got the Travel Rule compliance covered from start to finish. And don’t forget to jot down some notes on how to deal with any exceptions that pop up along the way! Get the scoop here.

Why This is Timely (Jan-Feb 2026 Reality Check)

Hey there! Just wanted to give you a heads up about the Qualified Investor onboarding circular that came out on January 8, 2026. It's really helped to clarify things like the thresholds, necessary documentation, cooling-off periods, and upgrade processes. Make sure your engine is already in sync with these updates! Hey there! Just a heads up: the Enhanced Measures circular that came out on January 22, 2026, has raised the bar for Enhanced Due Diligence (EDD) when you're handling high-risk areas. So, make sure your system is staying on top of those lists in almost real-time! Feel free to take a look at all the details here. You’ll find everything you need!

Hey there! Just a quick note to let you know that we've got the Rulebooks v2 ready. So, just to give you a heads-up, the new rules have been in play since June 19, 2025. Nowadays, inspections are really focused on how well your systems actually put these rules into action, not just whether you’ve got them written down somewhere.
If you want to dive deeper into this topic, check it out here. There's plenty of good info waiting for you!

GTM Metrics We Share with Clients

• Suitability SLA: We really prioritize getting you onboard quickly. In fact, we wrap things up in under 20 minutes about 90% of the time. Plus, rest assured, we always cover all the necessary documentation checks.
• Auditability: We're all about keeping things transparent. Every tip we offer is backed by machine-readable suitability factors, and we make sure to store everything in tamper-evident storage for a solid eight years. We've got your back when it comes to keeping everything secure and reliable!
• AML Coupling: We're really nailing it when it comes to our data! We've got over 99% completeness for Travel Rule data on transfers over AED 3,500. Plus, we’re keeping our exception backlog in check--it's actually less than 0. It's just a bit over 48 hours by about 5%. If you want to dive into the details, just follow this link: rulebooks.vara.ae. It's all laid out for you there!
• Marketing Governance: Since we launched, we haven't encountered any mentions of anonymity-enhanced crypto in our marketing campaigns aimed at the Dubai crowd. Oh, and just so you know, we always make it a point to include risk warnings in our Qualified campaigns--without fail, every single time. Want to learn more? Check it out here: rulebooks.vara.ae.

Let’s Build It

Hey! If you're the Head of Compliance or the CTO at a VASP in Dubai and you're getting ready for your first supervisory review after January 2026, we've got a solid plan in store for you. Join us for a relaxed 90-minute session where we'll dive into turning those Rulebook obligations into actionable controls that you can actually use! Once that's done, we'll have an awesome suitability engine ready to go in about 6 to 8 weeks. This engine is going to be packed with some awesome features like on-chain gating, Travel Rule/IEMS integrations, and super useful audit packs.

Alright, let’s kick things off by figuring out which build tracks you really need.

• Architecture and Full-Stack Builds: If you're interested, take a look at our web3 development services. We've got some cool options for you!
• Systems Integration (KYC/KYB, FIU, Analytics, CRM, CMS): Check out our blockchain integration to see what we can do!
• Contract Gating and Verification: Check out our smart contract development services! We’re here to help you navigate the ins and outs of creating secure and reliable smart contracts.
• Strengthening and reliable measures: Check out our security audit services so you don’t miss out!

Personalized CTA

You've got a pretty big task on your plate: acing that 2026 VARA review without any bumps in the road. Hey there! We'd love for you to share your current onboarding process with us, along with one product that's exclusive to Qualified. After that, we can take a deep dive together in a live session. Looking forward to it! We’ll figure out exactly where to fit those AED 3 in! So, we've got a few important things to cover: first up, there are 5 million checks with a 700k limit. Then there's that one-week cooling-off period, which is crucial to keep in mind. Also, we need to talk about the Travel Rule thresholds and the marketing blocks that come into play. After that, we’ll work together to smoothly integrate those controls into your setup, making sure we establish clear and measurable Service Level Agreements (SLAs).