VARA Enforcement Action Dashboard
This dashboard tracks published enforcement actions from VARA’s enforcement register, providing practitioners with a consolidated view of enforcement activity, violation patterns, and measure types. Data is sourced directly from VARA’s enforcement page.
Enforcement Timeline: 2024-2026
2026
| Date | Entity | Violation | Measures |
|---|---|---|---|
| 2026/01/13 | VESTA PRIME PORTAL CO. L.L.C. | Advertising/Marketing | C&D + Fine |
2025 (Selected Major Actions)
| Date | Entity | Violation | Measures |
|---|---|---|---|
| 2025/08/27 | UAEC DIGITAL FINTECH FZCO | Unlicensed activities + Marketing | C&D + Fine |
| 2025/08/18 | MORPHEUS SOFTWARE (FUZE) | AML failures + Unlicensed + Disclosure | C&D + Fine + Skilled Person |
| 2025/07/24 | THE OPEN NETWORK FOUNDATION | Marketing regulation breaches | C&D + Fine + Public Statement |
| 2025/05/15 | UEEX TECHNOLOGY / LBK BLOCKCHAIN / GLEEC DMCC | Unlicensed activities | C&D + Fine |
| 2025/05/06 | TRIPLE A / HATOM LABS / HOKK FINANCE | Unlicensed activities | C&D + Fine |
| 2025/04/17 | EA WORLD LLC-FZ | Unlicensed activities + Marketing | C&D + Fine |
| 2025/03/13 | 12 entities enforced | Unlicensed activities | C&D + Fine |
| 2025/02/03 | SHENZHOU CRYPTO DMCC | Unlicensed activities + Marketing | C&D + Fine |
| 2025/01/02 | 9 entities enforced | Unlicensed activities | C&D + Fine |
2024
| Date | Entity | Violation | Measures |
|---|---|---|---|
| 2024/09/03 | BTC BAY PAYMENT SERVICES | Unlicensed activities + Marketing | C&D + Fine |
| 2024/08/23 | COINCASHY / CRYPTO FORCE / STABIT / KOTO CRYPTO | Unlicensed activities | C&D + Fine |
Violation Category Distribution
Based on published enforcement register data:
- Unlicensed activities (operations + marketing): Approximately 85% of all enforcement actions
- Unlicensed activities (marketing only): Approximately 10% of actions
- Regulatory breaches: Approximately 5% of actions (Morpheus Software, Open Network Foundation)
Entity Structure Distribution
- DMCC entities: Highest representation, reflecting DMCC’s popularity for crypto-related businesses
- FZCO entities: Significant representation across Dubai free zones
- L.L.C. entities: Mainland entities including payment service providers and commercial brokers
- Other structures: Foundations (Open Network Foundation), FZE entities (Morpheus Software)
Enforcement Measure Patterns
- Standard response (C&D + Fine): Applied to all unlicensed activity cases
- Enhanced response (C&D + Fine + Additional): Reserved for regulatory breach cases — Skilled Person (Fuze) or Public Statement (Open Network Foundation)
Enforcement Frequency Analysis
The enforcement timeline data reveals clear patterns in VARA’s enforcement cadence:
Batch enforcement operations: VARA frequently publishes enforcement actions in batches, targeting multiple entities on the same date. The January 2025 batch (9 entities), March 2025 batch (4 entities), and May 2025 batches (6 entities across two dates) suggest that VARA conducts coordinated enforcement operations rather than purely case-by-case processing.
Quarterly consistency: Enforcement activity has occurred in every quarter since VARA began publishing enforcement actions in 2024, with no quarter showing zero enforcement actions. This consistency indicates a standing enforcement function with dedicated resources, not episodic or reactive enforcement.
Escalating complexity: Earlier enforcement actions (2024) targeted straightforward unlicensed activity cases. Later actions (mid-2025 onwards) include more complex cases involving licensed entities (Morpheus Software), marketing regulation breaches by named entities (The Open Network Foundation), and entities with multiple violation categories.
VARA Enforcement Powers Applied
The enforcement register demonstrates the application of several distinct enforcement powers from VARA’s toolkit:
| Enforcement Power | Frequency | Example |
|---|---|---|
| Cease-and-Desist Orders | Every case | Standard measure in all actions |
| Financial Penalties | Every case | Applied alongside C&D in all actions |
| Skilled Person Appointment | 1 case | Morpheus Software (Fuze) |
| Public Statement | 1 case | Open Network Foundation |
VARA has additional enforcement powers that have not yet been publicly deployed, including supervisory warnings, licensing measures (scope limitation, suspension, revocation), supervisory add-ons, and take-down notices. The fact that these tools remain available but unused suggests VARA reserves them for escalation scenarios that have not yet arisen in published cases.
How to Use This Dashboard
Practitioners should use this dashboard for several purposes:
- Risk assessment: Understanding the likelihood and nature of enforcement action for different violation types
- Client advisory: Demonstrating to clients the real-world consequences of operating without a VARA license
- Compliance benchmarking: Identifying the compliance areas that trigger enforcement (primarily unlicensed activity, but also AML programme failures)
- Trend analysis: Monitoring whether enforcement intensity is increasing, decreasing, or remaining stable
- Jurisdiction comparison: Cross-referencing VARA enforcement with ADGM and DFSA enforcement approaches
Related Analysis
- VARA Enforcement Powers Deep Dive
- Vesta Prime Portal Analysis
- UAEC Digital Fintech Analysis
- Morpheus Software (Fuze) Analysis
- 2025 Enforcement Wave Analysis
- VARA Enforcement Trends Q1 2026
- Unlicensed Firms Register Analysis
- AML Program Design Guide — Building controls that prevent enforcement
- Licensing Process — Obtaining proper authorization
- How to Respond to VARA Enforcement Action
For VARA’s official enforcement register, visit VARA Enforcement. For regulatory context, see UAE Tokenization Regulations and Dubai Tokenisation.