March 22, 2026
Methodology About Contact
UAE TOKENIZATION REGULATION
The Vanderbilt Terminal for UAE Tokenization Compliance Implementation
INDEPENDENT GLOBAL INTELLIGENCE FOR UAE TOKENIZATION COMPLIANCE
VARA Licensed Entities: 50+ ▲ Q1 2026 | ADGM FSP Holders: 35+ ▲ Crypto Category | VARA Min. Capital: AED 700K ▼ Custody Services | UAE AML Fines (2025): $185M ▲ CBUAE + SCA | DFSA Applications: 18 Pending ▲ Crypto Token | Avg. Licensing Time: 9-18 mo ▼ VARA Full License | Compliance Cost: $1M-3.5M ▲ Initial Setup | PI Insurance Min.: $5M ▼ VARA Requirement | VARA Licensed Entities: 50+ ▲ Q1 2026 | ADGM FSP Holders: 35+ ▲ Crypto Category | VARA Min. Capital: AED 700K ▼ Custody Services | UAE AML Fines (2025): $185M ▲ CBUAE + SCA | DFSA Applications: 18 Pending ▲ Crypto Token | Avg. Licensing Time: 9-18 mo ▼ VARA Full License | Compliance Cost: $1M-3.5M ▲ Initial Setup | PI Insurance Min.: $5M ▼ VARA Requirement |
Home UAE Tokenization Compliance Encyclopedia — Glossary of Key Terms FATF High-Risk Jurisdictions — Definition and UAE Compliance Implications
Layer 1

FATF High-Risk Jurisdictions — Definition and UAE Compliance Implications

Definition of FATF high-risk and increased monitoring jurisdictions. UAE compliance requirements, VARA's January 2026 circular, and enhanced due diligence obligations for VASPs.

Advertisement

FATF High-Risk Jurisdictions

FATF high-risk jurisdictions are countries identified by the Financial Action Task Force as having strategic deficiencies in their anti-money laundering and counter-terrorist financing frameworks. The FATF maintains two lists: jurisdictions subject to a Call for Action (commonly called the “black list”) and jurisdictions under Increased Monitoring (commonly called the “grey list”). These designations trigger enhanced compliance obligations for VASPs conducting business with customers or counterparties connected to listed jurisdictions.

FATF Listing Process

The FATF reviews jurisdictions’ AML/CFT frameworks through mutual evaluations and follow-up assessments. Jurisdictions identified as having strategic deficiencies are placed on the increased monitoring list and work with the FATF to address identified weaknesses. Jurisdictions that fail to make sufficient progress or present the highest risk may be subject to a Call for Action, triggering enhanced countermeasures from all FATF member states.

UAE Context

The UAE’s own experience with FATF listing is directly relevant. The UAE was placed on the FATF’s increased monitoring list and was subsequently removed in February 2024 after demonstrating significant progress in strengthening AML/CFT measures. This experience has made UAE regulators particularly attentive to FATF jurisdiction risk.

VARA’s January 2026 circular on FATF High-Risk Jurisdictions requires licensed VASPs to apply enhanced scrutiny to transactions and relationships involving FATF-listed jurisdictions. This requirement overlaps with enhanced due diligence obligations and KYC/CDD procedures.

Compliance Implications for UAE VASPs

Screening Obligations: VASPs must screen customers, beneficial owners, and transaction counterparties against current FATF lists. Screening must be updated when the FATF updates its lists (typically after each FATF plenary meeting, occurring three times per year).

Enhanced Due Diligence: Customers with nexus to FATF high-risk jurisdictions must be subject to EDD procedures including enhanced identity verification, source of funds/wealth documentation, senior management approval, and enhanced ongoing monitoring.

Countermeasures: For jurisdictions subject to a Call for Action, VASPs may need to apply countermeasures including limiting or prohibiting transactions, requiring additional regulatory reporting, or restricting business relationships.

Transaction Monitoring: Transaction monitoring rules (how-to guide) should include geographic risk indicators flagging transactions involving FATF-listed jurisdictions.

Technology Integration

Blockchain analytics platforms (Chainalysis, Elliptic, Crystal Blockchain) integrate FATF jurisdiction risk data into their risk scoring, enabling automated identification of transaction exposure to high-risk jurisdictions. These platforms analyze the geographic distribution of transaction counterparties and flag transactions with exposure to listed jurisdictions.

For KYC platforms like Sumsub, FATF jurisdiction risk integration enables automated EDD triggers during customer onboarding when identification documents indicate a connection to a listed jurisdiction.

Practical Implementation for UAE VASPs

Implementing FATF high-risk jurisdiction controls requires a structured approach:

Policy framework: VASPs must maintain a documented policy on FATF jurisdiction risk, specifying the approach for customers and transactions connected to each listed jurisdiction. The policy should distinguish between increased monitoring jurisdictions (grey list) and call for action jurisdictions (black list), with more restrictive measures applied to the latter.

Customer screening: At onboarding and on an ongoing basis, VASPs must screen customers for connections to listed jurisdictions. Connections may include nationality, residence, place of birth, business incorporation, or source of funds/wealth originating from listed jurisdictions.

Transaction screening: Both fiat and on-chain transactions must be screened for geographic risk. Blockchain analytics platforms enable identification of counterparty address exposure to exchanges and services domiciled in listed jurisdictions.

Reporting: VARA’s January 2026 circular may require specific reporting on the VASP’s exposure to FATF-listed jurisdictions, including volume and nature of transactions, number of customer relationships, and EDD measures applied. VASPs should maintain records sufficient to produce this reporting upon regulatory request.

List updates: The FATF updates its jurisdiction lists after each plenary meeting, which occurs three times per year (typically February, June, and October). VASPs must have processes to incorporate list updates into screening systems and re-evaluate existing customer relationships against updated lists.

Current FATF Lists and Update Schedule

The FATF publishes updated jurisdiction lists after each plenary meeting, typically held three times per year in February, June, and October. As of early 2026, the FATF’s Call for Action list (black list) includes jurisdictions such as the Democratic People’s Republic of Korea, Iran, and Myanmar. The Increased Monitoring list (grey list) includes a larger set of jurisdictions working to address identified strategic deficiencies.

UAE VASPs must monitor FATF plenary outcomes and update their screening systems, risk assessments, and customer review processes within a reasonable timeframe after each list update. Best practice is to implement list updates within 5-10 business days of publication, with immediate updates for any newly added Call for Action jurisdictions.

Enforcement Context

While no published VARA enforcement action has specifically cited FATF high-risk jurisdiction failures as of March 2026, the January 2026 circular establishes binding requirements that will form the basis for future supervisory assessments. Licensed VASPs that fail to implement adequate FATF jurisdiction controls risk enforcement measures including cease-and-desist orders, financial penalties, and potential skilled person appointments.

For the full enforcement landscape, see the enforcement action dashboard and enforcement analysis. For maintaining ongoing compliance, see the compliance calendar.

For regulatory context, visit UAE Tokenization Regulations and Dubai Tokenisation.

Advertisement
glossaryfatfhigh-risksanctions
Related Articles
Anti-Money Laundering (AML) — Definition and UAE VASP Compliance Framework
Cease-and-Desist Order — VARA Enforcement Measure Definition
Financial Services and Markets Regulations (FSMR) — ADGM's Regulatory Framework
Full Market Product Regulations — VARA's Comprehensive VA Framework
Advertisement
Network Intelligence
UAE Tokenization Regulations
Regulatory Framework Analysis
UAE Tokenized RWA
Real World Asset Intelligence
UAE RWA Tokenization
RWA Market Data
Dubai Tokenized Real Estate
Property Tokenization
Dubai Tokenized Properties
Property Market Intelligence
Dubai Tokenisation
Dubai Digital Asset Hub
Tokenization Policy
Global Policy Intelligence
Tokenization Governance
Governance Frameworks
Tokenization Compliance
Compliance Intelligence

Institutional Access

Coming Soon