The UAE has become a center for virtual assets regulation and VASPs (Virtual Asset Service Providers). This journey began with the launch of Dubai’s Vara (Virtual Asset Regulatory Authority). As the Web3 and crypto scenes continue to grow in the UAE, VARA has increasingly emphasized compliance requirements.
Recently, VARA appointed Sean McHugh as Senior Director of Market Assurance, underscoring their ongoing focus on ensuring that VARA’s licenses adhere to the highest compliance standards.
Cryptopolitan recently interviewed Sean McHugh to learn more about his role within VARA and the importance of compliance with Dubai’s regulator.
McHugh is no stranger to the financial and compliance scene. Prior to joining VARA, he held several senior positions, including his role as Global Chief Compliance Officer for Citadel Advisors, where he oversaw comprehensive compliance programs across various financial domains. He also served as Head of International Compliance and Head of Asia Pacific Compliance for Goldman Sachs, where he spent 20 years before retiring as a partner. McHugh began his career as a regulator at FINRA (Financial Industry Regulatory Authority).
It is this experience, spanning both internal compliance and regulatory frameworks, that attracted VARA to Sean in the first place. The value McHugh brings will be pivotal in enhancing VARA’s market assurance capabilities and strengthening industry standards.
Compliance is different between digital assets and traditional finance
In our first question to McHugh, we asked if there were any differences or similarities between compliance in the digital asset realm and that of traditional finance.
In his reply, McHugh stated, “In my lifetime of regulating TradFi and my start at FINRA, I witnessed the evolution as certain businesses and activities went from being unregulated to regulated, and today, TradFi is mature across the board—not only in mature markets but globally. In contrast, the digital assets space is still evolving, with technology, regulation, and compliance programs changing as business models and products change.”
He added that it is interesting how technology and regulatory compliance programs are more closely linked in dealing with virtual assets than in TradFi and TransFi.
Why VARA and not other regulatory authorities?
McHugh was particularly attracted to VARA because it was the first dedicated regulator in the virtual asset space. He explained, “Dubai is at the forefront of developing a broader ecosystem for digital finance globally. They are good at developing new businesses and focusing on achieving their goals. VARA is not reactive; on the contrary, it is a very proactive and engaging ecosystem.”
While comparing regulators is not like comparing apples to apples, McHugh notes that, unlike other regulators, VARA’s sole focus is on virtual assets. He highlighted how VARA dives into the details of how compliance programs are set up for VASPs, especially concerning customer protection, AML (Anti-Money Laundering), and the financial soundness of the ecosystem.
However, he points out that the compliance programs of VASPs at VARA meet the highest possible international standards due to the stringent standards imposed on them.
VASP passporting in VARA is vital
While the term ‘passporting’ was originally used in the financial sector to describe how financial firms could either passport in or out products and services between countries, this terminology is now being adapted for VASPs.
VARA has repeatedly emphasized the importance of passporting. McHugh explained, “At VARA, we want to ensure we have good engagement with regulators across borders, sharing notes on how they handle digital assets, holding bilateral discussions, and forming committees so that we can help our VASPs seamlessly passport across multiple jurisdictions.”
Comparing it to TradFi businesses, where big players operate globally across different jurisdictions with varying levels of regulation, McHugh is making sure that VASPs at VARA can operate anywhere, even though, in some instances, they might need to obtain additional licenses. He explained, “We ensure that they have the right AML standards and customer protections, making them transportable to any other jurisdiction.”
For VARA, whether it’s global VASPs that have been regulated within VARA or home-grown entities, all are scrutinized with the same standards depending on the businesses they run and the clients they serve. He added, “We don’t expect other regulators to look at our standards, but we hold ourselves to the highest standards.”
The compliance requirements at VARA are stringent
VARA, as a regulator, is constantly seeking good governance models and strong compliance cultures and programs. McHugh explained that there is a lot of back and forth during the licensing process because “we want this license to mean something, so we have pretty high standards, and a lot of the burden falls on the VASP that is applying.”
He added, “The application has to be actionable for us, while we manage expectations, as the entire ecosystem has a stake in maintaining high standards.”
He also noted that VASPs wanting to operate within VARA are in it for the long term and are committed to getting compliance right. “They want to be fully compliant,” he said.
For McHugh, compliance is more of an art than a science. Retail VASPs are different from institutional ones, so diagnosing VASPs is an important part of the process.
VARA has worked on streamlining the process as much as possible so that all VASPs are treated equally. “Even when submissions are not up to standards, we identify issues and go back into the process.”
Questions like “What are your plans?”, “How will you scale?”, “What is your cybersecurity strategy?”, “What is your financial health?” and others are all part of the discussion.
McHugh stated, “In the end, I don’t want a VASP that can talk a big game but doesn’t think they have to grow their compliance function.”
Finally, while there is no set time for a VASP to obtain a license, VARA has seen instances where VASPs have gone from being engaged to silent or have changed their business model. At those times, VARA will reach out to check if they are still in the process, as their earlier submission may become outdated.
“We need the information we requested, or you will have to go through the process again,” McHugh warned.
The future of the VASP ecosystem will include DeFi
Circling back to the strong connection between technology, regulation, and compliance, the fast pace of technological advancements is driving advancements in compliance. McHugh explained, “DeFi platforms are approaching us early on, and we at VARA can tell them how VARA views their business model and activities.”
He concluded, “Today, DeFi smart contracts are equipped with technologies such as AML guardrails and KYC applications, and given that we don’t want to be reactive, we have gotten a lot of engagement on this front. The DeFi and other VASPs want to be regulated and licensed, and we are ready to facilitate that.”