PANews reported on June 16th that, according to Bitcoin.com, the Dubai Virtual Asset Regulatory Authority (VARA) has issued new guidelines requiring crypto companies to use quantitative business data to build real-time risk scoring models, replacing static tracking. The new regulations require crypto companies to update their risk assessments at least every three months, or immediately upon significant changes to their operational structure or product lines. Companies must promptly incorporate risks from Financial Action Task Force (FATF) high-risk and blacklisted countries into their assessment systems, and differentiate between risk assessments related to proliferation financing and targeted financial sanctions, ensuring they are not confused with general anti-money laundering measures.

VARA emphasizes that companies must formally document and explain the risks posed by emerging tools such as AI-driven operations and anonymity-enhanced transactions, and demonstrate to regulators that assessment results directly influence resource allocation and day-to-day compliance implementation.