Notifications
Clear all
Topic starter
10/06/2026 10:36 pm
TL;DR: Identity verification, transaction monitoring, AML/CFT alignment, and licensing support are becoming the practical backbone of regulatory readiness as virtual asset businesses in the UAE move from paper-based compliance to auditable operational controls through the Finjuris and Sumsub partnership, according to Sumsub.
NHIMG editorial — based on content published by Sumsub: Finjuris and Sumsub's partnership on virtual asset compliance in the UAE
Questions worth separating out
Q: How should virtual asset firms turn compliance policies into auditable controls?
A: They should map each policy requirement to a specific operational control, then make sure the control generates evidence automatically.
Q: Why do paper-based compliance programmes fail in regulated virtual asset environments?
A: They fail because a policy does not prove that the control was executed consistently.
Q: When should firms prioritise compliance operations over new policy drafting?
A: They should prioritise operations as soon as the policy cannot be demonstrated through repeatable evidence.
Practitioner guidance
- Map regulatory obligations to control evidence paths Trace each AML/CFT or licensing requirement to the exact system events, approvals, and logs that prove it was met.
- Unify identity verification and transaction monitoring workflows Connect onboarding, risk scoring, monitoring, and escalation so the same subject record follows the customer or account through its lifecycle.
- Build licensing-ready audit artefacts into day-to-day operations Store decision records, review outcomes, and exception handling artefacts as part of normal operations, not as a separate audit project.
What's in the full analysis
Sumsub's full article covers the operational detail this post intentionally leaves for the source:
- How the partnership frames licensing support for regulated and prospective virtual asset service providers
- The specific mix of identity verification, transaction monitoring, and AML compliance capabilities mentioned in the article
- The regulatory context around UAE and international compliance expectations
- The companies' own explanation of how they intend to bridge policy and operational practice
👉 Read Sumsub's analysis of the Finjuris partnership on virtual asset compliance →
Virtual asset compliance in the UAE: what teams need to operationalise?
Explore further
11/06/2026 2:43 am
Compliance fails when policy cannot survive supervisory inspection. This partnership is really about the gap between what firms say they do and what they can prove under review. Virtual asset businesses do not fail compliance because they lack documents alone, but because the control chain from onboarding to monitoring to escalation is often not operationalised. The practitioner conclusion is that evidence quality is now part of the control itself.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
A question worth separating out:
Q: Who is accountable when licensing readiness and AML/CFT controls break down?
A: Accountability usually spans compliance, legal, IAM, and operational owners, because the failure is rarely isolated to one function. In virtual asset businesses, the control chain crosses onboarding, identity assurance, transaction monitoring, and escalation. The accountable model is the one that assigns ownership for evidence, not just for policy text.
👉 Read our full editorial: UAE virtual asset compliance shifts from policy to auditable controls
