DISPATCH ·

DMCC + VARA UAE broker RFP template (Phase 4 per-archetype artefact)

Forty-third dispatch. Second per-archetype RFP template covering Archetype B from the cross-archetype matrix refresh. Operationally-actionable RFP document operators can adapt directly for DMCC plus VARA dual-licensed UAE broker procurement.

tags · phase-4 · rfp-template · dmcc · vara · archetype-b · operational-artefact

Why this dispatch exists

This is the forty-third dispatch and the second per-archetype RFP template. Covers Archetype B: DMCC free-zone-registered broker with optional VARA add-on authorisation for crypto-asset services.

Section 1: Requirement overview

The requirement is the CFD broker tech stack for an operator authorised under DMCC (Dubai Multi Commodities Centre) free-zone registration with optional VARA (Virtual Assets Regulatory Authority) add-on for crypto-asset services serving GCC + Indian subcontinent + MENA + Southeast Asian client segments under UAE Data Protection Law (Federal Decree-Law 45 of 2021).

Section 2: Vendor evaluation categories required

Per the DMCC plus VARA archetype dispatch:

  • Brokerage hosting (split: LD4/FR2 for CFD LP proximity + DX1/DX2 for VARA-onshore crypto data)
  • Trading platform (MT5 with Arabic/Hindi localisation; cTrader for differentiation; Match-Trader for VARA-side crypto-CFD)
  • LP procurement (tier-1 prime broker + regional MENA LPs + crypto LPs for VARA-side)
  • Risk management (per-jurisdiction leverage 1:200-500 enforcement)
  • KYC + AML (Sumsub or ShuftiPro for Arabic-script documents + UAE Cabinet Resolution sanctions list coverage)
  • RegTech (Eventus Validus for combined CFD + crypto-asset surveillance; Behavox or Smarsh for comms)
  • Crypto exchange WL (B2BX or Soft-FX for VARA-supervised crypto venue, custody separate from venue procurement)
  • Travel Rule (Notabene or Sumsub TRP for VARA + EU TFR if dual-licensed)
  • Payments (Bank Frick + 6-10 PSPs covering MENA + GCC + Indian subcontinent + SEA rails)
  • IB management (specialist with multi-tier 3-4 depth for UAE network density 500-2,000 sub-IBs)
  • Broker CRM (B2Core or Match-Trader CRM multi-tenant for CFD + VARA separation)
  • Broker analytics (Trading Central + Solitics for CFD; Glassnode + CoinGecko Terminal for VARA-side)
  • Turnkey suites (B2Broker UAE-tested at lean)

Section 3: Universal vendor requirements

Apply the five universal dimensions from the RFP scoring framework opener (same as Archetype A).

Section 4: Per-pillar requirements

Per-pillar requirements follow the per-pillar evaluation toolkits with DMCC-specific emphasis on:

  • Per-regulatory-regime leverage configurability (1:200-500 vs ESMA 1:30 retail default)
  • Arabic + Hindi localisation depth across CRM, KYC vendor, analytics, comms surveillance
  • UAE Cabinet Resolution sanctions list coverage for ongoing screening vendor
  • VARA crypto venue procurement separate from CFD platform procurement
  • Custody procurement separate from crypto venue procurement (MiCAR Article 75 equivalent VARA expectations)

Section 5: DMCC + VARA archetype customisation (weight multipliers)

Per the Phase 4 opener customisation layer:

  • P5 (multi-language) x 1.5 for Arabic + Hindi
  • CX1 (MiCAR/VARA alignment) x 1.5 for VARA crypto venue
  • KYC1 (UAE Cabinet Resolution) x 1.3

Section 6: Disqualification thresholds checklist

Vendor automatic disqualification if score below 2 on any critical dimension:

  • ☐ Per-regulatory-regime leverage configurability for risk management vendor
  • ☐ Arabic-script document support for KYC vendor
  • ☐ UAE Cabinet Resolution sanctions screening for ongoing screening vendor
  • ☐ VARA-aligned positioning for crypto venue if dual-licensed
  • ☐ Match-Trade Crypto / ETNA Software automatic disqualification for crypto venue
  • ☐ FXJunction automatic disqualification for copy trading

Section 7: Vendor scoring rubric reference

DMCC-specific demo emphasis:

  • 1:200-500 leverage enforcement demonstration on operator’s specific MT5 instance
  • Arabic-script ID document verification demonstration
  • VARA crypto venue demonstration with custody integration architecture walkthrough

Section 8: Reference customer validation

Required reference customers:

  • Hosting: minimum 2 UAE operators with DX1/DX2 deployment + 2 with LD4 deployment
  • KYC: minimum 2 UAE operators with UAE Cabinet Resolution screening
  • Crypto venue: minimum 2 VARA-authorised operators with deployment tenure
  • Travel Rule: minimum 2 VARA operators with deployment tenure

Section 9: Integration testing scope

Per-pillar integration testing with DMCC-specific scope:

  • Split hosting architecture testing (LD4/FR2 + DX1/DX2)
  • VARA crypto venue integration testing separate from CFD platform integration
  • Travel Rule integration testing for VARA-supervised flow
  • UAE PSP set integration testing including local PSPs

Section 10: Decision documentation references

DMCC-specific documentation:

  • VARA crypto venue procurement separate from CFD platform procurement rationale
  • Custody-WL boundary separation documentation
  • Travel Rule counterparty network coverage evaluation for VARA-side