Regulatory Update: Middle East Edition – April 2022

The Dubai International Financial Centre (“DIFC”) issued Consultation Paper (“CP”) No.2 to enhance the regulatory framework within the DIFC and provide further structuring options for businesses functioning in or from the centre.

The proposal intends to change:

• the formalisation, consolidation and definition of “Qualifying Applicant” to no longer include:
  • Under the Prescribed Company Regulation (“PC regs”):
    • Family Offices
    • Fintech Entities
    • Foundations
    • Holding Companies
    • Private Trust Companies
    • Proprietary Investments
  • Under the DIFCA Board Approved Expansion (“the Expansion”)
    • “DIFC based qualifying applicant (i.e. non retail entities (other than prescribed companies and non-profit incorporated organisations)” and instead includes “DIFC Registered Entity (other than prescribed companies and non-profit incorporated organisations)”
    • “Shareholder or Ultimate beneficial Owners of DIFC Qualifying Applicants” and instead includes “Shareholder or Ultimate beneficial Owners of DIFC Registered Entities”
    • “Family operated business with a large UAE presence” and instead includes “Family operated business with sufficient substance in the UAE”
• the formalisation, consolidation and definition of “Qualifying Purpose” to:
  • no longer include under the PC regs:
    • Family holding structure
  • include under the Expansion:
    • DIFC holding structure
    • Shipping structure
    • Innovation structure
    • Intellectual property structure
• Prescribed companies can be established by:
  • Shareholders or Ultimate Beneficial Owners (“UBO”) with a majority interest in a DIFC registered entity
  • Affiliates (that are legal entities), which are under the same group structure and have common ownership or common control with a DIFC registered entity
  • Family operated businesses that meet the definition of a single family under the Single Family Office Regulations, and which have sufficient substance in the UAE
  • DIFC registered retail entities (unless they rely on their retail premises to meet the registered office requirements)
• disapply provisions of the DIFC Law No.5 of 2018, Company Law for private companies from:
  • the prohibition from making an offer of its shares to the public where “A Prescribed Company whose Qualifying Purpose is a structured financing that is making an offer of its Securities to the public to facilitate a bond or sukuk issuance”
  • the requirement to have no more than fifty shareholders to be defined as a private company
• “Common control” definition will be expanded to “members of the same network of professional consultants that operate under the same brand and corporate governance policies or rules of association” to allow for direct and indirect legal control
• “Family operated business” includes family-owned, or controlled, businesses that meet the definition of a “Single Family” under the Single Family Operating Regulations
• “Qualifying applicants” must have sufficient substance in the UAE, where the substance legislation applies
• Initiators do not need to provide a confirmation statement for prescribed companies that have a qualifying purpose of structured financing
• Prescribed company confirmations should be submitted where there is an attempt to evade imposition of tax (as opposed to avoid).

You can read the CP here.

The Dubai Financial Services Authority (“DFSA”) issued amendments to legislation following Consultation Paper (“CP”) No. 141 “Whistleblowing”.

The DFSA rulebook updates are summarised as:

• General Module (“GEN”), Auditors Module (“AUD”) and Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (“AML”):
  • inclusion of a dedicated whistleblowing section which requires Authorised Persons, Auditors and Designated Non-Financial Businesses and Professions (“DNFBP”) to:
    • draft appropriate, written and effective policies and procedures to:
      • facilitate reporting of regulatory concerns
      • outline the assessment and escalation of regulatory concerns
      • implement reasonable measures to protect the identify and confidentiality of the whistleblower
      • implement reasonable measures to protect the whistleblower from suffering detriment
      • ensure appropriate and feasible feedback to the whistleblower
      • outline mechanisms for managing conflicts of interests and to ensure the fair treatment of any person subject to an allegation
    • conduct a periodic review of any whistleblowing policies and procedures
    • draft a written report of each concern raised including details of the concern and the outcome
    • provide protection under Regulatory Law, i.e. exemption to liability, dismissal or detriment to any person who makes a disclosure
• Authorised Market Institutions (“AMI”)
  • removal of the current whistleblowing section and instead insert cross reference to the new GEN provisions

The amendments are enforceable from 7 April 2022. Read the updates here.

The DIFC launched global venture studios “studio launchpad”, in collaboration with Enhance Ventures, as part of the commitment to the DIFC Strategy 2030. The studio launchpad acts as a mechanism to incubate unicorns, start-ups, scale-ups and corporate ventures, supporting thousands of innovation jobs. The initiative aims to develop ubiquitous finance ecosystems such as open finance, digital assets and web3 as well as digital asset technologies in the DIFC.

The studio launchpad offers a streamlined process to company formation and allows firms a fast-track for companies into the ubiquitous finance ecosystem. The launchpad structure will support firms fundraising and scaling efforts by providing access to potential customers, entrepreneurs, investors and subject matter experts.

The DFSA issued the April 2022 edition of the Regulatory Policy and Process (“RPP”) module. The April edition includes the consolidation of the February 2020 amendments.

The updates include:

• update to penalty guidance for firms to factor in aggravating or mitigating circumstances to include the treatment of whistleblowers
• update to penalty guidance for individuals to factor in aggravating or mitigating circumstances which includes whether the individual is a whistleblower.

The new edition came into effect on 7 April 2022 and can be read in full here.

The DFSA issued their 2021 Annual Report highlighting key achievements and activities over the year.

Some of the key highlights of 2021 include:

• The issuance of five consultation papers on strategy, policy and risk for DFSA policy updates; a further five international consultation papers have been responded to by the DFSA
• Six rule amendments and thirty rule-making instruments
• Seven enforcement actions
• 31% of DFSA employees are UAE Nationals
• Five hundred and twenty-nine authorised firms
• Establishment of the DFSA Task Force for Sustainable Finance
• Development of innovation-friendly initiatives such as the Innovation Testing Licence (“ITL”), “RegTech Live” events, participation in the Global Financial Innovation Network (“GFIN”) and the establishment of the investment tokens framework as well as other enabling technology guidelines
• Engagement with the Threat Intelligence Platform (“TIP”) to focus on cyber security concerns
• Standard setting and contributions in:
  • Banking
  • Insurance
  • Sustainable finance
  • Securities and markets
  • Islamic finance
  • Audit
  • Financial Crime, including contributions to the Financial Action Task Force (“FATF”) and Organisation for Economic Co-operation and Development (“OECD”)
  • Developing the UAE national workforce.

The DFSA Annual Report can be read in full here.

The DFSA signed a Memorandum of Understanding (“MoU”) with the Central Bank of Mauritius to assist with their regulatory functions and facilitate the exchange of knowledge. The MoU will focus on technologically enabled financial innovation and foster dialogue on operational and technological risk supervision, Anti Money Laundering (“AML”) and combating terrorist financing and proliferation, and cyber security.

The DFSA issued a Dear SEO letter to advise regulated entities on the risks of remote, work from home, hybrid and digital nomad working.
Firms are advised that:

• DFSA will be conducting oversight on a business as usual basis; firms continuing to rely on pandemic measures should resume their pre-COVID practices and policies or amend as appropriate
• policies and suitable procedures must be in place for ongoing changes to work practices that are commensurate to the nature, scale and complexity of the firms’ staff activities
• staff with responsibilities requiring physical presence in the DIFC are expected to spend sufficient time in the DIFC to discharge their duties fully

The DFSA advised firms to be aware of the following potential issues:

• DIFC employment visas may have specific requirements and expectations linked to location; in any event, all employees of regulated entities in the DIFC are required to hold a DIFC employment visa
• the DFSA requirement for financial services to be conducted “in or from” the DIFC will be interpreted literally; this will include platforms that allow the user to act as if they are in the DIFC even where they are remote working
• the DFSA expects the “mind and management” of the regulated entity to be in the DIFC; senior managers are expected to spend a majority of their time in the DIFC
• new working arrangements must not allow for a material reduction in control and oversight of staff and activities; where reduction is noted, firms must apply controls and risk mitigants
• cyber security arrangements must be suitable for the working arrangement prior to the change in policy

Dear SEO letters can be found here.

The DIFC Data Protection Office has launched a data protection awareness series to inform firms of new developments relating to the DIFC Data Protection Law no.5 of 2020, and other relevant data protection developments globally.

This month’s session covered:

• The amendment to the DIFC data protection law; firms should review updated guidance
• New tool to assess your response to requests
• The requirement for a comprehensive internal policy and an external policy/ notice to advise data subjects of their rights
• The issuance of the data protection consultation paper

You can review the guidance and tools here and the consultation paper here. Comments will be welcome before the 13 May 2022 by emailing [email protected].

The Abu Dhabi Global Market (“ADGM”), in partnership with Finstra, hosted the global fintech hackathon “Hack to the Future 4”. The hackathon focused on matters involving Environmental, Social and Governance (“ESG”), embedded finance and Decentralised Finance (“DeFi”) and the issues challenging finance today. The participants were given access to the Digital Lab administered by the Financial Services Regulatory Authority (“FSRA”) to build their solutions in a secure virtual environment allowing them to leverage resources such as synthetic data, Application Programming Interface (“API”), system images and reference architectures to support their prototype.

The ADGM FSRA published Discussion Paper (“DP”) No.1 of 2022 “Policy Considerations for Decentralised Finance (DeFi)”. The DP discussed the largely unregulated nature of DeFi and its growth, increasing the risk to investors, financial institutions and the financial systems. DeFi is a new way to deliver financial services through automated software protocols. This is analogous to traditional financial services and is closely aligned with digital assets and blockchain technologies in the way they provide technological and conceptual infrastructure.

The paper discusses:

• Key definitions:
  • “DeFi protocol” to mean the distributed application running on a public blockchain that automates the provision of financial services
  • “DeFi utility token” to mean a token used by the DeFi protocol solely to operate the provision of financial services. Utility tokens are automatically minted and burnt as part of the operation of the DeFi protocol. They will not be considered Virtual Assets by the FSRA
  • “DeFi governance token” to denote a stake in the DeFi protocol is similar to the ownership of a share in a company. A governance token is tradable and may be a digital security or Virtual Asset. The DeFi protocol may also use governance tokens to operate the provision of financial services in the same way as a utility token.
  • “DeFi controller” to be the natural or legal person(s) who exercises significant control, whether directly or indirectly, over the direction and maintenance of the DeFi protocol. The controller could be based on:
    • the share of DeFi governance tokens held by a person (similar to a significant shareholder)
    • the share of code underlying the DeFi protocol contributed by a person; or
    • the amount of control over the DeFi protocol’s administration key(s)
  • “DeFi activity” means the act of providing financial services through one or more DeFi protocols. A DeFi activity can be carried out either by a DeFi controller (i.e. offered directly by the controller) or by an intermediary (i.e. a firm that offers access to a DeFi protocol)
  • “DeFi users” to mean a person consuming the financial services provided by the DeFi activity
  • “DeFi participants” to mean participants who may include DeFi controllers, intermediaries and DeFi users
• DeFi protocols can provide the following typologies of assets and financial services:
  • Stablecoins
  • Credit (more similar to securities borrowing and lending than traditional credit)
  • Markets for example, some decentralised exchanges
  • Derivatives
  • Insurance
  • Asset management similar to a robo-advisor
  • Staking, where a user agreed to lock their digital asset in a smart contract underlying the DeFi protocol; this could also be similar to a collective investment fund or repurchase agreement depending on the DeFi protocol
• Internationally noted key risks:
  • Transparency risk, particularly AML and CTF risk
  • Risk to investors by being largely unregulated
  • Market integrity risk
  • Financial stability, particularly when the value, amount of participants and speed of shocks increase
  • Concentration risk in terms of protocols and technologies
  • Anonymity risk such as the increased chance of market misconduct and failed investor protections
• Potential medium-term trends (5 -10 years)
  • Sustained growth due to:
    • Cost; automation and advanced technologies are cheaper than traditional finance and often more efficient
    • Returns; there is a potential for generating investment returns with institutional investors expressing an interest in using automated asset management protocols to allocate their investment in digital assets or purchasing DeFi governance tokens
  • However, growth will level off once there is familiarity in the market due to reducing returns
  • DeFi will attract both yield prioritising investors and “well-informed” investors; over time, it is expected that the market will become more static as the yield prioritising investors will exit the market due to misjudged risks and losses with the “well-informed” investors remaining
  • DeFi will become more accessible to a broader middle group of users who are partially informed and risk-conscious due to wider adoption, which will push the wider acceptance of DeFi protocols
  • DeFi will be adopted by traditional finance firms on behalf of their clients; traditional finance firms will integrate DeFi activities into their existing products and services
  • Regulatory intervention will be required as DeFi becomes more widely adopted to ensure risk management, transparency (controllers and users may be required to identify themselves) and financial stability
  • Identity will likely be semi-protected by a unique identifier balancing privacy with AML/ CTF risk similar to developments in virtual assets
• Alternative views for discussion include:
  • DeFi may embrace regulation in a similar way to digital assets allowing for a wider user base and access to liquidity, helping protocols to grow
  • DeFi will push against regulation as this may require technological infrastructure changes and business model adjustments. However, growth of the sector will require regulation
• DiFi will not change the nature of financial services and is seen by the FSRA as a development of financial services similar to tokenisation; therefore it should be subject to the same robustness of regulation and rules specific to the risks
• Regulation will be tailored to the DeFi protocol; regulation and rules will be applied based on the resemblance to similar regulated activities
• Firms using a composed protocol (i.e. multiple protocols) may not need a financial services permission for each service where the activities are effectively being outsourced. However, other protocols must be sufficiently robust, ensuring they meet regulatory obligations
• Where a DeFi protocol bears no resemblance to a current financial service permission, the FSRA will individually review whether it is suitable to expand the regulatory framework to include such activity
• The FSRA will not allow for DeFi activities which do not allow identification of users and controllers
• Governance of DeFi firms is less distinctive due to merged role of controllers, which may lead to internal conflicts of interests therefore, the FSRA proposed that DeFi firms still require “Approved Persons” who meet the FSRA approved persons expectations and:
  • Are fit and proper for the dedicated role/task
  • Have personal obligations placed upon them
• The FSRA proposed an illustrative framework for participants commentary which discusses high-level policy positions such as:
  • Recognised and approved DeFi protocols
  • Customer disclosures
  • Requirements for the approval of specific DeFi protocols
  • Treatment of DeFi governance tokens as Virtual Assets
  • Requirements for the approval of DeFi Controllers which may include one DeFi controller being incorporated in the ADGM.

You can read the full paper here. Comments are welcome by 30 June 2022 by emailing [email protected].

The ADGM’s FSRA launched a thematic review on AML, CTF and Targeted Financial Sanctions (“TFS”) to assess the implementation of the FSRA rules and UAE federal regulations within regulated entities. Firms are required to submit a survey to the FSRA and must be prepared for a further detailed review on request. The thematic review report will be released, highlighting compliance practices observed across the ADGM in due course.

The scope will cover:

• Governance and oversight over AML/CTF and TFS risks
• Internal controls put in place by Authorised Persons to ensure compliance with the requirements in FSRA’s AML Rulebook, Cabinet Resolution No.10 of 2019, Cabinet Resolution No.24 of 2022 and Cabinet Resolution No. 74 of 2020
• Policies and procedures governing AML transaction monitoring and TFS
• Practical execution of a robust risk-based framework of the Authorised Firms

Firms in receipt of the Dear SEO letter must submit a survey here by 19 May 2022.

The Abu Dhabi Global Market Academy (“ADGMA”), the Human Resources Authority (“HRA”) and Banque Misr signed a MoU for the establishment of an educational banking programme for Emiratis at the ADGM. The MoU will provide a knowledge exchange and enhanced training platforms to refine the skills of Emirati researchers in banking. The successful graduates will be offered employment opportunities by the HRA and be sponsored by Banque Misr to further assist with training and employability as per the HRA’s requirements.

The Abu Dhabi Exchange (“ADX”) rebrands its “Second Market” to “Growth Market” to encourage private sector listings as part of the ADX One strategy to enhance liquidity and the exchange market capitalisation. The growth market offers companies access to a wide investor base, key support from the ADX on investor engagement and an opportunity to enhance brand equity. Participating companies can list their shares directly on the exchange without the need for an Initial Public Offering (“IPO”). The rebrand more closely represents its listed companies and is open to diverse sectors. Eligibility requirements include converting to a private joint company, two years incorporation, records of audited financial statements and ownership of at least 5% of share capital.

The UAE Executive Office for Control and Non-Proliferation held a seminar reminding firms of the current risks of terrorist financing and proliferation financing.

The session covered:

• three stages of terrorist financing and proliferation of finance
• financial obligations and measures of firms
• administrative penalties and criminal prosecution powers under Federal Law 26 of 2021
• implementation steps
• definition of sanction evasion
• terrorist financing risk assessment outcomes
• reporting TFS concerns
• typologies and red flags
• industry-specific recommendations

Firms are reminded to:

• Hold regular training
• Freeze assets without delay
• Subscribe to the Executive Office notification systems
• Undergo ongoing screening on the latest terrorist list and UN consolidated list
• Accurately report concerns

You can read the supporting publications here.

SAMA has amendment articles of the Implementing Regulations for the finance laws in the Kingdom. The updates include:

• Revoking Article 4 of the Implementing Regulation of Real Estate Finance Law allowing real estate finance companies to practice financing activities without stipulating prohibitions for combining real estate financing with other financing activities
• Approval of Article 16 of the Implementing Regulation of the Finance Companies Control Law allowing finance companies to practice financing activities without stipulating the prohibition of combining financial activities
• For both articles, SAMA retains the right to restrict licences at its discretion.

SAMA published its CP on the executive regulations for payments and payment services. SAMA will monitor the payment service providers and their system operators to assess their commitment to the relevant regulations, including monitoring and examining suspected system violations. In addition, the regulations would allow SAMA to conduct site inspections and require licenced firms to submit audited periodic statement and reports on their finances. The CP will reinforce international principles and standards and contribute to growth in the sector.

You can read the paper in Arabic in full here.

SAMA announced the release of draft principles and rules for financial institutions to enhance the protection of clients. The paper forms part of SAMA’s ongoing efforts to ensure that clients are receiving fair and transparent financial services and that their rights are preserved.

The paper discussed:

• Update to key terms and definitions
• Licensing
• Agents and distributors of electronic money
• Obligation of the licencee
• Protection of customers and promotion of competition
• Payment related services
• Protection and preservation of protected funds  Payment systems
• Oversight and control
• Complaints and disputes
• Cooperation with local and international bodies
• Application and enforcement Requirements for the provision of the payment accounts information service and the establishment of payment accounts

You can read the full consultation paper here.

The World Government Summit (“WGS2022”) organised fifteen new forums to tackle volatility from emerging sectors, including financial markets, following the pandemic. The forums will discuss the future of each subject area, including regulation, setting priorities, and addressing challenges.

The forums include:

• Global metaverse
• Global crypto
• Cybersecurity in aviation
• Climate change
• Global health
• Global energy
• Sustainable development goals in action
• Woman in government
• Government services
• Gender balance
• Forbes 30 under 30
• TIME 100 gala

His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minster of the UAE and Ruler of Dubai issued Law no.9 of 2022 regulating the provision of digital services in Dubai. The law allows firms to outsource digital services to public or private companies subject to approval from the relevant authorities, and the department of finance and comprehensive service agreements.

The law covers:

• conditions for providing digital services
• conditions for adopting digital identities for obtaining subscribed services
• cyber security requirements
• approved conditions for electronic payment solutions
• service continuity expectation in the event of disruptions
• approved digital services
• customer obligations for accuracy of information and compliance with terms and conditions

The Digital Dubai Authority, in coordination with the General Secretariat of The Executive Council of Dubai and the Dubai Electronic Security Center, can exempt an entity from any of these conditions.

In addition, the law makes provisions for accessibility, particularly for People of Determination, prohibiting firms from charging extra fees to accommodate needs.

The implementation will be rolled out in stages following the publication of the law in the Official Gazette and firms will have one year to comply.

The Agile Network, a network of countries set up to foster cooperation on innovative regulatory practice between governments, has selected the UAE to lead the network for 2023. The network, established by the World Economic Forum in partnership with the Organisation for Economic Co-operation and Development, comprises of UAE, UK, Canada, Denmark, Italy, Singapore, and Japan.

The UAE will focus on the exchange of information with a focus on policy and regulation for digital assets and financial technologies. The UAE proposes devising platforms allowing the testing of new regulations before scaling them globally, as well as exploring policies and agile regulations. The network will encourage greater private sector engagement to govern the use of Metaverse concepts and enhance engagement with global tech businesses to anticipate future requirements.

His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President, Prime Minister and Ruler of Dubai approved the UAE Council for Digital Economy chaired by Omar bin Sultan Al Olama, Minister of State for Artificial Intelligence, Digital Economy, and Teleworking Applications.

The cabinet approved:

• The UAE Digital Economy Strategy which aims to double the contribution to the digital economy in the next ten years by introducing thirty initiatives and programmes across six sectors and five new growth areas.
• The adoption of agreements to link the Gulf Cooperation Council (GCC) countries with the United States, Denmark and Brazil
• A federal law on public finance which obligates federal authorities to co-ordinate with the ministry of finance with the aim of achieving financial strategy objectives.

The Federal Tax Authority (“FTA”) has announced the launch of “Raqeeb”, the whistleblower programme for tax violations and evasion. Raqeeb will raise the level of tax compliance reducing tax evasion by promoting community control. Whistleblowers may receive monetary awards for high value reports.

Reporting can be made through the FTA website here.

The FATF issues a report on money laundering and terrorist financing risks arising from migrant smuggling. The report highlights the failure of many countries who consider migrant smuggling a low-risk crime emphasising the common nature of transferring and laundering the proceeds through hawala, legitimate shops and the use of professional money launderers.

The FATF provide recommendations to limit opportunities for migrant smuggles which include:

• Strengthening bilateral and international cooperation between financial investigation units, law enforcement and other authorities
• Enhancing cross-regional cooperation
• Conduction systematic investigations
• Increasing capacity of relevant practitioner to detect and deter migrant smuggling
• Ensure that money or value service providers comply with the FATF standard
• Strengthen domestic cooperation between public and private sector
• Review and strengthen asset recover frameworks
• Strengthen cooperation between public and private sector
• Review and strengthen asset recover frameworks
• Focus on support for high risk countries
• Introduce specific measures in countries affected by migrant smuggling.

You can read the full report here.

The FATF and FATF-Style Regional Bodies (“FSRB”) produced their report on the state of effectiveness and compliance with FATF standards following the 4th round of evaluations. Across the assessed jurisdictions, the report finds positive process and improvement in technical compliance with laws and regulations addressing money laundering, terrorist financing and proliferation financing. The report found 76% of countries satisfactorily implementing FATF 40 recommendations. However, the report notes substantial challenges in investigating and prosecuting high-profile cross-border cases and preventing anonymous shells companies and trusts being used for illicit purposes.

The FATF aim to improve their mutual evaluations in the 5th round to reduce the evaluation cycle, increase focus on major risks and context, and produce a result orientated follow-up assessment process.

The full report can be found here.

The FATF has issued “FATF Risk Based Guidance to the Real Estate Sector” for public consultation. The CP outlines the development of principles firms may adopt to tackle money laundering and terrorist financing risks as well as principles for supervisory authorities to implement.

The CP paper discusses:

• Key concepts
• The risk-based approach to the section AML and CTF risks
• Guidance for private sector
• Guidance for supervisors

The CP can be read here.

The Executive Office of the Committee for Goods and Materials Subject to Import and Export Control has updated the United Nations Security Council Sanctions List. Three entities from the Security Council 1518 list have been removed.

Firms are reminded to monitor geopolitical events and any resulting updates to international sanctions lists so that they can assess their exposure to sanctioned individuals and entities. Sanction contraventions must be reported to the relevant authorities without delay, and regulators will expect to be notified of any sanctions matters that may result in reputational consequences for the firm.

The updated sanction list can be found here.

The UK government announced plans to modernise the UK finance system to make the UK a global crypto assets technology hub and allow stablecoins as a valid form of payment. The measures include legislating for a financial market infrastructure sandbox led by the Financial Conduct Authority (“FCA”) (allowing experimentation and innovation in crypto technologies), establishing a crypto asset engagement group, enhancing the UK tax system to develop the crypto market, and working with royal mint on a Non-Fugible Token (“NFT”). The government intends to regulate stablecoins creating issuers and service providers the opportunity to operate and invest in the UK.

The UK will also explore:

• Distributed Ledger Technologies in the UK financial markets
• Hosting a ‘crypto sprint’ to discuss issues with industry participants.

The UAE and the UK have partnered to tackle illicit financial flows in a joint effort to target money laundering and serious and organised crime. The workshop participants discussed money laundering threats and typologies for illicit finance risks with a focus on financial trends involving virtual assets. The workshop also discussed financial intelligence unit priorities, responsibilities and law enforcement approaches and the collaboration of the two countries in disrupting crime groups.

Nikola Gruevski, north Macedonia’s Prime Minister, has been found guilty of money laundering party funds receiving a seven-year prison sentence. The court found that Gruevski has acquired EUR1.3M between 2006 to 2012 using party donations to buy property through an offshore company.

Firms are reminded to review client files for involvement with Gruevski.

Malta’s financial intelligence analysis unit fined BDO Consult Limited for anti-money laundering weaknesses. The corporate services firm was fined EUR61,763 for practices in 2019 following a regulatory review.

The Danish Data Protection Agency has fined Danske Bank EUR1.3M for failure to demonstrate compliant data deletion processes in breach of the General Data Protection Regulation (“GDPR”). The bank could not show that manual deletion had been conducted in over four hundred banking systems failing millions of individuals. In addition, there was no documented process for storage and deletion.

Firms are reminded to assess their processing activities and ensure they have suitable policies and procedures in place to evidence compliance with any applicable data protection laws.