Regulatory Update: Middle East Edition – April 2023

The DFSA issued Consultation Paper No.150 (“CP150”) on 27 April 2023, in relation to money services, crypto tokens and crowdfunding. In this CP, the DFSA proposes a number of changes to its rules, which serve as an expression of its policy framework.

The proposed regulations in relation to money services aim to provide clarity on:

• executing payment transactions on a payment account provided or operated by another person
• payment instruments which include the definition of payment instruments and clarification on issuing payment instruments – ancillary to other activities
• to allow cash out from a stored value account in the UAE, but outside the DIFC
• to amend the reconciliation requirements for money service providers holding client money.

The proposed regulations in relation to the crypto token regime aim to provide clarity on:

• the specification that an AMI must ensure that it complies with the standards that would be applicable to an Authorised Firm operating a Mainframe Token (“MFT”) that trades crypto tokens using Distributed Ledger Technology (“DLT”) or a comparable piece of technology
• the wrapper or wrapped tokens which need to be recognised to be used in the DIFC.

The proposed regulations in relation to the Crowdfunding Platforms aim to provide clarity on:

• the activity-level regulatory returns for crowdfunding platforms are updated and made mandatory.

Further details of the CP can be found here.

Responses to the consultation paper can be shared via the online response form. The deadline for providing comments is 26 May 2023.

The DFSA introduced Consultation Paper No. 149 (“CP149”) on 18 April 2023, which introduces a fixed penalty system to deal with specific infractions of laws that are overseen by the DFSA. CP149 proposes to apply this regime to violations of certain reporting obligations (such as failing to file regulatory returns by the deadline). The DFSA aims to implement the changes to serve as a deterrent and to encourage businesses to abide by the DFSA Rules and the laws that the DFSA administers.

The DFSA recommends the adoption of a fairly straightforward system with a graduated approach, where the severity of the punishment rises with each violation, as follows:

• First contravention US$2,500
• Second contravention US$7,500
• Third contravention US$15,000.

To account for the fixed penalty notice (“FPN”) regime’s anticipated future development, the DFSA recommends the maximum penalty be set at US$50,000 for a violation of a single provision. In contrast, the Regulatory Law’s Article 90(2)(a) permits the DFSA to impose a fine of any amount.

Further details of the CP can be found here.

Responses to the consultation paper can be shared via the online response form. The deadline for providing comments is 17 July 2023.

The DIFC intends to adopt revised Data Protection Regulations to introduce additional areas of regulation that enable the effective execution of the Data Protection Law, DIFC Law No. 5 of (The “DPL”) 2020. The public is invited to comment on the proposed regulations which were communicated via Consultation Paper (“CP”) No. 2 of 2023 on 19 April 2023.

The proposed regulations aim to provide clarity on:

• use and collection of personal data for marketing and communications
• personal data breach obligations
• personal data processed through digital, generative technology systems
• concepts to incorporate privacy by design or default.

The Consultation paper can be read here.

The deadline for providing comments on the proposals is 17 May 2023, comments may be submitted to the Commissioner via email.

The DFSA issued a Dear SEO Letter to authorised firms on 6 April 2023, in relation to updated regulatory reporting forms on the Electronic Prudential Reporting System (“EPRS”). Changes have been made to the Prudential Returns (“PRU”) Module to reflect updates to the reporting requirements.

The DFSA has also introduced new forms to capture Credit Funds and Money Services related activities.

The changes to existing forms include:

• B240 Funding Schedule
  • deposits are required to be reported by Client Classification
• B310 Large Exposures
  • number of large exposures required to be reported increased up to 80, subject to criteria
  • the name of the related ultimate parent entity for each counterparty, must be reported
  • Legal Entity Identifier (“LEI”) of each counterparty and the LEI for the related ultimate parent entity must be reported, if available
  • Total Capital Resources has been replaced with reference to Tier 1 Capital Resources, in line with changes to the DFSA Large Exposure regime
  • details of Credit Funds managed by firms will be captured
• B320 Arrears and Provisions
  • details of Credit Funds managed by firms will be captured
• B320 Asset Grading Classification
  • clarification within PRU that only on-balance sheet exposures measured at amortised cost/fair value through other comprehensive income are to be reported
• B340 Credit Activity
  • public administration exposures are to be captured separately from education and health services
  • cash balances and funded credit products will both be captured
  • credit funds managed by firms will be captured
• B350 Investment Activity
  • public administration exposures will be captured separately from Education and Health Services
• B460 Money Services
  • form introduced to capture the activities of firms licensed to provide Money Services.

The DFSA advised that the new forms will be used as from the April 2023 EPRS report submissions.

The Dear SEO Letter can be found here.

On 19 April the DFSA issued a Dear SEO letter as a reminder to regulated entities of important dates and requirements that must be adhered to for existing Crypto Business. The key date which entities should be aware of is the end of the transitional period, being 30 April 2023.

The letter was issued to the following types of entities:

• Authorised Firms
• Authorised Market Institutions
• Designated Non-Financial Business or Professions
• Managing Partners of Registered Auditors
• Principal Representatives of Representative Offices.

The DFSA has warned that relevant entities who have not obtained the necessary authorisation or approval by 30 April must cease all Crypto Business and wind down any existing business.

The Dear SEO Letter can be found here.

With the aim of raising awareness of the DFSA’s Crypto Token regime, the DFSA hosted a webinar on 6 April 2023.

A panel discussion was held to answer queries from the audience.

Discussions were also conducted on the topics of:

• planned future work
• challenges in regulating the crypto token market
• implementation
• licensing
• the regulation of the token market
• what tokens and financial services activities will be regulated
• token taxonomy
• key prohibitions and obligations
• AML/CTF issues
• market abuse issues.

A message was sent via the GoAML platform to all DFSA firms on 4 April 2023, in relation to the new Integrated Enquiry Management System (“IEMS”).

Access to the centralised platform has been rolled out to all DFSA firms by the UAE Financial Intelligence Unit (“FIU”). The platform facilitates communications between reporting entities, the FIU, and UAE law enforcement authorities. Information may be requested and received via the platform in relation to anti-money laundering and combatting financing of terrorism(“AML/CFT”) and financial crime investigations.

A workshop was conducted by the FIU on 6 April 2023 to take firms on a walk-through of the system.

Firms can find details of the IEMS rollout via their GoAML message board.

Considering the growing global awareness of the impacts of climate change, the DFSA published a text on 24 April 2023 explaining greenwashing.

As the name may suggest, greenwashing refers to claims by an organisation that misrepresent the sustainability features, actions or impact of its activities, practices or products. Greenwashing may be seen in various forms, from unclear or inappropriate use of sustainability-linked terminology to misleading marketing practices and fraud.

The DFSA offers guidance on how greenwashing can be prevented, including:

• relevant and transparent corporate disclosures allowing investors to make informed decisions
• disclosures relating to securities may reference specific projects or general corporate transition goals
• product-level disclosures providing investors with information explaining how a financial product uses the ‘green’ label justifiably.

The greenwashing explainer can be found via this link.

As part of the DFSA’s effort to raise awareness of the topic, the DFSA’s Markets Brief Issue No.27 was published by the DFSA on 17 April 2023. The briefing note highlights ESG-related disclosure considerations for issuers and reporting entities and the DFSA’s expectations in relation to:

• prospectus disclosure
• risk factors
• adequacy of systems and controls
• continuing disclosure obligations
• ESG Securities issued by Exempt Offerors.

The Markets Brief can be found via this link.

The DFSA also shared an audio recording of the Head of Strategy, Policy and Risk explaining the key characteristics of greenwashing and providing a summary of the disclosure requirements, the audio can be found via this link.

The DFSA, as a member of the Global Financial Innovation Network (“GFIN”) has invited regulated firms from the centre to participate in a ‘Greenwashing TechPoint’. The event will be hosted virtually on the UK Financial Conduct Authority Digital Sandbox between June and September 2023.

International regulators, firms and innovators are expected to participate in the global event, the event looks to address sustainable finance as a collective priority. The aim of the GFIN is to develop a tool or solution that can help the market and regulators to tackle the risks of greenwashing in the financial services industry.

Firms can apply to take part from 17 April 2023, with a four-week window to apply.

Further details of the event can be found here.

On 4 April 2023 the DFSA announced the signing of a Memorandum of Understanding (“MoU”) with Brunei Darussalam Central Bank. The MoU establishes a formal relationship between the two jurisdictions, the aim is to increase information exchange and cooperation between the two authorities, relating to combatting financial crimes as well as setting a framework to help the licensing of cross-border establishments.

Further details of the MoU can be found here.

The DIFC Office of the Data Protection Commissioner and the Gibraltar Regulatory Authority (GRA) signed a MoU on 20 April 2023. The aim of the MoU is to establish a working relationship between the two authorities including:

• sharing best practice
• providing support for each other’s supervisory and enforcement efforts
• collaboration on specific projects in areas such as:
  • interoperability and data flows with trust
  • artificial intelligence
  • regulatory sandboxes.

Further details of the announcement can be found here.

A Consultation Paper has been published by the Registration Authority (“RA”) of the Abu Dhabi Global Market (“ADGM”) in order to solicit feedback on the proposed framework for Distributed Ledger Technology(“DLT”) Foundations. DLT Foundations are organisations that support the use of DLT and the issuing of tokens.

Decentralisation and the desire to concentrate and direct resources and efforts in order to advance the project and reach its full potential are often two competing goals for DLT initiatives.

Decentralisation, which values the movement of power and control away from centralised entities or groups to a dispersed network of project participants, is a key premise of many DLT initiatives. The idea of the Decentralised Autonomous Organisation (DAO) has developed as an optimal governance structure for DLT initiatives.

The main topics of the CP are:

• the form of the DLT Foundations
• governance and control
• tokens
• reporting
• disclosures
• publication
• beneficial ownership
• supervision
• bankruptcy, liquidation, and voluntary strike off.

This newly suggested legal framework demonstrates how the ADGM RA acknowledges the general applicability of foundation structures for DLT projects and how the RA is in line with the ADGM’s objective to encourage and facilitate crypto ventures.

Further details of the CP can be found here.

Responses to the CP can be shared via the [email protected]. The deadline for providing comments is 12 May 2023.

On 17 April 2023 the Financial Crime Prevention Unit (“FCPU”) of the Financial Services Regulatory Authority (“FSRA”) issued a Dear SEO Letter concerning the requirement for firms to conduct an Institutional Terrorist Financing and Proliferation Financing (“TF/PF”) Risk Assessment.

The letter, sent to all approved persons, makes reference to the requirements of FATF Recommendation (1) to identify, assess, understand, and mitigate their TF/PF risks. FSRA firms are reminded to:

• document TF/PF risk assessments
• keep assessments up-to-date
• have appropriate processes to provide TF/PF risk assessment information to supervisory authorities, when required
• obtain senior management approval for policies, procedures, systems and controls
• ensure frameworks are consistent with national requirements and guidance in accordance with TF/PF risks identified
• ensure adequate controls are implemented, and enhance them where necessary
• manage and mitigate the risks where higher TF/PF risks are identified
• ensure that measures to manage and mitigate the risks are proportionate with the level of risk while still ensuring full implementation of the targeted financial sanctions related to TF/PF.

FSRA firms are reminded of their obligations to ensure compliance with Federal AML Legislation, Cabinet Resolution No. (74) of 2020 and the ADGM AML Rulebook.

The Dear SEO Letter can be found here.

On 5 April 2023, the FSRA announced to firms the launch of the FSRAs new reporting portal to be used for the purpose of submitting non-EPRS reporting submissions.

This is the first module of the Connect system and the FSRA have announced that further functionalities will be added in time. Registration emails will be sent out to the Senior Executive Officer, Finance Officer, Compliance Officer and Money Laundering Reporting Officer of each firm with the steps to register on the system.

Report submissions will no longer be accepted via email, all submissions must be made via the connect system, starting with the 30 April 2023 returns.

You may find further details of the portal including tutorial video here.

On 24 April 2023, the Financial & Cyber Crime Prevention (“FCCP”) Department of the FSRA issued a Dear SEO letter to relevant firms in the ADGM. Notice No. 10 of 2023 informs firms of the introduction of the new platform for Foreign Account Tax Compliance Act (“FATCA”) and Common Reporting Standard (“CRS”) submissions for the 2022 cycle, thus, replacing the current system.

To aid in understanding of the system, the authorities have introduced two training sessions which will cover Reporting Financial Institution (“RFI”) registration, RFI submission and risk self-assessment. The webcasts are on the following dates:

• webcast session 1: 28 April 2023   11:00 AM to 12:30 PM
• webcast session 2: 4 May 2023      12:00 PM to 02:00 PM.

Relevant firms should refer to the Dear SEO letter received by email.

The UAE Financial Intelligence Unit (“FIU”) has made the single platform accessible to all FSRA firms. An announcement was issued via the GoAML portal on 4 April 2023.

Communication between reporting entities, the FIU, and UAE law enforcement agencies is facilitated through the platform. The portal allows users to seek and receive information related to financial crime investigations as well as AML/CFT (anti-money laundering and combating the financing of terrorism).

IEMS is immediately connected to FSRA firms that are already registered on GoAML.

According to the AML/CTF Federal Decree Law No. (20) of 2018 and Cabinet Decision No. (10) of 2019 and its revisions, as well as the ADGM AML Rule, reporting firms under the ADGM are required to cooperate and submit the information requested by the UAE FIU and the appropriate Law Enforcement Authorities.

A workshop was conducted by the FIU on 6 April 2023 to take firms on a walk-through of the system.

A IEMS user guide can be found here.

Firms can find details of the IEMS roll out via their GoAML message board.

The amendments are currently only available in Arabic.

Key amendments include:

• paid capital requirement for the fifth category (arranging & advising) has been reduced from AED2.5M to AED500,000
• following definitions have been updated:
  • Foreign Market
  • Unregulated Commodity Contracts
  • Broker for trading in derivatives contracts, unregulated commodity contracts and currencies in the spot market
  • Recommendation/Financial Recommendation
• licensed entities may establish one or more branches inside or outside the country or in a financial-free zone in the country related to practising financial activity after obtaining the approval of the SCA
• licensed entities holding a license for more than one financial activity from within the same category, may appoint one approved person (as a minimum) for each main function required, with the exception of the ‘broker’s representative’
• licensed entities holding a license for more than one category may appoint one approved person for each main function for all licensed categories, as a minimum, with the exception of the position ‘head of category’
• licensed entities shall ensure that its employees who occupy any of the approved jobs, and any of the employees who are accredited by SCA, equate their educational degree/certificate with the concerned authority in the country, if issued by an educational institution outside the country
• it is permissible to have a joint function compliance officer and risk officer under the fund managers, family offices, self-managed funds, and fund administrators
• the position of a compliance officer may be outsourced after obtaining the approval of the SCA
• amendments to outsourcing governance in line with DIFC and ADGM standards, including ensuring that SCA will have access to records, premises and cooperation from the outsourced party
• client money amendments in line with the DIFC and ADGM standards
• introducing social trading, which is a forum or a social platform for its clients to express their comments and observations related to financial products
• portfolio management, introducing copy trading.

Further details of the amendments can be found here.

On 17 April 2023, the Securities and Commodities Authority (“SCA”) declared that it had begun processing license applications from businesses seeking approval to offer virtual asset services.

All UAE-based businesses that offer virtual asset services, other than those located in freezones, are required to submit a licensing application to the SCA. On the other hand, businesses operating in the emirate of Dubai should follow the licensing process of submitting their license application to the Virtual Assets Regulatory Authority (“VARA”) in addition to requesting the SCA’s approval.

The Financial Activities Rulebook has also undergone legislative changes in relation to virtual assets. Brokers, custodians, and platform operators for virtual assets were among the new financial activities that were included. Additionally, a new category for virtual asset service providers (“VASP”) was created, and a new annexure was added to Chapter 3 of the Financial Activities Rulebook, containing virtual asset portfolio provisions, such as creation, management, and controls.

Further details of the announcement can be found here.

The VARA announced on 14 April 2023 that they are working closely with Dubai’s Department of Economy and Tourism (“DET”) and Free Zone Authorities (“FZA”) to ensure that all initial disclosure questionnaires are received by the deadline of 30 April 2023. This is the first step in the progress to migrate the virtual asset market to the new regime.

Cabinet Resolution No. 111 of 2022 Concerning the Regulation of Virtual Assets and their Service Providers, confirms that all companies currently operating in or seeking to operate in the virtual asset sector, in or from Dubai, must be licensed by VARA.

VARA has been in cooperation with Dubai’s FZAs and the DET in an effort to efficiently transition existing VASPS to the VARA regime.

Further details of the article can be found here.

Federal Decree-Law No. 47 of 2022 on the Taxation of Corporations and Businesses (the “Corporate Tax Law”) has been amended by Ministerial Decision No. 73 of 2023 on Small Business Relief on 6 April 2023.

Small Business Relief lowers the corporate tax burden and compliance expenses for start-ups and smaller firms. The Ministerial Decision on small business relief defines the terms of the carried forward tax losses and disallowed net interest expenditures under the small business relief program. It also outlines the revenue level and requirements for a taxable person to elect for small business relief.

The Ministerial Decision stipulates the following:

• if the revenue for the relevant tax period and the two prior tax periods was less than AED3M for each tax period, then taxable persons who are residents may claim small business relief.
• the AED3M revenue barrier will only continue to be applicable for subsequent tax years that end before or on 31 December 2026, beginning with tax periods beginning on or after 1 June 2023.
• revenue can be calculated using the relevant accounting standards that are recognised in the UAE.
• qualifying free zone individuals and members of multinational enterprise (“MNE”) groups are not eligible for small business relief, MNE Groups are collections of businesses with operations in many nations and aggregated group sales of over AED3.15Bn.
• businesses can carry forward any incurred tax losses and any disallowed net interest expenditure from the decision-defined tax periods where they choose not to apply for small business relief for use in upcoming tax periods where small business relief is not chosen.
• regarding artificial business separation, the Ministerial Decision states that when the Federal Tax Authority determines that taxable persons have artificially separated their business or business activity and the total revenue of the entire business or business activity exceeds AED3M in any tax period and such persons have chosen to apply for small business relief, this would be considered an arrangement to obtain a Corporate Tax advantage.

Further details of the relief measures can be found here.

In order to automate data management protocols and processes, the Executive Office of Anti-Money Laundering and Counter Terrorism Financing (EO AML/CTF) has announced the beginning of the first phase of a project launched on 14 April 2023.

The EO AML/CTF will use cutting-edge information management and data analytics technologies and solutions, as the project progresses EO AML/CTF will:

• collate data from its national coordination activities
• build a central data warehouse
• develop technical systems to conduct data analysis leveraging
• issue reports to domestic and international partners
• deploy artificial intelligence tools to manage and process data.

Building a framework for data governance around money laundering and terrorism financing will also be a part of the project’s execution. The project team will accelerate the EO AML/CTF’s digital transformation and help it become an intelligent technology-based organisation.

To guarantee the security of data transmission and governance in accordance with global best practices, the team will also supervise the integration of the new system with external financial institutions and governmental bodies.

Further details of the project can be found here.

On 11 April 2023, the National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organisation Committee of the Central Bank of UAE published the outcome of the Suspicious Activity and Transaction Reporting Thematic Review.

The aim of the thematic review is to assist regulated entities to understand and successfully conduct their legal duties under the UAE’s legal and regulatory framework. The supervisory authorities’ thematic desktop evaluations completed during the 2022 in relation to Transaction Monitoring System (“TMS”) and Suspicious Transactions Report (“STR”) reporting frameworks served as the foundation for the creation of this report.

Regulatory expectations, acceptable and deficient practices are included for the following areas:

• governance and management oversight
• policies and procedures
• risk-based deployment of transaction monitoring controls
• data identification and management
• alert review, case investigation, and STR or SAR decision making
• post STR and SAR process.

Key dates that regulated entities will need to take action by:

15 June 2023

• regulated entities are required to conduct a self-assessment to assess their level of compliance against their STR obligations, deficiencies identified must be disclosed to the appropriate Supervisory Authority, along with an in-depth Risk Mitigation Plan

31 July 2023

• regulated Entities must make sure to conduct remediation to become compliant with their STR obligations, and put the necessary safeguards in place to strengthen their STR framework.

The report can be found here.

On 3 April 2023, the Financial Action Task Force (“FATF”) released the Mutual Evaluation Report on the Bolivarian Republic of Venezuela. The report provides a summary of the measures in place during the onsite visit conducted between 17 to 28 January 2022, as well as an analysis of compliance against the FATF 40 recommendations.

Venezuela has a sub-standard legislative and regulatory framework in place to enable it to combat ML/TF effectively. The assessment process highlighted several technical deficiencies that require action to ensure a strong AML/CFT/CFP system.

This Mutual Evaluation is the third that has taken place in Venezuela. The outcome of the latest evaluation shows that the overall effectiveness is low and the following technical compliance ratings have been given against the 40 recommendations:

• Compliant: 0
• Largely compliant: 9
• Partially compliant: 26
• Non-compliant: 5

Further details of the report can be found here.

Estonia’s state prosecutor announced on 17 April 2023 that six former employees of Danske Bank, stationed at the Bank’s Estonian branch had been charged with the laundering of at least US$6.58M in funds.

The former employees intentionally concealed the real owners of illicit funds, which were transferred into accounts between the period 2007-2015. Millions of euros worth of property, were earned for the money laundering services provided by the employees.

Services provided included:

• advising clients on how to hide an electronic trail of bank transfers
• preparation of documents
• selling companies to help hide the real owners of funds.

Further details of the enforcement action can be found here.

KPMG Lower Gulf has been ordered to pay over US$231M by a Dubai court which ruled in favour of a  group of investors.

The court order, which is reported to have been issued late in March 2023 came as a result of findings that KPMG Lower Gulf breached international auditing standards by approving the financial statements of an infrastructure fund managed by Abraaj Group.

The investors who will be awarded compensation following the ruling, had initially approached the court claiming they had lost money due to the poor-quality audit of Abraaj by KPMG.

Further details of the enforcement action can be found here.