Regulatory Update: Middle East Edition – August 2021

The Dubai Financial Services Authority (“DFSA”) has appointed F. Christopher Calabia as the new Chief Executive, effective 1 October 2021. Mr Calabia is an accomplished leader in the financial regulation sector with a career spanning over 30 years and which included holding senior positions at the Federal Reserve Bank of New York and the Bill & Melinda Gates Foundation.

We welcome Mr Calabia to the DIFC and thank Bryan Stirewalt for his supervision during his tenure.

The DFSA has released a notice to amend legislation following the conclusion of Consultation Paper No. 135 “Regulation of Retail OTC Leveraged Products”, Consultation Paper No. 137 “Refinements to the Employee Money Purchase Regime” and Consultation Paper No. 140 “Miscellaneous”. The updates are reflected in the Anti-Money Laundering (“AML”), Counter-Terrorist Financing (“CTF”) and Sanctions Module, General Module (“GEN”), Conduct of Business Module (“COB”), Representative Office Module (“REP”), Collective Investment Rules Module (“CIR”), Glossary Module (“GLO”) and the Prudential-Investment, Insurance Intermediation and Banking Business Module (“PIB”).

With regards to changes following Consultation Paper No. 137, the modules have been updated as follows:

GEN:

• Guidance is provided on who can operate as an administrator of an employee money purchase scheme.
• Defines a non-DIFC employee money purchase scheme.
• Redefines a financial product to include an employee money purchase scheme, and a right or interest in a pension, superannuation, retirement or gratuity scheme or arrangement, or a broadly similar scheme or arrangement.

COB:

• Updates references to the definition of an employee money purchase scheme to include a scheme administered both inside and outside the DIFC.
• Updates definitions such as ‘basic wage’, ‘core benefits’ and ‘salary sacrifice’.
• Introduction of AML procedures when acting as an administrator of an employee money purchase scheme.
• Firms require pre-approval from the DFSA to operate an employee money purchase scheme.
• Removes the requirement to operate under the DIFC or a recognised jurisdiction.
• Includes additional oversight requirements for DIFC employee money purchase schemes.
• Includes additional reporting requirements for non-DIFC employee money purchase schemes.
• Requires operators to provide specific information to the member.
• Clarifies voluntary contributions to an employee money purchase scheme.

GLO:

• Definitions for the following terms added: ‘Core Benefits’, ‘DIFCA Board’, ‘DIFC Scheme’, ‘Employment Law’, and ‘’Recognised Jurisdictions’.

PIB:

• The Category 3B base capital requirement is now USD 500,000 for an operator and USD 1,000,000 for an administrator.

With regards to changes following Consultation Papers No. 135 and No. 140, the modules have been updated as follows:

GEN:

• Updates to rules regarding restricted speculative investments.
• Clarifies the application procedure for the endorsement of ‘carrying on service with or for a retail client’ involving speculative investments.
• Permits the format of financial statements and audit reports prepared by head office to be maintained in-line with a recognised standard, appropriate to the DIFC entity’s branch regulations.

GLO:

• Defines ‘Deal in a Restrictive Speculative Investment’, ‘Margin’, and ‘Restrictive Speculative investment’.

COB :

• Creates a section on restricted speculative investment covering:
  • applicability
  • key interpretations
  • expectations for an appropriateness assessment when dealing with retail clients
  • requirement for risk warnings
  • margin requirements for retail clients
  • requirement for negative balance protection for retail clients
  • rules around incentive use
  • prohibition of credit to fund an account
  • transparency requirements on certain speculative investments
  • restriction on dealing as agent, arranging, advising or making referrals
  • record-keeping
  • new guidance on client agreements covering: required risk warnings
  • fee details and charges

REP:

• New guidance on marketing restricted speculative investments

AML:

• Enhancement of criteria for appointing a Money Laundering Reporting Officer (“MLRO”) which includes an assessment of an individual’s ‘suitability’ for the position.

PIB:

• Removes references to LIBOR

CIR:

• Corrections for references regarding offers of units of foreign funds

The changes are effective 1 September 2021.

Following the enactment of DIFC Law No.5 of 2020, the “Data Protection Law”, the DIFC has engaged with the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) to determine whether the Data Protection Law is determined to be substantially equivalent to the UK Data Protection Act 1998 (“DPA”) and the UK General Data Protection Regulation.

The DPA has been assessed as substantially adequate by the DIFC Commissioner following Brexit. Firms in the DIFC can now transfer data to the UK knowing that the DPA protects personal data to the same high standard as the DIFC, but UK firms transferring personal data to the DIFC must still put safeguards in place. The DCMS adequacy decision would reinforce data flows between the jurisdictions, allowing for a simpler way of transferring personal data in a safe, fair, and transparent way without the use of additional safeguards.

The Abu Dhabi Global Market (“ADGM”) has released guidance to firms on the implementation and applicability of the Data Protection Regulations 2021 (“Regulations”). The Regulations apply to all firms incorporated in the ADGM, as well as firms processing data on behalf of an ADGM firm.

The guidance documents cover:

• An overview of the new regulations
• Clarification of new data subject rights
• Obligations on data controllers and data processors
• Setting up safe and efficient personal data transfer agreements both locally and across jurisdictions
• Templates to implement as part of the data protection framework
• Assessment tools

Crucially, the Office of Data Protection announced that current data transfer permits, a safeguard allowing the international free flow of data under the 2015 regulations, will be redundant after 14 February 2022, following the publication of the standard data protection clauses. Firms will be required to update their safeguard mechanisms to continue sharing data with entities located in jurisdictions without an adequacy decision.

The regulation is in force for firms who were incorporated on or after 14 February 2021. Firms who were incorporated before 14 February 2021 have until 14 February 2022 to implement the regulation.

The ADGM launched the fifth Innovation Challenge to develop innovative solutions to specific financial services challenges. The ADGM will partner with names such as Emirates NBD, Etihad Credit Insurance, First Abu Dhabi Bank, Pearl Data Direct, The Saudi British Bank, and Standard Chartered, who will work alongside the competitors to develop innovative solutions for each challenged statement.

Applicants will be assessed against a set criteria which includes an assessment of the maturity of the solution and the potential to scale. The shortlisted candidates will work with corporate champions to develop a proof of concept and test their solutions for the opportunity to enter into a corporate contract.
You can see the challenge statements here and further details regarding the application process here.

The National Committee for Combatting Money Laundering and Financing of Terrorism and Illegal Organisations (“NAMLCFTC”) held its seventh meeting of 2021 to discuss the latest developments within the UAE.The meeting was chaired by His Excellency Khaled Mohamed Balama, Governor of the Central Bank of the UAE (“CBUAE”) and overseen by His Excellency Ahmed Ali Al Sayegh, Minister of State for the UAE. The meeting focused on the development of committees in addressing the UAE’s weaknesses as identified in the 2019 Financial Action Task Force (“FATF”) assessment.

In preparation for the official response to the FATF’s concerns, the NAMLCFTC has formed a national technical team whose role is to prepare and review the state report, reporting back to FATF assessors on the UAE’s development, with particular emphasis on the use of registered and unregistered hawala providers.

The CBUAE has issued guidance on AML and Combatting Financial Terrorism (“CFT”) to registered hawala providers, and licensed financial institutions providing services to registered hawala providers, as per Federal Decree Law No. (20) of 2018, Cabinet Decision No. (10) of 2019, and the FATF’s own standards and guidelines. The guidance provides an overview of hawala activity, identifies global risks, and provides an overview of regulation and supervision of registered hawala providers. In addition, the guidance covers requirements for hawala providers, including registration requirements, identifies the AML and CFT expectations and the reporting obligations. The guidance provides tailored direction for licensed financial institutions providing services to registered hawala providers that cover customer due diligence expectations, transactions monitoring, and suspicious transaction reporting.

The guidance is now in effect and you can find the full guidance here.

The CBUAE Financial Intelligence Unit (“FIU”) has signed a Memorandum of Understanding (“MoU”) with the China AML Monitoring and Analysis Centre (“CAMLMAC”), which will allow the FIU to exchange relevant intelligence to combat money laundering and terrorist financing.

His Highness Sheikh Mohammed bin Rashid al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, has announced the establishment of a specialised court (the “Court”), focused on combatting money laundering. The Court will sit within the Court of First Instance and the Court of Appeal and aligns with the establishment of the AML and CTF Executive Office.

The Executive Office of AML and CTF signed a MoU with the Economic Security Center of Dubai to share information and cooperate in training and research initiatives. The MoU aims to add another layer of security to the national economy by preventing and countering harmful economic trends and illegal activities by fostering investment and growth.

The Abu Dhabi Department of Economic Development (“ADDED”) announced the release of a professional licence allowing foreign professionals to establish and own a professional business across the Emirate. The licence permits professional activities in over 604 areas, including training, consultancy, internet network companies and beauty centres. It aims to provide an affordable and more accessible way of issuing a licence to new investors, with the hope of fostering innovation and development in the region. A local service provider will likely be required to manage the licensing requirements where an Emirati partner is not identified. In addition to licensing a professional company, it will be possible to open a commercial branch where the commercial activity is consistent with, or complementary to, the professional activity.

As part of the investor’s journey programme, the ADDED announced that the Abu Dhabi Government has reduced the requirements for starting a new commercial business by 71%. The reduction comes as part of a thorough assessment coordinated by over 20 government entities to identify duplicate requirements and modify existing ones, aiming to make it easier to do business in the region.

The Sub-Committee for Supervisory Authorities in the UAE (“UAE SCSA”) in support of the objectives of NAMLCFTC released a new Administrative Decision, Decision No. (1) of 2021,. The Decision requires all FI and DNFBPs to sign up to the FIU’s GoAML reporting platform and report suspicious activity reports and suspicious transactions. The Decision adds a new requirement for FI and DNFBPs to notify of freeze fund reports and partial match reports to the platform.

The Committee for Goods and Material Subjected to Import and Export Control held various awareness webinars on the roles and responsibilities of FI and DNFBPs in respect of Cabinet Resolution No. (74) of 2020. Sessions were held between 29 August–6 September and covered industry-specific topics regarding targeted financial sanctions, proliferation, and terrorism financing and its applicability to each sector.

To keep up to date with the latest news and events from the Ministry of Finance subscribe to the newsletter here.

The FATF has reviewed various countries progress to address deficiencies identified in their AML and CTF measures, following the results of a mutual evaluation report.

• Zimbabwe has shown improvements regarding two recommendations requiring an upgraded assessment to ‘largely compliant’, however, due to a review of FATF standards, three ratings have been downgraded.
• Botswana has shown improvements regarding two recommendations requiring an upgrade to ‘compliant’ and ‘largely compliant’ with five recommendations on the cusp of a re-rating.
• Ethiopia has shown improvements regarding one recommendation, warranting an upgrade to ‘largely compliant’, however one recommendation rating was downgraded from ‘largely compliant’ to ‘partially compliant’.
• Hungary has shown improvements regarding one recommendation, warranting an upgrade from ‘partially compliant’ to ‘largely compliant’. Measures taken with regards to virtual assets and virtual asset service providers have been downgraded from ‘compliant’ to ‘partially compliant’.
• Malta has shown improvements in eight areas highlighted as recommendations, six of which have been re-rated from ‘partially compliant’ to ‘largely compliant’, two from ‘partially compliant’ to ‘compliant’.
• Myanmar has shown improvements in three recommendation areas, two of which have been re-rated as ‘largely compliant’ from ‘partially compliant’, and one from ‘partially compliant’ to ‘compliant’.
• Slovenia has been re-rated from ‘partially compliant’ to ‘compliant’ in one recommendation and a further six recommendation areas have been re-rated from ‘partially compliant’ to ‘largely compliant’. The recommendation regarding virtual asset service providers have been downgraded to ‘partially compliant’ due to revised requirements.
• Albania has shown improvement in one area and has been re-rated as ‘partially compliant’ from ‘not compliant’. Virtual assets and virtual asset service providers showed deficiencies from the revised recommendations and have been re-rated as ‘partially compliant’.
• Thailand has shown improvements in six of the recommendations, warranting a re-rating from ‘partially compliant’ to ‘largely compliant’ in four of the recommendations, and a re-rating of ‘compliant’ and ‘largely complaint’ about the remaining two.

In addition, the Holy See (including Vatican City State) submitted its fifth-round mutual evaluation report with predominately ‘largely compliant’ technical compliance ratings, and Egypt submitted their 2020 mutual evaluation report with a mixture of’ compliant’,’ largely compliant’ and ‘partially compliant’ ratings.

The Islamic Development Bank (“IsDB”) and Bloomberg LP will work together on a financial education programme across nine countries including the Middle East, Africa and Asia. The institutions will work with various universities across the regions leveraging the Bloomberg Terminal to support growth in the Islamic finance sector. Students who show an aptitude for the course will be recommended for internship opportunities at IsDB.

Find more information about the programme here.

BitMex, a company trading crypto derivatives, has been fined $100 million to settle civil charges with the Commodities Future Trading Commission (“CFTC”) and Financial Crimes Enforcement Network (“FCEN”) for operating a trading platform illegally and violating AML laws. The CFTC alleged that the exchange was unlawfully accepting orders and funds from US investors without regulatory clearance. In addition to this, FCEN alleged BitMex failed to maintain AML protocols and conducted transactions worth over $209 million with known darknet markets or unregistered money services businesses.

Firms should assess their AML framework in-line with their licensed activities and refer to local and international standards where necessary. CCL can guide and advise you on the establishment of a robust AML framework, and assist you with the testing and maintenance of your systems and controls.

The Dubai Misdemeanour Court has convicted eight individuals and three companies for cyber fraud and laundering stolen funds amounting to Dhs 14 million. The defendant was sentenced to three years’ imprisonment followed by deportation for hacking into a company bank account and fraudulently transferring money into his company account. The other individuals were sentenced to between 6 months to one year in prison with a fine of Dhs20,000 each for assisting the crime by conducting a series of illegal transfers to conceal the source of funds. The three companies involved were fined Dhs 300,000 each and ordered to return more than Dhs 9 million.

Firms should be cognisant of cyber security risks and the use of cyber hacks to facilitate money laundering activities.