Regulatory Update: Middle East Edition – December 2021

The Dubai International Financial Centre (“DIFC”) FinTech Hive launched an Investors Day as part of the Middle East, Africa and South Asia’s (“MEASA”) largest technology accelerator programme. Forty-four successful start-ups participated in the programme and presented a virtual pitch to investors and industry leaders, as well as financial and knowledge partners. Some high-profile partners included Abu Dhabi Islamic Bank, First Abu Dhabi Bank, Emirates NBD, HSBC, Standard Chartered Bank, Visa, Wall Street Exchange, Abu Dhabi National Insurance Company, Zurich, Etisalat and the Department of Economic Development.

To date, the FinTech Hive has received over 2,500 applications, with 160 start-ups being selected to develop their product offerings in the DIFC FinTech Hive covering product offerings in sectors such as FinTech, Regulatory Technology (“RegTech”) and Islamic FinTech.

A global cooperation agreement has been signed between the Busan Finance Center (“BFC”) in South Korea and the DIFC. The agreement covers areas such as Environmental, Social and Governance (“ESG”), trade finance, FinTech, and the future of finance which aims to strengthen global cooperation and assist BFC clients to expand across the MEASA region.

Mastercard has joined the Dubai Financial Services Authority (“DFSA”) Threat Intelligence Platform (“TIP”) with a commitment to construct intelligence-led, public-private partnerships and boost cyber resilience across the MEASA region. The collaboration fosters advanced cybersecurity capabilities and will help culminate a comprehensive ‘threat library’ that will enable DIFC institutions to recognise and respond to cyber threats in real-time.

The TIP was launched in January 2020 to create a community of information sharing within the DIFC. Firms are encouraged to register on the TIP via the DFSA ePortal.

You can read more information on TIP here.

The DFSA has issued a notice of an amendment to the Prudential – Investment, Insurance, Intermediation and Banking Module (“PIB”) of the DFSA Rulebook following Consultation Paper no. 139, ‘Updating the leverage ratio’. Amendments to the PIB Module are as follows:

• Calculating the Exposure Measure
  For the purpose of determining the Exposure Measure, the value of exposures must be calculated in-line with the International Financial Reporting Standards (“IFRS”) and subject to new adjustments:
  • collateral may not be netted against a derivative position, whether or not netting is allowed
  • collateral posted against a derivative position must be added to the Exposure Measure if posting the collateral has resulted in a reduction in the firm’s balance sheet
  • if a firm writes a credit derivative, it must include the notional value of the derivative in its exposure measure without allowing any offset
  • if a firm is a clearing member of a Central Counter Party (“CCP”) and is contractually liable to reimburse its clients or the CCP for losses, as a result of a change in the value of the trading transactions in the event of a default, it must:
    • treat each transaction as if it were a derivative exposure entered into directly with the client, especially with regard to the provision or receipt of variation margin
    • include the transaction in its exposure measure
  • an item that has been deducted under the Common Equity Tier 1 Capital calculation must also be deducted from the exposure measure, except where that item relates to liability
• Minimum leverage ratios
  • a firm must maintain a leverage ratio of at least 3%
  • where a firm is designated as a G-SIB (a global systemically important bank), the firm must maintain a leverage ratio of at least the sum of 3% plus 50% of its Higher Loss Absorbency ratio
  • where a firm is designated as a D-SIB (a domestic systemically important bank), the firm must maintain a leverage ratio of at least 3.5%
  • a firm must maintain higher than the rulebook’s requirements where directed by the DFSA by written notice.

The changes are effective from 1 January 2022. You can read the amendments here.

For support with these rulesbook changes and with your ongoing requirements, click here for details of our new Outsourced Finance Officer offering.

The DFSA issued Consultation Paper no. 142 which proposes a new regime for credit funds. Credit funds are collective investment funds that use fund property either to originate, or to purchase, loans, or both. Fund managers should take note of the proposals.

The Consultation Paper outlines proposed changes to several of the DFSA rule books including:

• Collection Investment Rules (“CIR”)
  • Specialist classes of funds to include ‘credit fund’
  • External fund managers and external funds will be prohibited from managing a domestic fund that is a credit fund
  • A fund manager must not manage an external fund that is a credit fund
  • Updated rules on the custody of fund property when dealing with a credit fund
  • The requirement to ensure investment vehicles used for credit funds are closed-ended legal structures and either an investment company or an investment partnership
  • An eligible custodian would not be required for a fund manager of a credit fund that is considered an exempt fund
  • Fund managers of a credit fund must have in place effective arrangements to ensure that the fund property is not made available to creditors of the fund manager, or any other fund under managment, in the event of the fund managers’ insolvency where the credit fund is considered an exempt fund.
  • Limitations on credit facilities for fund managers of a credit fund
  • Limitations of eligibility to join a credit fund
  • The requirement to have suitable policies and procedures for granting, acquiring, monitoring and managing credit
  • The requirement to have comprehensive stress testing programmes
  • The requirement to have an explicit risk diversification strategy
  • Rules around redemption and distribution including the fund’s constitution and lifespans
  • Rules around borrowing from the fund
  • Periodic reporting obligations
  • Guidance and risk warnings on marketing material
  • Content for the prospectus of a credit fund

• General Module (“GEN”)
  • Managing a collective investment fund shall include the activity in relation to credit fund, providing credit, arranging credit or advising on credit

• Glossary Module (“GLO”)
  • Credit fund is to be defined by CIR Rule 3.1.14 as ‘A fund is a Credit Fund if it is an Exempt Fund or a Qualified Investor Fund and its investment objective is to use at least 90% of its fund property for providing credit, including by the acquisition of loans.’

• PIB
  • An amendment to the base capital requirement for fund managers of credit funds
  • Credit funds are required to report B310 – Large Exposure; B320 – Arrears and Provisions; B340- Credit Activity; B350 – Trade Finance Activity

• Feeds Module (“FER”)
  • A fee of USD 10,000 is to be administered for firms managing a collective investment fund if any fund to be managed is a credit fund.

The consultation paper can be read in full here. Comments can be submitted by 19 January 2022 here.

The ‘DFSA in Action’ was published, which summarised key achievements and focus areas for the DFSA in 2021. Key achievements include:

• Hosting the third edition of RegTech Live – Driving Compliance Through Innovation
• Developing a cryptoassets regime
• Launching guidelines on ‘Financial Institutions Adopting Enabling Technologies’, in conjunction with the Central Bank of the UAE (“CBUAE”), the Securities and Commodities Authority (“SCA”) and the Financial Services Regulatory Authority (“FSRA”) of the Abu Dhabi Global Market (“ADGM”)
• Inviting a new cohort of firms to join the Innovation Testing Licence (“ITL”) Programme
• Issuing suitabilityguidance following a Thematic Review on Suitability
• Conducting a sectorial review of the representative office to assess the environment and inherent risks
• Completing a Brokerage Thematic Review on financial crime risks
• Updating the annual Anti Money Laundering (“AML”) Return template following the Targeted Financial Sanctions Thematic Review
• Completing a mini thematic review on the impact of COVID-19 on operational risk management
• The success of the Small and Medium-Size Enterprise (“SME”) regime
• Introducing guidance on suspicious transaction and order reports in respect of market abuse to create more awareness in the investment community

The report also highlighted several key areas of focus for the DFSA:

• Innovation and the development of a regulatory framework for security tokens and other types of cryptoassets
• Cyber risk systems and controls and raising awareness about cyber threats on the TIP
• Prudential supervision and dealing with increased credit and liquidity risk
• Sustainability and environmental, social and governance (“ESG”) initiatives, including the planned launch of the DIFC ESG Hub

You can read the full publication here.

The DIFC’s Commissioner of Data Protection held a data protection knowledge seminar to discuss updates to the data protection guidance tools, which include:

• Tools for responding to data subject access requests
• Questionnaire on the requirement to appoint a Data Protection Officer (“DPO”)
• Guidance on how to write a privacy notice

Further updates expected in 2022 include a decision from the UK Department for Digital, Culture, Media & Sport on the adequacy of the DIFC data protection regime and the implications of the UAE Federal Law no.44 and 45.

 

The DFSA issued a fine to Equitativa (Dubai) Limited for USD 300,000 (with a reduction of 30% by way of a settlement discount) for misleading statements and failing to report relevant information to its auditor. Equitativa is both fund manager and reporting entity of NASDAQ listed fund, Emirates REIT (CEIC) PLC (“the Fund’).

Regarding Equitativa’s activities in 2018, the DFSA found:

• Equitativa made a misleading statement regarding a fund asset
• Equitativa failed to take reasonable steps to ensure that its employees reported relevant information to its auditor, in breach of CIR
• Equitativa’s fund valuation practices also raised concerns.

The DFSA accepted an enforcement undertaking to address concerns raised and will appoint an independent valuation expert to join the Funds Oversight Committee.

Firms are reminded to have a suitable diligence defence structure to manage compliance matters and those requiring independent oversight are advised to appoint a Non-Executive Director (“NED”).

You can read the full decision notice here and the enforcement undertaking here.

The International Finance Corporation (“IFC”) and the Abu Dhabi Global Market (“ADGM”) launch ‘She Wins Arabia’, an initiative to assist women-led start-ups across the Middle East and North Africa. The initiative will support incubators, accelerators and venture capital funds, and provide the opportunity to pitch for financing and mentorship opportunities from ecosystem leaders and potential investors.

You can read more about the initiative here.

The ADGM is preparing for the launch of several cryptocurrency exchanges, trading platforms and custodians in 2022, following the launch of the FSRA’s comprehensive virtual asset framework in 2018. The success of the virtual asset framework is attracting international and regional firms as well as start-ups interest to join a regulated environment.

The Registration Authority (“RA”) of the ADGM has fined Aquarius Global Limited (“Aquarius”) USD 8,000 for exceeding the scope of its licence. Aquarius was licensed as a holding company but was found to have entered into a substantial contract to provide personal protective equipment to a third party even though their licence did not permit operational activities in the ADGM.

You can read the full decision here.

The UAE enacts Federal Data Protection Law no.45 of 2021 on the Protection of Personal Data (“PDPL”) which aims to regulate personal data processing activities within firms and provides extensive rights to individuals over their personal data. The law will apply to all businesses that are processing data in the UAE, as well as firms that are processing data relating to persons inside the UAE. Notably, it does not apply to firms who are subject to freezone, health or banking specific data protection laws. Government data is also excluded.

Firms will now be required to rely on a lawful basis for processing personal data which must be communicated to individuals by way of a privacy notice before the data is processed.

Firms will be required to appoint a Data Protection Officer (“DPO”) in circumstances where the processing activity creates a high-level risk due to the mode, amount or type of personal data transferred. Transfer of personal data must be assessed before any data is processed and impact assessments must be completed where there may be a higher risk of transferring the data. International transfers will be restricted to jurisdictions that have suitable data protection laws (known as an ‘adequacy decision’) and firms wishing to transfer outside the list will have to rely on a lawful exemption. Firms now have an additional responsibility to report breaches of personal data, including accidental leaks, to the Data Office (established by Federal Law no.44 of 2021), and where the risk to the individual is likely to materialise, the firm may also be required to report the breach to the affected individual.

The PDPL will have supporting Personal Data Protection Regulations (“PDPR”) which are expected to be released in March 2022 and become enforceable in September 2022. Amongst other details, we expect to see further guidance on:

• exemptions of the PDPL such as exemptions for firms processing small amounts of data
• guidance on adequacy decisions
• useable exemptions for international transfers

The law is effective from 2 January 2022.

Government entities have moved to a 4.5 day week with some private firms choosing to follow suit. The move will require government entities to enforce a weekend starting at midday on Friday ending on Sunday. The DFSA has moved its weekend to Saturday and Sunday with 8 am – 5 pm working hours and the DIFC will move to a Saturday – Sunday weekend with working hours of 8 am – 3 pm. The ADGM and FSRA will move to a 2.5 day weekend with working hours of 8.30 am – 4.30 pm Monday to Thursday and 8.30 am – 1 pm Friday. The move aligns the UAE’s working week with other global markets, thereby increasing opportunities for global collaborations and business opportunities as well as supporting a healthy work-life balance. Currently, it is optional for private firms to implement the change

The new working week for government entities is effective from 1 January 2022.

The National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organisation Committee published the UAE Risk Assessment Outreach Programme for the private sector and Financial Institutions (“FI”).

The purpose of the programme is to:

• Establish a public and private sector partnership in AML/combating financing of terrorism
• Grow private sector and FI awareness of risks
• Increase the number of the private sector and FI suspicious transaction reports based on risk assessments
• Increase private sector and FI compliance
• Raise awareness of the UAE National Risk Assessment findings and recommended controls

Firms are reminded to incorporate the UAE National Risk Assessment findings into their AML frameworks.

The Abu Dhabi Exchange (“ADX”) issued Circular no.28 of 2021 ‘Concerning the Insider Trading Prohibition Period’ which started on 17 December 2021, pending the full disclosure of the Annual Financial Statements for 2021. The Circular applies to all listed companies, departments of AX, brokers accredited by ADX and all ADX investors.

The ADX issued Circular no. 29 of 2021 ‘Concerning Insiders Database Update’ to remind companies of the requirements to update the insider database and company profile on the e-ADX website. The ADX requires companies to make an immediate disclosure when the insider list or the company profile is updated.

Companies must update their details by emailing [email protected] and provide the ADX with confirmation of correct details.

You can find the full circular, including the update form, here.

The CBUAE has enhanced its supervision framework by introducing new standards to oversee banks’ exposure to the real estate sector. The standards cover:

• On balance sheet loans and investments
• All off-balance sheet exposures to the real estate sector
• Requirements to:
  • review and improve internal policies
  • enhance underwriting, valuation and general risk management for real estate exposure

The standards came into effect on 30 December 2021 and firms will have one year to comply.

You can read more about the standards here.

The SCA published the Chairman of the Authority’s Board of Directors Decision (…) of 2021 ‘Regulating the Virtual Asset and Digital Product’. The regulation will apply to virtual assets used for investment purposes, and the offering, issuing, registering, listing, trading, settling, and clearing of digital products and digital service providers. A digital product is defined as ‘a financial product that is transacted through the digital platform’. However, it does not include virtual assets issued by the federal government, local governments, government institutions and bodies or companies wholly owned by any of them. Similarly, virtual assets and providers of virtual asset services for payment services supervised by the Central Bank are not subject to the decision.

The draft decision can be read in full here.

You can read the full circular here.

The CBUAE signed a Memorandum of Understanding (“MoU”) with Iraq to enhance the cooperation on banking supervision matters. The MoU will facilitate an exchange of information to ensure effective cross-border supervision.

The Saudi Central Bank (“SAMA”) issued a mandatory information technology governance framework for several financial institutions including local banks, and payments and credit information companies. The governance framework seeks to effectively identify and address potential IT risks and threats and intends to improve IT governance practices and controls.

The framework can be found here.

SAMA organised a workshop on ‘Fintech ecosystem and envisioning the digital economy’ under the sponsorship of Governor, Dr Fahad Almubarak. The workshop was attended by several chief executive officers from local banks, and the Governor highlighted the importance of supporting FinTech innovation, with banks playing a key role in boosting growth. The launch of a regulatory sandbox was also announced to improve understanding and impact of new services and products in the current financial environment. Sessions hosted in the workshop covered SAMA’s digital transformation, how open banking is changing, the FinTech evolution, and the risk of central bank digital currencies and virtual assets. SAMA will continue to organise workshops with other relevant financial institutions in the banking sector.

The Financial Action Task Force (“FATF”) hosted a conference on environmental crime with participants from public, private not-for-profit sectors, and academia. The importance of establishing partnerships to tackle money laundering funding environmental crime was discussed, as was the need to act on FATF findings reports on environmental crime and illegal wildlife trade. The FATF has added several examples of environmental crimes to their glossary. Two key themes of the conference were:

• how countries and private sector organisations can assess their exposure to financial flows from environmental crimes
• how countries, international organisations and private sector organisations can work together to address the threat

You can read the FATF report of Money Laundering through Environmental Crime here.

The Committee for Goods & Materials Subjected to Import and Export Control (the “Executive Office”) has updated the United Nations Security Council sanctions list. One entry from the Central African Republic has been added, as well as 65 individuals from ISIL (Da’esh) and Al-Qaida. The Security Council 1518 sanctions’ committee has removed two entries from the sanctions list.

The updated sanction list can be found here.

The British bank, NatWest has been fined GBP264.8 million following convictions for three offences of failing to comply with money laundering regulations. This is the first time the UK Financial Conduct Authority (“FCA”) has pursued criminal charges for money laundering failings. The FCA found that NatWest failed to properly investigate ‘red flags’ after significant cash deposits were received under suspicious circumstances. The FCA also identified failures in the bank’s transaction monitoring systems and controls whereby some deposits were not recognised as cash deposits, therefore creating a significant gap in the bank’s monitoring of cash payments.

The bank pleaded guilty on all three accounts of failing to monitor customer accounts adequately between 2012-2016.

You can read the full FCA report here.

Pursuant to Article 14 of the Federal Decree-Law no.20 of 2018 on AML and Combatting the Financing of Terrorism and Financing Illegal Organisations, the UAE Central Bank has imposed financial sanctions and increased monitoring on two entities after both entities failed to achieve appropriate levels of compliance with their AML and sanctions compliance frameworks. The CBUAE has:

1. imposed a financial sanction of AED 352,000 on an unnamed exchange house operating in the UAE, which also disregarded numerous reminders from the CBUAE regarding their non-compliance
2. imposed administrative measures and financial sanctions of AED19,500,000 on an unnamed bank operating in the UAE. In addition to the fine, the CBUAE required the bank to appoint a consultant to remediate failures. The CBUAE will oversee the remediation process.