Regulatory Update: Middle East Edition – December 2022
1.0 DIFC AND DFSA LATEST DEVELOPMENTS
The DIFC engagement with the UK government aims to promote a mutually beneficial exchange of data between the two jurisdictions. The DIFC is the first financial centre located in the Middle East, Africa, and South Asia region that is engaging with the UK government on an adequacy assessment.
If the assessment outcome is positive, resulting in the DIFC being deemed to be an adequate jurisdiction by the UK, this will mean a trusted free flow of personal data between the two jurisdictions. Trusted data transfers can create great potential for investment, trade, and innovation around the world. Other countries may be influenced to follow suit in considering the DIFC as an adequate jurisdiction.
The DIFC statement can be found here.
On 5 December 2022 the Dubai Financial Services Authority (“DFSA”) issued a Dear Money Laundering Reporting Officer (“MLRO”) letter to the MLROs of Relevant Persons (“RP”) in the DIFC. The topic of the letter was the DFSA’s stance on late reporting and the enforcement of a late submission fee.
The key points of the letter include:
- RPs should complete and submit the annual Anti-Money Laundering (“AML”) Return by the end of September each year, as per the obligations under the AML Rule 14.5.1
- in October of 2022, the DFSA issued a late submission fee to 42 RPs in relation to late submission of the annual AML Return
- RPs are expected to provide the DFSA with key qualitative data as part of the regulatory filings, to assist in the collective effort to combat money laundering and terrorist financing (“ML/TF”)
- qualitive data assists the DFSA to identify AML related issues and trends emerging in the DIFC
- the data is assessed as part of the DFSA’s desk-based risk assessment process, prior to an onsite risk assessment visit
- failure to submit an annual AML Return is a potential breach of AML Rule 14.5.1, which will result in a US$1,000 fine
- failure to submit the return on time will also be used by the DFSA to assess the RPs overall compliance with AML obligations and could result in a negative compliance report.
The aim of the letter is to clarify the DFSA’s zero tolerance policy on delayed financial crime risk-related submissions or reporting. Immediate action will be taken by the DFSA towards RPs who do not comply with their regulatory obligations.
The Dear MLRO letter can be found here.
The letter highlights the amendments, which were made to ensure consistency following recent changes to Federal AML Legislation, the amendments include:
- AML rule 3.1
- reference to proliferation financing added to the definition of “money laundering”
- AML rule 3.2
- glossary for AML to include a definition of proliferation financing
- AML 14.5.1 guidance
- RPs are no longer required to submit a semi-annual report to the DFSA
- periodic reports should be produced and made available at the DFSA’s request.
MLROs are advised to review the guidance provided by relevant authorities, including:
- FATF guidance
- including best practice examples in relation to proliferation financing can be found here
- UAE guidance
- the Executive Office for Control and Non-Proliferation (“EOCN”) guidance on the proliferation of weapons of mass destruction can be found here
- UAE training and development
- the EOCN has produced the Dedicated Online Financial Integrity Network (“DOLFIN”) e-learning platform, with the aim to increase awareness and understanding of implementing targeted financial sanctions (“TFS”), training modules can be accessed following registration via this link.
The Dear MLRO letter can be found here.
The proposed regulatory framework and Family Wealth Centre will provide a hub for both international and regional family-owned businesses, ultra-high-net-worth individuals and private wealth. Further attracting leading financial institutions and businesses to the centre.
The highlights of the proposal include:
- replacing the Single-Family Office Regulations and the Single-Family Office regime with a new family office regime, the new regime offers services to one or more families, in certain circumstances
- revoking the need for a family office to register as a Designated Non-Financial Business or Profession (“DNFBP”) with the DFSA
- the availability of family arrangements which can be made within the DIFC, and will allow for efficient operation of the family businesses; wealth, succession and legacy planning, including the means by which various consultancy, advisory and other professionals may provide services to such family offices
- in support of the expected benefits and incentives for family businesses in the UAE, the introduction of certification and accreditation regimes for family businesses and their advisors in the DIFC.
In addition to the proposed regulations, a Consultation Paper has also been released with suggested amendments to the Leasing Regulations. The proposals include clarification in relation to certain fines. If accepted, the amendments will create efficiencies in facilitating the administration and enforcement of the DIFC Leasing Law.
The public may submit comments before the 7 January 2023 deadline.
The announcement can be found here.
The updates will include:
- General Module (“GEN”) 8.6 on audited financial statements by branches allowing firms to submit an annual financial statement within 14 days of submitting the statement to the home regulator
- Collective Investment Rules (“CIR”) 8.2.4 to expand the circumstances under which firms could be considered eligible custodians to include structures where there is an ownership relationship with another GCC country’s government
- Authorised Market Institutions (“AMI”) 5.11.2 and Conduct of Business (“COB”) 9.6.9 rulebooks to enhance the reporting obligations of market abuse to be immediate, based on ‘reasonable grounds’ of suspicion and relating to market abuse
- AMI 1.3.1 to include text on money laundering in line with the Anti-Money Laundering (“AML”) module
- Prudential — Investment, Insurance Intermediation and Banking (“PIB”) module regarding capital requirements appendix 2.4 to include category 3C and 3D firms to complete the B180 form on capital adequacy
- PIB A2.4 table 1 to include a new reporting form B460 for reporting capital requirements, transactions, and rates of fraud (including suspected fraud) and money transactions for money service providers
- Fees module (“FER”) 2.2.5 to explicitly include an annual fee for the endorsement to operate a fund platform as a variation of licence.
In addition, the updates include amendments to omissions or cross-references from previous amendments.
The Notice of Amendments can be found via this link.
2. ADGM AND FSRA LATEST DEVELOPMENTS
The six principles include:
- a guiding definition of whistleblowing:
- encouraging a broad definition of whistleblowing to be used
- non-retaliation:
- ensuring that whistleblowers are given adequate opportunities to speak up and are fairly treated when they do so
- confidentiality and due process:
- restricting access to whistleblowing reports and following due process in managing them
- reporting in good faith:
- focusing the protections of any whistleblowing framework to honestly held beliefs reported in good faith
- components of a whistleblowing framework:
- including appropriate resources to support it, which will vary depending on the nature of the business
- culture:
- supporting a whistleblowing program with an organisational culture of trust and transparency.
The non-binding principles have been created to support both individuals and entities that are operating within the ADGM. With the intention of assisting whistleblowers by providing the opportunity to raise concerns and to be dealt with fairly following this. The principles also provide guidance to entities operating in the ADGM to assist them to understand and introduce practices to foster a culture of speaking up when needed.
Reports made in good faith are considered as protected disclosures, based on an honestly held belief that the information offered at the time of disclosure is true; and protection will be offered to these whistleblowers. The report clarifies that inaccurate reports made by a whistleblower, which are based on a genuine misunderstanding should still be protected.
Firms are expected to introduce a whistleblowing framework, which may include amongst other things, controls to prevent unauthorised access to whistleblowing reports which could identify the whistleblower.
The publication can be found here.
The FATCA regulations highlight the following key points:
- an account holder of a financial institution (“FI”) must provide records, information, explanations, and particulars as and when required by the regulatory authority in connection to the FATCA regulations
- each reporting FI shall establish and implement the appropriate systems and internal procedures to be compliant with the federal law and FATCA regulations
- FIs are required to maintain an audit trail of the measures taken and evidence based on which they have conducted satisfactory due diligence procedures, and the subsequent compliance with the federal law and FATCA regulations
- FIs are required to retain records for a period of at least six years after the date of reporting to the regulatory authority
- where the regulatory authority or its delegate deems the FI has contravened the CRS or FATCA regulations, a written notice is issued to the concerned parties, stating the actions that need to be taken to comply.
The CRS amendments, bring the existing regulations in line with the FATCA regulations. As such the CRS Regulations have been amended as follows:
- the regulatory authority, upon discovery of a contravention by a FI or controlling person, may issue a written enforcement notice
- the regulatory authority may set out the reasons behind the penalty being imposed
- the concerned institution or individual may appeal only on grounds that they:
- did not commit the contravention
- where the penalty is not proportionate to the degree of contravention committed
- in cases where the notice of appeal is submitted post the 20-day mark, the relevant regulatory authority will consider it, except if a reasonable case is made for justifying such a late submission
- the regulatory authority considers and provides a written notice of their decision, within 60 days of receiving the appeal
- any penalty levied on the concerned FI or individual must be paid within 15 days or after the date on which the written notice was provided.
In addition to the above, the Regulatory Authority (“RA”) may impose additional penalties it deems necessary.
This could even lead to suspension, withdrawal, or non-renewal of any license, authorisation or permission previously granted or in the process of being granted to the relevant FI by the RA.
For more information on FATCA , please refer to this link.
For more information on the CRS amendments, please refer to this link.
Private credit funds are collective investment funds that purchase existing loans from third party lenders, originate loans to borrowers, or invest in a combination of these. The proposed regulatory definition can be found in the amendment to Fund Rules (“FUNDS”).
The proposal intends to enhance the variety of funds available in the ADGM, with added attraction for small and medium enterprises (“SMEs”) and start-up firms. The new regulations appreciate the risks of private credit funds and the need to introduce safeguards. It is proposed that the funds are only offered to professional clients, as either qualified investor funds (“QIF”) or exempt funds.
Amendments are proposed to permit private credit funds and their fund managers to arrange and originate loans where the manager of the fund holds a financial services permission (“FSP”) that allows it to undertake fund management; the fund manager and the fund will not be engaging in providing credit or arranging credit. Proposals have been made to mandate specific investment and operating requirements such as, in relation to; concentration risk, conflicts of interest, gearing, stress testing, permitted and prohibited investments, reporting and disclosure.
The public may submit comments before the 27 January 2023 deadline.
Further details of the announcement and the Consultation Paper can be found here.
3. MIDDLE EAST REGULATORY UPDATES
The guidance essentially discusses the ML/TF related risks applicable to life insurance and other investment related insurance products, and how such sectors can apply the preventative measures to identify, assess, manage, and mitigate them.
Obligations of LFIs include:
- maintaining and documenting an up-to-date risk assessment
- performing satisfactory customer due diligence (“CDD”), to understand the nature and purpose of their customer business along with an understanding of the intended use of the operator’s products and services
- ongoing monitoring of all customers throughout the business relationship
- applying enhanced due diligence if and when a relationship presents higher ML/TF risks
- maintaining transaction monitoring systems that can identify unusual patterns of activity and potential suspicions
- directly report any activity that poses a considerable ML, TF, or criminal suspicion to the Financial Intelligence Unit (“FIU”) via the goAML portal
- integrating preventative measures into the AML/CFT compliance programme, supported with appropriate governance, training, and independent audits.
The CBUAE has clarified that it is treating AML and CFT as a top priority and expects the relevant LFIs to comply with the guidance provided to maintain soundness of the sector.
The guidelines can be found here.
The UAEs federal tax regime will levy 9 percent for taxable profits exceeding AED375,000. However, in cases of profits lesser than or equal to this amount, a zero percent tax rate will apply, thereby supporting small businesses and start-ups.
According to the Ministry of Finance, the corporate tax law touches on the following integral points:
- increasing the UAE’s global economic competitiveness, as well as providing the national economy with sufficient flexibility to deal with and support international financial systems
- UAE’s support for the Organisation for Economic Co-Operation and Development (“OECD”) inclusive framework, and its commitment towards a global minimum tax for multinationals, enhancing tax transparency, and preventing harmful tax practices.
The corporate tax law will apply to:
- UAE companies or other applicable persons that are incorporated or effectively managed and controlled in the UAE
- individuals who conduct a business in the UAE as specified in the upcoming cabinet decision
- non-resident/foreign legal entities that have a permanent establishment in the UAE
a UAE free zone entity may benefit from a 0% corporate tax rate on its qualifying income if the entity is considered as a qualifying free zone person.
The corporate tax law will not be applicable to the following categories of business:
- natural resource extraction activities (they remain subject to existing local emirate-level taxation)
- government entities
- pension funds
- investment funds
- public benefit organisations
- free trade zones (will benefit from the 0% corporate tax rate on qualifying income)
- personal income from employment from public or private sectors
- interests or personal income earned back from bank deposits or savings programmes
- real estate investments by individuals in a personal capacity.
Filing and payment of corporate tax must be done within 9 months after the end of the relevant financial reporting year.
Full details of the corporate tax law can be found here.
- proliferation financing
- financing of terrorism
- money laundering
- implementation of targeted financial sanctions
- combatting illegal organizations.
The EO AML/CTF aims to increase the UAE’s effectiveness in countering proliferation financing and implementing targeted financial sanctions, with the introduction of the memorandum.
The ‘Fawri Tick’ system is currently being used by more than 80 government entities to facilitate the sharing of information. Increasing the effectiveness of national efforts at combatting proliferation financing and preventing sanctions evasion.
Further details of the memorandum can be found here.
A consultation on amendments to the CBB’s Credit Risk Management Module has been circulated to the CEOs of all retail banks. The proposals include enhancements to the regulatory framework amending the requirements on the re-categorisation on non-performing exposures under the CM Module. Comments are accepted until 5 January 2022.
Further details of the consultations can be found here.
Governors from SAMA’s supervision, development and technology departments attended the event, which also included 64 executive managers and senior management staff from FinTech companies operating in the Kingdom of Saudi Arabia.
The event included a presentation of SAMA’s latest initiatives for promoting financial technologies through the creation of a regulatory sandbox. The sandbox initiative aims to gain an understanding of, test and assess the impact of newly introduced financial technologies. Key challenges and hurdles faced by the sector were also discussed, as well as the potential solutions.
Further details of the event can be found here.
- instructions for practicing finance aggregator service
- the draft instructions are an annex to the “Licensing Rules for Activities Supporting the Financing Activity”
- continuation of SAMA’s efforts towards empowering the FinTech sector
- the instructions set minimum standards and procedures that are required to practice the financial aggregator activity
- comments were to be submitted by 27 December 2022.
Further details of the consultation can be found here.
- the implementing regulation of the finance companies control law
- the proposal is part of an initiative by SAMA to develop the SME sector by attracting new investors to establish companies specialising in financing SMEs
- the suggested amendment to article 8 includes a reduction to the minimum paid-up capital requirement for a finance company wishing to conduct finance business for SMEs
- sub-article 4 specifies the minimum paid-up capital for a financing company which is exclusively specialised in providing finance for SMEs is SAR50Mn
- comments were to be submitted by 30 December 2022.
Further details of the consultation can be found here.
- rules for advertising products and services provided by FIs
- aiming to increase confidence, protect customers from misguidance, and enhance the principles of transparency and disclosure
- working towards SAMA’s efforts of establishing a regulatory framework for advertising financial products and services
- comments were to be submitted by 20 December 2022.
Further details of the consultation can be found here.
INTERNATIONAL UPDATES
The process involves analysing jurisdictions which are currently in enhanced follow-up, to assess the progress made towards addressing compliance requirements. Re-ratings are given where sufficient progress has been evidenced towards satisfying the individual recommendations.
The FATF recently reviewed the progress made by the jurisdictions below:
- Jamaica
- 5th enhanced Follow-Up Report since the 2017 evaluation
- significant progress has been made to address deficiencies identified
- 5 recommendations were amended from partially compliant to largely compliant
- 1 recommendation was amended from partially compliant to compliant
- 33 recommendations in total are rated as compliant or largely compliant.
- Isle of Man
- 4th enhanced Follow-Up Report since the 2016 evaluation
- while the FATF recognise that progress has been made, the progress is not sufficient to trigger a re-rating.
- Georgia
- 1st enhanced Follow-Up Report since the 2020 evaluation
- sufficient progress has been made to address some of the deficiencies identified
- 1 recommendation has been re-rated from partially compliant to largely compliant.
- Cyprus
- 2nd enhanced Follow-Up Report since the 2019 evaluation
- while the FATF recognise that progress has been made, the progress is not sufficient to trigger a re-rating.
- Slovak Republic
- 1st enhanced Follow-Up Report since the 2020 evaluation
- 3 recommendations were amended from partially compliant to compliant
- 1 recommendation was amended from partially compliant to largely compliant
- 1 recommendation was downgraded from largely compliant to partially compliant.
- Czech Republic
- 3rd enhanced Follow-Up Report since the 2018 evaluation
- while the FATF recognise that some progress has been made, the progress is not sufficient to trigger a re-rating.
- Kyrgyz Republic
- 4th enhanced Follow-Up Report since the 2018 evaluation
- significant progress has been made to address deficiencies identified
- 1 recommendation was amended from non-compliant to partially compliant.
- Turks and Caicos Islands
- 3rd enhanced Follow-Up Report since the 2019 evaluation
- significant progress has been made to address deficiencies identified
- 5 recommendations were amended from partially compliant to largely compliant
- 7 recommendations were re-rated to compliant
- 35 recommendations in total are rated as compliant or largely compliant.
Further details of the latest Follow-Up Reports can be found here.
The guidelines include best practice for the effective management of ML/TF risks during the provision of financial services.
The two new sets of guidelines include:
- the addition of a new section to the EBA’s ML/TF risk factors Guidelines, which set out what financial institutions should do to identify and tackle ML/TF risk
- a new document which aims to deal with the issue of effective management of ML/TF risks by financial institutions when providing access to financial services.
The consultation period ends on 6 February 2023, comments must be submitted to the EBA prior to that date.
Full details of the consultation can be found here.
The resignation occurred following an admission by the German government that an enormous backlog of unprocessed suspicious activity reports (“SAR”) failed to be notified to the FATF by the FIU.
In February 2022, Christof Schulte had delivered a statement to parliament in which he mentioned that there was no processing delay in relation to SARs. This information conflicted with reports by the German media who claimed that the FIU was sitting on a backlog of more than 100,000 unprocessed SARs, that had been growing since early 2020.
From November 2021 to June 2022 the FATF were evaluating Germany’s AML controls and in August 2022 the findings were published by the FATF, praising the positive steps taken by Germany to strengthen the role of the FIU. However, the report also noted that Germany needs to do more to make sure that there is resourcing and prioritisation at the operational level to combat illicit financial flows.
The proposal looks to implement provisions of the Corporate Transparency Act governing who may access BOI, for what purpose and the safeguards needed to protect and secure the information.
The conditions under which BOI may be disclosed include:
- financial institutions and regulatory supervisors
- to conduct regulatory supervision and to support customer due diligence requirements
- federal agencies
- including for intelligence or law enforcement or national security activities.
- local, tribal, state and foreign governments.
- with court authorisation.
The proposed rule aims to provide high standards of confidentiality and security, as well as ensuring that the data can be used appropriately by law enforcement agencies in their efforts to combat financial crime.
The FinCEN welcomes comments to be submitted by 14 February 2023.
Further details of the Notice can be found here.
The report, published on 19 December 2022, outlines the performance of statutory and professional body AML/CFT supervisors between period 6 April 2020 and 5 April 2022. The report details the activities conducted by supervisors and considers supervisors’ promotion and enforcement of compliance with the AML/CFT standards.
The report highlights significant improvements in several areas of supervision during the period, and evidence HMT and AML/CFT supervisors’ commitment to strengthening the UK’s defences against money laundering.
Details of enforcement action taken by UK AML/CFT supervisors, including the Financial Conduct Authority (“FCA”), the Gambling Commission, Her Majesty’s Revenue and Customs, amongst others, provided alarming statistics, with significant increases in fines over the period.
Enforcement action by all supervisors, 2019-2022
| Year | Expulsion/withdrawal of membership | Suspension of membership | No. of fines | Total value of fines |
|---|---|---|---|---|
| 2021-22 | 40 | 6 | 614 | £503,595,085 |
| 2020-21 | 40 | 18 | 364 | £109,015,480 |
| 2019-20 | 40 | 9 | 270 | £53,231,997 |
Supervisors have a range of enforcement tools which may be used to provide a proportionate, effective and dissuasive response to any failure to comply with ML Regulations including:
- referral to law enforcement agencies
- suspension or cancellation of registration
- fines
- public censures.
The full report can be found here.
ENFORCEMENT ACTIONS
- failed to obtain letters of no objection from CBUAE to engage in certain business relationships
- had insufficient policies and procedures to prevent ML/TF.
The financial sanction amounted to AED1,925,000.
The CBUAE announcement can be found here.
The FCA found that the failures resulted in significant impact to the account oversight of more than 560,000 of Santander’s business customers between 31 December 2012 and 18 October 2017. The weaknesses created a prolonged and serious risk of the bank being used for money laundering and financial crime.
Issues identified included:
- repeated failure to promptly deal with ‘red flags’ associated with suspicious activity
- ineffective systems to adequately verify the information provided by customers about the business they would be conducting
- insufficient monitoring of the money customers had told them would be going through their accounts compared with what was deposited.
In one example shared by the FCA, a customer opened an account as a small translations business with expected monthly deposits of £5,000. Within a six-month period, the business was in receipt of millions of pounds, and rapidly transferring the money to separate accounts.
The press release can be found here.
The FMA originally issued a formal warning to Tiger Brokers on 20 March 2020 for AML/CFT failings. The firm was required to remedy the issues by 20 September 2020, or the firm would face enforcement action.
A number of issues were identified during an investigation opened by the FMA, which included a sample of customer files being reviewed and other documents required for record keeping purposes.
It was found that Tiger Brokers had inadequate AML/CTF framework in place, including failure to:
- conduct enhanced and ongoing CDD
- keep records in accordance with the law
- adequately verify customer identification documents
- report suspicious activities
- take reasonable steps to determine whether a customer of beneficial owner is a politically exposed person.
Further details of the FMA proceedings can be found here.
It is alleged by the SEC that, during the period 2009 to 2016, high-risk customers, none of whom were residents of Estonia, utilised Danske Bank to facilitate the transfer of billions of dollars in suspicious transactions through the US and other countries. Danske Bank were aware of these high-risk transactions and made materially misleading statements and omissions in the bank’s publicly available reports stating that it complied with its AML obligations and that it had effectively managed its AML risks.
Danske Bank agreed to pay-out US$413Mn to settle the charges.
Further details of the SEC press release can be found here.
Both supervisory authorities found material operational risk management and governance failings by the bank. This included management of outsourcing risks, relating to the IT upgrade programme. Technical failures in TSB’s IT system, which ultimately resulted in a significant number of customers being unable to access banking services. It took TSB until December 2018 to return to business as usual.
Operational resilience is of key importance for both the FCA and PRA. The incident evidences the operational disruption that can cause wide-ranging harm and it is critically important firms invest in their resilience. Firms are urged to ensure appropriate management of outsourcing risks, operational risks, and effective governance.
The total fine was made up of two separate fines, the Financial Conduct Authority fined TSB £29.75Mn, while the Prudential Regulatory Authority fined TSB £18.9Mn. TSB agreed to an early settlement which gave them a 30% discount. The original fine amounted to £69.5Mn.
The FCA and PRA notices can be found here.
The charges, which were part of a plot by Mr Bankman-Fried to embezzle billions of dollars of customer funds deposited with FTX, included:
- conspiracy to commit wire fraud
- wire fraud
- conspiracy to commit commodities fraud
- conspiracy to commit securities fraud
- conspiracy to defraud the US
- conspiracy to commit money laundering
- conspiracy to commit campaign finance violations.
A federal district court judge will determine the appropriate sentence after considering the US Sentencing Guidelines and other statutory factors.
The press release can be found here.
The delay in reporting meant that ECB could not adequately assess the situation and react promptly to potential threats to other banks. This could have led to issues relating to the reputation and stability of the banking sector as a whole.
Abanca has been ordered to pay a fine of €3.145Mn as a result of the breach.
The ECB has confirmed that IT outsourcing and deficiencies in cyber resilience are the key priorities for the ECB in 2022-24, due to the vulnerabilities identified.
Further details can be found here.