Regulatory Update: Middle East Edition – February 2021
This edition includes – DIFC Embraces the Future of Finance with Tokenisation of Digital Assets, ADGM Enacts the Data Protection Regulations 2021 and Joins the Global Privacy Assembly, UAE Central Bank Issues Stored Value and Electronic Payment Systems Regulatory Framework, FATF Publishes the “Grey” and “Black” Lists.
The Dubai International Finance Centre (“DIFC”), in partnership with Mastercard, has introduced the Global Cyber Forward Programme (“Programme”). The Programme aims to secure digital ecosystems through public and private partnerships in appreciation of the current business risk landscape. Following the success of the DFSA’s Cyber Threat Intelligence Platform (“CTIP”), the Programme will contribute to the intelligence collected from the CTIP and strengthen cyber resilience in the region.
Under a new Memorandum of Understanding (“MoU”), the United Arab Emirates Centre for the Fourth Industrial Revolution (“UAE C4IR”), the DIFC Authority, and the DFSA have partnered with Dubai Future Foundation (“DFF”) and the World Economic Forum (“WEF”) to develop tokenisation of digital assets through the use of blockchain technology. Tokenisation is a process which takes assets or sensitive data and applies encryption to ensure greater security. The MoU will facilitate testing of tokenisation in a regulatory environment, with the aim of assessing and advancing regulatory and commercial requirements in this area.
The third cycle of ‘Startupbootcamp’ has graduated a further eleven startup companies. The participants engaged in a three-month FinTech programme, during which they had access to world-leading experts, mentors, resources, and technology, resulting in them pitching new ideas to the region’s top investors, unicorns (privately held startup companies with a value of over $1 billion), mentors and venture capital firms. The participants also will have the possibility of validating their business models and working with renowned corporate partners.
Startupbootcamp is a partner to the DIFC’s FinTech Hive adding to the current programme initiatives of the “Accelerator” programme and the “AccelerateHER” programme. CCL is the DIFC’s FinTech Hive’s Compliance Partner. We have provided regulatory compliance guidance and support to several firms through the FinTech Hive.
If your firm requires assistance in applying to the FinTech Hive before the 6th May deadline, contact Lewis Knell. For more information on the Startupbootcamp click here.
The DIFC has proposed the enactment of legislation to enhance the Employment Law No.2 of 2019, the Data Protection Law No.5 of 2020 and the Insolvency Law No. 1 of 2019 (including Insolvency Regulations 2020). The proposed updates address previous ambiguities and will update the laws in line with international standards and best practice.
Updates to the Employment Law will address the uncertainty around the Qualifying Scheme, while updates to the Data Protection Law aim to refine the powers of the Commissioner. Insolvency Law updates will provide flexibility around bonding arrangements for insolvency practitioners.
The full consultation papers can be found here. Comments are welcomed by the 28th March 2021 by emailing [email protected]
Red Spear (DIFC) Limited, an investment management firm in the DIFC, has had its licence suspended for 12 months following serious compliance concerns. The DFSA’s concerns focused on the inadequacy of the firm’s financial resources, its non-compliance with the DFSA rulebook requirements and failing to maintain an open relationship with the DFSA.
The Abu Dhabi Global Market (“ADGM”) has enacted the Data Protection Regulations 2021 (“DPR) following public consultation. The DPR replace the Data Protection Regulations 2015 and bring the ADGM’s data protection framework in line with international best practice, having a strong alignment with the General Data Protection Regulation (“GDPR”). The DPR create robust and clear guidelines to which organisations must adhere in order to continue processing all types of personal data. The DPR also create an independent Office of Data Protection, to be headed by the Commissioner of Data Protection, Mr Sami Mohammed. His responsibilities will include providing guidance on the DPR, overseeing the development of the data protection framework, and conducting enforcement action. The DPR have been recognised by the Global Privacy Assembly (“GPA”) with the ADGM being the first Gulf participant in the GPA’s International Enforcement Cooperation Working Group (“IECWG”).
Firms are advised to review the DPR and start remediation plans immediately, as the regulations may lead to a significant change to the way in which personal data is processed. Firms already established in the ADGM have 12 months to implement the DPR, while new establishments have 6 months from their licence date.
If you require assistance in assessing your data protection obligations, guidance on updating your internal data protection framework or you require an outsourced Data Protection Officer (“DPO”) visit our website here.
The ADGM has announced the launch of the inaugural ADGM Digital Lab Demo Day on 5th April 2021, marking the launch of the Digital Marketplace. The Marketplace is a virtual community of financial institutions, FinTechs, investors, academia, policy makers and ecosystem enablers exploring collaborative opportunities to create cutting edge FinTech solutions.
For more information on the ADGM Digital Lab click here.
The UAE’s Higher Committee Overseeing the National Strategy on Anti-Money Laundering and Countering Financial Terrorism has launched two programmes in the UAE to train and certify mid-level professionals in Counter Terrorist Financing (“CTF”) and Anti-Money Laundering (“AML”) as a result of a partnership formed under a 2019 Memorandum of Understanding between Abu Dhabi Global Market Academy (“ADGMA”) and the Association of Certified Anti-Money Laundering Specialists (“ACAMS”), and will cover the following:
- regulatory expectations
- criminal typologies
- day to day training on sanction evasion tactics
- due diligence review for high-risk entities and transactions
For further information on the programmes click here
The Securities and Commodities Authority (“SCA”) has signed an MoU with the University of Sharjah to develop and improve competencies in the field of Islamic finance and the Islamic finance-related educational programmes in capital markets. The educational programme will also develop the professional standards for people working in the securities sector and aims to enhance awareness of Islamic financial products and instruments generally.
The Central Bank of Bahrain (“CBB”) announced the roll out of electronic Know Your Client (“eKYC”) by financial institutions as part of a digital transformation. The eKYC platform provides a national digital identity database for financial institutions to verify their customers, validating their information securely. BENEFIT, the developers of eKYC, have also developed the Application Programming Interface (“A PI”) which will allow for the integration of eKYC in financial institutions’ core apps, systems and channels.
The Saudi Central Bank (“SAMA”) launched the Instant Payment System “sarie” allowing companies, individuals and institutions to complete transactions instantaneously across various banks globally. The system will increase efficiency of financial transactions for corporates, retail outlets, banking institutions and FinTechs. The new system should also improve the range of financial products available and assist with managing cash flows across the business sector.
The United Arab Emirates Central Bank has issued a new regulatory framework for Stored Values and Electronics Payment Systems. The scope of this new framework includes licensing, supervision and enforcement requirements for all firms that are currently operating or are applying for a licence to operate a Special Purpose Vehicle. The new regulatory framework will affect both onshore UAE firms and free zone firms, with free zone firms requiring a licence from the Central Bank before conducting operations.
Firms affected by the regulations have one year to implement the relevant measures and will then be required to submit an independent assessment report before the end of the transaction period to ensure full compliance. If you require guidance or assistance on how the framework will apply to your business contact Jade Ashpole. You can read the full regulation here.
The Financial Action Task Force (“FATF”) has published follow-up reports following recommendations in the mutual evaluation reports. The reports assess the AML and CTF measures development in each country measured to the FATF 40 recommendations.
The FATF has released the following 2021 evaluations this month:
- Saint Lucia
- Fiji
- Denmark
- Barbados
- Seychelles
- Madagascar
- Ethiopia
- Mauritius
- Botswana
- Uganda
The updated consolidated table of ratings can be found here.
The FATF published its updated ‘grey’ and ‘black’ list countries based on the progress made on combatting money laundering and terrorist financing. The FATF appreciates the overwhelming priority to fight COVID 19 for all countries and noted that some countries on the ‘grey’ list have proceeded with their reviews in October 2020, in line with the FATF’s 2012 Recommendations.
The countries on the ‘grey’ list reviewed during this period are:
- Albania
- Botswana
- Cambodia
- Ghana
- Mauritius
- Myanmar
- Nicaragua
- Pakistan
- Panama
- Uganda
- Zimbabwe
The following countries are on the ‘grey’ list following their review in February 2020:
- Barbados
- Burkina Faso
- Cayman Islands
- Jamaica
- Morocco
- Senegal
- Syria
- Yemen
You can find full updates on country reviews here.
Countries listed on the ‘black’ list, considered high risk jurisdictions, have had their reviews paused due to COVID 19. The following countries therefore remain on the ‘black’ list following their review in February 2020.
- Democratic People’s Republic of Korea
- Iran
You can find full updates on country reviews here.
The United Nations (“UN”) advised the Committee for Goods and Material Subjected to Import and Export Control to amend names on the UAE Terrorist list. One entity, concerning Central African Republic, has been added to the list. Ninety-two entities controlled under ISIL Daesh and Al Qaeda have been added while two have been removed.
Firms should screen their customer databases against the amended list, which can be found here.
Keep abreast of sanction list updates by subscribing to the Executive Office of the Committee for Goods and Material Subjected to Import and Export Control here.
An unnamed exchange house has been fined Dhs504,00 due to weak AML and CTF frameworks. It has a history of poor compliance, which was taken into consideration during the enforcement action. The fine follows a series of breaches from 11 banks for similar failures, resulting in fines totalling Dhs45.75 m.