Regulatory Update: Middle East Edition – February 2022

The Dubai International Financial Centre (“DIFC”), in collaboration with the DIFC Innovation Hub, held the DIFC’s Artificial Intelligence (“AI”) Festival between 21 and 23 February 2022. The festival featured an array of renowned speakers who discussed the future of AI, the Internet of Things (“IoT”), and robotics and their place in the future of finance. Participants were invited to join workshops, events and panel discussions on important matters facing DIFC firms, such as using AI in financial services to improve customer experience, marketing campaigns, trading activities, AI dependant banks of the future, and AI’s influence on regulation, including data protection concerns.

The Dubai Financial Services Authority (“DFSA”) signed a Memorandum of Understanding (“MoU”) with the International Financial Services Centre Authority (“IFSCA”) in India to consult, cooperate and exchange information to enhance cross-border financial supervision. The MoU will allow for augmented supervision, enforcement and oversight on companies incorporated within both jurisdictions and will aid the exchange of information relating to financial crime. In addition, the MoU will allow for sharing of best practices, developments in business structures, and information regarding technology and innovation in the market.

The Bank of Mauritius and the DIFC signed a MoU to facilitate the exchange of information regarding banking and finance. The MoU will facilitate collaborations in the field of research for banking, financial services, cybersecurity and FinTech, amongst others. In addition, the MoU establishes a framework to enhance the financial services by providing for the organisation of meetings, consultations, seminars, workshops, internships, and study and expert visits.

The Financial Services Regulatory Authority (“FSRA”) of the Abu Dhabi Global Market (”ADGM”) updated its regulatory framework to develop the private capital markets and to support investors and private companies seeking funding. The Private Capital Markets Framework (“PCM Framework”) aims to securely expand the market from professional investors to permit experienced retail clients to trade in digital assets and tokenised securities. The PCM Framework will enable private enterprises to raise capital from professional clients, as well as a limited amount of retail clients, without the need to ‘go public’ and issue a prospectus. The retail clients will be assessed and must have relevant investment knowledge and experience. The securities will be issued through technology platforms for both professional and retail clients.

The regulatory requirements are set out in the amendments to the FSRA Rulebooks (Market Rules (“MKT”) and Conduct of Business (“COBS”) Rules) and in the updated Guidance for operators of private financing platforms.

The key regulatory requirements are:

• operating a Private Financing Platform (“PFP”) or Operating a Multilateral Trading Facility (“MTF”) from or within the ADGM requires a Financial Services Permission (“FSP”) issued by the FSRA
• MTF and PFP Operators must continuously demonstrate that they have:
  • adequate and appropriate resources, including financial resources
  • are fit and proper
  • capable of being effectively supervised
  • have adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable regulatory requirements
• such applicable regulatory requirements include:
  • demonstrating that the governing body or board of directors has sufficient collective skills and experience in corporate finance or related fields to oversee the firm’s op-erations
  • appointing fit and competent individuals to fill the positions of Senior Executive Officer (“SEO”), Finance Officer (“FO”), Compliance Officer (“CO”), and Money Laundering Reporting Officer (“MLRO”).
  • The SEO, CO and MLRO must all be resident in the UAE and the CO and MLRO functions may be carried out by the same individual; the FO, CO and MLRO functions may be carried out in-house or outsourced to another group entity or competent ser-vice provider
  • establishing, maintaining, and implementing governance and controls requirements in relation to risk management, compliance, internal audit, trading of securities offered by way of an exempt offer, and managing conflicts of interest
  • maintaining capital resources in excess of the capital requirement at all times, which is the higher of its base capital requirement or expenditure-based capital minimum as prescribed under the rulebook
  • maintaining professional indemnity insurance cover appropriate to the nature, size, scale, and risk profile of the business
  • complying, at all times, with the relevant requirements in the Financial Services and Market Regulations and the FSRA Rulebooks, including GEN, COBS (in relation to risk warning, due diligence, forums/message boards, marketing, disclosure, exit facili-ty and trading facility, and intermediate entities), Prudential – Investment, Insurance Intermediation and Banking Rules (“PRU”) and AML
• PFP operators are limited to primary markets, they may wish to expand their offering by al-lowing investors to trade or transfer their PFP investments in secondary markets; to allow for secondary trading of securities that are offered on its platform, the PFP applicant must also apply for the regulated activity of “Operating a Multilateral Trading Facility”
• Where a PFP Operator would like to offer its services to potential sophisticated clients, who do not meet the current financial criteria to be classified as a professional client, the FSRA may consider allowing the participation where the Authorised Person (“AP”) is able to assess and verify that clients are able to adequately understand the risks associated with PFP Transactions, based on their knowledge and experience
• participation in a PFP is limited to not more than 200 clients who do not qualify as professional clients, where such clients have been assessed to possess knowledge and experience suf-ficient to appreciate the relevant risks; the PFP Operator’s FSP must specifically permit it to deal with retail clients and all clients must be pre-screened and onboarded by the PFP opera-tor before being given access to the PFP
• a MTF operator which seeks to grant access to the MTF, enabling retail clients to trade in exempt offer securities, must first assess the relevant knowledge, experience of each poten-tial client, and limit the number of retail clients which trade in any specific exempt offer securi-ty to not exceed 200; a MTF operator seeking to use the exempt offer provisions to enable trading is limited to listing securities that are shares
• a security being offered to the public within the ADGM must:
  • be accompanied by a prospectus unless it qualifies as an exempt offer and the FSRA will only allow a financing proposal to be published on a PFP where it qualifies as an Exempt Offer
  • where an offer involves retail client participation, it shall be directed at no more than 200 retail clients to qualify as an exempt offer where the Securities are offered within a PFP or MTF; pursuant to such an exempt offer, a PFP or MTF operator is required to put in place appropriate systems and controls to ensure that the issuer must pro-vide a product summary note to retail clients
• a PFP prospect must be a body corporate
• as best practice, a PFP operator should appoint an eligible custodian to safeguard client as-sets, but alternative arrangements may be permitted by the FSRA where appropriate safe-guards are implemented; where the PFP operator does not appoint an eligible custodian, it must comply with the capital requirements relevant to operating a PFP and holding client assets.

The updated FSRA Rules on Private Capital Markets can be found here, and the supporting guidance notes can be found here.

The FSRA published the findings of the 2021 thematic review which reviewed the practices adopted by an Authorised Person (“AP”) to appoint and assess the fitness and propriety of their Recognised Persons (“RP”).

The FSRA found that:

• in most cases, the compliance manuals do not consider the following aspects and evidential requirements for RPs, including:
  • the governance arrangements around the appointment and assessment of RPs, in-cluding appropriate approvals
  • the process and steps required for appointing RPs
  • initial and periodic fit and proper assessments
  • succession plan for RPs
  • the process and assessment conducted for candidates within the same group
  • relevant trainings for the RPs
• where an AP is part of a group, the reliance is made on the group’s existing policies and pro-cedures without proper consideration of the principles of RPs outlined in the General Rule-book (“GEN”)
• weaknesses related to the initial due diligence conducted by APs as well as the subsequent periodic reassessment conducted on RPs to ascertain that they remain fit and proper
• weaknesses related to the initial due diligence conducted by APs as well as the subsequent periodic reassessment conducted on RPs to ascertain that they remain fit and proper
• APs made limited efforts to verify the information provided by candidates during the assess-ment process; for example, most of the APs selected for the sample review did not conduct adequate checks to evaluate the financial soundness of RPs prior to appointing them, nor did they verify the candidates’ stated qualifications
• APs either failed to conduct any periodic reassessment of their RPs or confused the fitness and propriety reassessment with the periodic performance which:
  • limited their periodic reassessment to the review of the competence, skills, and capa-bility of RPs against individual objectives
  • failed to assess their overall fitness and propriety against GEN requirements
• APs included in the review have not established appropriate systems and controls to manage, assess, and mitigate risks arising from outsourcing of RPs; for example, it was noted that several APs do not have policies and procedures to manage and oversee material out-sourcing arrangements
• APs have outsourced RPs with limited or no due diligence conducted on the third-party service provider, and it was also observed that a large number of APs have not conducted any periodic assessments to ensure the adequacy of the outsourcing arrangement
• APs have not conducted any due diligence on the appointed outsourced individuals, but have instead relied on third-party service providers (or the group in case of intra-group outsourcing) to assess the fitness and propriety of these individuals without obtaining appropriate assurances that these processes had been performed and are in line with the AP and FSRA requirements
• training provided to RPs is not mapped to their training needs or a professional development plan discussed and approved by their line manager
• APs have not developed any succession planning process and therefore don’t have succession arrangements in place for key roles, including RP roles
• APs who have outsourced one or more RPs to a third-party service provider, lack a contingency plan to exit from these arrangements should they need to do so

Firms are advised to:

• define the policies and procedures for assessment conducted for candidates within the same group
• update policies to:
  • state the process, roles, and responsibilities with regards to preparing the succession plan
  • include the assessment process for SEO and Licensed Directors
  • include the process for preparing and delivering training programmes (those related to areas other than Anti Money Laundering (“AML”) and Compliance) for the Board and for the SEO in their Corporate Governance manual
  • include the process/documents needed to prepare, gather and/or authenticate the RP’s financial soundness
  • clearly expand on how the defined systems and controls for outsourcing will occur
  • define the process of assessing outsourced service providers, which would include where the responsibility lies in preparing, reviewing, and approving such assess-ments
  • define the process of managing and overseeing material outsourcing arrangements, including assigning roles and responsibilities to carry out such tasks
  • include the process of relying on third-party service providers or group entities to as-sess the fitness and propriety of RPs
  • ensure that a periodic due diligence and performance assessment is part of the eval-uation process
  • define the process, roles, and responsibilities of preparing a training programme, which would be composed of mandatory training (such as AML) and needs-based training, derived from the results of the fitness and propriety assessments
  • include the process, roles, and responsibilities of preparing and implementing a suc-cession plan, which should include assessing the successors to ensure that they are capable of succeeding the incumbents
  • define a contingency plan for existing outsourcing agreements.

The UAE Securities and Commodities Authority (“SCA”) held its seventh meeting to discuss improvements to the financial services sectors, and to promote the protection of investor rights in line with international best practices. The SCA board discussed the amendment of provisions in the ‘Guide to Governance of the Public Joint-Stock Companies’ and amended the mandatory requirements for the appointment of a representative to attend general meetings on behalf of shareholders for publicly traded companies. A representative will now be an optional appointment. The board also agreed to amend the ratio of independent members on the boards of publicly-traded companies from a majority to one third.

Furthermore, the board discussed the drafting of regulations for crowdfunding platforms for review by the Cabinet. It is proposed that the SCA will hold oversight powers for this financial activity and will issue the draft regulation in due course.

In addition to this, amendments were reviewed to the financial services rulebook provisions following the SCA’s management study of existing rulebooks and will be published in due course.

The SCA has published a draft regulation regarding the regulation of private shares and invites feedback from stakeholders.

The regulation covers:

• definitions and the scope of application
• conditions for, and methods of, issuing private shares
• obligations for companies issuing and listing private shares
• rights and obligations related to private shares
• rights of the issuer company
• rights and constraints of transfer
• right to object to decisions related to private shares
• penalties for non-compliance to the regulation.

Firms have until 11 March 2022 to submit their responses by emailing [email protected]

The full draft can be viewed here.

The Executive Office for the Committee for Goods and Materials Subject to Import and Export Control, the Gulf Cooperation Council (“EO”) and the Executive Office for Combating Money Laundering and Counter-Terrorism Financing (“EO of AML/CTF”) hosted a two-day event, ‘Targeted Financial Sanctions Summit 2022 – Countering Terrorism and Proliferation Financing’. The event raised awareness of counter-terrorism, proliferation financial sanctions, targeted financial sanctions implementation and sanction evasion typologies. The purpose of the summit was to raise the importance of international cooperation, exchange of best practices, and knowledge sharing.

Select highlights from this two-day event include:

• ‘FATF Standards and Understanding UN Counter-Terrorism Financial Sanctions: Resolutions 1267 and 2462’, Hicham Ben Khadra, Monitoring Team 1267 and Myriam Khairallah, Monitoring Team 1267. The speakers focused on:
  • the Financial Action Task Force (“FATF”) recommendations
  • the listing process
  • best practices in relation to complying with sanctions, including asset freezing, travel bans and arms embargoes
• ‘UAE Targeted Financial Sanctions (“TFS”) Implementation Mechanism and National Coordination’ by Executive Office, IEC. The Executive Office reported AED1.679M of frozen assets in Financial Institutions (“FI”) and AED87.2M by Designated Non-Financial Businesses and Professions (“DNFBP”). To continue the efforts the speaker reminded firms to:
  • report confirmed or potential matches via the GoAML platform
  • for confirmed matches, firms must freeze assets without delay, or reject the customer and submit a Freeze Funds Report (“FFR”) report within five days
  • for potential matches, firms must suspend the transaction until further guidance is received and submit a Partial Name Match Report (“PNMR”) report within five days.
• ‘Emerging Terrorism Finance Trends: Virtual Assets’, Colin Almquist, Director of Strategic Intel and Mohmoud El Said, Account Executive at Chainalysis. The speakers stressed that 1% of cryptocurrencies are used for terrorist financing as it is more difficult to use than cash, but it is predicted to increase, and firms should consider the risks associated with this asset
• ‘UAE Export Control Framework’, Mohammed AlKatheeri, FANR. The speaker highlighted red flags and evasion trends, which included:
  • falsifying or generalising commodity description of dual-use items
  • exporting to countries with weaker or high-risk controls
  • use of shell companies
  • complex logistical routes
  • tampering or modifying documents without a rationale
  • dealing with sanctions goods, especially those with dual use such as wire nickel.
• ‘Proliferation Financing (“PF”) Risk Assessment’, Darya Dolzikova, RUSI. The speaker addressed the required elements to conduct PF, with the two core methodologies that firms must incorporate into their PF assessment being: likelihood & consequence = risk; threats and vulnerabilities = likelihood
• ‘PF and Cryptocurrencies’, Allison Owen, RUSI. The speaker identified key mechanisms for criminal actors to attain illegitimate cryptoassets, namely through cybercrime, direct purchases from unregulated exchanges or Over the Counter (“OTC”) markets, mining or ‘crypto-jacking’, and illicit sales through the dark web ‘PF Sanction Evasion’ by Aaron Arnold, RUSI. The speaker identified three categories of PF activity: financial products and services related to trading in proliferation-sensitive goods; revenue-raising activities (licit and illicit); financial and corporate infrastructure supporting the movement of finances and goods.

Firms are reminded to:

• screen customer databases and parties to transactions without delay when a sanction list is updated
• act when a client is listed on a sanctions list by freezing assets without delay and notifying authorities via GoAML
• be aware of the top three methods used by terrorist financiers, namely: use of the formal banking systems; cash smuggling; use of money service businesses
• follow the EO IEC on Instagram, Twitter and YouTube
• review the TFS Private sector guidance here and incorporate guidance into training and policies
• conduct a suitable assessment of PF Risk, which should include:
  • understanding PF methods and trends, and categorising PF vulnerabilities into political and social; economic and technical; geographic and environmental; legal and institutional; legal persons and legal arrangements
  • understanding the organisation’s exposure to PF activities by considering proliferation-sensitive goods and sensitive goods lists, revenue-raising techniques, and financial access points
  • assessing PF consequences, such as the impact on human life; environment or infrastructure; international or regional security or stability; national economy or financial systems; industry sectors and reputational damages
  • concentrate resources where they are most needed
  • identifying screening, Know Your Client (“KYC”) and other compliance gaps
  • identifying data and information gaps
• ensure suitability and accuracy of policies, internal controls, training and testing or audits to meet and mitigate the assessed risks
• understand the risks of cryptocurrency and trading by reviewing the FATF guidelines here.

The FATF standards can be reviewed here. The presentations can be viewed here.

The Dubai Police General Command and the Gulf Cooperation Council Office of the United Nations Office on Drugs and Crime launched a diploma for specialisation in combating money laundering and terrorist financing. The diploma will meet the United Nations’ standards and incorporate international best practice mechanisms in its 19 modules.

The UAE AML/CTF Public-Private Partnership Committee (“PPPC”) held its 4th meeting to discuss strategies for tracking serious and organised crime. The meeting included presentations from the Federal Customers Authority and SOCNet (a division of the UK Foreign, Commonwealth and Development Office). The EO focused on the use of illegal wildlife trafficking and its role in facilitating money laundering and terrorist financing. As a result, UAE financial institutions will be able to download a toolkit which provides insight into money flows stemming from illegal wildlife trade in addition to other useful resources. In addition to the focus on wildlife activity, attendees received a presentation on UAE legislation towards disclosing currencies, bearer negotiable financial instruments, minerals and precious stones for those entering or departing the country and whose value is over AED60,000.

The SOCNet toolkit is now available for download on the Themis website, accessible here.

FATF reviews various jurisdictions’ progress to meet their AML and CTF obligations reported in their Mutual Evaluation Report (“MER”). The MERs assess jurisdictions against 40 FATF Recommendations.

The updates are as follows:

• Croatia has been reported as compliant in 4, largely compliant in 17, and partially compliant in 19 recommendations
• Poland has been reported as compliant in 2, largely compliant in 21 and partially compliant in 17 recommendations
• St Kitts and Nevis has been reported as compliant in 11, largely compliant in 15, and partially compliant in 14 recommendations
• Ireland has been reported as compliant in 17, largely compliant in 17, and partially compliant in 6 recommendations
• Vietnam has been reported as compliant in 2, largely compliant in 11, partially compliant in 23 and non-compliant in 4 recommendations

The updated consolidated rating table can be found here.

The Executive Office of the Committee for Goods and Materials Subject to Import and Export Control has updated the United Nations Security Council Sanctions List. One entity has been added relating to Somalia and one individual and five entities have been updated on the UAE Local Terrorist List.

Firms are reminded to monitor geopolitical events and any resulting updates to international sanctions lists so that they can assess their exposure to sanctioned individuals and entities. Sanction contraventions must be reported to the relevant authorities without delay, and regulators will expect to be notified of any sanctions matters that may result in reputational consequences for the firm.

The updated sanction list can be found here.

Saudi Arabia’s Public Prosecution has ordered the confiscation of SAR2Bn following a money laundering conviction. A Saudi national and an expatriate resident were found to have violated money laundering laws by running a bank without a business licence and accepting cash from anonymous sources. The cash was found to be the proceeds of commercial concealment and narcotics trading.

The UK National Crime Agency (“NCA”) has arrested Sarah Panitzke in Spain for laundering GBP1Bn resulting from VAT fraud in 2013. Panitzke laundered money through Spain, Andorra and Dubai as part of a criminal group that purchased phones without VAT from outside the UK and resold the items in the UK. Sixteen other gang members have already been jailed. Panitzke will also serve an eight-year sentence.