Regulatory Update: Middle East Edition – January 2021

The Dubai Financial Services Authority (“DFSA”) hosted an outreach session for authorised firms in the Dubai International Finance Centre (“DIFC”) following their “Dear SEO” letter (dated 12^th January 2021) and the publication of their Cyber Risk Management Guidelines. The DFSA provided a summary of their guidelines and explained the three pillars of a strong cyber risk management framework, which include: good governance, hygiene, and resilience. Firms are expected to apply a risk-based approach in their adoption of the published guidelines, with smaller firms implementing those that are suitable to their scale and operations.

Governing Bodies and Senior Executive Officers (“SEO”) are reminded that ultimate responsibility for cyber security rests with them. Firms are also reminded to make use of the DFSA’s Cyber Threat Intelligence Platform to alert others in the community of current cyber threats.  The Platform can be accessed via the DFSA ePortal and is available to DIFC companies free of charge.

Firms are encouraged to:

• Share and discuss the guidelines with the governing body and senior management
• Undertake an internal review of their cyber security and information security frameworks to identify gaps, weaknesses and potential threats
• Assess their exposure to cyber risk through third parties such as suppliers, contractors and consultants
• Engage technical experts and professional support, where necessary

The Data Protection Commissioner in the DIFC hosted a privacy seminar to raise awareness of the DIFC Law no.5 of 2020 – The Data Protection Law (“Law”). The seminar raised awareness of data subjects’ rights, the role of the Data Protection Officer (“DPO”), the required safeguards around some international transfers, and the expectations to build a culture and infrastructure of data privacy. The Commissioner stressed the importance of firms keeping their data protection notifications accurate to avoid future fines.

Firms are reminded that data protection is an ongoing obligation, and they should assess their requirements using the Commissioner guidance pages found here. Should firms need any assistance to comply with their obligations under the Law, CCL has experienced professionals who can assist. For details, click here.

The DFSA has published its business plan for 2021-2022. The four main themes are:

• Delivery
• Engagement
• Innovation
• Sustainability

In the banking sector, the DFSA aims to focus on:

• A forward-looking approach to supervision by conducting further stress testing to analyse vulnerability of banks
• Robust, well-established and effective governance and risk management frameworks prioritising areas of credit and liquidity risk
• A continuation of importance on non-financial risks, such as business continuity, management of third-party risk, cybersecurity and financial crime
• Supporting entities moving away from certain interest rate benchmarks, such as LIBOR, to alternative reference rates
• Their Early Intervention, Recovery and Resolution Regime to support systemically important entities to develop and strengthen their recovery planning and approach to resolution
• Upgrading their capabilities to deal with emergent risks and to understand better the impact of new technologies on the banking sector

In the insurance sector, the DFSA aims to focus on:

• Fostering an appropriate and stable regulatory environment for the DIFC insurance and reinsurance industry
• Promoting the importance of a robust risk culture in managing their underwriting processes, reserving, and building contingency plans to remain operationally resilient in times of stress
• Facilitating a streamlined licensing process and accommodate innovative structures
• Promoting sustainable finance through digitalised solutions
• Reviewing the industry’s Environmental, Social and Corporate Governance (“ESG”) considerations when making strategic decisions, setting risk appetite and developing new products

In addition to this the DFSA will continue to focus on:

• Conduct-related issues
• Reviewing firms to ensure an appropriate level of protection for clients and counterparties, given their knowledge, experience and understanding of financial products and related risks
• Governance and assessing onboarding processes, suitability of products, protection of client assets, and ensuring communications and marketing materials are clear, fair and not misleading
• The substance of activity taking place in the DIFC
• Fostering the growth of DIFC capital markets
• Participation in supervisory colleges of internationally active financial groups
• Growing relationships with other regulators, including the Global Financial Innovation Network (“GFIN”)
• Promoting the importance of cyber resilience and cyber risk management and developing routine risk assessments and industry guidance
• Enhancing the audit quality framework
• Developing the regulatory regime for digital assets
• Continuing work on implementing its resolution regime
• Updating our regime for Client Assets in the business planning period
• Reviewing all DFSA regimes against international standards and best practice
• Preparing for a potential Financial Sector Assessment Programme (“FSAP”) assessment
• Digitalising DFSA services
• Developing the UAE National’s Programme (“TRL”)

You can read the Business Plan here.

The Abu Dhabi Global Market (“ADGM”) hosted the third Sustainable Finance Forum under the theme of ‘Financing Sustainable Recovery and Future Resilience’. The Abu Dhabi Sustainable Finance Forum (“ADSFF”) witnessed five signatories from Emirates Nature WWF, Clean Energy Business Council, Credit Agricole, BlackRock and Invesco, joining the existing 41 signatories in a commitment to the Abu Dhabi Finance Declaration. The Declaration creates a framework to foster positive social, economic and environmental initiatives advocating sustainable finance investments for the long-term wellbeing and growth of the UAE. The ADSFF served as a background to announce the UAE Sustainability Finance Framework 2021-2031 pioneered by the Ministry of Climate Change and Environment, which aims to enable mainstream sustainable finance practices and increase green investments within the UAE.

The ADGM held an online workshop on cryptocurrencies, led by the Royal United Services Institute (“RUSI”), covering regional cryptocurrencies and their challenges, public-private and private-private coordination, and the regulatory framework.

With RUSI considering the UAE to be the global crypto centre, the attendees discussed the regional scope and scale of the adoption of cryptocurrency and the challenges that law enforcement will face. Cryptocurrency is regulated in the UAE with different regimes across the Emirates, however RUSI considers that governments are generally behind the curve when it comes to regulation. To combat illegal use of cryptocurrency, interagency collaboration is required at domestic level which will assist with pooling knowledge and resources, enabling agencies to compare their approaches to establish metrics of success.

The RUSI considered the main risk areas as:

• Cryptocurrency financing illegal weapons trade with North Korea
• Illegal transfers using peer to peer and over the counter platforms
• Regional disparities between cryptocurrency regulation
• Unclear taxonomy
• Unclear core definitions, such as payment tokens and stablecoins

The ADGM Registration Authority (“RA”) has released a consultation paper on proposed amendments to its Decision Procedures and Enforcement Manual (“Manual”). The consultation paper proposes that the Manual will:

• Be renamed as the Decision Procedures, Disqualification and Enforcement Manual
• Now include policy and procedures relating to the making of disqualification orders to directors, receivers, persons involved in the promotion, formation or management of a company and insolvency practitioners, and penalties that may arise for breaching a disqualification order
• Set out the circumstances where the Registrar may disqualify a person
• Clarify the matters considered by the RA for determining unfitness of company directors
• Provide examples of aggravating and mitigating factors the RA will consider when issuing a disqualification order
• Confirm the penalties that may arise for breaching a disqualification order

The paper will be of particular interest to:

• Individuals, organisations and investors with an interest in establishing a presence in the ADGM
• ADGM RA licensed persons, company directors, insolvency practitioners and their professional advisors

You can read the paper here. Firms’ comments are welcomed until 11th February 2021 by emailing [email protected].

The Saudi Central Bank (“SAMA”) announced the Open Bank Policy as part of the Financial Sector Development Programme. The policy will promote innovation and trust in the banking sector and aims to enhance efficiency whilst promoting competition and will also assist with the sectors framework in readiness for innovative financial technologies.

You can read more here.

SAMA has issued rules on debt crowdfunding to regulate the provisions for licencing and the conduct of activities of a debt crowdfunding firm.   The rules are introduced as part of the Kingdom’s 2030 vision to modernise financing activities.  The rules aim to attract new investors and companies, and owners of small and medium capitals by ensuring there is a suitable framework within which to conduct business.

Firms engaging in debt crowdfunding should familiarise themselves with the new regulations.

You can read the rules here.

The Financial Action Task Force (“FATF”) published minutes from its board meeting discussing the money laundering and terrorist finance landscape in amidst the COVID-19 pandemic. It was noted that financial crime is becoming more sophisticated using technology to benefit criminals. In response to this, FATF is investigating technological advances in the fight against money laundering and terrorist financing, considering the benefits of artificial intelligence, machine learning and privacy enhancing technologies.

The United Nations (“UN”) advised the Committee for Goods and Material Subjected to Import and Export Control to amend names on the UAE Terrorist list. Two Iraqi nationals have been removed from the list.

Firms should screen their customer databases against the amended list, which can be found here.

Keep abreast of sanction list updates by subscribing to the Executive Office of the Committee for Goods and Material Subjected to Import and Export Control here.

The US Treasury Department fined Capital One Financial Corporation (“Capital One”) $390 million USD for wilfully failing to implement and maintain effective Anti-Money Laundering (“AML”) controls. Capital One admitted failing to file thousands of suspicious activity reports between 2008 and 2014, in addition to violations of the Banking Secrecy Act. Capital One has since exited the high-risk cheque cashing business unit and has heavily invested in its AML controls.

We recommend that firms should review the risk rating of their activities and apply suitable AML controls to mitigate their risk exposure.