Regulatory Update: Middle East Edition – January 2022

The Dubai International Financial Centre (“DIFC”) in collaboration with Abu Dhabi Global Market (“ADGM”) and the London Institute of Banking and Finance MENA (“LIBF”) has launched the Sustainable Fintech Alliance. The Alliance aims to address urgent environmental and social challenges following the climate change conference (“COP26”). Members of the Alliance have committed to implementing sustainability strategies which contribute to the United Nations’ sustainable development goals. The Alliance will focus primarily on education and awareness to enable Fintechs to build, implement and realise sustainability strategies, with a view to achieving sustainability and climate related goals.

Fintech firms interested in joining the alliance can emai [email protected].

His Highness Sheikh Maktoum bin Mohammed bin Rashid Al Maktoum, Deputy Ruler of Dubai, Deputy Prime Minister, Minister of Finance and President of the DIFC, has appointed Abdullah Sharafi to join the board of directors of the Dubai Financial Services Authority (“DFSA”). Sharafi brings over 20 years of experience at Emirates Industrial Bank as well as experience from several ministries and organisations at both local and international level.

The Financial Markets Tribunal (“FMT”) upheld DFSA enforcement action taken against Mr Gilles Rollet for serious misconduct in relation to his role as a Senior Executive Officer (“SEO”) of La Tresorerie Limited. In addition to the previous enforcement action, the FMT has ordered Mr Rollet to pay half of the DFSA’s costs.For further information on the case, read our report here or review the FMT’s case details here.

The DFSA published a decision notice taking action against Mr Arif Masood Naqvi and Mr Waqar Siddique for serious failings in respect of the Abraaj Group. The DFSA imposed a financial penalty of USD135,566,183 on Naqvi and USD1,150,000 on Siddique in addition to a prohibition from performing any function in or from the DIFC.

Naqvi, a founder of the Abraaj Group, was found to be knowingly involved in misleading investors over the misuse of their funds by Abraaj Investment Management Limited (“AIML”). The DFSA found that Naqvi personally proposed, orchestrated, authorised, and executed actions that directly or indirectly misled and deceived the investors.

The DFSA found that Naqvi:

• instructed the use of investor monies to fund the Abraaj Group’s working capital and other commitments
• ranked investors according to the likelihood that they would complain or challenge, and withheld sale proceeds and reports from those investors who were less likely to do so
• personally drafted and approved false and misleading statements to cover up the misuse of investor funds attempted to sway other senior members of staff at investors’ organisations to quash queries
• was central to the cover-up of a US$400M shortfall by borrowing money with the aim of producing bank balance confirmations and financial statements to mislead auditors and investors
• approved the change of a financial year to avoid a US$200M shortfall disclosure
• personally arranged to borrow US$350M from an individual to make Abraaj Group appear solvent and appease investor demands
• encouraged other members of Abraaj senior management to mislead and deceive investors and stakeholders
• was knowingly involved in AIML conducting unauthorised activities in or from the DIFC.

The DFSA found that Siddique:

• was knowingly involved in breaches by AIML and Abraaj Capital Limited (“ACLD”)
• misled and deceived investors over the use of their money with Abraaj Funds
• was knowingly involved in the contraventions of capital requirements by authorising temporary cash transfers at quarterly reporting period ends over a five-year period
• signed financial returns sent to the DFSA falsely declaring compliance with DFSA capital requirements.
• deceived auditors and investors as to the actual cash balance in the funds’ bank accounts
• was a signatory to a loan agreement used to produce misleading bank balance confirmations and misleading financial statements.

Both parties have referred the decision to the FMT thereby freezing any financial order before the case can be heard; however, the prohibition to perform any duties in the DIFC remains in effect.

For further information on the case, review the DFSA decision notice for Naviq here and Siddique here.

The Office of Data Protection hosted a week of data protection seminars to mark Data Privacy Day. The events discussed the current climate of data protection under the DIFC regime and its applicability to most firms within the DIFC, as well as focusing on the future of data protection in the region.

The first event welcomed commentators from law firms and various industry professionals to discuss the introduction of the UAE Federal Law, potential implications for UAE businesses, the development of the concept of ethical data sharing, and the future of data transfers to non-adequate jurisdictions. The Federal law, published on 2 January 2022, will be supported by regulations that are expected to be released in March 2022. Businesses will have until September 2022 to comply with the new law.

The second event, presented by Lori Baker, Vice President, Legal & Director of Data Protection, discussed the DIFC laws application in detail and guided attendees through the newly enhanced data protection website. She discussed the updated standard contractual clauses – one of the safeguards for transferring personal data to a jurisdiction deemed not adequate – following the General Data Protection Regulation (“GDPR”) review of the effectiveness of standard contractual clauses.

You can find more details on the DIFC data protection regime here. You can review the DIFC data protection page here.

The DFSA launched its ‘2022 Cyber Thematic Review’ and authorised firms have been invited to participate. The review focuses on the current maturity level of cybersecurity frameworks, consistency of cyber risk management frameworks and the status of areas identified as needing improvement in the ‘2019/2020 Cyber Thematic Review’.

Responses must be submitted by 23 February 2022 through the DFSA ePortal.

The DFSA ‘Cyber Risk Management Guidelines’ can be found here. The ‘2019/2020 DFSA Thematic Review’ can be found here.

Firms are reminded to report material cyber incidents to the DFSA by completing a Cyber Incident Notification Form on the DFSA ePortal.

The Financial Services Regulatory Authority (“FSRA”) of the ADGM announced its decision to merge its two independent bodies: the Regulatory Committee and the Appeals Panel. The announcement follows Consultation Paper (“CP”) no.4 of 2021 and aims to offer stakeholders a more streamlined and efficient process for the timely resolution of regulatory proceedings.

The amendment was enacted on 30 December 2021 and published on 3 January 2022 and the changes can be read here.

The FSRA of the ADGM in consultation with the UAE Ministry of Finance enacted amendments to the Common Reporting Standards Regulations (“CRS”) 2017.

The amendments include:

• applying the CRS to any “Controlling Person” of a “Reportable Account” rather than any “Account Holder”
• providing Reporting Financial Institutions (“RFI”) with a timeframe to respond to any inspection and investigation requests from the ADGM Regulatory Authority (“RA”)
• the ability to send enforcement notices by email to a Controlling Person or RFI
• a 20 day window for firms wishing to refer matters to appeal, unless an exceptional circumstance can be proven
• a timeframe of under 60 days in which the RA must respond to an appeal notice where the notice is received by email or post
• the obligation to pay administrative fees or penalties within 30 days where the penalty is issued under subsection 9(1) ‘underwritten notice’
• payment of administrative fees or penalties within 15 days where the penalty is issued under subsection 10(3) ‘after appeal’
• The contraventions have been updated to read:
  • if “a Controlling Person submits a statement of personal information to a Reporting Financial Institution that includes any inaccurate or incorrect information, details or documents, and either knew or ought to have known it was inaccurate or incorrect” they will incur a fine of AED20,000
  • if “an RFI fails to report any information in accordance with the requirements of these regulations including the form, manner and timeframes for reporting”, they will incur a fine of AED50,000 and AED1,000 for every day the failure continues, up to AED100,000
  • if ”an RFI fails to submit an information return providing that it maintains no reporting account in accordance with the timeframes set out in these regulations” they will incur a fine of AED10,000 and AED1,000 for every day the failure continues up to AED30,000
  • if “an RFI fails to report the information required to be reported under this regulation in a complete and accurate manner” they will incur a fine of AED5,000 to AED100,000
  • if “an RFI fails to apply the due diligence procedures specified in Schedule 1, Part 2 through to Part 7 in Schedule 1” they will incur a fine of AED40,000
  • if “an RFI acts or fails to act in a way where the main purpose or the main purposes of such actions or inaction can reasonably be considered to be to avoid an obligation imposed under these Regulations” they will incur a fine of AED250,000
  • if “an RFI otherwise contravenes these regulations” they will incur a fine of AED10,000 to AED30,000 per failure.
• the RA may impose additional penalties at its discretion which may include suspension, withdrawal, or non-renewal of a licence, authorisation, or permission.

You can read the update in full here.

The ADGM announced a change to the ADGM Authority Management team with Mark Curtis no longer acting as CEO of the ADGM Authority. The change was effective from 28 December 2021.

The ADGM commemorated Data Privacy Day on the 28 January 2022, joining the 41-year-old tradition of celebrating the Council of Europe’s Convention 108.

ADGM firms who are yet to review the Data Protection Regulations 2021 and the encompassing obligations have until 14 February 2022 to fully comply.

Firms are reminded to:

• construct a record of processing activity
• internally publish an ‘appropriate’ data protection policy
• maintain a breach register
• publish privacy notices prior to any personal data collection
• register with the office of data protection review processing activities and assess the data privacy impact.

You can read the Office of Data Protection guidance notes here. You can read our implementation checklist here.

The Abu Dhabi Securities Exchange (“ADX”) released the Listing and Disclosure Regulations.

The regulations cover:

• listing shares of location companies
• listing of foreign companies’ shares
• listing the shares of free zones companies
• listing of special purpose acquisition vehicles
• listing of debt securities and Sukuk
• listing of the units of investment fund
• listing of covered warrants
• delisting of securities
• general provisions.

You can read the regulations in full here.

The ADX has amended its trading week to Monday to Friday, 10am to 3pm, following the UAE Government announcement last month. The changes came into effect on 3 January 2022. Under the previous working week, interest in the local market was low, resulting in low liquidity and, whilst Friday was the last working week for the rest of the world, in the UAE it was considered a “weekend”, thus potentially missing out on the most volatile day of the week.

The change in the working week could also positively impact the local economy by allowing the ADX to be better aligned with global markets and to increase trading activity, which could aid the GBP growth and bring more foreign investment into the region.

Investors may also benefit from the working week, given they would be fully synced with global stock markets and will not experience the “lag effect” that takes place when the US and other international markets pick up on a trend.

The Financial Action Task Force (“FATF”) reviews various jurisdictions’ progress to meet their Anti Money Laundering (“AML”) and Counter Terrorist Financing (“CTF”) obligations reported in their Mutual Evaluation Reports (“MER”). The MERs assess jurisdictions against 40 FATF Recommendations.

The updates are as follows:

• the Bahamas has been reported as compliant in 18, largely compliant in 20, and partially compliant in 2 recommendations
• Antigua and Barbuda have been reported as compliant in 11, largely compliant in 25, partially compliant in 3 and non-compliant in 1 recommendation.
• Cyprus has been reported as compliant in 16, largely compliant in 20, and partially compliant in 4 recommendations
• Mauritania has been reported as compliant in 14, largely compliant in 21, and partially compliant in 5 recommendations
• United Arab Emirates (“UAE”) has been reported as compliant in 14, largely compliant in 22, and partially compliant in 4 recommendations
• Serbia has been reported as compliant in 5, largely compliant in 34, and partially compliant in 1 recommendation
• Andorra has been reported as compliant in 9, largely compliant in 28, and partially compliant in 3 recommendations
• Lithuania has been reported as compliant in 8, largely compliant in 25, and partially compliant in 7 recommendations
• Czech Republic has been reported as compliant in 16, largely compliant in 29, and partially compliant in 5 recommendations.

The UAE follow-up report can be found in full here. The updated consolidated rating table can be found here.

The Executive Office of the Committee for Goods and Materials Subject to Import and Export Control (“Executive Office”) and The Executive Office for AML/CTF launched a comprehensive assessment of proliferation financing risks in the UAE. The project will be led by the Executive Office in coordination with UAE stakeholders and the private sector. The assessment will assist both the public and private sectors to implement new requirements to identify, assess and understand the proliferation financing risk. The assessment further aims to assist firms in developing appropriate measures to mitigate or reduce proliferation financing risks. The project is due to be completed by the end of 2022.

The Executive Office has updated the United Nations Security Council sanctions list. Four entries from the ISIL Daesh and AlQaida have been removed. The UN Security Council Committee added one entity to its sanctions list concerning Libya.

The updated sanction list can be found here.

Dubai Public Prosecution has issued various sentences for money laundering offences in the UAE under Federal Law No. 20 of 2018 on AML and CTF and Financing of Illegal Organisations. In the first case, the defendant received a three-year prison sentence and a fine of AED14.6M for transferring, using and concealing the location and origin of funds that were illegally appropriated from public funds.

In the second case, defendants were sentenced to three months in jail, with some defendants receiving up to three years and a fine of AED210,000 as well as deportation. An additional defendant was fined AED300,000 for misappropriating funds from an individual.

In the third case, Dubai Misdemeanours Court found four defendants guilty of money laundering offences and ordered the confiscation of funds to the value of AED96,000, as well as one-year imprisonment for money laundering and six months’ imprisonment, followed by deportation, for fraud.