Regulatory Update: Middle East Edition – July 2022

The Dubai International Financial Centre (“DIFC”) financial regulator, the Dubai Financial Services Authority (“DFSA”), issued volume 19 of ‘DFSA In Action’ providing a snapshot of the DFSA’s core activities during the first half of 2022. The paper focused on:

• licencing activity
• cyber security Threat Intelligence Platform (“TIP”) updates
• enforcement actions
• supervision events
• markets
• regulatory activity overview

Some of the highlights included:

• 35 new firms were authorised with the total number of authorised firms stands at 553
• increased diversity of authorised firms within the DIFC with a noticeable number of firms progressing from the Innovation Testing Licence (“ITL”) programme to receive a full licence
• consultation papers and subsequent regulatory developments in crypto and virtual assets
• the success of the TIP which recorded over three thousand cyber threats and provided beneficial intel to the DIFC community
• six enforcement actions and eight scam alerts maintaining the integrity of the DIFC
• 39 Suspicious Transaction and Order Reports (“STORs”) received involving over 2500 transactions with 16 STORs referred to local and international regulators
• 10 media releases, 2 thematic reviews, 10 Dear CEO letters, 2 MoUs signed.

Firms are reminded to sign up to the TIP platform to address the local cyber security risks.

You can read the full issue here.

The DFSA has opened its application process for firms wishing to apply to the ITL programme encouraging firms to test their product in the DIFC’s sandbox. Firms must provide a clear business model and an innovative product or service for consideration by the DFSA. Starting this month, the DFSA will move to an open window format where interested firms may apply as soon as they are ready to test their product. The application process was historically through a set cohort scheduled throughout the year.

You can find more information about the ITL here.

The DFSA issued Consultation Paper (“CP”) no.144 ‘Miscellaneous Changes’. The CP proposes to update the DFSA rulebook as follows:

• General Module (“GEN”) 8.6 on audited financial statements by branches allowing firms to submit an annual financial statement within 14 days of submitting the statement to the home regulator
• Collective Investment Rules (“CIR”) 8.2.4 to expand the circumstances under which firms could be considered eligible custodians to include structures where there is an ownership relationship with another GCC country’s government
• Authorised Market Institutions (“AMI”) 5.11.2 and Code of Business (“COB”) 9.6.9 rulebooks to enhance the reporting obligations of market abuse to be immediate, based on ‘reasonable grounds’ of suspicion and relating to market abuse
• AMI 1.3.1 to include text on money laundering in line with the Anti-Money Laundering (“AML”) module
• Prudential — Investment, Insurance Intermediation and Banking (“PIB”) module regarding capital requirements appendix 2.4 to include category 3C and 3D firms to complete the B180 form on capital adequacy
• PIB A2.4 table 1 to include a new reporting form B460 for reporting capital requirements, transactions, and rates of fraud (including suspected fraud) and money transactions for money service providers
• Fees module (“FER”) 2.2.5 to explicitly include an annual fee for the enforcement to operate a fund platform as a variation of licence.

In addition, the CP proposes updating various rulebooks to correct omissions or cross-references from previous amendments.

The CP can be read in full here. Comments are welcome before 14 September 2022 by submitting here.

The DIFC, in partnership with the World Alliance of International Finance Centers (“WAIFC”) and the Z/Yen group (a commercial think-tank consultancy), published ‘The Future of Financial Centres’ white paper.

The paper discusses insights on how financial centres are collaborating to enable sustainable growth, the fourth industrial revolution, developing human capital and a shared vision for financial centres by 2030.

The paper finds that financial centres are fostering links between regulators and market participants ensuring that regulatory changes are understood and urging the development of international regulatory standards. This provides regulators with commercial insights and encourages competition.

You can read the full white paper here.

The DFSA published decision notices against Mr Stuart Coles and associated firms Coworth Fintech Ltd, Coworth Investments Ltd and Novus Fintech Ltd (collectively, the “Firms”) for obstruction to requested information from the DFSA. The DFSA commenced an investigation of the Firms’ activities within the DIFC after suspicion that the Firms were conducting financial services without authorisation. Mr Coles, the sole owner and director of the Firms, instructed employees of the office to refuse access to the DFSA’s inspection team and access to information without a reasonable excuse. Mr Coles has received a financial penalty of US$ 240,000 and has been restricted from performing financial services in or from the DIFC as well as a prohibition on holding office or being an employee in the DIFC.

The decision has been referred to the Financial Markets Tribunal for appeal.

You can read the full decision here.

Lori Baker, VP, Legal & Director of Data Protection, Office of the Commissioner of Data Protection, hosted “Tuesday talks with Lori” on the Annual Assessment required by Article 19 of the DIFC Law no.5 of 2020 on Data Protection (“DP Law”). Firms requiring a Data Protection Officer (“DPO”) due to their high-risk processing activities under Article 16 of the DP Law must assess their processing activities and compliance. The assessment details the firm’s processing activities for that year and requests evidence of compliance with the DP Law and principles. Firms will receive a notification via the DIFC portal to submit their assessment close to the licence renewal date.

You can download our helpful data protection articles here.

The Abu Dhabi Global Market (“ADGM”) supported by BNP Paribas, issued a white paper ‘UAE and the Energy Transition: Toward COP28’.  The paper is a summary of the discussion with a view to start preparing for COP28 in 2023 and account on the implementation of net-zero by 2050.

In November 2021, the COP26 climate conference in Glasgow saw 450 banks, insurers, and asset managers from 45 countries pledging to unlock the finance required to decarbonize economies. The UAE is set to host COP28 and by 2023, progress must be shown on delivering national targets. Participants must show the viability and possible introduction of a carbon tax or emissions permits, and global efforts to harmonise data and disclosures.

The key takeaways are:

• regulation; regional governments must set out their regulatory and oversight frameworks and ensure that dialogue and transparency are maintained
• communication; communication is of consequential importance in addition to stakeholder engagement and collaboration.
• a just transition; the transition must leave no one behind if it is to succeed and so support may need to be provided
• financing and inclusivity; finance and sustainability must go hand-in-hand.

Firms should:

• familiarise themselves with their ESG obligations and continue to keep abreast of developments in the area
• prepare an ESG strategy with key performance indicators
• design a suitable policy for the size, scope and exposure to the firm
• start conversations at the board level
• review the ADGM’s sustainable Finance Platform.

Read the article in full here and read more on the ADGM Sustainable Finance Platform here.

The ADGM, in collaboration with the Mohamad Bin Zayed University of Artificial Intelligence, held the executive programme networking event discussing Artificial Intelligence (“AI”) in finance. The event features presentations from the Centre for Finance, Technology and Entrepreneurship (“CFTE”) and discussed the key function of AI in expediting business growth strategies.

The ADGM established a new industry association Middle East Investment Management Association (“MEIMA”) welcoming membership from industry disruptors to diversify the national market to create a robust investment agenda. MEIMA provides a voice to regulated and unregulated stakeholders from the Middle East and North Africa (“MENA”) investment management firms to allow for progressive development in the region. MEIMA will work with various regulators, including the ADGM, to create a competitive and compliant operating environment. Membership applications are welcome from the finance community as well as associated services such as lawyers.

Read more about MEIMA here and apply to be a member here.

The ADGM has re-launched the monthly in-person networking events ‘LINK’. The event will allow members of the ADGM community to raise thought-provoking questions to the ADGM authorities and the wider Abu Dhabi business community.

The next event will be held on 25 August at Bentley Kitchen.

You can register for the event here.

The Securities and Commodities Authority (“SCA”) issued Chairman’s Decision No (15/Chairman) of 2022, approving controls for brokerage firms operating in the Dubai Gold and Commodities Exchange (“DGCX”) and acting as a derivative member of the Dubai Financial Market (“DFM”). The Decision will allow brokerage firms in the DGCX to act as a DFM derivative member without prejudicing their licencing terms so long as they hold a valid membership with the DFM. The membership application contains undertakings to comply with controls, terms and obligations set by the DFM and will be approved by the SCA before the brokerage firms can act as derivative members.

Firms exercising this activity should remain compliant with the SCA rulebook.

The SCA and the Economic Security Center of Dubai (“ESCD”) signed a Memorandum of Understanding (“MoU”) for joint co-operation in combatting Money Laundering (“ML”) and Terrorist Financing (“TF”). The MoU allows for the exchange of information on financial crimes and permits the use of specialist experts and consultants to advise on ML and TF matters. The ESCD and SCA will host specialised training sessions and will coordinate financial complaints including complaints against fictitious or unlicenced entities ensuring a consistent approach to ML and TF. The MoU will enhance the region’s financial stability and assist in protecting the UAE’s economy.

The UAE’s Ministry of Finance (“MoF”) has launched an incentive scheme to bring more digital-focused businesses to the UAE, partnering with the ADGM and DIFC as well as other free zones. The initiative aims to support the businesses for market entry into the region, assisting with the launch and scale-up phases by providing a faster incorporation process, bulk visa issuance, accelerated banking services and commercial and residential real estate. The scheme aims to relocate 300 digital-focused businesses to the UAE within 6-12 months.

The Financial Intelligence Unit (“FIU”) issued three guidance articles for various industries providing useful guidance on ML and TF risks and trends. The guidance covers Money or Value Transfer Services (“MVTS”) and Registered Hawala Providers (“RHP”), strategic analysis on professional money laundering and foreign proceeds of crimes and virtual assets. The guidance provides insight into red flags, abuse, and suggested enhancements to AML and CTF regimes.

You can read the 1 July guidance by logging onto the GoAML portal here.

The FIU issued its Q2 feedback for reporting entities providing insight into the themes of Suspicious Activity Report (“SAR”) and Suspicious Transaction Report (“STR”) raised during the quarter.  The FIU noted a substantial increase in the number of reports during the quarter increasing by 27%, with a significant increase from crypto exchanges. In addition, the FIU acknowledged that Payment Service Providers (“PSP”) and Point Of Sale (“POS”) machines had been targeted more frequently by money launderers.

The FIU reminds firms to:

• submit reports under the correct codes to ensure that investigators have suitable information to action reports
• include valid and correct links for any supporting documentation or articles
• avoid the use of industry-specific acronyms.

In addition, firms are reminded of the FIU’s new service portal, which you can review here.

The Executive Office for Control and Non-Proliferation (“EOCN”) met with the US Department of the Treasury with representatives from the Office of Terrorist Financing and Financial Crimes, the Financial Crimes Enforcement Network and the Office of Foreign Assets Control. The delegation discussed strategic initiatives, including the UAE’s national agenda to combat ML and TF and the proliferation financing risk assessment. In addition to discussing efforts to mitigate risks associated with virtual assets and illegal wildlife trafficking.

The FATF reviewed the progress of various jurisdictions in meeting their AML and CTF obligations reported in their Mutual Evaluation Report (“MER”). The MERs assess jurisdictions against 40 FATF Recommendations. The updates are as follows:

• Grenada has been reported as compliant in 8, largely compliant in 9, partially compliant in 20 recommendations and non-compliant in 3
• Aruba has been reported as compliant in 18, largely compliant in 15, and partially compliant in 7 recommendations
• Liechtenstein has been reported as compliant in 11, largely compliant in 26 and partially compliant in 3 recommendations
• Bulgaria has been reported as compliant in 2, largely compliant in 15, and partially compliant in 23 .

The updated consolidated rating table can be found here.

The FATF released recommendations on information sharing to assist in the fight against ML and TF, considering increasing global data privacy and protection rules. Following the “stocktake report” issued in July 2021, the FATF has produced guidelines for a proportionate approach to balance individuals’ right of data privacy and the necessity to comply with AML and CTF obligations.

The article discusses the balance thresholds of sharing personal data for pre-suspicion, established suspicion and escalation to the regulatory authorities for personal data to benefit investigations. Firms are reminded that most global data protection laws provide a level of exclusion for using personal data for AML and CTF purposes; however, the principles of data protection must be adhered to, even in such circumstances. This means that data must be secure, fairly treated, not be excessively shared and deleted when there is no longer a legal basis to retain it.

In addition, the FATF discusses the future of AML and CTF requirements focusing on sharing not only to regulatory authorities but the benefits of sharing between private sector firms. Countries that have tested data sharing between private sector firms and, due to the increasingly sophisticated ML and TF attempts, have noted more detailed SAR’s and STR’s, allowing for more efficient investigations. The implementation of information sharing must be considered with data principles in mind as well as data security. The FATF offers guidance for private-to-private sector sharing schemes, which includes AML, CTF and data protection experts in the design of any data sharing system or platform.

Firms should:

• assess their international data protection obligations in the jurisdictions where the personal data is collected, used or stored
• review their collection mechanisms and storage solutions to ensure that they are suitable for the sensitivity of personal data collected
• set data retention periods considering the purpose for the collection and adhere to such rules
• have policies and procedures in place for the proper management of personal data
• disclose their personal data usage before data collection
• be prepared to act on a data subject right request.

You can read the full publication here.

The FATF appointed T. Raja Kumar as its president for the next two years. The Singaporean president has published his priorities for 2022-2024 as follows:

• enhancing the effectiveness of AML and CTF measures across FATF member jurisdictions and the wider global network
• strengthening international efforts to improve asset recovery
• exploring contemporary money laundering and terrorist financing (ML/TF) risks linked to cross-border cyber-enabled crimes
• deepening the FATF’s partnerships with its regional partners – FATF-style regional bodies (“FSRBs”).

You can read the statement here.

The Executive Office of the Committee for Goods and Materials Subject to Import and Export Control has updated the United Nations Security Council Sanctions List. One entity on the 1718 sanction list has been amended.

Firms are reminded to monitor geopolitical events and any resulting updates to the international sanctions lists so that they can assess their exposure to sanctioned individuals and entities. Sanction contraventions must be reported to the relevant authorities without delay, and regulators will expect to be notified of any sanctions matters that may result in reputational consequences for the firm.

The updated sanction list can be found here.

The CBUAE imposed an administrative sanction on an insurance company operating in the UAE for failing to meet its regulatory obligations. The company was found to be in breach of Federal Law No.6 of 2006 on the Organisation of Insurance Operations. The company was instructed to remedy its solvency capital requirements within nine months of the notice being issued. In addition, the Company was prohibited from issuing additional insurance policies to customers for one year.

The CBUAE also imposed an administrative and financial sanction on a finance firm operating in the UAE for failing to submit its audited financial statements in addition to failing to comply with the CBUAE guidelines. The firm was found to be in breach of Decretal Federal Law no.14 of 2018 regarding the Central Bank and the Organisation of Financial Institutions and Activities, as amended by the Finance Companies Regulation and Consumer Protection Regulations. The firm was instructed to remedy its position within a month of the notification.