Regulatory Update: Middle East Edition – June 2022
1.0 DIFC AND DFSA LATEST DEVELOPMENTS
Per Resolution no. 57 of 2020 concerning Economic Substance Regulations, firms considered a licensee carrying out a relevant activity which derives income must report 12 months after the first financial year and submit a notification of eligibility six months following the report. The report will not be required for the reporting period when the firm submits a notification that demonstrated a valid exclusion.
The UAE is subject to FATCA and CRS regimes, and the Ministry of Finance (“MoF”) collates information to fulfil reporting obligations. Firms should register on the MoF portal if they are incorporated or registered within the UAE or are UAE branches of non-UAE financial institutions. Firms are required to submit a self-assessment in January and an annual reporting and risk assessment in June; an audit questionnaire may follow in September. Some firms will be subject to exemptions.
Firms registering for CRS and FATCA are advised of the updated deadline from 30 June 2022 to 20 July 2022.
In addition, the DFSA issued two questionnaires for their internal reporting purposes. The first regarding the firms’ involvement with Mr Sanjay Shah following a recent fraud finding, and the second expressing the firms’ interest in seeking a licence variation following the publication of the proposed Crypto Token Regime.
You can read the Crypto Token Regime here.
You can read the enforcement notice here.
- background information – data processing
- resource management and training
- data processing questionnaire
Firms have two weeks to action a request with no possibility of an extension. Fines will be automatically issued for failing to respond. Whilst fines are unlikely to be issued without further investigation and direction from the Commissioner, firms should be aware of the Commissioner’s powers to issue fines and provide directions (including the requirement to assign a dedicated resource to data protection, often referred to as a Data Protection Officer) as well as the power to publish compliance failures.
You can download our helpful data protection articles here.
2.0 ADGM AND FSRA LATEST DEVELOPMENTS
3.0 MIDDLE EAST REGULATORY UPDATES
The MoF highlighted the following as satisfactory practices:
- reviewing alerts using a risk-based approach and typologies
- identifying proliferation financing suspicions and reporting in a timely manner
- suitably investing in resources and capacity to assess and handle SARs
- documenting rationale even where the suspicion is disregarded
- ensuring alerts are discounted or escalated
- performing screening and adverse media checks on all counterparties
- designing tailored training programmes using quality analysis
- quality documentation of changes to risk ratings
- suitable controls to ensure changes to sanction lists are documented
- implementing clear policies and procedures
- ongoing, accurate and up-to-date know your client documents and assessments
The MoF listed the top red flags reported for banks as:
- lack of documentation to support transactions
- transactions that are inconsistent with the account’s regular activity
- transactional activity inconsistent with a customer’s alleged employment, business or expected activity, or where the transactions lack a business or apparent lawful purpose
- accounts that show a high velocity in the movement of funds
- the transaction is not economically justified considering the accountholders business
The MoF also provided the top red flags for finance companies as:
- evidence of corporate fraud
- transactions frequently in “rounded off” amounts
- transactions are not economically justified considering the accountholders business or profession
- transactional activity is inconsistent with the customer’s alleged employment, business or expected activities, or where transactions lack a business or apparent lawful purpose
- the ultimate beneficial owners are not adequately identified
In addition, firms are reminded to provide comprehensive SARs with a high level of detail to facilitate an efficient investigation.
- multiple failures to report customer suspicions where the activity displays clear red flags as highlighted in published typologies
- cases of defensive reporting and blacklisting clients based on a request for information from the FIU
- mismatches of information between submitted SAR / Suspicious Transaction Reports (“STR”) and the submitted supporting documentation
Firms are reminded that a request for information from the FIU is not the same as a search and freeze order. The firm should apply appropriate levels of customer due diligence and risk management and mitigation measures; SARs or STR should only be raised where suspicion is present.
The Executive Office for Control and Non-Proliferation (“EOCN”) issues guidance on counter Proliferation Financing (“PF”) for Financial Institutions (“FI”), Designated Non-Financial Businesses and Professions (“DNFBP”) and Virtual Assets Service Providers (“VASP”). The guidance explains the various stages of PF, the framework establishing counter PF in the UAE, understanding and assessing PF risks, preventative and mitigating measures (including training and the use of dual goods), international obligations, sanction evasion, and red flags.
Firms are reminded to apply enhanced due diligence measures where transactions are assessed as high risk. This may include:
- obtaining additional information or updating a client’s record more frequently
- requiring the client to provide a list of main suppliers and customers and conducting suitable due diligence on the same
- reviewing the clients’ policies and procedures (especially around export controls) and requesting they be enhanced where required, and obtaining senior management for continuing business
Firms can register for upcoming events from the EOCN here.
4.0 INTERNATIONAL UPDATES
The FATF reviewed the progress of the United Kingdom (“UK”) in meeting their AML and CTF obligations reported in their Mutual Evaluation Report (“MER”). The MERs assess jurisdictions against 40 FATF recommendations.
The UK has been reported as compliant in 24, largely compliant in 15, and partially compliant in 1 recommendation.
The updated consolidated rating table can be found here.
Counties moved onto the grey list are subject to increased monitoring until the deficiencies are addressed; countries on the blacklist have failed to complete the FATF implemented an action plan to address significant deficiencies and are subject to ongoing review.
The grey list includes:
- Burkina Faso
- Cayman Islands
- South Sudan
- United Arab Emirates
Malta has made substantial progress in addressing its deficiencies and is no longer subject to increased monitoring; following the identification of new deficiencies, Gibraltar has been added to the list.
The blacklist includes:
- Democratic People’s Republic of Korea (“DPRK”)
For further details of each jurisdiction’s report in June 2022, click here.
The FATF will monitor the situation and consider at each of its Plenary meetings whether the grounds exist for lifting or modifying these restrictions.
The FATF advised all jurisdictions to remain vigilant to possible emerging risks from the circumvention of measures taken as well as vigilant of threats to the integrity, safety, and security of the international financial systems due to the conflict.
The meeting signifies the final FATF meeting under the German Presidency of Dr. Marcus Pleyer whose focus whilst in presidency included challenges in digitalisation and the balance of data protection. The incoming President will be T. Raja Kumar of Singapore from 1 July 2022.
The FATF confirmed ongoing work to help countries more effectively recover criminal assets. The upcoming report will discuss countering money laundering from ransomware attacks and provide an update on best practices to combat the abuse of non-profit organisations. Further reports are set to be released which discuss the misuse of citizenship and residency by investments schemes, guidance on how to assess the implementation of the “United Nations Convention against corruption”, and a review on how the non-financial sector may facilitate corruption.
The FATF also released a white paper for public consultation on revisions to recommendation 25 (of the FATF 40 recommendations) relating to transparency and beneficial ownership of legal arrangements.
The proposed amendments and clarifications or feedback cover topics such as:
- countries should require trustees of any express trust governed under their law to obtain and hold adequate, accurate, and current beneficial ownership information regarding the trust
- all countries should take measures to ensure that trustees disclose their status to financial institutions and DNFBPs when, as a trustee, forming a business relationship or carrying out an occasional transaction above the threshold
- competent authorities, and in particular law enforcement authorities, should have all the powers necessary to obtain timely access to the information held by trustees and other parties
You can submit your comments before 1 August 2022 by emailing FATF.Publicconsultation@fatf-gafi.org with the subject line Comments of [author] on the draft Amendments to Recommendation 25.
You can read the white paper here.
- implementation of an understanding of climate-related risk drivers and incorporating these into the business strategies and risk management frameworks
- board members should assign responsibilities to members or committees and exercise oversight
- appropriate policies, procedures and controls should be implemented across the entire organisation
- climate-related crime risks should be implemented into the three lines of defence framework
- identification and quantification of climate-related financial risks to be incorporated into internal capital and liquidity adequacy assessment process and stress testing programmes
- identification, monitoring and management of all climate-related financial risks that could materially impair the financial condition, including capital resources and liquidity positions; this should correlate with the banks’ risk appetite
- internal reporting systems capable of monitoring material climate-related financial risks and producing timely information to ensure effective board and senior management decision-making
- an understanding of the impact of climate-related risk drivers on their credit risk profiles to ensure that credit risk management systems and processes consider material climate-related financial risks
- an understanding of the impact of climate-related risk drivers on their market risk positions to ensure that market risk management systems and processes consider material climate-related financial risks
- an understanding of the impact of climate-related risk drivers on their liquidity risk profiles to ensure that liquidity risk management systems and processes consider material climate-related financial risks
- an understanding of the impact of climate-related risk drivers on other risks
- use of scenario analysis to assess the resilience of their business models and strategies to a range of plausible climate-related pathways and determine the impact of climate-related risk drivers on their overall risk profile
- incorporation of material climate-related financial risks into their business strategies, corporate governance and internal control frameworks is sound and comprehensive
- identification, monitoring and management of all material climate-related financial risks as part of their assessments of banks’ risk appetite and risk management frameworks
- supervisors should regularly identify and assess the impact of climate-related risk drivers on their risk profile and ensure that material climate-related financial risks are adequately considered in their management of credit, market, liquidity, operational, and other types of risk
- supervisors should utilise an appropriate range of techniques and tools and adopt adequate follow-up measures in case of material misalignment with supervisory expectations
- supervisors should ensure that they have adequate resources and capacity to assess banks’ management of climate-related financial risks effectively
- supervisors should consider using climate-related risk scenario analysis to identify relevant risk factors, size portfolio exposures, identify data gaps and inform the adequacy of risk management approaches
You can read the report here.
The BIS set out its blueprint for the future digital monetary system considering the future of central bank money being held in digital representation within a safe, stable, accountable and open infrastructure in its recent report “Annual Economic Report 2022”. The report examines the limitations of crypto and decentralised finance and its inherent associated risk and explores ways to secure the future of finance.
The report can be read in full here.
5.0 ENFORCEMENT ACTION
Firms are reminded to engage a reputable auditor to review financial statements promptly and diarise reporting obligations.
Firms are reminded to include cyber security in business risk assessments and include developments in the field on the Board’s agenda.
The judgement is subject to appeal proceedings.