Regulatory Update: Middle East Edition – March 2021

The Dubai Financial Services Authority (“DFSA”) held an outreach session to discuss the outcomes from the 2019-2010 Suitability Thematic Review. The review was conducted as part of the DFSA’s continuous effort to strengthen its compliance framework in line with international best practices and recognised standards.

The DFSA found that:

• Firms were often unable to distinguish between client information gathering exercises at onboarding stage, as opposed to information collected for a suitability assessment. Many firms were found to be obtaining information about the clients’ needs, objectives and risk tolerance, but failing to document the conclusion of their assessment.
• Employees lacked general guidance and training in completing suitability assessments, leading to concerns of inconsistencies in the interpretation of policies and procedures and, ultimately, the quality of advice. The “reasonable basis” for making a recommendation or transaction was often unclear.
• There is an inconsistency in suitability regimes with some regimes being more product-focused rather than client-focused or needs-focused. Firms were found to be fitting the client to the product rather than assessing the specific needs of the client. Product-driven assessments are often a ‘tick box’ exercise and may not require employees to consider the rationale for providing advice.
• Model portfolio approaches or specified strategies often mean employees do not consider the suitability of each discretionary transaction and clients could end up with identical portfolios. Firms may advise clients to invest in a portfolio, which is managed by another entity or independent product team, however as the firm is the entity contracting with the client to recommend investment into such portfolio, it must still undertake an appropriate assessment to establish a reasonable basis for the transactions.
• Some firms are excluding “sell” recommendations from their suitability assessments.
• Discretionary investment managers were not considering suitability beyond compliance with the Investment Management Agreements (“IMA”). Whilst these are contractual obligations, firms are cautioned against directly applying the assessment against the suitability for clients.
• The quality of suitability-related document is generally weak. Occasionally there was no evidence that an assessment had been conducted, with some firms merely relying on the recollection of employees who were unable to demonstrate the factors considered in the assessment. Failure to document the suitability assessment and explain the rationale for investment decisions could leave firms exposed if such decisions are challenged.
• Policies and procedures were a repetition of DFSA rules rather than procedural documents tailored to the firms’ client base.
• Firms were unable to distinguish between types of transactions, for example between advisory and execution-only, when providing suitability records.
• There was a failure to consider ongoing suitability in relation to discretionary accounts: while the requirement was made clear in policies and procedures, the objectives of the ongoing reviews were unclear and some ongoing review exercises were treated as social gatherings or opportunities to seek client feedback on service and performance.

The DFSA also mentioned additional factors to be considered in suitability assessments and ongoing reviews, such as the impact of COVID-19 on clients’ financial circumstances, attitude to risk, and plans for the future, in addition to increased volatility and new asset classes (cryptocurrencies).

If firms require further advice on assessing their suitability frameworks against the DFSA thematic review findings and industry best practice, contact Jade Ashpole.

The Dubai International Finance Centre (“DIFC”) has reported its best performance in its 16-year history. In 2020, the number of new firms grew by 20%  to a total of 2,919 firms registered in the DIFC, including 915 financial services companies and 189 FinTech firms. The DIFC represents an international financial market which enhances diversity and sophistication in the financial ecosystem of Dubai.

The DIFC has announced its membership of the World Alliance of International Financial Centres (“WAIFC”). WAIFC is a non-profit association which currently represents nineteen international finance centres across four continents, with an aim to facilitate the co-operation and exchange of best practice. The DIFC will collaborate on topics such as technology within the industry and nurturing Environmental, Social and Governance (“ESG”) goals to support sustainable economic growth.

The DFSA published Consultation Paper No.138 on the Regulation of Security Tokens. Security tokens create rights and obligations similar to conventional investment instruments and are a digital representation of rights and obligations, created, stored and capable of being transferred electronically – using distributed ledger technology (“DLT”). Security tokens are substantially similar in nature, purpose and effect as those conferred by investments.

The proposed regulatory regime will facilitate the use of DLT:

• To offer security tokens to the public and admit the trading of security tokens on trading facilities
• For the trading of security tokens
• For the provision of other financial services relating to security tokens, such as providing custody relating to digital wallets holding security tokens and arranging and advising

In addition, the consultation paper suggests changes to multiple DFSA rulebooks to tailor existing rules to security tokens.

You can read the full consultation paper here.

Comments are welcome by the 29^th April 2021 by submitting here.

The DFSA issued a Dear MLRO Letter on the Decision by the National Committee for Combating Money Laundering and Financing Terrorism and Illegal Organisations (“the Committee”) regarding High-Risk Jurisdictions. The Committee has approved countermeasures that financial institutions (“FI”) and Designated Non-Financial Businesses and Professions (“DNFBPs”) must apply when dealing with high-risk jurisdictions.

The countermeasures are:

• All FIs and DNFBPs shall apply enhanced Customer Due Diligence (“CDD”) measures to all business relationships and transactions with high-risk jurisdictions, including natural persons and legal entities and those acting on their behalf.
• Supervisory authorities shall take the necessary measures to close existing branches, subsidiaries, and representative offices of banks from the Democratic People’s Republic of Korea (“DPRK”) within the State and ensure that, where required, UAE banks terminate correspondent relationships with DPRK banks as instructed by relevant UN Security Council Resolutions.
• All FI and DNFBPs shall report any transactions involving natural persons or legal entities from high-risk jurisdictions before conducting such transaction. Such reported transactions may only be executed three working days after reporting such to the UAE Financial Intelligence Unit (“FIU”), and if the FIU does not object to conducting the transaction within the set period.
• All supervisory authorities in the UAE shall impose increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in a high-risk jurisdiction.
• Supervisory authorities shall remind all FIs and DNFBPs of the requirement to implement targeted financial sanctions in accordance with applicable UN Security Council Resolutions, to protect the financial and non-financial sectors in the UAE from money laundering, terrorist financing and proliferation financial risks.

FI and DNFBPs in the UAE must review the list on a regular basis and consider the countries’ risk rating when devising and applying risk-based compliance measures and CDD.

The Abu Dhabi Global Market Registration Authority (“ADGM RA”) has taken action against Elmar Capital SPV Limited (“ECSL”) for purporting to conduct controlled activities beyond the scope of its commercial licence. ECSL is authorised to conduct non-financial activities of a special purpose vehicle, yet the company website used language which suggested that ECSL was licensed to conduct financial services. ECSL promptly took action to rectify the misrepresentation and the ADGM RA charged USD 5,000 by way of a final notice.

Firms are reminded to review the content of material hosted on their website and social media outlets to ensure all client communications and marketing material are compliant with relevant rules and regulations and are within the scope of their licence.

The ADGM RA has entered into a Memorandum of Understanding (“MoU”) with the United Arab Emirates University (“UAEU”) Science and Innovation Park to welcome startups fostered by the UAEU to join co-branded initiatives to develop growth initiatives across the UAE. The UAEU Science and Innovation Parks partners and enrolled entities will be able to apply for a licence in the ADGM and both parties can participate in their respective industry events.

The Department of Government Support represented by Abu Dhabi Digital Authority (“ADDA”) and Abu Dhabi School of Government (“ADSG”) and in collaboration with Abu Dhabi Global Market Academy (“ADGMA”), has launched a joint initiative: the Abu Dhabi Digital Programme (“ADDP”). The ADDP is a three-stage digital transformation and strategy initiative educating participants on disruptive digital technologies and concepts. The programme consists of three levels: Awareness, Application and Strategy.

Participants will develop awareness through intensive training, progressing to the application of specialist areas, such as artificial intelligence and cybersecurity, and completing the strategy module by joining one of three leadership tracks. The leadership tracks include the Future Digital Leader Programme, the Young Digital Leader Programme and the Executive Digital Leadership Programme. The ADDP participants will receive the Foundations of Digital Transformation Certification

The Financial Services Regulatory Authority’s (“FSRA”) Financial Crime Prevention Unit (“FCPU”), in collaboration with the Executive Office of the Committee for Goods and Materials Subject to Import and Export Control, hosted a webinar on the Targeted Financial Sanctions (“TFS”) Proliferation and Terrorist Financing aimed at Financial Institutions (“FIs”).  The workshop raised awareness of Cabinet Resolution No.74 of 2020, concerning the UAE’s list of terrorists and looked at the implementation of UN Security Council’s decisions and relevant resolutions relating to preventing and countering financing terrorism and leveraging non-proliferation of weapons of mass destruction. All FIs and Non-Financial Businesses and Professions (“DNFBPs”) located in the UAE are required to comply with the resolution and the session aimed to clarify the responsibilities and required procedures for FIs in dealing with sanctioned individuals and entities included in the UN Security Council’s sanctions lists, alongside local terrorism lists issued by the Council of Ministers.

FIs are reminded to:

• subscribe to the Executive Office mailing list by visiting the website here
• have appropriate internal controls in place to enable them to comply with the most recent publication of targeted financial sanctions of the UNSC consolidated lists and local lists and:
  • freeze assets without delay and notify their supervisory body within two days of any confirmed matches in relation to new or existing clients (individual and corporate)
  • reject the potential new clients and notify their supervisory body of the match within two days
  • if an FI cannot confidently verify a match, report the potential match to the supervisory body for further investigation.

Violations of the resolution could expose FIs to administrative penalties and criminal prosecutions, both at a personal and corporate level.

The UN Consolidated List and UAE National List can be found on the Executive Office website here.

The FSRA issued a corresponding Dear SEO letter to the DFSA, on the Decision by the National Committee for Combating Money Laundering and Financing Terrorism and Illegal Organisations (“the Committee”) following the Committee’s publication of approved countermeasures that FI and DNFBPs must apply when dealing with high-risk jurisdictions.

For more information, refer to section 1.6.

The Ministry of Economy (“MoE”) has issued 26 violations with regards to Anti Money Laundering (“AML”) and Counter Terrorist Financing (“CTF”) crimes. The violations apply to DNFBPs supervised by the Ministry which fall under the category of brokers and real estate agents, dealers of precious metals and gemstones, auditors, or corporate service providers.

The violations include:

• Dealing with fake banks in all ways
• Opening or maintaining bank accounts with fake names or numbers without the names of their owners
• Failure to take measures related to clients listed on international or domestic sanctions lists, prior to establishing or continuing a business relationship
• Failure to take enhanced due diligence measures to manage high risks
• Not notifying the FIU of a suspicious transaction report when it is not possible to undertake due diligence measures towards a client before establishing or continuing a business relationship with them or carrying out a transaction for the benefit of the client or in their name
• Failure to respond to the additional information request by the goAML platform regarding the suspicious transaction report that has been filed
• Disclosure, directly or indirectly, to the customer or to others about reporting the customer or the intention to report them, on suspicion of the nature of the business relationship
• Failure to implement the measures set by the National Committee to Combat Money Laundering with regard to clients from high-risk countries
• Failure to take the necessary measures to determine the risks of crime in one’s field of work
• Failure to identify and assess risks that may arise in their field of work when developing provided services or undertaking new professional practices through his establishment;
• Failure to take due diligence measures towards clients before establishing or continuing a business relationship or carrying out a process in the name of, or for the benefit of, the client
• Failure to verify (using documents or data from a reliable and independent source) the identity of the customer and the real beneficiary, or someone on their behalf, before or during establishing a business relationship or account opening, or before carrying out a process for a client with whom they have no existing business relationship
• Delay in informing the goAML platform of a suspicious transaction report if there is suspicion, or reasonable grounds to suspect, that the business relationship with the customer is linked to the crime in whole or in part, or that the client’s money that is the subject of the business relationship is from the proceeds of a crime or used in it
• Failure to apply due diligence measures towards politically exposed clients before establishing or continuing a business relationship
• Not creating records to keep track of financial transactions with clients
• Failure to take necessary measures and procedures to reduce the identified risks according to the results of either the national risk assessment or self-assessment, given the nature and volume of its work
• Failure to set internal policies, procedures and controls at the facilities aimed at combating the crime, or engaging in a suspicious business relationship
• Failure to take simplified due diligence measures to manage low risk
• Failure to take the necessary measures to understand the purpose and nature of the business relationship, or failure to seek to obtain information related to this purpose when needed
• Failure to take the necessary measures to understand the nature of the client’s business, the ownership structure of the business, and the extent of the client’s control over it
• Failure to take due diligence measures of continuous monitoring towards clients during the business relationship
• Failure to appoint a compliance officer
• Failure to create records for keeping financial transactions with clients in a regular manner that allows data analysis and tracking of financial operations
• Failure to keep records of financial transactions and documents related to them for a period of five years from the date of completion of the process or the termination of the business relationship with the customer or from the date of the end of the inspection process of the facility
• Failure to provide information related to customer due diligence and continuous monitoring and results of their analysis, as well as their records, files, documents, correspondence and forms to the concerned authorities upon their request
• Failure to train employees on countering money laundering and combating terrorism financing

Firms should be aware that fines range from AED 50,000 to AED 1 million per breach.

If you have any questions or concerns regarding Cabinet Resolution No. (16) of 2021, please contact Jade Ashpole

The UAE Securities and Commodities Authority (“SCA”) have signed a Memorandum of Understanding (“MoU”) with Sharjah Media City (“Shams”) with the aim of promoting investor awareness and offering training programmes targeting financial markets. In addition to this, Shams will be cooperating with the SCA to produce studies and research papers to enhance the levels of professionalism and increase awareness of financial products and instruments traded in financial markets.

The SCA held its first board meeting of 2021 to discuss initiatives aimed to improve the financial services sector. The agenda included development matters such as:

• Amendment to Article 9 of the SCA Board Chairman’s Decision No. (3/Chairman) of 2020 Approving the Governance Guide for Public Joint-Stock Companies, requiring listed companies to appoint at least one woman on their board
• Regulation and transfers of operational and executive powers between SCA and domestic securities markets
• Introduction of a new platform for derivative trading and approved amendments on the commissions on derivative contract trading
• Amendment to the SCA Board Chairman’s Decision No. (32/Chairman) of 2018 on Technical Service Fees Payable to the Securities and Commodities Authority
• Regulation of central depository activities
• Development of a rulebook for financial activities in relation to the distribution of competencies and powers between securities and commodities authorities, and the listed UAE securities and commodities markets.
• The approval of the transfer of operational and executive powers to the markets as agreed upon between SCA, the Dubai Financial Market, and the Abu Dhabi Securities Exchange
• Approval of markets to develop operational rules for presentation to the SCA
• Approval of a service level agreement with the financial markets

The SCA has signed an MoU with the Dubai Multi Commodities Centre (“DMCC”) establishing a framework for the offering, issuance, listing and trading of crypto assets. Businesses dealing with crypto assets in the DMCC will gain access to DMCC’s Crypto Centre and will be supported by a robust regulatory framework. In addition, the agreement fosters blockchain applications and aims to promote growth and integrity in the industry.

The Central Bank of the UAE (“CBUAE”) has issued two new regulatory frameworks: The Large-Value Payment Systems (“LVPS”) Regulation and the Retail Payment Systems (“RPS”) Regulation. The regulations promote a robust financial infrastructure regulating payment systems operating in the UAE for clearing settlements in Dirhams outside of the UAE. The LVPS will set the standard for financial infrastructure systems to support wholesale payment activities in the UAE, while the RPS focuses on systems for retail payments covering all retail payment systems irrespective of currency or means of exchange.

Firms must comply with the regulations by 28^th February 2022.  You can read the LVPS here and the RPS here.

The Saudi Central Bank (“SAMA”) announced the extension of the Deferred Payment Programme (“DPP”) and Guaranteed Financing Programme (“GFP”). The DPP and GFP promote financial sector stability and support economic growth amidst the COVID-19 pandemic and requires the application of preventative measures. The DPP is part of SAMA’s private sector financing support programme and supports micro, small and medium size enterprises (“MSME”). The GFP supports MSMEs, who are subject to supervision from SAMA, and are members of the Small and Medium Enterprise Loan Guarantee Programme (“Kafalah”).

The DPP will be extended until 30^th June 2021 whilst the GFP will be extended until 31^st March 2022.

The Financial Stability Board (“FSB”) Regional Consultative Group (“RCG”) for the Middle East and North Africa (“MENA”) held its 19^th virtual meeting to discuss financial stability in the region during the COVID-19 pandemic. The current membership of the RCG MENA includes financial and regulatory authorities from Saudi Arabia, Algeria, Bahrain, Egypt, Jordan, Kuwait, Lebanon, Morocco, Oman, Qatar, Tunisia, Turkey and the UAE who all exchanged views on the effectiveness of policy measures to support the most vulnerable sectors of the economy, and suggested exit strategies from the temporary support measures.

The FSB identified the following key deliverables for 2021:

• A report on learned lessons from financial policies in response to COVID-19
• Strengthening the resilience of non-bank financial intermediation
• Implementing the G20 roadmap on enhance boarder payment
• Steps to strengthen regulation, supervision and oversight of global stablecoin arrangements
• Transition from LIBOR
• Strengthening cyber and operational resilience
• Analysing and assessing climate related financial risks

The G20 roadmap can be viewed here.

Cabinet Resolution No. 74 of 2020 concerning the UAE list of Terrorists and Implementation of UN Security Council Resolutions on the Prevention and Countering of Terrorism and Terrorist Financing and Non-Proliferation of Weapons of Mass Destruction, and the relevant resolutions is now available. The resolution was reported in our November 2020 Regulatory Update.

You can read the resolution here.

The Financial Action Task Force (“FATF”) has published guidance for supervisory bodies on risk-based supervision. The report highlights the need to move away from traditional tick-box approaches used to monitor and detect money laundering and terrorism financing and adopt new measures for detecting and preventing financial flows that fuel such crimes.

The guidance consists of three sections:

• High-level guidance on risk-based supervision, which explains how supervisors should assess the risks their supervised sectors face and prioritise their activities, in line with the FATF Standards’ risk-based approach
• Strategies to address common challenges in risk-based supervision and jurisdictional examples, including examples of strategies for supervising DNFBPs and virtual asset service providers
• Examples of supervision from across the global network concerning the financial sector, virtual asset service providers and other private sector entities

The report has a particular focus on DNFBPs and Virtual Asset Service Providers (“VASP”).

The FATF issued draft guidance on Virtual Assets (“VA”) and VASPs after a 12-month review, with the aim of producing a report to G20 on ‘so-called’ stablecoins, a class of cryptocurrency. The changes aim to create a level playing field for VASPs and minimise the opportunity for arbitrage between sectors and countries.

The report will provide guidance on six main areas:

1. The definitions of VA and VASP
2. How the FATF Standards apply to ‘so-called’ stablecoins
3. The risks and potential risk mitigants for peer-to-peer transactions
4. The licensing and registration of VASPs
5. The implementation of the ‘travel rule’ for public and private sectors
6. The Principles of Information-Sharing and Cooperation Amongst VASP Supervisors

You can read the draft guidance report here.

The FATF welcomes the views of representatives of the VA community before 20^th April 2021 by emailing [email protected] with the subject line of “Comments of [author] on the draft revised VASP Guidance”.

The United Nations (“UN”) advised the Committee for Goods and Material Subjected to Import and Export Control to amend names on the UAE Terrorist list. Three entities concerning Somalia have been added and one entity concerning Sudan has been removed. Eight entries of ISIL Daesh and Al Qaeda have been amended.

Firms should screen their customer databases against the amended list, which can be found here.

Keep abreast of sanction list updates by subscribing to the Executive Office of the Committee for Goods and Material Subjected to Import and Export Control here.

Trader Adrian Horn, working at Stifel Nicolaus Europe (“SNE”), has been fined £52,000 and is banned from carrying out regulated work by the United Kingdom’s Financial Conduct Authority (“FCA”) for ‘wash trading’.

‘Wash trading’ is a practice which involves trading where there is no change in ownership or risk, creating a misleading impression to other market participants as to the demand, supply, or price of the security. Horn was found to have executed 129 wash trades between himself in the share McKay Securities between June 2018 and May 2019.

Firms are advised to investigate trades conducted through SNE for trades associated with Horn and act accordingly. Firms are reminded of their obligations to report suspicious activity to the relevant supervisory authorities.