Regulatory Update: Middle East Edition – May 2021

The Dubai International Finance Centre (“DIFC”) and Middle East and North Africa (“MENA”) FinTech Association (“MFTA”) have signed a partnership to advance FinTech developments including the launch of the DIFC Innovation Panel. The collaboration hopes to advance future thinking industry sectors in areas such as open banking, RegTech, Payments and Digital Assets. The partnership will deepen the collaborative efforts of regional regulators, industry associations, governments, financial institutions and FinTech businesses. The DIFC Innovation Panel, a forum for FinTech founders, enablers and thought leaders, will provide guidance and advice on developing the FinTech ecosystem and will discuss trends, challenges and opportunities, risks and the impact of innovative technologies in the wider sector.

MFTA is an independent, inclusive, not-for-profit, member-based organisation and an industry body which has 46 cross border FinTech bridges, provides strategic collaborations with regulators and policy makers, and acts as the voice of FinTech businesses across the MENA region.

His Highness Sheikh Mohammed bin Rashid Al Maktoum issued DIFC Law No. 5 of 2021 (“the Law”) repealing the founding DIFC law, DIFC Law No. 9 of 2004. The Law clarifies the roles and responsibilities of the President, the Governor and the DIFC bodies, and confirms the requirements for their adherence to the highest governance and accountability principles. The Law also defines the extent to which entities in the DIFC can promote and supply services and products to customers outside of the DIFC. In addition, the Law segregates the Dispute Resolution Authority into two separate bodies: the DIFC Courts and the Arbitration institute.

The Law sets the DIFC objectives of:

• advancing sustainable growth for Dubai
• developing and diversifying the economy
• increasing the Gross Domestic Product (“GDP”) of the financial services sector

You can read the Law here.

The DIFC FinTech Hive is accepting applications to the 2021 FinTech Accelerator Programme. This year, the programme will be run in a hybrid format and will be available to FinTech startups from around the world looking to access the Middle East market. Participants will be able to pair with leading financial services companies such as banks, investment firms and insurance firms, and will have access to workshops, marketing and PR exposure, as well as networking and partnership opportunities. In addition, the successful participants will have access to the DIFC’s regulatory sandbox and the opportunity to pitch to key stakeholders and investors, including the DIFC’s FinTech Fund.

Startups wishing to participate in this year’s cohort can find out more information here.

His Highness Sheikh Maktoum bin Mohammed bin Rashid Al Maktoum, Deputy Ruler of Dubai and President of the Dubai International Financial Centre, officially inaugurated the DIFC Innovation Hub located in the Gate Avenue, which forms part of the Dubai Future District. The new facility aims to foster innovation, enterprise and talent across many sectors, focusing on future orientated industries. The DIFC Innovation Hub is set to play a key role in the success of many startups, tech unicorns and big tech firms. Due to the popularity amongst the community, an expansion has been approved to accommodate a further 1,000 businesses over the next two years. The inauguration of the DIFC Innovation Hub allows it to work alongside the DIFC Academy’s Future Campus, DIFC FinTech Hive, and the DIFC Innovation Licence and offers the opportunity to pitch to the DIFC FinTech Fund.

The Dubai Financial Services Authority (“DFSA”) issued the 2020 Annual Report assessing the key DFSA-wide initiatives as well as divisional initiatives.

The DFSA commented on its successes as part of each initiative:

• Being standard setters. The DFSA:
  • participated in various working groups, committees and task forces publishing beneficial papers and reports contributing to the banking, insurance, securities and markets, Islamic finance and audit industries.
  • developed its Anti Money Laundering (“AML”) and Counter Terrorist Financing (“CTF”) measures in line with the Financial Action Task Force (“FATF”) and the Organisation for Economic Co-operation and Development (“OECD”).
• Innovation as the new normal. The DFSA:
  • supported the development of new and disruptive technologies in the marketplace.
  • provided clear regulatory direction for firms providing innovative solutions and consumers accessing the products and services.
  • implemented a “Digital Data Strategy” drawing beneficial market trends and insights from the work it conducts.
  • introduced the “money services regime”.
  • continued to share knowledge taken from each of its initiatives with the wider regulatory community.
  • drafted an engagement plan for RegTech firms through 2021.
• Development of UAE Nationals.
  • the DFSA successfully developed UAE talent through the Tomorrow’s Regulatory Leaders (“TRL”) programme and the Bawabaty Professional Pathway.

In addition, the DFSA assessed its initiatives for general counsel and legal, strategy, policy and risk, supervision, markets, enforcement, international relations, human resources and operations divisions.

Further details of the Annual Report can be found here.

The DFSA issued a Dear MLRO letter for the attention of financial institutions and Designated Non-Financial Businesses or Professions (“DNFBP’s”). The guidelines reinforce the statutory obligations under the UAE Federal AML and CTF legislation and set the minimum expectations of the Supervisory Authorities. The guidelines detail the expectations regarding the identification and assessment, mitigation, administration and reporting of money laundering and terrorist financing risks.

The guidance suggests firms should:

• continuously assess, document and update their AML and CTF measures against the firm’s specific risk.
• take a risk-based approach to their assessments and apply appropriate mitigation measures such as systems and controls, and a suitable compliance programme.
• use an array of resources such as published red flag indicators, the compliance community, and national sources and international sources to inform their AML and CTF risk assessment.
• formulate risk scenarios and assess the likelihood of their occurrence and impact, as well as determining the inherent risk factors, should those risks materialise.
• use national and international assessment to inform their own assessment of customer risk.
• consider the types of customers, customer base and the maturity of any relationship to assess customer risk as well as the complexity of the customers legal, ownership, or direct and indirect structures.
• understand the true geographical risk by assessing where the customer has offices, branches and subsidiaries.
• use the FATF’s guidelines to reflect the customers regulatory and supervisory framework, reputational issues and links with sanction lists.
• use typology guidelines to assess the product, services and transaction-related risks.
• consider the conceptual, operational, legal, technological and other complexities of the product, service, or transaction type.
• consider the level of transparency and transferability of ownership or control of products, services, or transaction types, particularly in respect of the ability to monitor the identities and the roles/responsibilities of all parties involved.
• pay attention to product or service deliveries which have the potential to favour anonymity.
• carefully assess novel products, services, transactions, or channel types.
• evaluate the degree to which their operational processes and/or their customers expose them to the risk of exploitation.
• Firms are reminded to keep risk policies and assessments including methodologies and procedures, relevant to their AML and CTF risks, and detail the inherent and residual risks.

You can read the financial institution guidance here. You can read the DNFBP guidance here.

CCL Compliance can assist to assess your firm’s documentation, procedures and controls to capture national and international trends and guidance, as well as specific risks to your sector.

The Executive Office for the UAE Committee for Goods and Materials Subject to Import and Export Control has issued a new template for the UAE Local Terrorism list which includes useful identifiers such as the name in both English and Arabic, the date and place of birth, the last known address, and identification numbers (if available).

Firms are urged to review the updated template to ensure compliance with the relevant AML / CTF laws.

You can view the updated list in Arabic here.

His Highness Sheikh Hazza bin Zayed Al Nahyan, Vice Chairman of the Abu Dhabi Executive Council announced the Abu Dhabi Global Market (“ADGM”) annual festival “FinTech Abu Dhabi”. The event will consist of the “Search Global Tour” to identify and invite firms to join the FinTech100 and participate in the “Innovation Challenge” responding to challenges set by corporate champions.

The event will also host the following forums:

• FinTech for Good – a sustainability FinTech innovation forum
• CxO21 – a corporate innovation & digital banking forum
• Token – a digital token forum
• Risk4.0 – a financial security forum
• FinTech Souk – a retail & payments forum

The event will take place on 22^nd-24^th November 2021 and will be hosted both virtually and onsite in the ADGM.

Attendees can register here.

The Abu Dhabi Global Market Arbitration Centre (“ADGMAC”) has entered into a cooperation agreement with the Sharjah International Commercial Arbitration Centre (“TAHKEEM”) promoting the use of arbitration and mediation across the UAE. The agreement will enhance the accessibility, efficiency and effectiveness of using commercial arbitration and mediation by collaborating on key activities, sharing knowledge and facilitating educational opportunities. Both parties agree to support each other on the logistical elements of holding a hearing or meeting in each other’s jurisdictions.

The ADGM Financial Services Regulatory Authority (“FSRA”) has updated the Venture Capital Funds(“VCF”) framework. The change will affect managers of VCFs by amending the authorisation criteria as well as the ongoing regulatory requirements and the administration of fee payments. The updated framework takes into account the industry feedback in a risk proportionate and commercially viable manner.

The FSRA Rules for Venture Capital Managers can be found here; the Supplementary Guidance on the Regulatory Framework for Fund Managers of Venture Capital Funds can be found here; and the Fee Rulebook can be found here.

The ADGM Office of Data Protection (“ODP”) and the Jersey Data Protection Authority (“JDPA”) have signed a Memorandum of Understanding (“MoU’) with the aim of facilitating cooperation between both jurisdictions. The MoU will allow for initiatives to raise awareness of data protection principles as well as the safeguarding measures required to protect individual’s rights in the respective jurisdictions.

Firms are reminded that the ADGM Data Protection Regulations 2021 are enforceable from 14^th August 2021for firms established after 14^th July 2021; for firms established before 14^th July 2021, the regulations are enforceable after 14^th February 2022.

You can review our ADGM Data Protection article here.

The FSRA issued a Dear Senior Executive Officer (“SEO”), Money Laundering Reporting Officer (“MLRO”) and Principal Representative (“PR”) letter regarding the typologies on the circumvention of targeted sanctions against terrorism and the proliferation of weapons of mass destruction, making firms aware of the newly issued targeted financial sanctions typologies paper. The typologies paper acknowledges the top four most common methods used by terrorist financiers as:

• the formal banking systems
• cash smuggling
• the use of money service businesses
• and informal remitters/hawala

Firms are advised to closely monitor ‘red flag’ situations.

Highlighted ‘red flag’ situations include:

• dealings in sectors vulnerable for terrorist financing and/or proliferation of weapons of mass destruction
• dealings, directly or through a client of your client, with high-risk countries for terrorism financing
• dealings, directly or through a client of your client, with sanctioned countries or territories where sanctioned persons are known to operate
• the use of shell companies through which funds can be moved locally and internationally by misappropriating the commercial sector in the UAE
• dealings with sanctioned goods or under embargo
• dealings with dual-used goods
• dealings with controlled substances
• identifying documents that seemed to be forged or counterfeited
• identifying tampered or modified documents with no apparent explanation, especially those related to international trade
• use of intermediaries
• when the flows of funds exceed those of normal business
• the activity developed or financed does not relate to the original or intended purpose of the company or entity
• very complex commercial or business deals that seem to be aiming to hide the final destination of the transaction or the good
• complex legal entities or arrangements that seem to be aiming to hide the beneficial owner
• carrying out of multiple ATM cash withdrawals in short succession (potentially below the daily cash reporting threshold) across various locations in territories where sanctioned people have influence or in the border of sanctioned countries
• irregularities during the CDD process
• the use of virtual assets to send funds to a few select wallets at unregulated virtual assets exchanges
• the transfer of funds to a virtual assets exchange’s operational banking account (to fund a virtual asset wallet) followed by the crypto-to-fiat conversion (either more or less) from the same exchange within a relatively short period of time

The paper will work as a useful reference to understand trends and methods used by sanctioned persons, groups or entities.

You can read the full paper here.

The Securities and Commodities Authority (“SCA”) and the Ministry of Economy (“MOE”) launched the FinTech Megathon 2021 which consists of two sprints ending in February 2022.  The Megathon focusses on challenges found in thematic areas such as asset management/investment advisory, digital assets/cryptocurrencies, crowdfunding, Forex, Small and Medium Size Enterprises (“SME”) financing, financial inclusion and suptech/RegTech. The sprints include workshops, training sessions and two hackathons, and encourage investors, financial institutions, regulators and other ecosystem partners to collaborate to address industry issues.

To register click here.

The SCA headed the Union of Arab Securities Authorities (“UASA”) meeting to discuss developments in the Arab capital markets in 2020 and the effects of Covid-19. The UASA Strategic Plan for 2021- 2025 was discussed with the general rules for Arab capital markets, the development of a handbook highlighting the key UASA activities and the amendment of existing UASA regulations. The launch of e-learning programmes and training courses was also discussed, as well as the UASA’s annual report and the accepted membership of the DFSA to the UASA board. Achievements were noted in the area of supervision, legislation, regulation, and enforcement.

The Central Bank of the UAE (“CBUAE”) celebrates the graduation of its first cohort of Risk-Based Supervision Professionals. The cohort consisted of 25 UAE Nationals who studied areas such as financial and market conduct risks, AML and CTF measures. The programme, designed in cooperation with the Institute of Banking, aims to enhance the skills of CBUAE supervisors who examine licensed institutions.

CBUAE announced its collaboration with SWIFT to enhance the speed and transparency of cross-border payments. The collaboration will integrate the CBUAE domestic UAE Fund Transfer System (“UAEFTS”) with the SWIFT “gpi tracker” allowing users a seamless transmission between the SWIFT network and the UAEFTS. Users will have the ability to track payment flows end-to-end in real time due to SWIFT’s tracker system.

CBUAE has issued a new regulation covering licensing, prudential and conduct requirements for specialised banks. Specialised banks are governed under a low-risk regulation framework allowing their financial activities to service the local community in a robust and prudent manner. Specialised banks can now operate the financial activities of account opening, card issuance, and retail and wholesale lending to UAE nationals and residents, and they are permitted to operate accounts in UAE Dirhams. Banks falling within the criteria will be required to set a minimum paid up capital of AED 300 million (to be maintained at all times) as well as meeting a risk-based capital adequacy requirement.  The banks can operate as a conventional bank or with an Islamic window.

The new regulations came into force on the 30^th April 2021.

You can read the regulations here.

The Central Bank of Bahrain (“CBB”), Bank ABC and J.P. Morgan announced a digital currency settlement pilot scheme which aims to improve the customer experience for safe and efficient settlement solutions for instantaneous cross-border payment solutions. The pilot will test payments in USD between buyers and suppliers, speeding up transaction times by eliminating the need to hold the funds in advance. The collaboration hopes to facilitate central bank currencies in the future.

The UAE Ministry of Economy (“MOE”) has requested companies registered in the UAE to submit authentic details of their beneficiaries in line with the Cabinet Resolution No. 58 of 2020 regulating the ultimate beneficial owner procedures.

Firms will be expected to:

• create a record of the establishments real beneficiaries and keep the details at the firm’s headquarters
• submit an undertaking to establish the registry through the relevant licensing authorities websites
• add the registry data to the licensing authorities system through the relevant licensing authority website.

There is an exemption for government-owned companies and financial free zone establishments. The MOE reserves the right to issue warnings and fines of 100,000 AED.

Firms have until 30^th June 2021 to update their details.

The Financial Conduct Authority (“FCA”) in the United Kingdom proposes expanding its existing rules and principles to ensure that firms provide a higher level of customer protection. The proposal follows multiple investigations which highlighted that many firms providing information which was misleadingly presented or difficult for consumers to understand.

The expansion of rules and principles in consumer protection aim to shift the culture and behaviour in financial institutions to provide services and products that are suitable for the consumer.

The enhancements will focus on three key elements:

1. The Consumer Principle. The FCA sets overall standards to which firms must adhere of acting in the customers’ best interest and in delivering good outcomes for retail clients.
2. Cross-cutting rules. The rules will require ethical behaviours from firms, namely avoiding foreseeable harm to customers, taking all reasonable steps to enable customers to pursue their financial objective and to act in good faith.
3. It will be underpinned by a suite of rules and guidance.

Firms are welcome to comment on the consultation paper here until 31^st July 2021.

The CBUAE has revoked the licence of S&S Brokerage House and struck their name from the register as a result of the firm ceasing to carry out one of more of its licenced financial activities for a period of one year.

Firms are reminded to review their licences and any additional permissions, endorsements or waivers on an ongoing basis to ensure that their financial activities match their current and projected business activities.

If you require assistance in reviewing and amending your financial service permissions, contact us for advice and guidance.

The MOE has fined an unnamed DNFBP firm 1.35 million AED for eight breaches of AML and CTF laws. The firm was fined for failing to adopt internal policies, controls and procedures commensurate with the volume of its business. The firm also failed to mitigate its AML and CTF risks and committed a series of other offences.

If you require assistance in reviewing and enhancing your AML and CTF systems and controls, contact us for advice and guidance.

The Commissioner of Data Protection (“Commissioner”) has fined an unnamed firm US$30,000 for non-compliance with DIFC Law no.5 of 2020 (“the Law”). The unnamed firm failed to comply with its accountability responsibilities under Article 14(7) of the Law requiring firms to register with the Commissioner and file a notice of their current processing activities.

For details of how you can comply with your data protection obligations under the Law contact us for assistance and guidance.