Regulatory Update: Middle East Edition – May 2022
1.0 DIFC AND DFSA LATEST DEVELOPMENTS
FICCI LEAD, a technology and business incubator of the Federation of Indian Chambers of Commerce & Industry (“FICCI”), and the Dubai International Financial Centre (“DIFC”) have signed a Memorandum of Understanding (“MoU”) to launch the “India – UAE Start-Up Corridor” to expand the start-up ecosystem between the two jurisdictions. Ten start-ups from various sectors, including financial services, education and logistics, have been shortlisted for the inauguration in Dubai. Over five years, 50 start-ups will be marked for development under the MoU to grow 10 participants into unicorns (start-ups valued at more than US$1billion) by 2025. The corridor will contribute to the UAE’s aim to home 20 unicorn firms by 2031 and the objective of FICCI to grow the Indian start-up ecosystem to have a more global reach.
The Dubai Financial Services Authority (“DFSA”) issued amendments to legislation following Consultation Paper (“CP”) No.142 – Credit Funds.
The DFSA rulebook updates summaries are as follows:
- Collective Investment Rules (“CIR”) module updates:
- applicability of rules for exempt funds:
- chapter 8, rule 8.2.2(2) does not apply to a credit fund
- chapter 8, rule 2.2.2(2) and sections 8.3 and 7.4, other than rules 8.3.1(2) and 8.4.1(1)(a), do not apply to a venture capital fund
- applicability of regulations for Qualified Investor Funds (“QIF”):
- chapter 8, rule 8.3 applies to a credit fund; for all other QIF’s rule 8.1.1, 8.1A.1, 8.1A.2, 8.4.1(1)(a) and 8.10.1
- chapter 8, rule 8.3.1(2) applies if the QIF is a venture capital fund
- chapter 8, section 8.3 applies if the QIF is a credit fund
- chapter 8, rule 8.6A.1 applies if the QIF is an open-ended fund
- chapter 13, rule 13.12
- rule 14.4.13 on prospectus disclosure
- article 27(1)(e) will not apply where it is a fund manager of a credit fund
- rule 3.1.15 defines credit funds as:
- a domestic fund with an investment objective of at least 90% of its fund property to provide credit, including acquiring loans (“acquiring” in the context of rule 3.1.15 means to purchase, take transfer of, take credit risk or part of credit risk attaching to, or take other exposures to the loan)
- a foreign fund if its investment objective is, or includes, providing credit, including by acquiring loans
- updated rules include:
- rule 6.1.5 prohibits an external fund manager from managing a domestic fund that is a Credit Fund
- rule 6.2.3 prohibits a fund manager from managing an external fund that is a Credit Fund
- rule 13.12 applying to fund managers of a Credit Fund covers:
- investment vehicles; the fund manager must ensure that the Credit Fund is an investment company or investment partnership, a closed-ended fund, and either an exempt fund or a QIF
- fund managers of Credit Funds which hold fund property must have effective arrangements in place to ensure that fund property is not available to creditors of the fund manager or another fund it manages in the event of insolvency
- fund managers must appoint an eligible custodian unless the rules provide otherwise
- the fund manager is responsible for ensuring that the Credit Fund does not provide a letter of credit, financial guarantee or trade finance (unless the finance is for the trade of goods or services that takes wholly within the state of another county)
- the fund manager must ensure that the Credit Fund does not provide credit to a natural person, a fund manager (or a related party of the fund manager or any person acting for or on behalf of the fund manager), another fund or fund manager, a financial institution (or related person), a person who intends to use the credit for the purpose of trading in investments, commodities or crypto assets, or a person who intends to use the credit for the purpose of providing credit
- the fund manager must ensure that the Credit Fund has appropriate policies and procedures in place
- the fund manager must ensure that:
- credit granting and acquisition of loans are based on sound and well-defined criteria, and the processes for approving, amending, renewing and re-financing credit and acquiring loans are clearly established
- internal methodologies are in place to assess the credit risk of exposures to individual obligations, securities or securitisation positions and credit risk at the portfolio level, which cannot rely solely or mechanistically on external credit ratings
- there is ongoing monitoring for the various credit risks bearing portfolio positions and exposures
- measures are in place for adequate diversification of credit positions
- there are credit risk mitigation measures applied where required
- there are concentration risk mitigators, where required
- there is a suitable annual stress testing programme, the results of which must be reported to the DFSA
- there is a suitable risk diversification strategy that meets the rules, including a risk diversification limit of 25% of net assets, within three years from the date the fund is established, and the fund manager must take reasonable steps to ensure it is not breached
- there are clear rules of redemptions and distributions
- no money is borrowed for use by the Credit Fund on the terms that the borrowing is to be repayable out of the fund property unless certain conditions are met which includes that the borrowing does not on any day exceed 10% of the net asset value of the fund property
- annual and interim reports should include the information about credit provided and loans acquired, including loan-to-value ratio and breakdown between senior secured debt, junior debt and mezzanine debt
- risk warnings are suitable and are prominent in marketing material
- rule 14 clarifies that the prospectus of a Credit Fund must include specific disclosures, including risk warning, lending strategy, concentration risk, diversification strategy and limitations on borrowing
- rule 15 extends the circumstances where authorised firms are allowed to offer a unit of a foreign Credit Fund in accordance with Article 54(1)(a)(i) and (ii) of the Collective Investment Law 2010 to include the condition to be a Credit Fund
- General Module (“GEN”) update:
- rule 2.12 defining what is considered as “managing a collective investment fund” clarifies the inclusion of financial services offered in relation to a Credit Fund, providing credit, arranging credit or advising on credit
- Glossary (“GLO”) module updates:
- Credit Fund is defined in CIR Rule 3.1.15
- QIF is defined as a Qualified Investor Fund
- Prudential – Investment, Insurance intermediation and Banking (“PIB”) module updates:
- increase in base capital for a Category 3C firm to US$140,000 if it manages a Credit Fund
- reporting obligations for Category 3C firms who manage a Credit Fund now include:
- B310 – Large Exposure
- B320 – Arrears and Provisions
- B340 – Credit Activity
- B350 – Trade Finance Activity
- Fees module update:
- applicable for licence fees of US$10,000 where the firm is managing a collective investment fund which is a Credit Fund
- applicability of rules for exempt funds:
Amendments to the rulebook are enforceable from 1 June 2022 and can be read in full here.
The DFSA issued a warning on the impersonation of the DFSA, authorised firms and the UAE authorities. Individuals were found to have provided a fake fund investment management contract replicating the authorities’ logos in a recent scam.
Following the publication of two thematic reviews, the DFSA presented an outreach session to discuss key findings relating to trade finance, correspondent banking, electronic fund transfers and brokerage. The outreach session highlighted the following weaknesses:
- regarding Anti Money Laundering Business Risk Assessments (“ABRA”), it was noted that:
- firms provided incomplete assessments as the recommended vulnerabilities were not fully assessed and documented
- ratings must be provided for both inherent and residual risks
- quantitative data is not documented
- risk controls were not documented or where they were documented the evaluation of such controls were not documented in detail
- findings from assurance and risk reports were not considered
- the National Risk Assessment for the UAE was not considered
- customer risk assessments were found to be missing crucial factors such as a full assessment of the clients business, and evidence was often not suitable
- Source of Wealth and Source of Funds lacked meaningful evidence
- with regards to trade-based finance, the DFSA highlighted the following weaknesses:
- governance oversight for intra-group outsourced functions for managing AML risks (particularly Trade-Based Money Laundering (“TBML”) risks)
- failure to provide training or training provided was not specific to risks
- ABRA did not adequately identify TBML risks
- Customer Risk Assessments (“CRAs”) were not sufficiently sensitive to trade finance products and other TBML risk indicators
- where ongoing Customer Due Diligence (“CDD”) was conducted, it was ineffective in identifying and monitoring higher TBML risk activities and transactions
Firms are reminded that:
- ABRAs should fully address the vulnerabilities addressed in AML rule 5.1.1(b) and explain the controls in place to mitigate the risk, in addition to providing a risk rating for both the inherent and residual risk
- CRAs should document the identification information on the customer and beneficial owners, information on the intended nature of the business relationship and information on the reasons for the transaction
- CDD must be conducted as directed by your policy, and your policy should be suitable to the type of due diligence required; refresher CDD should be undertaken in a timely matter and documented
- CDD policies should be suitable for the business and the risks presented; they should also consider appropriate triggers for ad-hoc CDD requirements
- policies should not be a copy and paste of the DFSA rulebook and must be tailored to the business needs
- due diligence questionnaires should use the Wolfsberg principles
- compliant culture must come from the top
- review and maintain an effective three lines of defence
- training should be specific and contain relevant case studies
Lori Baker, VP, Legal & Director of Data Protection, Office of the Commissioner of Data Protection, hosted “Tuesday talks with Lori” on notifications under the DIFC Law no.5 of 2020 on Data Protection. Following Article 14 (7), all firms processing personal data must notify the Commissioner of Data Protection of their processing activities on an annual basis or ad hoc where required, using the DIFC Portal. It has been observed that firms misclassify personal data and in particular, misclassify special categories of personal data.
Special categories of personal data are any personal data revealing, directly or indirectly:
- racial or ethnic origin
- communal origin
- political affiliations or opinions
- religious or philosophical beliefs
- criminal record
- trade-union membership
- health or sex life
- genetic data
- biometric data
Firms are exposing themselves to a potential fine of US$25,000 for failure to notify.
Firms are reminded to:
- keep their data protection notification relevant and up to date on the DIFC portal
- submit their data protection notices on an annual basis
- conduct a thorough assessment of personal data processed and ensure that a record of processing activity records the data processed
If you need further data protection guidance, you can download our helpful articles here.
2.0 ADGM AND FSRA LATEST DEVELOPMENTS
The Abu Dhabi Global Market (“ADGM”) Registration Authority (“RA”) issued consultation paper no.3 of 2022 “Proposed Changes to ADGM Commercial Legislation”.
The paper proposes:
- introduction of late filing fees of US$150 per month, capped at three months for certain reports
- introduction of commercial licence renewal obligations where:
- no late renewal fee will be issued where an application to renew is made within one month
- a late renewal fee issued after the one month grace period will accrue every month at US$150 per month, capped at three months
- a fee for failing to notify the RA that the commercial licence will not be renewed within the defined period
- a simplified strike off process for companies and Limited Liability Partnerships
- to amend referencing to working days to mean Monday – Friday
- removing the obligation to have Restricted Scope Company “RSC” in the name of the company
The Financial Services Regulatory Authority (“FSRA”) of the ADGM welcomes applications for the 5th Regulatory Laboratory (“RegLab”) sandbox programme. This year, the programme focuses on the decentralised Web 3.0 (a future version of the internet based on public blockchains) and token economy to foster innovation in the UAE financial services market. Decentralised Finance is considered to be an emerging part of the global financial services ecosystem as it delivers efficient and tailored financial services using Distributed Ledger Technology and virtual assets. The FSRA will closely monitor and assess the risks associated with the newer technologies and use the insights from the cohort to ensure appropriate regulations are in place.
Applications will be accepted here until 15 July 2022.
The FSRA has issued a mandatory questionnaire to ADGM firms as part of various initiatives being led by the National Committee for AML/CFT, and Targeted Financial Sanctions (“TFS”) to demonstrate effective compliance. The questionnaire aims to assess the systems and controls in place for firms to identify and mitigate AML, CTF and TFS risks within their firms. The themes produced from the responses will be reported in future thematic reviews.
The FSRA may sample test the responses to the self-assessments as part of standard supervisory activities and the upcoming thematic reviews.
On 4 March 2022, the Financial Action Task Force (“FATF”) placed the UAE under increased monitoring to ensure that the UAE improves specific areas that require further enhancements in its anti-money laundering and countering the financing of terrorism (“AML/CFT”) regime. The Financial Crime Control Prevention Unit (“FCCP”) and UAE’s National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organisations Committee issued notice no.14 of 2022 “Interpretative Note on Assessing Jurisdictional Risk and the Consequential Application of AML/CFT Obligations in light of United Arab Emirates Grey Listing by the Financial Action Task Force”. The notice considers jurisdictional risk assessment and the consequential applicability of AML/CTF obligations in light of the UAE’s addition to the grey list.
Financial Institutions (“FI”), Designated non-Financial Businesses and Professions (“DNFBP”) and Virtual Asset Service Providers (“VASP”) are required to assess the reputational risk of the jurisdiction to assess the risks they are exposed to; however, this obligation is not necessarily to be interpreted as being applicable to UAE natural or legal persons, or residential clients in the UAE. Nonetheless, the application of Enhanced Due Diligence (“EDD”) measures can still be applied as a result of home jurisdiction requirements and the risk-tolerance and appetite of a given FI, DNFBP or VASP.
The entrance to the grey list does not need to be considered a trigger to revise the Financial Crime Risk Assessments or Customer Risk Assessments. CDD measures taken by FIs, DNFBPs and VASPs shall be proportionate to the risks posed from business relationships/transactions with natural or legal persons from such jurisdictions and be effective to minimise such risks. The measures taken may require enhanced customer due diligence depending on the circumstances.
FIs, DNFBPs and VASPs may continue to place reliance on other UAE natural or legal persons. They may continue to apply simplified CDD on UAE or resident customers in situations where lower risks of ML/TF are present.
3.0 MIDDLE EAST REGULATORY UPDATES
The UAE Ministry of Finance (“MoF”) has launched a new centralised portal for submitting the annual reporting and risk assessment for Common Reporting Standard (“CRS”) and /or Foreign Account Tax Compliance Act (“FATCA”) which can be performed between 1 June 2022 and 30 June 2022. The portal can be accessed by clicking here.
Firms are expected to register their nominated maker and checker users before the reporting deadline of 30 June 2022.
The Excel templates for CRS and FACTA annual reporting are accessible on the MOF Portal from 1 June 2022.
FATCA and CRS guidance can be found here.
The Financial Intelligence Unit (“FIU”) issued new codes when reporting suspicious activity reports or suspicious transaction reports via the GoAML platform. The new codes are consistent with various red flags and focus on trade finance, retail banks and sanction related concerns.
The Abu Dhabi Exchange (“ADX”) issued its 2022 edition of the “Abu Dhabi Securities Exchange Operational Rules Booklet”. The booklet is a consolidated guide of the relevant definitions, rules, fees and penalties associated with engagement with and acting on the exchange.
You can read the 2022 booklet here.
The ADX announced that it is facilitating access to the ADX for investors registered with the Securities and Commodity Authority (“SCA”) on other UAE financial markets. The upgrade will allow the National Investor Number (“NIN”) to be registered to the ADX, allowing the trade of eligible securities. The NIN will need to be validated by an accredited brokerage firm on the ADX with an additional requirement of articles of association and a list of authorised signatories for corporate entities.
For more information on the initiative, contact Abdulrahman Saleh Al Khateeb at ALKhateebA@adx.ae.
The SCA issued cabinet resolution no. 36 of 2022 “Concerning Regulating Activity of the Crowdfunding Platform Operator”. The resolution clarifies crowdfunding eligibility both in the Emirates and free zones and covers the rules for operators, allowing for sanctions to be applied where a breach occurs.
The resolution can be found in full here.
Saudi Leadership has approved the FinTech Strategy by the Council Minister’s decision to enhance the Financial Sector Development Programme, a pillar of the Saudi Vision 2030. The decision aims to develop the national economy by diversifying sources of income and enabling financial institutions to support private sector growth. The strategy is designed to support all FinTech-related activities and comprises six key drivers:
- highlighting Saudi’s identity on a global stage
- strengthening the regulatory framework
- supporting the FinTech sector
- developing human resources
- advancing technical infrastructure
- enhancing cooperation both locally and globally.
The Central Bank of Bahrain CBB issued three CPs to enhance its laws and associated rulebooks regarding outsourcing requirements, the secured transaction law and cybersecurity.
You can read the full CPs on:
- outsourcing requirements here
- secured transaction law in Arabic here (Comments are welcome until 13 June 2022)
- cyber security requirements here.
Comments can be submitted by emailing firstname.lastname@example.org.
The Executive Office for Control and Non-Proliferation (“EOCN”) met with a delegation of the Office of Financial Sanctions Implementation (“OFSI”), which is a part of UK’s HM Treasury to share knowledge and experience on the application of targeting financial sanctions in line with the FATF recommendations. During the meeting, the parties discussed the implementation of direct reporting (and freezing of assets, where appropriate) using the EOCN’s new reporting system. In addition, the EOCN presented their training and awareness programme with both parties agreeing on the importance of social media as a key mechanism for promoting awareness campaigns.
The OFSI presented its latest amendments to international anti-proliferation standards discussing data collection methods from relevant authorities and highlighted key strengths and weaknesses of the assessment process. In addition, the parties discussed the latest techniques and methods to avoid sanctions which included the use of front companies and the exploitation of commercial activities as a cover for the passage of funds.
4.0 INTERNATIONAL UPDATES
The FATF reviewed the progress of various jurisdictions in meeting their AML and CTF obligations reported in their Mutual Evaluation Report (“MER”). The MERs assess jurisdictions against 40 FATF Recommendations.
The updates are as follows:
- Israel has been reported as compliant in 16, largely compliant in 19, and partially compliant in 4 recommendations (note that Recommendation 17 was not applicable)
- Guinea Bissau has been reported as compliant in 5, largely compliant in 11, partially compliant in 21 recommendations and non-compliant with 3
- France has been reported as compliant in 19, largely compliant in 18 and partially compliant in 3 recommendations
- Mexico has been reported as compliant in 10, largely compliant in 22, partially compliant in 7 and non-compliant with 1 recommendation
- Turkey has been reported as compliant in 12, largely compliant in 22, partially compliant in 4 and non-compliant with 2 recommendations.
The updated consolidated rating table can be found here.
The Executive Office for Control and Non-Proliferation has issued updates to the United Nations Security Council Sanctions List. Three entities from the sanction committee of Iraq have been removed, and six entities from the sanction committee ISIL Daesh and AlQaida have been amended.
Firms are reminded to monitor geopolitical events and any resulting updates to the international sanctions list to assess their exposure to sanctioned individuals and entities. Sanction contraventions must be reported to the relevant authorities without delay, and regulators will expect to be notified of any sanctions matters that may result in reputational consequences for the firm.
The updated sanction list can be found here.
The Bank for International Settlements (“BIS”) has issued working paper no 1011 on “Big techs, QR code payments and financial inclusion”. The paper discusses the support of big techs to allow small firms and credit intermediaries to enter the market with innovative ideas. The paper finds that the use of apps for mobile payments, through so-called QR codes, simplifies the collection of payments for firms at a reduced cost. This can help firms to increase transaction volumes and to disclose their characteristics via payment data. Big tech firms can process this data – together with other non-traditional information collected on social media, search engines and e-commerce platforms – to generate a credit score. Firms that are typically unbanked and lack financial statements can have access to small loans that are not collateralised and typically used to adjust their liquidity needs. Overall, the use of QR codes could have positive effects for financial inclusion that go well beyond the simple efficient processing of transaction payments. The report sampled the use of QR technologies for payment in around half a million Chinese firms.
You can read working paper no.1011 here.
The BIS issued a second working paper, working paper no 1013, on “Banking in the shadow of Bitcoin? The institutional adoption of cryptocurrencies” to discuss the adoption of crypto-assets in the traditional banking sector and its associated exposure. The paper finds that developments in cryptocurrency markets continue to evolve at a fast-moving pace, amid continuous efforts to develop the crypto ecosystem and expand the range of its business applications. As a result, cryptocurrencies have attracted significant interest among various financial market participants in the recent past. Whilst exposure in conventional banking is still low, there is an increasing interest in exploring opportunities, especially in more innovative focussed economies. However, currently, banks who explored crypto-assets prefer to handle their assets on a regulated crypto exchange.
You can read working paper no.1013 here.
5.0 ENFORCEMENT ACTION
Wells Fargo Advisors were fined US$7M by the United States Securities and Exchange Commission (“SEC”) for AML failures. The SEC found multiple failures to submit suspicious activity reports in a timely manner between April 2017 to October 2021 due to a new AML transaction monitoring system – at least 25 SARs related to suspicious transactions in its customers’ brokerage accounts involving wire transfers to or from high-risk countries.
Firms are reminded to submit any suspicious activity reports through the GoAML portal within 24 hours from the decision to file.