Regulatory Update: Middle East Edition – November 2023

On 9 November, the Dubai International Finance Centre (‘DIFC’) signed a Memorandum of Understanding (‘MoU’) with the Seoul Metropolitan Government. The MoU aims to drive cross-border collaboration with Yeouido Financial District and Seoul Business Agency to promote mutually beneficial business opportunities.  The MoU fosters the sharing of best practices between the financial centres, including its start-up/ scale-up programmes and significant regional events.

You can read the DIFC article here.

On 16 November, the DIFC invited the DIFC FinTech community to join start-up champions on the global stage at the Singaporean FinTech Festival, and FinTech World Cup on 17 November. For US$1M, applicants will complete mentorship opportunities with curated industry leaders and an exhibition space at the second Dubai FinTech Summit.

The festival will allow startups to showcase their solutions to influential investors from the financial services industry. Start-ups will be shortlisted based on their funding profile, post-investment rounds, business partnership, and VC pitch.

You can read the DIFC article here and apply for the FinTech World Cup here.

On 1 November, the Dubai Financial Services Authority (‘DFSA’) reported on its first anniversary since its crypto regime was released. The regime aimed to create a measured, responsible and transparent approach to crypto token businesses by creating a specialist licence for firms to provide financial services from the DIFC. The regime covers financial services wishing to operate crypto token businesses to provide custodial services, manage clients’ assets, establish or manage funds, or provide other financial services. The applicable rules cover financial crime, technology, governance, custody, disclosure, market abuse, and fraud.

The DFSA reports:

• over 100 firms inquiring into the crypto license, both new firms to the DIFC and existing firms wishing to vary licence permissions of which:
  • five crypto token variations were issued
  • three crypto tokens have been recognised, covering 75% of the total crypto market capitalisation including TonCoin and Ripple
  • two applications for crypto tokens recognition are under review.

As part of the review, the DFSA considered market feedback, available products and service offerings and will issue consultations on the following:

• custody
• financial crime
• staking for proof of stake consensus mechanism
• fund management.

You can read the DIFC article on the crypto report here and the authorisation of TonCoin and Ripple here.

On 14 November, the DFSA issued a Dear SEO Letter, ‘Findings from Thematic Review on Financial Promotions made by Crowdfunding Platform Operators’. The SEO letter follows the 6 April 2023 thematic review to assess the firm’s compliance with financial promotion rules and evaluate the adequacy of the systems and controls Crowdfunding Platform Operators (‘CFP Operators’) have in place to identify, manage and mitigate risks associated with financial promotions.

The review covered 200 financial promotions in the form of website, social media, emails, print and other forms of promotions and found that CFP:

• have varying levels of understanding of the application of Regulatory Law, Chapter 3 and General (‘GEN’) module Rule 3.2 (collectively ‘Relevant Rules’) regarding financial promotions
• have generally compliant policies, procedures, systems and controls
• did not appropriately train approvers of marketing materials on the Relevant Rules
• generally understood the rules on issuing material to retail clients and professional clients
• failed to implement procedures for marketing material specifically for professional clients as per Code of Business Module (‘COB’) 3.1.4(1)(c) and 3.2.5(a)
• failed to have a formal process of review and approval of financial promotions
• social media marketing materials were often overlooked
• failed to hold records of all marketing material
• operators did not have an ongoing process for the review of financial promotions
• did not have oversight of suitable policies, procedures, systems and controls when using third parties for the promotion of financial products
• failed to have suitable disclosures and risk warnings in compliance with COB 3.2.6. many were found to have:
  • not presenting a fair and balanced view of the product or services
  • did not identify the course of information from which the past performance was derived, not explain the essential facts or assumptions from financial projections
  • not contain the correct risk warnings associated with the financial product or service
  • did not display clearly on websites or social media channels
• did not disclosure the regulatory status of who was offering the service or product
• those with Islamic licence endorsements failed to have additional policies and approval processes related to their Islamic window and were unable to comply with Shari’a requirements
• those with Islamic endorsements could not evidence the correct approvals from the Shari’a Supervisory Board
• misused core terminology such as incorrectly using ‘secondary market’ as opposed to a ‘transfer facility’, confusing investors
• to use the DFSA crowdfunding regime for the use of global real estate investment opportunities, which is outside of the scope of the DFSA.

You can read the Dear SEO letter here.

On 16 November, the DFSA adopted the United Arab Emirates (‘UAE’) ‘Principles for the effective management of climate-related financial risks’ (‘Principles’). The DFSA, as a founding member of the UAE Sustainable Finance Working Group, adopted the principles as part of its commitment to COP28.

The principles are summarised as follows:

1. Oversight and responsibility of climate-related financial risk exposures
2. Incorporation of climate-related financial risk exposures into overall business strategy
3. Assigning climate-related financial risk management responsibilities within the organisation
4. Incorporation of climate-related financial risks into a risk management framework
5. Monitoring and reporting of climate-related financial risks
6. Incorporation of climate-related financial risks into capital and liquidity adequacy processes
7. Scenario analysis of climate-related financial risks

The principles reflect recent international publications from standard setters, including the Basel Committee on Banking Supervision and the Network for Greening the Financial System and set joint expectations for UAE regulators to create safe and prudent governance. In addition, the Principles guide risk management of climate-related financial risks and are designed to embed considerations around climate risk identification, assessment and management into business strategies. The DFSA will shortly release its supervisory guidelines for DIFC firms.

You can read the DIFC article here and the Principles in full here.

On 1 November, the Abu Dhabi Global Market (‘ADGM’) expanded to Al Reem Island with Al Reem business joining the ADGM community. Al Reem businesses will have until 31 December 2024 to obtain an ADGM licence. Those with licences expiring before December will be invited to apply for an ADGM licence on the Abu Dhabi Department of Economic Development (‘ADDED’) licence expiry. In addition, Al Reem’s business will be exempted from ADGM’s registration, licencing, and specific regulations up to 31 December 2024.

Firms must comply with all ADGM regulations and laws once an ADGM licence has been issued.

You can read the ADGM article here.

On 2 November, the Registration Authority (‘RA’) of the ADGM released the Distributed Ledger Technology (‘DLT’) Foundations Regulation 2023. The regulation supports the evolution of digital assets regulation internationally and provides a comprehensive framework for DLTs, blockchain foundations, Web3 entities, traditional foundations and Decentralised Autonomous organisations (DAOs).

The DLT regulations will govern:

• establishment and registration
• DLT foundation assets, including minimum asset values, undertakings and management
• obligations
• DLT foundation documents
• governance arrangements
• council obligations
• disqualification
• liabilities
• guardianship
• beneficiaries and token holders
• accounting records
• annual accounts
• audit requirements
• foreign laws
• migration
• dissolution and striking off.

The regulation is enforced on 2 October 2023 and can be read in full here. The ADGM article can be read here.

On 3 November, the ADGM announced the sixth Abu Dhabi Sustainability Forum (‘ADSFF’) to be held on the 4 December during the United Nations (‘UN’) 28th Conference of the Parties (‘COP28’).

The ADSFF will be defined by four pillars:

• powering green capital markets
• financing innovation
• carbon markets
• driving an unbiased climate transition.

Speakers include:

• HRH Prince Khaled bin Al Waleed Al Saud
• Michael Mainelli, Lord Mayor of the City of London
• Financial Services Regulatory Authority (‘FSRA’) CEO, Emmanuel Givanakis.

COP28 will run from 30 November to 12 December as part of the UAE’s Year of Sustainability.

You can read the ADGM article here.

On 27 – 30 November, the ADGM hosted the Abu Dhabi Finance Week (‘ADFW’) ‘Investing in the transition era’.  The event consisted of 36 events with the heads of hundreds of investment funds with assets under management of more than US$1Bn, representing cumulative assets under management of US$27Tn.

A summary of the agenda is as follows:

• Day one: opening ceremony and Abu Dhabi Economic Forum
• Day two: conferences on ‘Evolving investment strategies of hedge funds, private equity houses and venture capital giants across global markets’; forums on ‘Investment strategies of international family offices, turnaround and restructuring’ in addition to several sessions
• Day three: FinTech focus day, including specialised Artificial Intelligence (‘AI’), blockchain and risk and security forums
• Day four: sustainable finance focus day, including live stream opening of COP28.

You can read the ADGM article here.

On 30 November, ADGM and CPX Holding (‘CPX’) signed a MoU to elevate the resilience of firms and reinforce the cyber security regulations. CPX is a leading cyber security solutions firm that will share its expertise and market insights with the ADGM’s community to promote cyber-secure resilient businesses. In addition, the partnership also paves the way for collaboration and co-investments of cyber security projects and services.

You can read the ADGM article here.

On 16 November, the Financial Services Regulatory Authority (‘FSRA’) and the Mohamed bin Zayed University of Artificial Intelligence (‘MBZUAI’) signed an MoU to advance the role of AI to achieve regulatory outcomes in the ADGM. The MoU will support the implementation of new RegTech and SupTech solutions to provide operational efficiency in the financial services sector.

The collaboration will train AI to extract the meaning and context of the regulations to enhance AI decision-making capabilities to design a SupTech solution, the ‘Risk Analyser’, to assist the FSRA in assessing a firm’s compliance with the FSRA rulebooks and their practical application.

You can read the ADGM article here.

On 20 November, the FSRA published its business plan for 2024. The plan outlines the regulatory priorities for the combined year and encompasses all of the FSRA’s operations.

The business plan discusses areas including:

• virtual assets
• FinTech
• RegTech
• SupTech
• sustainable finance
• authorisations
• supervision and it’s approach
• financial crime
• cyber crime
• enforcement priorities
• development of regulatory and supervisory frameworks
• international and local cooperation
• ADGM Academy
• Al Yah employee programme
• professional development
• FSRA employer insights.

You can read the ADGM’s article here and FSRA’s Business Plan here.

On 22 November, the FSRA signed an MoU with the Hong Kong Monetary Authority (‘HKMA’) to enhance the partnership in FinTech and to enhance cross-border trade-related data exchanges and business collaboration. The MoU will allow the two authorities to contemplate proof of concept projects to connect the HKMA Commercial Data Interchange to the ADGM’s Small and Medium Enterprises (‘SME’) Financing Platform. In addition, the MoU hopes to enhance cross-border user consent and cross-border banking services.

You can read the ADGM article here.

On 29 November the ADGM’s FSRA issued an IT risk management discussion paper. The discussion paper seeks industry insight regarding IT risk management and controls for special IT domains or regulated activities that rely heavily on IT to enhance their regime.

The paper seeks opinions on the following:

• The introduction of a comprehensive and holistic IT risk management guidance consolidating best practices across a range of IT domains
• A review of the existing rules relating to IT risk management to strengthen firms’ practices
• The introduction of reportable obligations for material IT incidents in a standardised format with a prescribed timeframe
• The possibility of making RegTech available to firms to navigate the FSRA rules and guidance relating to IT risk management.

Comments are welcome by emailing [email protected] by 9 February.

You can read the ADGM article here and the discussion paper here.

On 15 November, the ADGM adopted the ADGM Addendum to the European Commission’s Standard Contractual Clauses (‘EU SCCs’). The EU SCC is considered a safeguard for EU countries to transfer personal data to jurisdictions deemed inadequate. The addendum will allow firms to rely on the Addendum to comply with the ADGM and EU regime. This signifies the first regional approach to simplify safe international data transfers in an increasingly digital business environment.

The ADGM DPO has issued supplementary guidelines to support firms wishing to use the addendum on their pre-existing EU SCCs.

You can read the ADGM article here, the guidelines here and the addendum here.

On 6 November, the National Anti-Money Laundering and Combating Financing of Terrorism and Financing of Illegal Organisation Committee (‘NAMLCFTC’) issued guidance on combatting the use of unlicenced Virtual Asset Service Providers (‘VASPs’).

The guidance provides the reporting entities with a comprehensive roadmap to:

• enhancing their governance and operational processes
• identify and addressing governance challenges and emerging risks
• complying with regulatory obligations under AML legislation and the regulations, instructions, guidelines, notices, and rules issued by the Supervisory Authorities

Entities are advised to consult the FATF Report ‘Red Flags Indicators of Money Laundering and Terrorist Financing regarding Virtual Assets’ for further guidance.

You can read the UAE’s Central Bank article here and the FATF report here.

On 29 November, the UAE Central Bank (‘CBUAE’) hosted the ‘Islamic Finance Infrastructure Organisations’ Declaration: Roadmap for Islamic Sustainable Finance’. The event was attended by key Islamic finance infrastructure organisations who discussed the comprehensive steps to advance sustainability in Islamic finance, including prudential standards, disclosure guidelines, market development initiatives and capacity-building programmes.

You can read the CBUAE’s article here.

On 30 November, the CBUAE and the Higher Shari’a Authority issued guiding principles on sustainable Islamic finance. The guidelines will incentivise and encourage Islamic financial institutions to create sustainability within their organisations on a social and environmental level. The principles consist of ten directives involving clear strategies and plans.

You can read the CBUAE article here.

On 7 November, the Virtual Assets Regulatory Authority (‘VARA’) issued a final extension to 17 November 2023 for VASPs to be able to operate from or service Dubai. Firms were encouraged to apply for a VARA license to avoid unintended regulatory consequences.

Firms yet to register are advised to contact VARA by email at [email protected].

You can read the VARA article here.

On 14 November, VARA announced a new Category 1 licence, ‘VA Issuance’. All entities authorised and licenced as Category Two must apply for a Category 1 license before conducting activities within Dubai.

You can read the VARA stakeholder letter here.

On 16 November, VARA announced their new CEO, Matthew White, to take over from Henson Orser. Matthew will lead VARA through the next establishment phase to full-scale operations.

You can read the appointment notice here.

On 7 November, the UAE’s Ministry of Finance (‘MoF’) held a workshop on ‘financial statement preparation’ for select ministry and federal entities. The course aims to enhance the efficiency of financial statement preparation by moving to accrual-based accounting standards. In addition, attendees were educated on economic tools to assist policymakers with policy decisions and future budgeting. The MoF also showcased their new system, ‘Hyperin’, which will support the creation of financial statements for public financial management.

You can read the MoF article here.

On 1 November, the Ministry of Economy (‘MoE’) and the International Compliance Association (‘ICA’) signed a Partnership agreement to implement specialised Anti Money Laundering (‘AML’) training for Ministry employees and private sector businesses, including Designated Non-Financial Businesses and Professions (‘DNFBPs’) starting January 2024. Attendees will receive professional certificates from the ICA.

You can read the MoE article here.

On 19 November, the Economic Integration Committee reviewed the UAE’s Financial Action Task Force (‘FATF’) mutual evaluation and findings during its 5th meeting for 2023. Attendees discussed several issues, including developing the intellectual property ecosystem and promoting innovation, policies and practices relating to AML in addition to a guide for administrative sanctions on the Commercial Registry Law.

Regarding the FATF mutual evaluation, the committee discussed the operation plan to prepare for the FATF’s field visit in January. The Committee discussed the importance of joint efforts between the MoE, local economic development departments and free zones to enhance the UAE’s ratings against the FATF 40 Recommendations.

You can read the MoE article here.

On 17 November, the EOCN and the National Commission for the Implementation of Sanctions Imposed by United Nations Security Council Resolutions on Terrorism, Arms Proliferation and Financing in the Kingdom of Morocco (‘CNASNU’) signed an MoU to enhance bilateral cooperation and coordination in the field of implementing Targeted Financial Sanctions (‘TFS’).  The MoU will allow parties to share best practices and guidelines to improve the effectiveness of applying the requirements of the Security Council resolutions.

You can read the ECON article here.

On 15-17 November, the EOCN held a workshop, ‘Combating the financing of Terrorism-Investigations and Modern Technologies’ in cooperation with the UN Office of Counter-Terrorism (‘UNOCT’) and the Counter-Terrorism Committee Executive Directorate (‘CTED’). The two-day event explored new patterns and trends used by terrorists and terrorist groups to finance their activities and recruit foreign terrorist fighters, how to misuse modern technologies and virtual currencies by terrorist organisations, and best practices and tools used to investigate, detect and track suspicious operations. Attendees also heard from experts in virtual assets on the risks, methods of investigation by law enforcement agencies for terrorist financing linked to modern technologies, mechanisms for investing virtual assets linked to organised crime and best practices on seizure, confiscation and management of virtual assets.

You can read the EOCN article here.

On 1 November, the International Monetary Fund (‘IMF’) concluded its Article IV consultation with the Central Bank of Oman (‘CBO’) and the Ministry of Finance (‘MoF’). The Article IV consultations assess each country’s economic health and are advised to forestall future financial problems. As part of the assessment, IMF discussed with CBO and MoF:

• the recent economic and financial developments
• financial sector outlook
• development and financing of small and medium enterprises (SMEs)
• strengthening general financial frameworks
• enhancement of financial stability and comprehensive and sustainable development
• progress achieved in combating money laundering and terrorism financing
• other topics related to the economic and monetary policies.

You can read the CBO article here.

On 19 November, the Central Bank of Bahrain (‘CBB’) issued a new Environmental, Social and Governance Reporting (‘ESG’) Framework in line with its commitment to transparency, strong corporate governance and pursuing social and climate-related objectives. The new framework acknowledges the ESG landscape and aims to make a transformative step toward a more sustainable financial market. The framework draws on global standards and frameworks and aligns with the Bahrain Economic Vision 2030 and the UN Sustainable Development Goals.

You can read the CBB article here.

On 16 November, the FATF published its best practice paper ‘Combatting the Terrorist Financing Abuse of Non-Profit Organisations’. The paper reflects the October 2023 changes to Recommendation 8 for Non-Profit Organisations (‘NPOs’). It provides NPOs with examples of bad practices and specific examples of how not to implement the FATF requirements. In addition, the paper clarifies how to implement proportionate measures to assess terrorist financing risks without applying burdensome or restrictive measures.

You can read the FATF paper here.

On 28 November, the Financial Action Task Force (‘FATF’) reviewed the progress made by South Africa to meet its 40 FATF Recommendations on the countries’ AML and CTF efforts.

South Africa was found to be compliant in 5, largely compliant in 29, and partially compliant in 5. One recommendation was deemed not applicable.

You can read South Africa’s MEP here and the consolidated ratings here.

In line with recent developments and international understanding, the UN has updated its sanction list.

The following lists have been updated, and firms should screen their client databases against the updated list with immediate effect:

• Security Council ISIL (Da’esh) and Al-Qaida Sanctions Committee
  • Individuals:
    • Mohamed Amin Mostafa
    • Said Jan‘Abd Al-Salam
    • Iyad Ag Ghali
    • Abu Mohammed Al-Jawlani.
  •  Entities:
    • Makhtab Al-Khidamat.

• Security Council 1970 Sanctions Committee
  • Individuals:
    • Sayyid Mohammed Qadhaf Al-Dam
    • Saadi Qadhaf
    • Mohammed Al Amin Al-Arabi Kashlaf
    • Abd Al-Rahman Salim Ibrahim Al-Milad
    • Osama Al Kuni Ibrahim.

Further details on Security Council ISIL list updates can be found here, and 1970 lists can be found here. You can find the consolidated list here.

On 2 November, the DFSA imposed a fine of US$373,842 on FFA Private Bank (Dubai) Limited (‘FFA’) for market abuse identification system failures. Between February 2018 and March 2021, the DFSA found FFA to have inadequate systems and controls to identify, assess and report trading. The DFSA noted concern with two specific clients’ activities, which should have been reported to the DFSA.  While the function was outsourced during this period, FFA remained responsible for the activities and was obligated to oversee the operation.

Between May 2021 and 15 July 2021, FFA had previously been issued prohibiting receiving, arranging or executing orders from or on behalf of specific clients due to linked weaknesses in its systems and controls.

You can read the DFSA article here and the Decision Notice here.

On 21 November, the ADGM issued a US$5,000 fine against Elnaggar and Partners Limited (‘Elnaggar’) for breaching the Beneficial Ownerships and Control Regulations 2018.

Elnaggar was found to have:

• failed to provide correct beneficial ownership information for the beneficial owner
• incorrectly recorded beneficial owners
• failed to update beneficial owner records.

You can read the decision notice here.

On 16 October, VARA issued an alert and enforcement action notice against Bored Gen DMCC (‘BG’). BG was found to have published, marketed and distributed for the retail of an Islamic coin in and from Dubai without a valid licence or no-objection confirmation. BG were also found to conduct marketing activity from the emirate. BG has been directed to suspend activities with immediate effect.

You can read the VARA article and the enforcement notice here.