Regulatory Update: Middle East Edition – October 2023

On 4 October, the Dubai International Finance Centre (‘DIFC’) received a ‘Strong’ second-party opinion rating from S&P for the recently released Sustainable Finance Framework (‘Framework’). The Framework, released in September, sets out fundraising principles for investments in environmental and social projects.

S&P acknowledged the Frameworks alliance with international standards including:

• International Capital Market Association’s (‘ICMA’) Social Bond Principles
• Loan Market Association (‘LMA’), the Loan Syndications and Trading associations (‘LSTA’) and the Asian Pacific Loan Market Association (‘APLM’) Social Loans Principles
• ICMA’s Green Bond Principles
• LMA, LSTA, APLM’s Green Loan Principles
• ICMA’s Sustainable Bonds Guidelines.

The DIFC continues to develop its framework and offerings regarding sustainable finance options in line with the United Arab Emirates (‘UAE’) Sustainable Goals 2030.

You can read the DIFC article here.

On 16 October, the DIFC announced the National Digital Talent Incubator (‘Incubator’) in partnership with Emirates NBD and DIFC Launchpad. The Incubator will train UAE talent on leadership skills within the fintech, and digital innovation space supported by experts from Visa, Microsoft and Dell Technologies.

The Incubator will accept two cohorts throughout the year reaching 3-6 fintech startups with UAE national founders.  Programme participants will commit to 8 weeks of mentoring, coaching and hands-on development opportunities from industry experts.

You can read the DIFC article here.  You can apply to the Incubator here.

On 30 October, the DIFC announced the Dubai Artificial Intelligence (‘AI’) and Web3 Festival hosted by the DIFC.  The event will take place at Madinat Jumeirah on 11-12 September 2024 and will draw an audience of over 100+ exhibitors and 5,000+ global policy makers and industry leaders.  The event will encourage discussions on future tech and will drive investments and innovation collaborations to shape the future of the industry.

Entities interested in setting up in the DIFC’s AI and Web3 campus, Innovation One, can expect 90% reduction on their commercial licence fee and access to industry specific programmes amongst other benefits.

You can read the DIFC article here.  You can read more about the festival here.

On 17 October, the DFSA issued a revised version of its MKT1 form ‘Application for the Approval of a Prospectus and the Admission of Securities to the Official List of Securities’. Entities who submitted the previous version of the MKT1 form on or before 17 October will not be required to submit an updated form.

You can view the DFSA article here.  You can view the MKT1 guidance here.

On 18 October, the DFSA reported on the Threat Intelligence Platform (‘TIP’) success since its inception. The TIP platform, launched in 2020, is the first regulator-led intelligence platform in the Middle East and plays a critical part in protecting the DIFC community from cyber threats. The report was made public at GITEX 2023 celebrating the 6.2M compromise indicators issued to its users.

You can read the DFSA article here. You can read the report here.

On 18 October, the DFSA issued consultation paper 152 ‘Banking Credit and Counterparty Credit Risk’. The paper makes suggestions in line with Basel III and is concerned with the implementation of the following elements:

• standardised approach to credit risk
• credit risk mitigation
• standardised approach for counter party credit risk
• capital treatment for unsettled transactions and failed trades
• credit evaluation adjustment risk framework.

The proposal includes a number of changes including:

• aligning several interpretations, definitions and risk ratings in line with the Basel III criteria
• require due diligence in relation to bank and corporate exposures with a view to raise risk weights where necessary
• update credit conversion factors to off-balance sheet exposures
• update the treatment of sovereign exposures funded and dominated in local currencies, exposures for public sector entities and exposures for unrated banks
• extend the definition of short-term bank exposures to include trade related exposures with an original maturity of six months or less
• clarify the interplay of differing risk rates associated with short term exposures to bank and those arising from issue specific short-term credit ratings
• introduce a sovereign risk weight floor on bank exposures on foreign jurisdictions where the exposure is not in the local currency
• update risk weights for instruments that are not deducted from capital for significant and non-significant investments in other banks
• allow bank security firms to be treated as bank rate exposure where the firm is liable to demonstrate to the DFSA the equivalence of the applicable regulatory framework
• treat capital exposures to financial to be analogous to the regime in place for similar exposures to banks
• update risk weights for specialised lending exposures to project, object and commodities finance exposures
• lower the risk rate for regulatory retail exposures and create a new sub-category with its own risk weight
• introduce a new Foreign Exchange (‘FX’) multiplier on retail loans where the borrower has an unhedged position to FX risk
• update the criteria for applicable risk weights for residential real estate exposure and to apply a less favourable risk weight for in higher Loan to Value (‘LTV’) zones
• update the criteria for applicable risk weights for commercial real estate exposure and to apply a less favourable risk weight for in higher LTV zones
• introduce a new category for real estate exposures applying specific risk weights
• prohibit material positive correlation between credit quality of the exposures and any form of CRM technique employed
• allow debt securities issued by sovereign Public Sector Entity (‘PSE’) to qualify as eligible collateral for CRM purposes
• make resecuritisations ineligible to meet the financial collateral recognition criteria in PIB module
• allow collective investment funds to be an eligible form of financial collateral when the price is publicly quoted and the fund property consists exclusively of qualifying instruments
• mark at market financial collateral at least semi-annually under the Financial Collateral Simple Model (‘FCSM’)
• update the credit rating floors for the recognition of guarantees made by the parent, subsidiary or affiliate entity of the firm
• introduce controls on netting of banking and trading book positions for Securities Financial Transaction (‘STF’) with qualifying bilateral netting agreements
• replace CRM with Standardised Approach for Counterparty Credit Risk (‘SA-CCR’) for computing CCR exposures for derivative transactions and long settlements transactions and use of CRM for STFs
• introduce a new capital charge for Credit Valuation Adjustment (‘CVA’) risk by adopting Basic Approach for CVA (‘BA- CVA’) and an alternative approach
• exempt only transactions with Qualifying Central Counterparty (‘QCCP’) from the requirement to calculate capital charge for CVA risk
• define a threshold of US$110B for the alternative approach under the CVA framework
• not introduce dedicated treatment for covered bonds until market development creates conditions.

Comments are welcome by 19 January by submitting here. You can read the paper in full here.

On 12 October, the ADGM issued guides for DNFBP to combat financial crime.  The guides advise on typologies, expected systems and controls to mitigate Anti Money Laundering (‘AML’) and Terrorist Financing (‘TF’) exposures, and management of sanctions.

The guides raise awareness of key AML and TF risks and cover core areas including:

• Know Your Customer (‘KYC’)
• Customer Due Diligence (‘CDD’)
• Customer Risk Assessment (‘CRA’)
• AML and Counter-Terrorist Financing (‘CTF’) frameworks
• Targeted Financial Sanctions (‘TFS’).

You can read the ADGM article here. You can access the guides here.

On 30 October, the ADGM published Beneficial Ownership and Control Regulations (Amendment No.1) 2023 (‘BOCR’).  The BOCR updates the 2018 regulations to closer align to the standards set by the Organisation for Economic Co-operation and Development (‘OECD’) and the Financial Action Task Force (‘FATF’).

The amendments include:

• inclusion of references to the Distributed Ledger Technology Foundations Regulations 2023
• inclusion of references to the Foundations Regulations
• update to the definition of ‘Control’.

Entities existing in the ADGM before 2 October 2023 will have until 2 April 2024 to comply. Entities licenced after the publication date will have to comply from 2 October 2023.

You can read the ADGM article here.

On 31 October, the ADGM issued a notice on the use of ‘ADGM regulated’ for public material. The ADGM,  the ADGM’s Regulatory Authority (‘RA’) and the ADGM’s Financial Services Regulatory Authority (‘FSRA’) advise firms to use references to regulatory status in a clear and contextual manner to avoid misleading customers on the level of oversight expected.

The following statements may be used as appropriate:

For Financial Services Entities

• “Entity A is regulated by the ADGM Financial Services Regulatory Authority.”
• “Entity B is a holder of a Financial Services Permission in ADGM.”
• “Entity C is licensed by the ADGM Financial Services Regulatory Authority.”
• “Entity D is authorised by the ADGM Financial Services Regulatory Authority.”

For Non-Financial Services Entities

• “Entity A is registered with the ADGM Registration Authority.”
• “Entity B is a holder of a Commercial Licence issued by the ADGM Registration Authority.”
• “Entity C has received a Commercial Licence from the ADGM Registration Authority.”

In addition, firms are advised to:

• avoid imprecise or misleading open phrases
• avoid phrasing to suggest regulatory status as ‘in principle’ stage.

You can read the ADGM article here.

On 31 October, the ADGM published the 2021-2022 Financial Crime report providing an overview of the ADGM’s endeavours to combat Money Laundering (‘ML’), Terrorism Financing (‘TF’) and Proliferation Financing (‘PF’). The report celebrates a progressive and responsive regulatory framework, strong local and regional ecosystem and encourages innovative solutions. In addition, the report assesses the ADGM’s Financial Services Regulatory Authority (‘FSRA’) strategic objectives, the national AML/TFS agenda and reviews the anti-financial crime framework at the federal level and the FSRA’s contribution to the agenda. The report acknowledges the continuous efforts of hosting training events and outreaches in collaboration with the Financial Intelligence Unit (‘FIU’) and the Executive Office for Control and Non-Proliferation (‘EOCN’) to promote the exchange of information.

You can read the report here.

On 3 October, the FSRA published the Common Reporting Standards (Amendment No.1) Regulation 2023 (‘CRS’). The amendments ensure continued efforts to align reporting standards across the UAE.

The amendments include:

• to allow for automated exchange of financial information
• to standardise the majority of definitions to the common reporting standards
• to carve out and update definitions for:
  • ADGM financial institutions
  • Cabinet resolution
  • Common reporting standard
  • OECD
  • Reporting Financial Institution.
• to provide powers to the regulatory authority for the ADGM under the CRS
• to update reporting and record keeping in line with the CRS
• to update penalties and appeal to CRS.

You can read the ADGM article here. You can read the updates here.

On 6 October, the FSRA issued Consultation Paper No.4 of 2023 ‘Proposals for revisions of fees and recognised functions’.

The paper proposes changes to the following rulebooks:

• Fees Rules (‘FEE’)
  • to revise fees from the 2015 publication
  • to introduce new fees following the Al Reem Island expansion
• Anti Money Laundering (‘AML’) rules
  • to updated references from recognised person to controlled person
• General Rules (‘GEN’)
  • to updated references from recognised person to controlled person
  • to remove references to him/ his to they/ them
  • to enhance guidance on controlled functions and approved persons for Finance Officer, Compliance Officer (‘CO’), senior manager, Money Laundering Reporting Officer (‘MLRO’) and responsible officer
  • to updated anti money laundering knowledge requirement to include MLRO and CO
• Glossary Rules (‘GLO’)
  • to remove all references to recognised person to controlled function
  • Controlled Function to include finance officer, CO, senior manager, MLRO and responsible officer
  • to remove Recognised Function
  • to remove Recognised Person
  • to update reference to Responsible Officer
  • to update reference to Senior Manager.
• Islamic Finance Rules (‘IFR’)
  • to remove reference to Recognised Person and Recognised Function
• Market Infrastructure Rules (‘MIR’)
  • to remove reference to Recognised Person
• Financial Services and Markets Regulations (‘FSMR’)
  • to remove reference to Recognised Person and Recognised Function
  • redefine Prohibition Order.

Comments are welcome by 6 November by emailing [email protected].

You can read the ADGM article here. You can read the consultation paper here.

The FSRA issued several Dear SEO letters notifying authorised individuals of key publications, news or regulatory changes.

On 19 October, the FSRA issued a Dear SEO letter’ Thematic Review on Client Money’. The FSRA will undertake a high-level thematic review of the current practices adopted by ADGM firms against the COB rulebook.

The review will cover:

• the nature of third parties providing services for the client’s money accounts
• nature and scale of activities related to holding or controlling client money
• internal controls in place with respect to client money
• software and technology solutions being utilised.

On 23 October, the FSRA issued a Dear SEO letter ‘Thematic review on anti-money laundering and counter financing of terrorism overall observations’. In April, the FSRA issued a thematic review to observe general compliance for ADGM firms, to assess governance, and senior management oversight and design, and implementation of a risk-based framework.

A summary of the observations and themes included a requirement to have:

• end-to-end documents framework for compliance with AML rulebook with demonstrable evidence of involvement and oversight
• a broad, comprehensive and systematic business risk assessment including risks associated with AML, CTF and Proliferation Financing (‘PF’)
• appropriate customer risk ratings with a robust and appropriate rating system
• the residential address of each client as well as the customer’s residential address, where required
• a review of outsourcing arrangements to ensure suitable due diligence of ongoing effectiveness
• a clear parameter for sanction screening
• effective transaction monitoring or renewed CDD to ensure suspicious activity is flagged.

Additionally, the letter suggested firms could consider moving to an automated screening of sanctions list with appropriate scenario testing.

On 30 October, the FSRA issued a Dear SEO letter ‘Decision by the National Committee for Combating Money Laundering and Financing Terrorism and Illegal Organisations (the Committee) regarding High-Risk Jurisdictions’. The letter highlighted updated counter-measures and confirmed existing measures to be adopted by financial institutions, DNFBP, Virtual Asset Service Providers (‘VASP’) and Not for Profit Organisations (‘NPO’).

Institutions are reminded to:

• adopt the high-risk jurisdictions (known as the ‘Call for action list’ or ‘black list’) according to the Financial Action Task Force FATF and adhere to countermeasures in Recommendation 19 of the FATF Recommendations
• adopt the jurisdictions listed as increased monitoring (known as the ‘grey list’) and apply enhanced due diligence measures referred to in Recommendation 10 and Article (4) of Cabinet Decision No.(20) of 2019
• post the URL link for the two lists above-mentioned in the above items on the website of the Committee
• review the Secretariat of Committee’s decision regarding updated lists and update policies and internal lists and reviews as appropriate
• apply a risk-based approach to new and existing customers and apply suitable compliance measures considering the risk posed from a business relationship and transactions.

Regarding so-called blacklisted clients or clients from blacklisted countries or industries, firms are reminded:

• of their prohibition to set up a branch or a subsidiary in a blacklisted country
• to monitor transactions and activities pertaining to jurisdictions on the blacklist and submit reports to the FIU where required via GoAML
• of their prohibition to rely on third parties located in blacklisted jurisdictions
• of their obligation to apply TFS.

On 31 October, the FSRA held an outreach session on AML, CTF and TFS. The session is part of the ADGM’s awareness campaign of regional AML and CTF risks.

The session covered updates of interest to the ADGM community, including:

• the ADGM’s regulatory framework
• FSRA rulebooks and recent updates
• progress toward the 40 FATF recommendations
• supervisory approach and inspection feedback reporting mechanisms including GoAML, Ultimate Benficial Ownership (‘UBO’) and TFS and expectations for internal record keeping.

On 12 October, Dubai’s Virtual Assets Regulatory Authority (‘VARA’) took a first-of-its-kind regulatory position on the issuance of specific categories of virtual assets backed by real-world assets. The Issuance of Virtual Asset Issuance Rulebook (published September 2023) establishes prudential requirements for two specialised categories of tokens to maintain a stable value against their underlying asset class. The framework enhances transparency and provides greater consumer protection, and assurance for cross-border interoperability in addition to prioritising the UAE’s AML and CTF efforts.

You can read the VARA article here. you can read the rulebook here.

On 26 October, the UAE National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organizations Committee (‘NAMLCFTC’) issued a survey to all financial institutions as part of the UAE’s National Risk Assessment Revised Exercise (‘NRA’). The survey includes trends, threats, vulnerabilities and methodologies associated with AML/CTF risks in the UAE.

Firms will be able to review the assessment findings as part of the NRA and are advised to enhance their policies, procedures and assessments in line with its findings.

On 8 October, the Ministry of Finance (‘MoF’) met with the International Monetary Fund (‘IMF’) to discuss the latest developments in international monetary and financial systems. The attendees discussed local, regional and international drivers of the economic landscape as well as discussing environmental protection expenditure data.

Between 9 – 15 October, Ajay Banga, President of the Work Bank Group (‘WBG’) met with Sheikh Maktoum bin Mohammed bin Rashid Al Maktoum, First Deputy Ruler of Dubai and Deputy Prime Minister and Minister of Finance of the UAE at the 2023, Marrakesh International Monetary and Financial Committee (‘IMFC’) meeting. The attendees discussed enhancing the partnership between the UAE and WBG to support the 2023 United Nations (‘UN’) Climate Change Conference (‘COP’) as well as mechanisms to support sustainable development in the region and efforts to meet sustainable development goals. In addition, the attendees discussed their participation in the G20 Finance Track.

On 1 October, the Ministry of Economy (‘MoE’) launched Future 100 Companies initiative to promote the UAE’s top 100 start-ups. Successful applicants will receive specialised support and promotion across the UAE.

MoE welcomes startups from the following sectors:

Interested participants can find out more and apply here.

On 2 October, the Executive Office for Control and Non-Proliferation (‘EOCN’) signed an MoU to promote cooperation on combatting proliferation financing. The bilateral agreement will enhance cooperation and coordination of implementing financial sanctions set by the UN in line with recent developments to strengthen national efforts. The MoU will continue to enhance financial compliance and expand international cooperation.

You can read the EOCN article here.

On 18 October, the Saudi Central Bank (‘SAMA’) signed a cooperation agreement with the Monetary Authority of Singapore (‘MAS’) to develop the field of FinTech and innovation.  The agreement aims to strengthen collaboration and foster mutual development as well as to facilitate activities in international markets. The agreement will allow of further exchange of information regarding FinTech and innovation and its utilisation in the respective markets.

You can read the SAMA article here.

On 4 October, the Sultanate of Oman’s Central Bank (‘CBO’) signed a Memorandum of Understanding (‘MoU’) with the Republic of India’s National Payments Cooperation (‘NPCI’) to explore linking payments systems. The CBO will study the possibility of connecting the Unified Payment Interface (‘UPI’) and Rupay Card with a local system to streamline payments between the two countries and allow users access to debit cards issued in Oman.

You can read the CBO article here.

Throughout October, the FATF reviewed the progress made by several countries to meet its 40 FATF Recommendations on the countries’ AML and CTF efforts.

The following Mutual Evaluation Reports (‘MER’) were updated:

• Switzerland to be compliant in (6), largely compliant in (25), and partially compliant in (9) recommendations
• Japan to be compliant in (4), largely compliant in (28), and partially compliant in (6), non-compliant in (1) recommendations; (1) rating was not applicable
• Finland to be compliant in (9), largely compliant in (28), and partially compliant in (3) recommendations.

You can read the MER’s here and the consolidated ratings here.

In line with recent developments and international understanding, the UN has updated its sanction list. The following lists have been amended and firms should screen their client databases against the updated list with immediate effect:

• Security Council 2653 sanctions committee amends one entry:
  • Jimmy Cherizier
• Security Council 1518 sanctions committee removes one entry:
  • Walid Hamid Tawfiq
• Security Council 1533 Sanctions Committee adds two entries:
  • Bernard Maheshe Byamungu
  • Protogène Ruvugayimikore

Further details on 2653 list updates can be found here; 1518 list updates here; 1533 list updates here.

You can find the consolidated list here.

On 19 October, the US Department of the Treasury’s Office of Foreign Assets Control (‘OFAC’) issued a statement and updated persons of interest list following the Hamas Operatives terrorist attack.

Six individuals have been added to the list:

• Musa Muhammad Salim Dudin (Dudin)
• Abdelbasit Hamza Elhassan Mohamed Khair (Hamza)
• Amer Kamal Sharif Alshawa (Alshawa)
• Ahmed Sadu Jahleb (Jahleb), Aiman Ahmad Al-Duwaik (al-Duwaik)
• Walid Mohammed Mustafa Jadallah (Jadallah)
• Muhammad Ahmad ‘Abd Al-Dayim Nasrallah (Nasrallah)
• Ayman Nofal (Nofal).

The persons and entities of interest list can be viewed here.

On 12 October, the DFSA issued a fine of US$33,220 to the Chief Finance Officer (‘CFO’) of Emirates REIT (CEIC) PLC (‘EREIT’) and Equitativa (Dubai) Limited (‘Equitativa’), Remi Ishak.

The failings included:

• issuing misleading statements during December 2021 in relations to the EREIT
• incorrect preparation of financial statements in line with International Financial Reporting Standards (‘IFRS’)
• taking reasonable steps to report to auditors
• meeting the DFSA principles of an authorised individual.

EREIT and Equitativa are public funds listed in Dubai’s NASDAQ with a portfolio of commercial retail and educational assets.

You can read the DFSA article here.  You can read the decision notice in full here.

On 4 October, the ADGM’s FSRA fined Pyypl Ltd (‘Pyypl’) US$486,000 for inadequate money laundering controls and acting outside of the scope of its licence between March 2021 to November 2022.

Pyypl failings included:

• holding an up-to-date AML business risk assessment
• assessing money laundering risks and exposures
• carrying out AML and due diligence on its customers
• maintaining suitable policies, procedures, systems and controls in relation to its risk and monitoring obligations
• arranging customers to buy insurance contracts from a third party provider without the correct permissions.

You can read the ADGM article here.  You can read the decision notice here.