Regulatory Update: Middle East Edition – September 2021

The Dubai International Finance Centre (“DIFC”) Innovation Hub hosted Blockchain Week to help accelerate the UAE’s digital economy and educate on future finance. The key topics included encrypted banking services, digital assets, smart contracts, digital assets regulation, and an overview of the investment landscape for innovation in appreciation of the expanded use of blockchain technologies. Attendees had the opportunity to participate in interactive seminars and hear from industry speakers.

The Dubai Financial Services Authority (“DFSA”) issued a notice of legislative changes to various rulebooks following Consultation Paper No. 138 ‘Regulation of Security Tokens’.

The General Module (“GEN”) has been updated to:

• Include additional rules for financial promotions, which prohibit misleading consumers by misrepresenting a token as a particular type of investment. The promotion of tokens must be clear, fair and not misleading.
• Revise the DFSA’s powers to impose restrictions on any investment traded on any facility operated by the authorised person, where reasonable grounds exist. The restrictions include suspension or removal from trading.
• Update the definition of ‘Security’ and ‘Derivative’ to include cryptographically secured digital representations of rights and obligations.
• Include investment tokens in App6 and requiring:
  • All firms that carry on certain activities relating to the definition of ‘Investment Token’ to seek approval from the DFSA, namely those who are:
    • carrying on a financial service (as defined in GEN section 2.2.) which relates to an investment token, such as operating a facility on which investment tokens are traded or cleared, or giving advice on, or arranging deals in, such investment tokens
    • making a financial promotion relating to an investment token
    • making an offer to the public of an investment token
    • applying for a security token to be admitted to the official list of securities
  • Firms must assess whether they meet the definition of investment token and the type of investment it constitutes.
  • Firms must retain evidence of their assessment of the investment token as part of their DFSA application.
  • The definition of ‘Token’ (also defined in the Glossary Module (“GLO”) is expanded in App6 which details when:
    • a token confers rights and obligations that are substantially similar in nature to those conferred by a specific investment
    • an investment token is a share
    • an investment token is a debenture
    • an investment token is a warrant
    • an investment token is a certificate
    • an investment token is a unit in a fund
    • an investment token is a structured product
    • an investment token is an option
    • an investment token is a future

The Authorised Market Institutions Module (“AMI”) has been updated to:

• Include tokens in the module, applicable to an authorised market institution operating a facility for investment tokens.
• Reflect amended member criteria for authorised market institutions operating as a facility for investment tokens, including due diligence requirements and additional requirements for direct access members.
• Exclude direct electronic access to members who are not considered direct access members.
• Amend the admission of investments to trading and clearing investment criteria, limiting some security tokens.
• Amend the guidelines for the prevention of market abuse, money laundering, and financial crime to include investment tokens.
• Exclude an ‘authorised market institution’ which excludes facilities that operate as an investment token market, investment token clearing house, security token market, security token clearing house, derivative token market, derivative token clearing house, or any other similar term, unless it is a facility on which only investment tokens are traded or cleared.
• Include additional requirements for operating a facility for the investment of tokens including:
  • technology and governance
  • operating a facility for investment tokens that permits direct access
  • safe custody of investment tokens
  • technology audit reports

The Conduct of Business (“COB”) Module has been updated to:

• Apply to Alternative Trading System (“ATS”) operators.
• Allow category 4 ATS operators to hold client money.
• Expand the reference to ‘members’ which includes a direct access member.
• Amend the member access criteria with consideration to investment token trading.
• Require ATS operators to undertake due diligence (as defined in 9.3.1.4).
• Clarify the rules for direct access members for ATS operators.
• Revise the investment criteria for investment trades through a facility to consider the validity of security tokens for such criterion.
• Provide further guidance on market abuse for ATS operators operating a facility for investment tokens
• Restrict the use of the terms ‘investment token market’, ‘security token market’, ‘derivative token market’, or similar wording unless it is a facility on which only investment tokens are traded.
• Provide technology and governance requirements for operating a facility for investment tokens.
• Provide rules on operating a facility for investment tokens that permits direct access.
• Clarify requirements for providing custody of investment tokens.
• Provide details of what is required for key feature documents for investment tokens.
• Define rules on technical audit reports.

Prudential Investment, Insurance, Intermediation and Banking Module (“PIB”) updated to:

• Include ATS operators in the base capital requirement for a category 4 firm
• Revise the expenditure-based capital requirement to consider client assets.
• Include ATS operators in 6.1.1 which relates to the application of operational risks.
• Revise App6, and the calculation of the operational risk capital requirement.

The Collective Investment Module (“CIR”) has been updated to:

• Include investment token funds as a specialist fund.
• Restrict the terms for funds investing in investment tokens.
• Revise the general requirements relating to prospectuses of external, public and foreign funds if they have units that are security tokens, or where more than 10% of the gross asset value of the fund property consists of investment tokens.

The Fees Module (“FER”) has been updated to:

• Revise the application fees for operating an ATS or exchange.
• Revise the annual fees for some ATS operators.
• Require firms to pay a prospectus filing fee.

The GLO Module has been updated to:

• Include definitions for:
  • ATS traded fund
  • derivative token
  • digital wallet
  • digital wallet service provider
  • direct access member
  • distributed ledger technology
  • DTL
  • investment token
  • investment token fund
  • operating a facility for investment tokens
  • security token
  • self-custody of investment token
  • third party digital wallet service provider
  • token.

Islamic Finance Module (“IFR”) updated to:

• Identify Shari’a compliant tokens only when referred to as ‘Islamic investment token’, ‘Islamic security token’, ‘Sukuk token’, ‘Islamic fund token’ or any other name that suggests or implies it is Islamic or Shari’a compliant.

You can read the full updates here.

The Abu Dhabi Global Market (“ADGM”) has announced the enactment of the Uncertificated Securities Rules 2021 and amendments to the Insolvency Regulations 2015, Companies Regulations 2020, and Financial Services and Markets Regulations 2015.

The Uncertificated Securities Rules 2021 allows firms to maintain an electronic register of issued securities and delegate the responsibility to maintain such register to a third party who may be located outside of the ADGM. The rules provide guidance for registering uncertified securities, who can maintain such a register, the effect of issuing or converting securities into uncertified forms, rules on trusts, and converting uncertified securities into certificated forms.

Updates to the Companies Regulations 2020 relate to the redenomination of share capital, the effect of redenomination, and notification requirement of such change to the registrar.

In addition, the ADGM issued minor amendments to the Financial Services and Markets Regulations 2015 and Insolvency Regulations 2015 to align with the above updates.

The ADGM Arbitration Centre and the Permanent Court of Arbitration (“PCA”) have entered into a cooperation agreement to offer arbitration and mediation as a solution to international disputes. The agreement will provide the necessary facilities, services, and experienced personnel.

The ADGM announced that more than ninety international innovative companies have joined the 2021 FinTech Festival. The festival aims to assist the best emerging companies to find a solution to technical issues, as assessed by a jury. The winners will showcase their solutions to potential investors in November 2021. The tour began in June 2021 and will conclude in October 2021.

The Securities and Commodities Authority (“SCA”) and the Abu Dhabi Securities Exchange (“ADX”) have signed a cooperation protocol (“Protocol”) under Federal Decree-Law No.22 of 2020, which empowers the SCA to have regulatory and oversight jurisdiction over the securities and commodities sector, while the ADX will have operational and executive jurisdiction.

The Protocol was signed by the two parties to promote the securities sector and is pursuant to Federal Decree-Law No. 22 of 2020, which distributes powers between the SCA and the licensed securities and commodities markets operating in the UAE to enhance the efficiency of securities transactions.

The SCA’s Acting Chief Executive Officer, Her Excellency Dr Maryam Butti Al Suwaidi, outlined that the Protocol complements the self-regulatory model adopted by the SCA since 2016, allowing it to grant the markets specific powers. It was also explained that the ADX will exercise operational and executive powers and the SCA will carry out its regulatory role by introducing legislation and regulation and remain in control of oversight functions over the markets and other financial institutions.

The Protocol aims to act as a coordinating framework whereby roles and communication channels between the SCA and ADX are identified in a manner that does not contradict the regulations and governing decisions in place. It is a product of ongoing and sustained cooperation between the SCA and the markets to promote the securities sector in particular, and the UAE economy in general.

Under the Protocol, it has been agreed that the ADX will now have responsibility for approving listings, approving buybacks, and setting controls for shareholder registers in public joint-stock companies, distribution of dividends, and member affairs in market institutions.

In collaboration with the Arab Federation of Exchanges (“AFE”), the SCA has published a guidance paper on the evolution of supervisory technologies (“SupTech”) focusing on their use during the pandemic. SupTech – which refers to the use of technology for supervisory processes – and RegTech – which refers to the use of technology in managing regulatory requirements – came to prominence during the pandemic and have been used globally to facilitate the SCA’s duties in financial services. The paper details best practice and trends of these technologies and provides insight into their global use by supervisory powers such as the UK Financial Conduct Authority (“FCA”) and the Monetary Authority of Singapore (“MAS”). The paper clarifies its approved use in the Gulf Cooperation Council (“GCC”) region and documents the challenges organisations may face in implementing these technologies.

The guidance paper can be found here.

The SCA and the Dubai World Trade Centre Authority (“DWTCA”) have entered into an agreement to support the offering, issuance, listing, trading, and regulation of crypto assets from the Dubai World Trade Centre free zone. The SCA will offer a sustainable investment environment that safeguards the rights of investors and promotes sound practices for entities in the free zone.

Nasdaq and the ADX have signed an agreement to launch a derivatives market using NASDAQ technology solutions which includes matching, real-time clearing, and settlement technology. The ADX is rapidly expanding asset classes and developing new offerings both regionally and internationally, and the new exchange plans will launch single stock futures and index futures diversifying investment avenues, providing investors with hedging tools for effective risk management.

You can find out more about the derivatives market here.

The National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organisations Committee (“NAMLCFTC”) held its eighth meeting of 2021. It announced the adoption of a regulatory framework for virtual assets in the UAE and of guidelines for local authorities and public sector on procedures for implementing financial sanctions. The regulatory framework for virtual assets applies the Anti-Money Laundering (“AML”) and Counter-Terrorist Financing (“CTF”) standards set by the Central Bank of the UAE (“CBUAE”) in compliance with the Financial Action Task Force (“FATF”) recommendations and the framework will be overseen by the SCA.

During this meeting the NAMLCFTC adopted guidelines for local authorities and the public sector on targeted financial sanctions and approved a circular notice to supervisory authorities and the Executive Office for the Committee for Goods and Materials Subject to Import and Export Control (“CGMSIEC”) to raise awareness on the implementation of targeted financial sanctions.

In addition to this, the NAMLCFTC:

• approved the Sub-Committee for Technical Compliance’s proposed technical studies on the legislative framework for confiscation based on a non-conviction, as required by the national action plan
• adopted a national legislative framework with mechanisms for identifying and confiscating the proceeds of money-laundering crimes outside the UAE

The CBUAE issued guidance for licensed Financial Institutions (“FI’s”) to develop a better understanding of AML and CTF obligations including expectations for implementation.

FI’s are required to:

• develop well calibrated policies, controls and procedures based on the nature and size of their business
• actively involve senior management for the assessment and acknowledgement of AML and CTF risks and require senior management approval for any related policies and procedures
• establish indicators for suspicious transactions and activities and notify the Financial Intelligence Unit (“FIU”) using a report through the GoAML website without delay
• regularly screen databases and transactions for names published on the UN consolidated list and the UAE local terrorist list before entering into any business relationship
• establish training, screening and compliance frameworks commensurate to the risk of AML and CTF and operations
• ensure board oversight of AML and CTF matters
• assess and enhance transaction monitoring and sanction screening systems, based on their risk
• seek independent testing, validation and auditing

The guidance comes into effect on 13 September 2021 and can be read in full here.

The CBUAE has published a report, ‘Typologies in the Finance Sector’, which aims to identify and raise awareness of the emerging risks in the financial sector as observed by the Supervisory Authorities Sub-Committee, the ADGM, the DFSA, the FIU, and the Executive Office for Anti-Money Laundering and Countering the Financing of Terrorism. The report considers the most common risks to be:

• Money laundering and terrorist financing risks such as:
  • unlicensed money service operations
  • professional money laundering services
  • e-commerce front companies/ transaction laundering
  • virtual currencies for money laundering
  • money mule activity
  • increased and unexplained cross-border fund flows to high-risk jurisdictions during the COVID-19 pandemic
  • COVID-19 themed fundraising
  • online exploitation
  • forced labour
  • legitimate citizenship by investment schemes being used for illegitimate intentions, such as investing in a secondary passport to hide the proceeds of corruption

• Fraud risks such as:
  • corporate fraud from economic distress increasing susceptibility to financial crime
  • abuse of domestic trading schemes with related party companies
  • corporate fraud schemes
  • corporate fraud through the use of financial accounts
  • fake or inaccurate trade documents such as invoices
  • false claims for government stimulus schemes or aid programmes
  • fake fundraising campaigns, advance-fee scams, fraudsters using deception to solicit donations, investment, or other types of ‘good cause’ financial contribution
  • product scams
  • impersonation fraud
  • cryptocurrency

• Bribery and corruption risk such as:
  • outdated or unsuitable onboarding indicators
  • tick-box Know Your Client (“KYC”) approach
  • unsuitable transactional behaviour indicators

• Cyber risks such as:
  • online impersonations
  • brute force attacks
  • credit stuffing attacks (where the perpetrator submits troves of usernames and passwords into a login page to access an account)

The report provides an analysis of each risk and suggests effective methods of mitigation, identification and resolution for FI’s based on the emerging risks.

Firms are advised to:

• review the suitability of their AML and CTF framework in consideration of the report findings
• conduct risk-based due diligence and establish the purpose of the business relationship and proposed activities
• raise awareness about cyber security and highlight cyber risks to the board, regularly assess deficiencies in the IT infrastructure and make use of threat intelligence

The full report can be accessed here.

The CBUAE will host the ‘Future of Finance’ conference at Expo 2020. The conference will be held on 13–14 October and will be aligned to the Expo’s theme of ‘Connecting Minds and Creating the Future’. Featuring some key speakers, the conference will address the trends in the financial sector and will facilitate a knowledge-sharing session focusing on global challenges and opportunities in the financial industry. A panel will cover the effects of digital transformation, greening the financial system, cooperation between leading central banks on payments and digital currencies, and Islamic finance.

For further details of Expo 2020 events click here.

The Executive Office of Anti-Money Laundering and Counter Terrorism Financing (“EO”) held various workshops related to terrorist financing and financial sanctions and educated the financial services sectors on United Nations Security Council guidelines. The workshops focused on the roles and duties of the authorities and firms, as well as reporting obligations and was attended by Money Laundering Reporting Officers (“MLRO”)
In support of this initiative, the EO released a video on Targeted Financial Sanctions (“TFS”) that provides an overview on the objectives and relevant legal framework to assist in educating firms.

You can view the video here.

The Committee for Goods and Materials Subject to Import and Export Control (“CGMSIEC”) has updated the United Nations Security Council sanctions list. Twenty-nine entities have been removed concerning Iraq and one entity concerning ISIL Daesh and Al-Qaida. The local terrorism list has been updated to add thirty-nine individuals and fifteen entities.

The updated sanction list can be found here.

The FATF has reviewed various countries’ progress to address deficiencies identified in their AML and CTF measures, following the results of a mutual evaluation report.

• Iceland is compliant with 22 of the 40 recommendations, largely compliant with 16 and partially compliant with 2.
• Cambodia is compliant with 2 of the 40 recommendations, largely compliant with 26, partially compliant with 11 and non-compliant with 1.
• Pakistan is compliant with 8 of the recommendations, largely compliant with 27, partially compliant with 3 and non-compliant with 2.
• Mongolia is compliant with 8 of the recommendations, largely compliant with 30 and partially compliant with 2.
• Philippines is compliant with 8 of the recommendations, largely compliant with 27 and partially compliant with 5.
• Tonga is compliant with 1 of the recommendations, largely compliant with 7, partially compliant with 19 and non-compliant with 13.
• Chile is compliant with 12 of the recommendations, largely compliant with 18, partially compliant with 9 and 1 (reliance on third parties) has not been assessed.
• Benin is compliant with 8 of the recommendations, largely compliant with 13, partially compliant with 14 and non-compliant with 5.

You can read the full reports here.

The Basel Committee has released a newsletter on the threat of cyber security in the financial services sector. The newsletter highlights increased risks associated with remote working and digital banking, with malicious actors not only exploiting COVID-19 related weaknesses, but with a growing sophistication in their attacks.

Firms are reminded to:

• consider vendors, third-party providers, and other outsourcing arrangements and assess their weaknesses and the likelihood of the exploitation of such weaknesses
• review guidance papers such as ‘Principles for Sound Management of Operational Risk’ and ‘Principles for Operational Resilience’, both published in March 2021
• keep up to date with key regional trends on cyber security and promote education on cyber matters internally, including making cyber risk a Board level matter

You can read the full newsletter here. You can also read the ‘Principles for Sound Management of Operational Risk’ here and the ‘Principles for Operational Resilience’ here.

German neobank, N26, has been fined €4.25m by the German financial services regulator for weak anti-money laundering practices following a ruling in July. The German regulator BaFin found fifty examples of late filings of suspicious activity reports from 2019 and 2020 and has directed the firm to implement internal safeguards by rectifying the deficiencies in IT monitoring and customer due diligence.

Firms are reminded to:

• ensure employees have comprehensive training on the identification and reporting of suspicious activity and transactions to the MLRO
• ensure suspicious activity reports are submitted to the FIU in a timely manner.