DIFC and DFSA Latest Developments

The Dubai Financial Services Authority (DFSA) Board has amended the AML rulebook to make various amendments to update or correct references that are no longer correct due to new Federal AML legislation.

Within the AML Module firms should note the following changes and update their AML related policies where necessary:

  • Where “money laundering” is defined, this no longer includes terrorist financing and the financing of unlawful organisations but the financing of illegal organisations. This wording has changed throughout when regarding illegal organisations.
  • All references to the “Federal Law No.4 of 2002 on Combating Money Laundering and Terrorist Financing” should be replaced with “Federal Law 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations”
  • It should be made clear that the AML Module should be read in conjunction with other relevant UAE legislation and that this is particularly relevant when considering the list of persons and terrorist organisations issues under Cabinet Decision No.20 of 2019.
  • All references to the Financial Intelligence Department (FID) should be updated to the Financial Intelligence Unit of the UAE (FIU).
  • The DFSA has added wording to reference the National Risk Assessment into their Business Risk Assessment. The wording added specifically notes “Under Article 4 of Cabinet Decision No.10 of 2019, in assessing its money laundering risks and taking steps to mitigate those risks, a Relevant Person is required to take into consideration the results of the National Risk Assessment prepared by the National Anti-Money Laundering and Combating Financing of Terrorism Committee (NAMLCFTC)”.
  • Further Guidance has been added on fictitious and anonymous accounts.
  • Firms should note that under Federal AML legislation, if the customer is a legal person, the Relevant Person must identify any person who, alone or jointly with other persons, has a controlling ownership interest of 25% or more in the legal person.
  • Firms should also be aware that under Cabinet Decision No.20 of 2019, there is an obligation to check on a daily basis the sanctions lists issued by the United Nations Security Council (UNSC).
  • Firms should update their policies and procedures regarding suspicious activity reports and tipping off guidance where by as per the Article 10 (2) of the Federal Decree Law No. 20 of 2018, Law Enforcement Authorities shall be responsible for receiving and following up on suspicious transactions reports received from the FIU and gathering related evidence. 

Firms should refer to the published amendments for further detailed changes to the rulebook.

The DFSA issued a number of letters to authorised firms during June and July 2019. A summary of these letters can be found below.

1.2.1 GoAML Application

Following the ‘Dear SEO’ Letter dated 17 June 2019 regarding the introduction of the new GoAML system, the DFSA issued another communication dated 26th June 2019 regarding the go live plan for the new GoAML reporting system.

The new application replaces the Financial Intelligence Unit Suspicious Transaction Reports (STR) system that authorised firms previously used when submitting STRs (referred by the DFSA as Suspicious Activity Reports (SARs).

Although the DFSA did not set a deadline for registering on the GoAML system, they have stated that registration is mandatory and as of the 27 June 2019 all reporting entities will have to submit SARs electronically via the GoAML portal. The Financial Intelligence Unit (FIU) will cease to accept any SARs submitted by email or the Online STR System as of 27 June 2019.

Registration to the GoAML application is a two-step process, and step-by-step instruction guidelines have been provided to assist with the process. Any firms who have not yet registered, should make this a priority.

The benefits to end-users include:

  • facilitation of the management of the reporting entities’ registration information;
  • the introduction of a single and standardised reporting format for all reporting types;
  • simplification of failed reporting, requiring the user to only re-submit the remediated failed report; and
  • giving the user the ability to communicate with the FIU through the ‘Message Board’ function.

1.2.2 Cyber Risk Thematic Review

A letter to all SEOs of Authorised Firms regarding a Cyber Risk Thematic Review was issued by the DFSA on the 2nd July 2019.

The purpose of the letter was to inform firms that the DFSA will be carrying out a review of cyber security practices. The review will assess IT/cyber risk governance frameworks, IT/cyber hygiene practices, and resilience programs.  

The review will be conducted in two phases which all firms should be aware of. Following the completion of these the DFSA will notify all firms of their findings.

Phase one of the review included all authorised firms being asked to complete a questionnaire via the DFSA ePortal. The multiple-choice questionnaire sought to obtain a high-level overview of each firms’ cyber security practices. Firms were asked to complete the questionnaire by 25 July 2019.

Phase two will apply to a smaller group of firms, who will be notified of their involvement in advance. This stage will consist of desk-based reviews and onsite visits, including staff interviews and documentation reviews. 

1.2.3 UAE National Risk Assessment Update

A second letter relating to the UAE National Risk Assessment (NRA) was issued by the DFSA to the SEOs of all Authorised Firms on the 2nd July 2019. Following the issue of the NRA brief in April 2019, the updated version of the NRA on Money Laundering and Terrorist Financing has now been released, providing a more detailed look at the outcome of the assessment.

The NRA allows countries to identify, assess and understand its Money Laundering threats, Terrorist Financing threats, sectoral vulnerabilities, national vulnerabilities.

Firms are expected to consider the findings of the updated NRA 2019 as part of their Business AML Risk Assessments going forward and to make appropriate updates applicable to their business activities where necessary. 

1.2.4 United Nations Security Council Amend Sanction List

On the 2nd July 2019, the DFSA sent all Money Laundering Reporting Officers (MLROs) of authorised firms four letters regarding changes made to the United Nations Security Council Assets Freeze and Sanctions List.

  • The first letter informed firms of the United Nations Security Council’s approval to add five Malian individuals to its Sanctions List.
  • The second informed firms of the approval to remove thirteen Iraqi entities from the Assets Freeze List.
  • The third letter informed firms of the amendments made to the current information held on a South Sudanese sanctioned individual.
  • The fourth letter informed firms of the removal of seventeen Iraqi individuals and/or entities from its List of Individuals and Entities subject to its assets freeze.

An updated version of the consolidated list can be found on the UN Security Council website and firms are required to update the records they hold following each notification in relation to sanctions.

The DFSA has released its 2018 Annual Report showing another year of achievements for the DFSA and the success and continued growth of the Dubai International Financial Centre (DIFC).

The report highlights the key achievements and areas of focus over the past year for the DFSA. This includes the emergence of financial technology (FinTech), which the DFSA say will remain a top priority. The DFSA’s focus includes facilitating advancement of new technologies in the firms who are becoming regulated while ensuring that risks posed by new technology do not affect the achievement of the regulatory objectives.

2018 also saw the expansion of the Innovation Testing Licence (ITL) programme, with two new cohorts being announced. These provided pre-selected FinTech firms with the ability to develop and test new technologies. This saw a number of financial services firms graduate from the ITL programme to full financial services licence. Due to the success of regulatory sandboxes such as this, it is likely that we will see more in the future.

CCL assisted the first ITL applicants in obtaining their full DFSA regulatory licences in 2018 and are one of the few consultancy firms with real experience in this emerging area. Further details can be found by clicking here.

Looking to 2019 the report mentions a number of other projects which are in progress.

Under the overall heading of ‘FinTech’ the DFSA are considering their approach to the regulation of digital assets (including crypto-currencies and tokenised securities), including looking at the trading, storage, and marketing of these instruments. On this topic, consideration is being given to proposals to regulate the provision of money services, including payments, which has previously not been permitted in the DIFC. The DFSA are also reviewing its current rules for the marketing and provision of highly leveraged products to retail clients as well as the regime for the holding and controlling of client assets, to ensure that the regime continues to require the appropriate degree of protection for clients.

The DFSA have published Consultation Paper No.126 relating to the DFSA Decision Making Processes. The reason for the issue of this paper is:

  • to inform firms of the proposals to enhance the DFSA’s decision making processes in light of experience gained in recent years, particularly in enforcement matters and to receive useful feedback from firms on those proposals;
  • to ensure that the proposals lead to decisions being taken in a more efficient and timelier way and publicised in a more appropriate manner.

The DFSA believes that it is important that firms are made aware when they take action in a matter, what action has been taken, who is involved, and to know these things in a timely manner and as intended to enable the DFSA to deliver appropriate outcomes in regulatory matters more efficiently and with earlier transparency.

Firms are encouraged to provide comments, together with responses to the eight questions by 6th September 2019. Following the public consultation, the DFSA will proceed to make the relevant changes, amended as appropriate to reflect points raised in the consultation.

The DFSA has fined Abraaj Investment Management Limited (AIML) $299,300,000 and Abraaj Capital Limited (ACLD) $15,275,925 for carrying out unauthorised activity out of the DIFC and misusing investor monies.

AIML, a Cayman Islands company and ACLD, a DIFC incorporated company had both been found to breach regulation.

AIML was found to have:

  • carried out unauthorised financial services, including fund management, within and from the DIFC;
  • actively misled and deceived investors in Abraaj funds over an extended period;
  • misused investors’ monies in various funds to meet its own operating and other expenses, which included payments to entities connected to some members of AIML staff, and to meet ever-increasing cash shortfalls; and
  • concealed this by providing misleading financial information to investors and making false statements about the use of money drawn down from investors and distributions.

ACLD was found to have:

  • failed to maintain adequate capital resources;
  • deceived the DFSA about its compliance with various rules, including capital adequacy requirements; and
  • was knowingly concerned in AIML’s unauthorised financial services activities.

ACLD also breached the Regulatory Law as it:

  • failed to observe minimum standards of integrity and fair dealing;
  • failed to ensure its affairs were managed effectively and responsibly; and
  • failed to deal with the DFSA in an open and cooperative manner.

The fines were the largest financial penalties ever imposed by the DFSA.

Following the evaluation of a number of applications to join the 2019 Summer Innovation Testing Licence Cohort, the DFSA accepted four FinTech firms to apply for an ITL; with the first batch of licences expected to be issued in October 2019.

The DFSA ITL programme enables the successful firms to test FinTech solutions in and from the DIFC and provides them with temporary flexibility to test and develop concepts within a restricted regulatory environment.

The concepts being tested include equity crowdfunding with tokenisation of the equities, the operation of a blockchain-enabled property crowdfunding platform, and the facilitation of blockchain-enabled supply chain financing.

The DFSA offers two cohorts each year for firms who express interest in the ITL programme. The next opportunity to apply will be in November 2019.

CCL assisted the first ITL applicants in obtaining their full DFSA regulatory licences in 2018 and are one of the few consultancy firms with real experience in this emerging area. Further details can be found by clicking here.

The DFSA has announced that it is now a member of the Network for Greening the Financial System (NGFS), which is open to Central Banks and Supervisors; becoming one of the first regulatory authorities in the Middle East and North Africa (MENA) region to join the NGFS.

The purpose of the NGFS is to exchange experiences, share best practices, contribute to the development of environment and climate risk management in the financial sector, and to mobilise mainstream finance to support the transition toward a sustainable economy.

Four new licencing categories have been introduced as part of the new Operating Law and Regulations. The new categories each come with reduced licence fees and increased flexibility, which will allow more firms to conduct business from the Centre.

 The new categories include:

  • Short-term Licences - intended for retail and non-financial entities who would be able to operate their business within the DIFC with flexible rates over shorter time frames.
  • Restricted Licences - for firms interested in developing or testing new or innovative products and services in the DIFC.
  • Commercial Permissions - a licence for event companies, retail outlets, training providers or educational services to conduct their main business activities within DIFC at a special rate.
  • Dual Licences - for Dubai’s Department of Economic Development licensed non-financial and non-retail firms to operate from the financial services free zone.

The new licences and fees introduced under DIFC’s Operating Law and Regulations are a first of its kind in the region and aim to nurture DIFC businesses to grow, whilst also encouraging a more diversified portfolio of businesses to establish in the DIFC.

ADGM and FSRA Latest Developments

In July 2019, the Abu Dhabi Global Market (ADGM) issued a letter to authorised firms regarding the UN Security Council Committee Resolution 2374 (2017), concerning Malian individuals.

Five new entries have been added to the sanctions list of individuals. An updated version of the consolidated list can be found on the UN Security Council website.

During the state visit by the Abu Dhabi State Leader, His Highness Sheikh Mohammed bin Zayed Al Nahyan and his Ministerial delegation to the People’s Republic of China, the ADGM announced key collaborations and ties with strategic Chinese institutions.

The new partnerships and agreements are with the National Development and Reform Commission (NDRC), China National Nuclear Corporation (CNNC), and China Everbright Group. The ADGM also announced a new agreement has been entered into with OneConnect Financial Technology to foster greater cross-border FinTech opportunities.

Through these collaborations the ADGM demonstrates its commitment in reinforcing the positive China-UAE economic ties and supporting mutually sustainable projects between the two countries.

The Financial Services Regulatory Authority (FSRA) has issued its regulatory framework for Digital Investment Managers (also known as ‘robo-advisors’), operating in ADGM.

Digital Investment Managers use algorithm-based tools and technology to assist in providing investment management services, to enable them to interact with more technically able clients.

The benefits of such technology include:

  • the availability of more cost-effective investment management services
  • investment management services that are more scalable
  • the promotion of financial inclusion
  • a wider range of options being available to retail client investors in the Middle East and Africa region

The guidance states that the FSRA will permit Digital Investment Managers to hold a lesser amount of prudential capital should they meet the criteria and requirements. By issuing this guidance the ADGM aims to make it easier for digital investment businesses to operate in ADGM.

The FSRA’s requirements, with respect to algorithm governance, are closely aligned with international best practices. These include requirements for:

  • ensuring that the algorithm model is not affected by possible behavioural biases;
  • human oversight of the design, performance and security of the algorithm model;
  • ensuring the outcomes produced by the algorithm model are explainable, traceable and repeatable; and
  • adequate safeguards to be in place to protect the integrity of the algorithm model.
Middle East Regulatory Updates

Following the enactment of the UAE Federal Law No. 19 of 2018 on Foreign Direct Investment (FDI), the UAE Cabinet has announced the approval of specified activities and sectors that will be eligible for up to 100% foreign ownership.

In total, 122 economic activities across thirteen sectors have been confirmed as eligible for FDI. The UAE Cabinet has also confirmed that it will give the decision to the local emirate governments to decide on the percentage of foreign ownership for each sector and activity.

These sectors include:

  • Healthcare;
  • Agriculture;
  • Construction
  • Space;
  • Manufacturing industry;
  • Administrative and support services;
  • Hospitality and food services;
  • Information and communication;
  • Professional, scientific and technical activities;
  • Educational activities;
  • Transport and storage;
  • Art and entertainment; and
  • Renewable energy.

The move is expected to considerably increase the level of FDI in the UAE and cement the role of the UAE as a global business hub for foreign investments.

International News

The UK’s financial services regulator, the Financial Conduct Authority (FCA) has issued proposed guidance to firms regarding the fair treatment of vulnerable customers in the Guidance Consultation Paper GC19/3.

The guidance provides the FCA’s view of the FCA Principles required of firms to ensure that vulnerable consumers are treated fairly across financial services sectors. 

Topics covered include:

  • Understanding the needs of vulnerable consumers.
  • Ensuring staff have the skills and capabilities needed.
  • Translating that understanding into taking practical action.

Firms should consider how the guidance applies to their business, ensuring that they understand and protect the needs of vulnerable customers. It provides options for ways in which firms can comply with the principles depending on the specific context of the firm, including, firm size, the markets it operates in and the characteristics of its customers.

The FCA are seeking comments from firms by 4 October 2019.

Delegates celebrated the 30th Anniversary of the Financial Action Task Force (FATF) in Orlando on 19-21 June 2019.

Areas covered in the meeting included:

  1. Major Strategic Initiatives
  • Mitigating risks from virtual asset activities, including a public statement and a risk-approach guidance on virtual assets and virtual asset service providers.
  • Launching a Strategic Review to analyse the progress made on effective implementation of AML/CFT measures, review the FATF/FSRB assessment processes, and identify drivers of positive change.
  • FATF’s current action to combat terrorist financing, including a statement on FATF Actions to identify ISIL, Al-Qaeda and Affiliates Financing and the adoption of guidance for jurisdictions on assessing terrorist financing risk.
  • FATF’s efforts to strengthen its standards on Countering the Financing of Proliferation
  1. Mutual Evaluations and Follow-Up Reviews, and Compliance
  • Discussion of the mutual evaluation reports of Greece and Hong Kong, China
  • Discussion of follow-up reports for the mutual evaluation of Iceland, in which the country achieved technical compliance re-ratings
  • Issuing a statement on Brazil’s progress in addressing the deficiencies identified in its mutual evaluation report
  • Identifying jurisdictions with strategic anti-money laundering and countering the financing of terrorism (AML/CFT) deficiencies:
  • Jurisdiction no longer subject to monitoring: Serbia
  • New jurisdiction subject to monitoring: Panama
  • Monitoring Iran’s actions to address deficiencies in its AML/CFT system
  1. Other Initiatives
  • Adoption of a report to the G20 Leaders
  • Approval of three Risk-Based Approach Guidance papers:
  • Lawyers
  • Accountants
  • Trust and Company Service Providers (TCSPs)
  1. Welcoming the Kingdom of Saudi Arabia as a new member to the FATF
  2. Discussion of the FATF priorities under the Chinese Presidency

The FATF has published guidance which aims to assist those in lower capacity countries, in assessing terrorist financing risk. The guidance provides good approaches, information sources and practical examples based on country experience.

The FATF recognise that there is not a one size fits all approach, and following on from the 2013 FATF guidance, the report draws on inputs from over 35 jurisdictions from across the FATF Global Network on their extensive experience and lessons learned in assessing terrorist financing risk, so that consideration is given to different country contexts.

The guidance contains information on:

  • Areas for further focus going forward, as well as good approaches for maintaining an up-to-date assessment of risk.
  • Key considerations when determining the relevant scope and governance of a terrorist financing risk assessment.
  • Practical examples to overcome information sharing challenges related to terrorism and its financing.
  • Information sources when identifying cross-border terrorist financing risks, including those within the banking and money or value transfer sectors, and relevant non-profit organisations, who fall within the scope of the FATF definition.
  • Examples of information sources when identifying terrorist financing threats and vulnerabilities, and considerations for specific country contexts

A $500,000 award has been presented to an overseas whistleblower, whose notification assisted in bringing successful enforcement action against the guilty party.

The U.S. Securities and Exchange Commission (SEC) also confirmed that they have awarded approximately $385 million to 65 individuals since 2012. All monies paid out to whistleblowers are raised through monetary sanctions paid to the SEC by securities law violators.

More than $2 billion in monetary sanctions have been ordered against wrongdoers based on actionable information received by whistleblowers; which shows the importance of whistleblowers coming forward.

Whistleblowers may be eligible for an award of between 10 and 30 percent of the sanctioned money, if it exceeds $1 million. Whistleblowers must voluntarily provide the SEC with original, timely, and credible information that leads to a successful enforcement action in order to receive the award.

The confidentiality of whistleblowers is protected by the SEC, no information is disclosed that could reveal a whistleblower’s identity.

Financial Crime

A New Jersey portfolio manager and trader, Swapnil Rege, has been charged with mispricing private fund investments. Rege overvalued fund assets for his own personal gain and then tried to cover up the act he had committed; he has neither admitted or denied his involvement in the offence. 

During the period June 2016 to April 2017, Rege who was employed by the fund's adviser manipulated the inputs he used to value interest rate swaps and swap options to falsely create the impression that his investments for the fund were profitable. The SEC's order finds that Rege's conduct artificially inflated the fund's reported returns and caused the fund to pay too much in fees.

Rege took steps to conceal his mispricing from the fund's adviser and took a large personal bonus of $600,000. The fund’s adviser has since fired Rege, closed the fund, and returned the excess management fees to the fund.

The SEC's order found that, based on the above conduct, Rege aided and abetted and caused the adviser's violations of the anti-fraud provisions and the Investment Advisers Act. Rege agreed to a cease-and-desist order, an associational bar and investment company prohibition with a right to apply for re-entry after three years, repayment of ill-gotten gains of $600,000 plus prejudgment interest, and a civil penalty of $100,000.

It has since been found that Rege also violated the Commodity Exchange Act, the Commodity Futures Trading Commission (CFTC) therefore also entered a consent order against Rege. The CFTC has imposed a trading ban for a period of at least three years and an additional penalty of $100,000.

Enforcement Action

The FCA has found that Standard Life Assurance Limited (SLAL) has failed to put in place adequate monitoring controls. This is specifically in relation to monitoring the quality of the calls between its call handlers and non-advised customers, when purchasing annuity contracts.

SLAL also offered its front-line staff large financial incentives to sell annuities, which in turn encouraged them to place their own financial interests ahead of their customers. The financial incentives meant that during the period of misconduct, nearly 22% of call handlers received more than 100% of their basic salary in bonus payments This created a significant conflict of interest leading to unfair outcomes for some customers.

In 2017, SLAL voluntarily agreed to conduct a past business review to identify and pay redress to those customers who were likely to have suffered, or did suffer, loss as a result of its failures. As of May 2019, SLAL had paid approximately £25.3 million to 15,302 customers; the review is due to be completed by the end of this year.

The firm agreed to accept the FCA’s findings which meant that it qualified for a 30% discount of the financial penalty, rather than paying the full £43,989,300.

Share this