DIFC and DFSA Latest Developments

On the 27th June 2019, the DFSA organised a session covering the Financial Action Task Force (FATF) MENA Mutual Evaluation/National Risk Assessment that would be taking place throughout July 2019 and provided some further guidance regarding the recently announced goAML system.

The session started with Bryan Stirewalt, Chief Executive of the DFSA, who explained that the FATF examiners were due to arrive over the weekend in order to start their evaluation on the United Arab Emirates. He explained that the UAE Government has already made major changes to ensure the risk of Anti Money Laundering (AML)/Counter Terrorist Financing (CTF) is effectively managed and that FATF would not only be assessing onshore firms, but also those firms based within the UAE free zones. Furthermore, the DFSA, like other regulators within the UAE, has been hard at work to ensure all regulatory frameworks have been updated accordingly. He also spoke about the recent change in reporting obligations in relation to Suspicious Activity Report (SAR)/Suspicious Transaction Report (STR) and the goAML system.

Other keynote speakers covered the National Risk Assessment (NRA) which has been significantly enhanced over the last 12 months. The key NRA points were:

  • Risks
  • Threats
  • Vulnerabilities

As well as FATF Recommendation 8, which looked at certain activities that would be deemed as low, medium, medium/high or high risk, the DFSA clarified that fraud and thirdparty funding should be deemed as high risk, but insider trading would be medium/high risk. Additionally, firms which are based in the free zones would have different vulnerabilities from firms which are situated onshore.

The session concluded with the DFSA providing an insight into the goAML system, which is now a centralised system used by all firms (regardless of if they are onshore or in a free zone) implemented in June 2019 to report any suspicious activity to the Central Bank, updating the previous procedure whereby firms would report through emailing the Central Banks AMLSCU. The DFSA explained that all applications are being reviewed manually and on a “first come first served basis”. However, they were quick to reiterate that any firms which are yet to be approved but need to submit an SAR/STR after the go live date, should contact the DFSA via the supervisory contact form and their application would be prioritised. The DFSA was vocal in explaining that all SAR/STR should only be submitted via the goAML system. Additionally, the DFSA provided guidance on email addresses and providing proof regarding approval from the DFSA to carry out the Compliance Officer (CO)/Money Laundering Reporting Officer (MLRO) function. 

The DFSA went on to explain that many goAML applications are being rejected due to firms not using a generic company email address. Firms should use a generic company email address and not one either for a specific person or personal email address.

Proof of approval from the DFSA regarding being authorised to carry out the CO/MLRO function should be the email which was sent by the DFSA upon being approved. If individuals do not have a copy, they should contact the DFSA via the supervisory contact form and request this information.  When submitting this information, it should be saved as a PDF with the DFSA headers/titles visible.      

The DFSA has placed a 12-month suspension on the licence of Rasan Capital Limited, a Category 4 firm who had the DFSA Financial Permissions:

  • Arranging Deals in Investments
  • Advising on Financial Products and Arranging Credit and
  • Advising on Credit permissions

The action was taken after serious concerns were brought to light regarding the firm’s inadequacy of financial resources, its non-compliance with DFSA rulebook requirements and its failure to keep the DFSA informed and notified of key matters.

The firm made the DFSA aware of a capital breach on 30th July 2018 and while it tried to rectify the breach, it remained under the necessary capital requirement. Rasan Capital Limited also did not provide the regulator with adequate updates and information regarding potential capital injections. The DFSA then took action to suspend the licence in order to protect direct and indirect users of the firm’s financial services.

Following the release of Consultation Paper No.124: Property Crowdfunding, the DFSA has implemented changes to the General (GEN), Conduct of Business (COB), Collective Investment Rules (CIR), Markets Rules (MKT) and Glossary rulebooks. The changes mean that Property Crowdfunding Platforms can now be operated from within the DIFC under a DFSA Licence to provide the financial service of “Operating a Property Investment Crowdfunding Platform”.

Some of the requirements unique to a Property Crowdfunding Operator include:

  • Risk warnings specific to the nature of investing in property via a crowdfunding platform
  • Rules regarding property characteristics for single residential properties, off-plan properties, and the condition of all properties
  • Due diligence regarding the valuation of the property
  • Conflicts of interest rule implementations
  • Disclosure requirements for those involved in Property Crowdfunding
  • Restrictions on the use of credit cards for Property Investment Crowdfunding Platforms

Firms interested in operating a Property Investment Crowdfunding should review the Consultation Paper and Rulebook amendments.


CCL provide advice to firms interested in Property Crowdfunding, if you would like to know more or have any questions, please contact Clare Curtis (CCurtis@cclcompliance.com)

The DIFC has released Consultation Paper No. 6 regarding proposed updates to its Data Protection Law. The proposed updates are in light of the recent European General Data Protection Regulation (GDPR) implementation.

The key proposals include:

  • Aligning the current law from being purely EU focused, based on the previous Directive 95/46/EC, to incorporate international data protection standards, including elements of the EU General Data Protection Regulation and the California Consumer Privacy Act
  • Expanding the compliance framework and safeguards to include principles of accountability, jurisdiction, data breach notification, prior consultation and data protection officer appointments
  • Providing clarity on consent and data subjects’ rights with respect to advanced technology developments
  • Revision of powers of the Commissioner of Data Protection, administrative requirements and sanctions/enforcement.

The proposed changes bring the DIFC in line with international best practice. The deadline for providing comments on the Consultation Paper is 18th August 2019.

ADGM and FSRA Latest Developments

The Abu Dhabi Global Market’s (ADGM) Financial Services Regulatory Authority (FSRA) has partnered with the Central Banks and Supervisors Network for Greening the Financial System (NGFS) to further implement sustainable financing in the UAE and Middle East North Africa (MENA) region. The NGFS is an international forum which brings together central banks and regulators to understand and manage financial risk and help direct finance in supporting sustainability.  The ADGM itself launched its own Sustainable Finance Agenda in order to integrate sustainability into its regulatory framework and will continue to support a sustainable finance ecosystem with the assistance of forums such as the NGFS.

Middle East Regulatory Updates

Wissam Fattouh, Secretary General of the Union of Arab Banks (an organisation which fosters cooperation between Arab Banks) has called for financial institutions within the MENA region to increase their own investment in Regulatory Technology (RegTech).

Mr Fattouh, who is also the chairman of the MENA Financial Crime Compliance Group, stated that Compliance Officers in the region have complex work due to the technology used in banking and financial operations and suggested that investing in RegTech will lighten the burden placed on compliance departments and reduce the risk of cyber and financial crime within companies.

International News

The Financial Action Task Force has released guidance on carrying out a risk-based approach to Virtual Assets and Virtual Asset Service Providers. This has been produced following FATF’s adopted changes to its Recommendations in October 2018 to include financial activities involving virtual assets. The guidance has been produced to assist understanding and help develop regulatory responses to virtual assets and virtual asset service providers.


The guidance addresses the following:

  • How do virtual assets activities and virtual asset service providers fall within the scope of the FATF Recommendations?
  • How should countries and competent authorities apply the FATF Recommendations in the context of virtual assets or virtual asset service providers?
  • How do the FATF Recommendations apply to virtual asset service providers, and other entities (including banks, securities broker-dealers) that engage in or provide virtual asset covered activities?

The guidance also allows regulators to view examples of national approaches to the regulating and supervising of virtual asset activities in order to prevent money laundering and terrorist financing.

The Global Financial Innovation Network (GFIN), a group established in 2018, has released its first-year report to discuss its activities, progress and plans for the future. GFIN is made up of thirty-three international financial regulators (including the DFSA and FSRA) and related organisations to provide efficient ways for FinTech firms to engage with regulators across the world.

The report covers what GFIN has achieved so far including its creation, its first consultation paper and its launch of the cross-border pilot sandbox.

The report also discusses the Network’s future plans including:

  • Formalising the approach for cross border testing based on the learning of the pilot programme
  • Plans to create cross jurisdictional tests and proof of concept regarding RegTech supervisory technologies or technologies that facilitate compliance for regulated firms
  • Further assistance in helping to define, shape and develop the respective regulatory markets approach to innovation

GFIN is expected to play a large role in FinTech and RegTech regulation globally and help provide quick and efficient development of financial and regulatory technological advances.

Enforcement Action

Two individuals, Fabiana Abdel-Malek and Walid Choucair have been sentenced to three years imprisonment relating to five insider dealing offences.

Ms Abdel-Malek was employed as a Senior Compliance Officer by UBS AG and used her position to identify insider information, which was then passed onto Walid Choucair who was an experienced day trader of financial securities. Choucair went on to profit £1.4 million from the trading regarding the acquisitions or potential acquisitions of five companies.

As Compliance Officer, Ms Abdel-Malek was trusted with access to UBS’s compliance system which held sensitive information about potential mergers and acquisitions that UBS was either pitching for or working on.

Choucair would then use the information supplied by Abdel Malek to buy shares in anticipation of a press article or company announcement and then profit from selling said shares once the press article or announcement had caused the price to rise. Choucair dealt in Contracts for Difference (CFDs) through an account held in the name of a company incorporated in the British Virgin Islands with a trading address in Switzerland.

Furthermore, the two individuals also made several attempts to conceal their activity by using unregistered phones and SIM cards to communicate.

The United Kingdom’s Financial Conduct Authority (FCA) has fined the Bank of Scotland £45,500,000 for failures to disclose information about its suspicions that fraud may have occurred at its Impaired Assets (IAR) team in one of its divisions. The bank failed to alert the FCA and the police about its suspicions when they were first discovered. 

The bank first identified suspicious conduct in 2007 whereby the Director of the team had been sanctioning limits and additional lending facilities beyond the scope of his authority, which the bank then knew would result in substantial losses to the firm. The bank then spent an additional two years failing to properly understand the impact and significance of the information it had found, and it was not until 2009 that the then FSA was told. An investigation by police in 2017 resulted in six individuals being sentenced for their part.  

The regulator stressed the importance of alerting the regulator and the police at the as soon as any suspicions are made, as the impact would have been lessened and the misconduct would have been halted much earlier.

The Norwegian Regulator, the Financial Supervisory Authority (FSA) has ordered Santander to pay a fine of nine million crowns ($1 million) for violations of the country’s anti-money laundering laws.

A failure in the bank’s electronic monitoring system meant that some 1.6 million transactions were not controlled for money laundering, affecting 300,000 customers. Once the problem had been discovered and solved, the bank backchecked all the transactions and did not think any should be raised to the police.

The violation itself was enough for the FSA to decide to issue the bank with the fine. Santander Bank was said to have been fully cooperative throughout the investigation.

Share this