DIFC and DFSA Latest Developments

The DFSA has released a consultation paper on Employee Money Purchase Schemes (EMP Schemes) which forms part of a number of changes proposed to the DIFC Employment Law employees’ end of service gratuity benefits scheme.

The proposals include the introduction of two new financial services relating to the EMP Schemes:

  1. Operating an EMP Scheme
  2. Acting as the administrator of an EMP Scheme

Operating an EMP Scheme

Under the new rules a person operating an EMP Scheme (the operator) has the overall responsibility for the proper operation and management of the scheme, including the design of the investment choice offered to members of the scheme.

Acting as the administrator of an EMP Scheme

The proposed role for an administrator of an EMP Scheme covers a range of core activities that are essential for the operation and administration of such schemes.

These encompass:

  1. technical operational functions relating to the scheme (e.g. processing and administering employer contributions and the payment of member benefits)
  2. providing member communications (e.g. information about investment choices available to members and scheme information) and support services (complaints and inquiries handling)
  3. operating an investment platform on which investment choice is offered to members
  4. reporting (including regulatory reporting)  

An administrator’s licence will be a composite licence that covers other financial services with which it overlaps and removes the need for additional authorisation for such other financial services.

The proposed changes will trigger amendments to the GEN, COB, GLO, PIB, FER and CIR modules.

The proposed changes will be of interest to employees of DIFC companies, DIFC employers, persons who expect to conduct the proposed new permissions, persons who expect to provide other financial services in respect of an EMP Scheme and persons in or outside the DIFC who operate schemes that are money purchase schemes.


The DFSA has opened its application process for firms to join the DFSA Regulatory Sandbox, which invites firms to apply for the Innovation Testing Licence (ITL). Firms with FinTech/technology driven models which are interested in joining the programme must provide a clear explanation of their planned business model and the proposed innovative product or service.

Since the beginning of the ITL programme in 2017, 20 companies have been accepted into the cohort process. These firms include digital Sukuk issuances, tokenised securities and debt offerings, and the use of AI in credit analysis.

The application for the winter cohort is open between the 1st and 30th November 2019. Successful applicants will be announced on 16th December 2019.

An individual against whom the DFSA took enforcement action in July 2019 has referred their decision to the Financial Markets Tribunal (FMT) for review. Dr Mubashir Sheikh was deemed in breach by the DFSA for:

  • demonstrating a lack of integrity by acting dishonestly and deceptively
  • providing false, misleading or deceptive information to the DFSA
  • causing MAS ClearSight Ltd (MAS) to breach the DFSA’s prudential rules

The DFSA’s actions against Dr Sheikh included a restitution direction and a fine, as well as restricting and prohibiting him from performing certain functions in or from the DIFC.

Dr Sheikh disputed the findings and has referred the action to the FMT, and this will now be confirmed, varied or overturned as a result of the FMT’s review.

ADGM and FSRA Latest Developments

The Financial Crime Prevention Unit (FCPU) of the Abu Dhabi Global Market (ADGM) held an outreach session on 14th October 2019, making this the third outreach session of 2019. An impressive number of people attended the event, including SEOs, compliance officers and money laundering reporting officers.

The purpose of the session was to provide an update on the National Risk Assessment (NRA), Sanction Monitoring and Obligations Under UAE Cabinet Resolution No.20 of 2019, the GoAML System and the Thematic Review.

Aside from these topics, it was also mentioned that the Financial Action Task Force (FATF) report is expected to be released in March or April 2020. In regard to this, the FCPU said that they intend to roll out projects next year aimed at Designated Non-Financial Business or Profession (DNFBP) as they seem to be less familiar with the requirements than financial institutions (FI).

The FCPU team provided the following information:

National Risk Assessment

The objectives of the NRA include:

  • Identifying vulnerabilities, threats and risks within the UAE
  • A tool for policy makers
  • Providing a clear idea of the risk scale

The UAE authorities identified the threats of 21 predicate crimes e.g. fraud, trafficking in narcotic drugs, professional third-party money laundering and rated them low to high, divided by those relevant to onshore and those relevant to free zones.

The authorities also identified Money Laundering (ML) and Terrorist Finance (TF) vulnerabilities, based on predefined rating criteria:

  • Inherent characteristics
  • Nature of products and services
  • Nature of clientele
  • Geographic search
  • Nature of delivery

The UAE NRA began in 2016 and took around two years to complete. The outcome of the NRA assisted in preparing the country for the mutual evaluation.

The expectations of ADGM entities were made clear:

  1. Understand your inherent ML/TF risks
  2. Apply the most effective measures to address your business risks
  3. Review and update your manuals to be aligned with the NRA report


Sanction Monitoring and Obligations Under UAE Cabinet Resolution No 20 of 2019

Several resolutions have been issued recently of which firms should be aware:

  • Resolution No.18 of 2017
  • Resolution No.28 of 2017
  • Resolution No.45 of 2017
  • Resolution No.53 of 2017
  • Resolution No.24 of 2018
  • Resolution No.50 of 2018
  • Resolution No.20 of 2019

It is a requirement to check the sanctions list on a daily basis to see if there are any matches and it was highlighted that it is equally important to have systems in place to identify when someone is removed from the list.

Firms that are due to have a supervisory visit should expect that supervisors will be checking how they have complied with the requirements. All firms need to look at how they are sanctions checking individuals to ensure that they are doing this in the most effective way.

The FCPU urges firms who do not have systems in place, to act immediately, as the consequences of getting it wrong will be severe and costly.


There has been a positive response from FI’s, with only 7 of 62 firms in total not registered at the pre-registration stage and 11 of 62 firms in total not being registered at the GoAML registration stage.

However, there has been a rather poor response from DNFBPs who need to take action. 39 of 112 firms have not yet signed up for pre-registration and 57 of 112 firms have still not registered at the GoAML registration stage.

Thematic Review

The FSRA issued a Dear SEO letter on 29th September 2019 following the review conducted in March and April 2019 which focused on preventing and detecting the acts of ML, TF and the financing of weapons of mass destruction. All firms should be aware of this letter and ensure that they are adhering to good practice.

42 firms were assessed anonymously as part of a desk-based review and 9 of them received onsite visits.

The letter contained the findings of the review which assessed:

  • Application of the Risk-Based Approach (RBA)
  • Customer Due Diligence (CDD)
  • Sanctions monitoring

Examples of the failings found were as follows:

  • Business risk assessments not sufficiently detailed to provide any meaningful assistance in formulating a robust AML Framework, comprising appropriate systems and controls
  • Failure to conduct ongoing CDD
  • Firms were unable to specify the type of CDD undertaken as well as well as the frequency of conducting ongoing CDD for customers commensurate with their customer risk rating
  • Firms were unable to show that they had screened customers against the relevant UAE sanctions list when updated and thereafter on a periodic basis.

The annex to the letter contains good practice and areas for improvement.

Firms’ policies should take into account the findings of the NRA and should be updated in line with relevant cabinet resolutions.

A similar review is expected to be carried out on DFNBPs in 2020.



The ADGM has proposed miscellaneous amendments to the FSRA Regulations and Rules as part of its review to maintain and update the framework that reflects international best practice.

The key amendments are related to the FSMR, COBS, FUNDS and AML rulebooks and relate to a number of typographical or inadvertent errors such as missing definitions. Other amendments provide greater clarity to the framework.

Firms are encouraged to review the amendments.

The FSRA has issued guidance on the development and use of Application Programming Interfaces (APIs) in the ADGM.

APIs are interfaces that provide a set of routines, protocols and tools for building software applications and specifically how software components should interact. The ADGM encourages financial service firms to adopt and promote the use of standardised and trusted APIs in order to “create the means to adapt and update in the context of an increasingly complex and changing business environment, and the rapidly evolving needs of customers.”

The guidance provides an overview of the fundamental elements, standards and considerations that the FSRA deems necessary in providing safe and robust APIs. This guidance should not restrict the use of APIs; rather, it is there to promote standardised approaches to building and providing APIs, which will be promoted in the ADGM Digital Sandbox.

The high-level objectives of the API guidance are to promote:

  1. Interoperability - to promote the adoption of globally recognised and accepted standards, to ensure the sustainable growth of the digital economy, interoperability across sectors and connectivity to global markets
  2. Security & trust – to promote the use of internationally recognised security and governance practices in order to safeguard consumers and the financial services market.
  3. Innovation - to drive and encourage a culture of innovation and competitiveness.
  4. Collaboration - to advance and foster collaboration amongst the financial services and technology ecosystems.

The FSRA has provided guidance on the types of APIs, regulatory requirements, anti-money laundering and data protection considerations as well as third party outsourcing, API requirements, design and API documentation, security and API governance.

Firms who use and develop APIs in their FinTech solutions should read and consider this guidance in the development of their systems and controls.

The ADGM has issued new Employment Regulations 2019 (Regulations) and their Compensation Awards and Limits Rules 2019 (Rules) which will replace the previous legislation.

Key changes include:

  • New overtime provisions for employees
  • Aligning certain employees’ entitlements with those on shore (including repatriation flight tickets and sick leave)
  • Changes allowing employers and employees more flexibility in negotiating notice periods
  • Introducing protective provisions for young people aged between 15 and 18 years
  • Introducing a discretionary power to the ADGM courts to impose penalties on employers for failure to pay employees’ entitlements due on termination

The new rules will come into force on 1st January 2020.

Middle East Regulatory Updates

The Emirates Securities and Commodities Authority (SCA) has released draft regulations concerning crypto assets and the regulation of these assets under the UAE’s onshore regulator. The SCA stated that “Crypto asset regulations lay down standards and requirements for a wide range of market participants like issuers of securities, investors including qualified investors, custodians, crypto trading platforms, brokers and promoters engaged in [the] crypto asset industry”.

The regulations encompass token issuance requirements, trading and safekeeping practice as well as financial crime prevention measures, information security controls and technology governance norms.

The draft regulations and consultation which can be found on the SCA website has asked for feedback from investors, brokers, financial analysts, researchers, media personnel and other relevant parties to help it finalise the wording of the new guidelines.

Once the regulations are implemented it will be possible for market participants to request guidance on specific token issuance and regulatory requirements.

International News

FATF has released draft guidance clarifying how digital identity (digital ID) systems can be used for customer due diligence (CDD).

Key features that make up the guidance include digital ID terminology, FATF standards on CDD, benefits and risks of digital ID systems for AML/CFT compliance and related issues, and assessment of whether digital ID systems are both reliable and independent, in line with a risk based approach to CDD.

FATF has produced clear recommendations for:

  • authorities in allowing the use of digital ID systems
  • regulated entities when relying on digital ID systems
  • digital Information Systems service providers.

The guidance is intended to assist governments, financial institutions and other relevant entities in applying a risk-based approach to the use of digital ID for CDD.

FATF is welcoming feedback on the guidance which can be found on its website and will make further amendments at its February 2020 meetings.

FATF, following mutual evaluations, has indicated that jurisdictions are finding it challenging to achieve a satisfactory level of transparency regarding the beneficial ownership of legal persons.

The aim of the guidance is to help firms identify the beneficial owner(s) behind legal persons such as companies and foundations.

The main challenges that FATF has found for those trying to find the beneficial owners behind legal persons are as follows:

  • Inadequate risk assessment of possible misuse of legal persons for money laundering and terrorist financing
  • Inadequate measures to ensure information on beneficial ownership is accurate and up to date
  • Inadequate mechanisms to ensure competent authorities have timely access to beneficial ownership information.
  • Insufficient measures to address the money laundering and terrorist financing risks of bearer shares and nominee shareholder arrangements.
  • Lack of effective, proportionate and dissuasive sanctions on companies which failed to provide accurate and up to date information on beneficial ownership.
  • Inadequate mechanisms for monitoring the quality of assistance received from other countries.

FATF refers to its Recommendation 24 throughout the guidance which is that “Countries should ensure that there is adequate, accurate and timely information on the beneficial ownership and control of legal persons that can be obtained or accessed in a timely fashion by competent authorities”.

Under this recommendation countries are allowed to choose one or more mechanism to ensure the transparency of beneficial ownership:

  • The Registry Approach
    • This approach requires company registries to obtain and hold up to date information on beneficial ownership.
  • The Company Approach
    • Countries should require companies themselves to obtain and hold up-to-date information on beneficial ownership by maintaining a list of shareholders or members and keeping it up to date.
  • Existing Information Approach
    • Countries using existing information collected on the beneficial ownership of corporate entities to identify beneficial owner. Possible sources of information include company registries and other types of registries (such as, land, motor vehicle and moveable property registries), financial institutions and DNFBPs, other authorities (such as supervisors or tax authorities, information held by stock exchanges, and commercial databases).

FATF has suggested that jurisdictions should use a multi-pronged approach because during mutual evaluations it has been found that using a single approach is less effective in making sure that the competent authority can obtain accurate and up to date Beneficial Ownership information. FATF also recommends that each stakeholder has roles and responsibilities that implement this multi-pronged approach effectively. This provides a defence for every key stakeholder such as, verification and monitoring of information, carrying out CDD, identifying suspicious patterns and trends on beneficial ownership, reporting suspicious cases and taking enforcement action.

The key stakeholders therefore include the company itself, company registry, obliged parties involved in company registration and verification of information (such as lawyers, notary, and accountants), financial institutions, DNFBPs, supervisors and self-regulated bodies (SRBs).

The recommendations for financial institutions in particular are to:

  • Adequately carry out CDD measures at the incorporation stage and conduct ongoing CDD on the business relationship and to scrutinise transactions throughout the course of that relationship to ensure that the transactions are consistent with the institution’s knowledge of the customer and its business and risk profiles, including, where necessary, the customer’s source of funds.
  • Record the CDD procedures performed and maintain these records for at least five years. (In the DFSA’s case they require six years).
  • Report suspicious transaction activities.
Enforcement Action

The UK’s Financial Conduct Authority (FCA) has fined Tullett Prebon (Europe) Limited (Tullett Prebon) £15.4 million for failing to act with due skill, care and diligence, failing to have adequate risk management systems and for failing to be open and cooperative with the FCA.

It was found that between 2008 and 2010 the rates division at Tullet Prebon - a broker acting for institutional clients in wholesale financial markets - had ineffective controls around broker conduct. There were also cases of lavish entertainment and a lack of controls which allowed improper trading to take place. Senior management wrongly believed sufficient systems and controls were in place, but these were not used properly or effectively.

The firm also failed to be open and cooperative with the FCA when the regulator requested broker audio tapes. The FCA requested the tapes in August 2011 and the firm failed to produce the audio to the FCA until 2014.

The firm complied with the FCA’s conclusion and therefore received a 30% discount, otherwise the fine would have been £22 million.

An Auckland based money remitter has been fined $4 million, for failure to comply with recently introduced anti-money laundering laws. Jin Yuan Finance which had eight outlets in Auckland already ceased trading in 2018, however the Department of Internal Affairs (DIA) found the firm had failed to conduct due diligence, or monitor accounts and transactions as well as failing to comply with the requirement to report suspicious transactions. The firm also entered into a continued business relationship with customers who did not produce or provide satisfactory evidence of their identities. In addition, the DIA found that the compliance officer did not have permission to work in New Zealand.

Share this