Regulatory Update September 2022
Dubai Financial Services Authority (DFSA)
Cyber Thematic Review 2022
The DFSA has recently published its Cyber Thematic Review Report 2022. The online review, launched in January 2022, was designed to assess:
- the status of areas identified as needing improvement in the Cyber Thematic Review Report of 2020;
- the consistency of cyber risk management practices implemented by Authorised Firms, Authorised Market Institutions and Registered Auditors (collectively referred to as Firms) with the DFSA Cyber Risk Management Guidelines (Guidelines); and
- the current maturity level of cybersecurity frameworks implemented by Firms.
Alongside this activity, the DFSA began conducting firm specific cyber risk focused assessments in 2021, designed to measure the effectiveness of implementation of the DFSA guidelines. More specifically, the DFSA will focus on the following areas:
- Cyber risk identification and assessment capabilities,
- Third-party cyber risk management,
- IT asset identification and classification,
- Encryption techniques,
- Vulnerability Assessments and Penetration Testing,
- Continuous monitoring, detection, and response capabilities,
- Incident response testing programme.
SEO’s and Registered Auditors were directly informed by email of these developments on the 14th of September. The DFSA intends to run outreach in the first half of October to summarize the results of the Review and to answer questions.
Abu Dhabi Global Markets (ADGM)
ADGM’s Financial Regulator Publishes Guiding Principles on its Approach to Virtual Asset Regulation and Supervision
The ADGM has published guiding principles on its approach to virtual asset regulation and supervision. The main objective of this guidance is to outline its expectations for the asset class and service providers in the sector.
The principles set out the Financial Services Regulatory Authority’s (FSRA) risk appetite and priorities for the sector, with each principle covering one of the key pillars of ADGM’s holistic approach, namely:
- a robust and transparent regulatory framework;
- high standards of authorisation;
- preventing money laundering and other financial crimes;
- risk-sensitive supervision;
- enforcement powers for regulatory breaches; and
- its commitment to international cooperation.
The ADGM views the guiding principles as providing an easy and accessible compliment to its comprehensive framework for spot virtual asset activities.
Five reporting financial institutions fined by the ADGM Financial Services Regulatory Authority for breaching Common Reporting Standard Regulations
The Financial Services Regulatory Authority (FSRA) has imposed penalties and administrative fees ranging from AED 30,000 to AED 119,000 on five Reporting Financial Institutions for contraventions of the Common Reporting Standard Regulations 2017 (Regulations).
The CRS concerns financial and tax-related information exchange on a global level between tax authorities and other international financial regulators through secure channels. It sets out the scope of information to be reported, the financial institutions required to report, the account holders subject to reporting, as well as the procedures to be followed by financial institutions.
The actions imposed by the FSRA address failures (to the extent applicable in each case) to:
- apply adequate due diligence procedures;
- keep records of the performance of due diligence;
- report required information in a complete and accurate manner;
- obtain valid self-certification of tax information from clients.
ADGM FSRA Fines Wise Nuqud Ltd US$ 360,000 (AED 1,322,100) for contraventions of Anti-Money Laundering Requirements
The Financial Services Regulatory Authority (FSRA) has imposed a financial penalty of US$ 360,000 (AED 1,322,100) on Wise Nuqud Ltd (Wise), a licensed money service provider operating in the ADGM, for contravening several applicable Anti Money Laundering (AML) requirements.
The regulator decided to take the action after determining that the firm, between 25 July 2019 and 22 September 2021, had failed to establish and maintain adequate anti-money laundering policies, procedures, systems and controls to ensure compliance with all applicable requirements of the ADGM Anti-Money Laundering and Sanctions Rules and Guidance Rulebook (“AML”).
In particular, the regulator found that he firm failed to take sufficient steps to:
- identify and verify the Source of Funds and the Source of Wealth, as part of the Enhanced Customer Due Diligence (“EDD”) it undertook on a category of high risk customers;
- obtain the approval of Senior Management to establish business relationships with assessed high risk customers;
- assess and consider its customers’ nationality when undertaking a risk-based assessment of its customers; and
- adequately identify, assess, and consider the intended nature of the customers’ relationship, by not obtaining and assessing expected payment volumes as part of its risk-based assessment and when undertaking customer due diligence.
FSRA’s Thematic Review on Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT), and Targeted Financial Sanctions (TFS) (“Review”) – Findings and Outcomes
On the 26th of August, Senior Executive Officers and Recognised Functions received a letter from the FSRA on its findings from the Thematic Review on Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT), and Targeted Financial Sanctions (TFS) (“Review”).
Overall, the thematic review identified that most firms have in place elements to broadly comply with the FSRA framework requirements.
However, there were several areas where firms did not have sufficient depth, governance and adequate policies, procedures, systems, or controls in place to fully demonstrate compliance. This was particularly evident for those firms with increased volumes and complexity.
The report provides important guidance on good and poor business practices involving the following core AML/CTF themes:
- Policies and Procedures
- Risk Based Approach
- Internal Controls
- Suspicious activity reporting
- Training and awareness
- Record keeping
Central Bank of the UAE
CBUAE issues new guidance for licensed financial institutions on risks related to politically exposed persons
The Central Bank of the UAE (CBUAE) has issued new guidance for its licensed financial institutions (LFIs) on the risks related to politically exposed persons (PEPs).
The guidance, which takes account of the Financial Action Task Force (FATF) standards, is designed to assist LFI’s understanding of the risks and the effective implementation of their statutory AML/CTF obligations.
As stipulated in the guidance, LFIs providing services to PEPs must develop risk-based policies to ensure they appropriately identify PEPs or related customers prior to the commencement of the business relationship and risk rating and applying commensurate customer due diligence measures.
The CBUAE also expects LFIs to conduct on-going monitoring of the business relationships, supported by maintenance of transaction monitoring systems equipped to identify patterns of unusual or suspicious activity, reporting any behaviour linked to money laundering, financing of terrorism or a criminal offence, to the UAE’s Financial Intelligence Unit using the “goAML” portal.
Virtual Assets Regulatory Authority (VARA)
Regulation of marketing, advertising and promotions related to virtual assets
On the 25th of August 2022, the Virtual Asset Regulatory Authority (VARA) released regulatory guidelines on Marketing, Advertising and Promotions of Virtual Assets (VA) across the Emirate of Dubai. This release corresponds with the commencement of its Minimum Viable Product (MVP) Phase.
The regulations address marketing and communications activities, ahead of operationalising the MVP licensees, so that any mass-market information dissemination, and consumer solicitation, are effectively designed to safeguard community interests.
The guidelines cover all forms of outreach, communications, and advertising, including publication of information, awareness building, customer engagement, and/or investor solicitation. More specifically, the rules cover the following activities:
- VA related communications by any entity leveraging Dubai-based media sites, search platforms, and online or off-line publishing channels that explicitly target customers within the Dubai market.
- The obligation that all content dissemination channels operating from Dubai to act responsibly and ensure compliance with prevailing Guidance as it pertains to VA communications facilitated via their platforms.
- Obligations on Dubai licensed virtual asset service providers to ensure any advertising platform position VA content for the Dubai market is factual accurate, explicitly demonstrates any promotional intent, and in no way misleads on the guaranteed nature of their returns.
Financial Conduct Authority (FCA)
FCA fines Citigroup’s international broker-dealer £12.6m for failures relating to the detection of market abuse
The Financial Conduct Authority (FCA) has issued a financial penalty of £12,553,800 to Citigroup Global Markets Limited (CGML) for breaches of Market Abuse Regulations (MAR).
During the period between 2 November 2015 and 18 January 2018, CGML was found to have committed the following breaches:
- Failing to conduct its business with due skill, care, and diligence in relation to its implementation of the requirements of Article 16(2). The regulator noted that CGML had failed to perform a timely and appropriately review of the secondary legislation that supplemented MAR e.g., absence of appropriate gap analysis, risk identification and prioritisation.
- Failure of the designed MAR Working Group to provide sufficient oversight of the implementation of the requirements. This included the failure to define the scope of MAR implementation in the EMEA compliance plan, resulting in the CGML Board being wrongly informed about the completed implementation of MAR.
FCA consult on new guidance on the trading venue perimeter
The Financial Conduct Authority has published a consultation paper proposing new guidance on the regulatory perimeter for trading venues. The consultation is part of the Wholesale Markets Review (WMR), with the paper focused on addressing firms uncertainty of the required regulatory permissions.
The FCA believes that further guidance on the trading venue perimeter will provide greater certainty regarding models where the regulator does not intend trading venue requirements to apply – supporting innovation in the markets – while promoting competition and high standards by ensuring that models possessing the key characteristics of a venue being treated equally, within the framework of the trading venues regime.
The consultation closes on 11 November 2022.
Financial Market Supervisory Authority (FINMA)
FINMA guidance for portfolio managers and trustees: first measures with regard to late applications
On the 11th of August 2022, the Financial Market Supervisory Authority (FINMA) published new guidance to inform portfolio managers and trustees about the status of the licensing process and measures taken up to now.
FINMA had previously recommended that all institutions submit their complete licence application to a supervisory organisation (SO) by 30 June 2022. Applicants that submitted their application on time to the SO are deemed to be well prepared for the challenges of the licensing process. The transitional period for the licensing of portfolio managers and trustees comes to an end in December 2022.
Institutions that have not yet submitted their application to an SO must accept that they may miss the end of the transitional period through their own fault. Consequently, these institutions will generally not be entitled to any deadline extension.
In its guidance, FINMA outlines the measures it has taken against portfolio managers and trustees from various investigations into unauthorised activities. The regulator has also indicated that it will impose sanctions for breaches for portfolio managers and trustees who miss the end of the transitional period on 31 December 2022.
Monetary Authority of Singapore (MAS)
MAS Imposes Composition Penalty of $375,000 on UOB Kay Hian Private Limited for business conduct and AML/CFT failures
The Monetary Authority of Singapore (MAS) has imposed a composition penalty of $375,000 on UOB Kay Hian Private Limited (UOBKH) for its failures to comply with business conduct and anti-money laundering requirements.
In relation to business conduct requirements, the regulator noted that UOBKH has failed to:
- implement adequate controls for its corporate finance (CF) business;
- sufficiently involve its Compliance function in matters of compliance, thereby compromising its effectiveness;
- implement appropriate internal policies and procedures on conducting due diligence for IPOs;
- subject its CF activities to adequate internal audit that is commensurate with the nature of its business.
MAS noted that these breaches of AML/CFT requirements exposed the Firm to increased risk of financial crime. The Firm is in the process of enhancing the internal policies and controls, with an independent external party required to validate the implementation and effectiveness of these measures to the regulator.
Please contact j. awan & partners by email at [email protected] for regulatory support in relation to any of the above jurisdictions.