• 3. 3. Regulator's Obligation Of Confidentiality

    • 3.1 3.1 Background

      • 3.1.1

        The Regulator's powers to obtain, use and disclose Confidential Information in order to discharge its functions and powers are subject to statutory limitations. These protections exist to protect individual privacy and to assure regulated firms and individuals that any Confidential Information they provide to the Regulator will be dealt with in confidence and used only for lawful purposes.

        Amended on (18 April, 2019).

    • 3.2 3.2 Overriding Duty of Confidentiality

      • 3.2.1

        The Regulator must keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, subject to the exceptions set out in section 3.3 below.

      • Abu Dhabi Law No. (4) of 2013

        • 3.2.2

          This duty of confidentiality is set out in Article 12 of Abu Dhabi Law No. (4) of 2013 and requires the Regulator to keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, unless disclosure is permitted in accordance with ADGM regulations.

        • 3.2.3

          The relevant ADGM regulations impacting on the Regulator's duty of confidentiality are the FSMR and the Data Protection Regulations 2015.

      • FSMR

        • 3.2.4

          Similarly to the duty of confidentiality in Abu Dhabi Law No. (4) of 2013, section 198 of the FSMR also prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of it, subject to exceptions set out in section 3.3 below.

          Amended on (18 April, 2019).

      • Data Protection Regulations 2015

        • 3.2.5

          Certain duties and obligations contained within the Data Protection Regulations 2015 apply to the Regulator when dealing with personal data, concerning accuracy and the duty to ensure security of processing when personal data is being collected and maintained.

        • 3.2.6

          The Regulator is excused from certain obligations set out in the Data Protection Regulations in circumstances where compliance with such duties would be likely to prejudice the proper discharge of the Regulator's powers or functions to protect the public from financial loss due to improper conduct, unfitness or incompetence of persons engaging in offering financial services.

      • The UAE Penal Code (Federal Law No. (3) of 1987)

        • 3.2.7

          As the UAE criminal laws apply in the ADGM, Article 379 of the UAE Penal Code provides for criminal penalties for disclosure of Confidential Information in cases other than those lawfully permitted. Public officials, or those persons in charge of a public service, are subject to more severe penalties than the general persons for unlawful disclosure of Confidential Information — namely, imprisonment of up to five (5) years.

      • Regulator's internal practices and procedures

        • 3.2.8

          The above-mentioned statutory obligations requiring all Regulator's employees, agents and independent contractors to keep all Confidential Information confidential is further reinforced by requiring all Regulator's employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause.

    • 3.3 3.3 Exceptions to the Duty of Confidentiality

      • With prior consent under section 198(1) of FSMR

        Amended on (18 April, 2019).

        • 3.3.1

          Section 198(1) prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of Confidential Information unless they have the prior consent of—

          (a) the person from whom the Confidential Information was obtained; and,
          (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)).
          Amended on (18 April, 2019).

      • The exceptions under section 199(1) of FSMR

        • 3.3.2

          Section 199 of the FSMR provides certain exceptions from the overriding restriction on disclosure of Confidential Information in section 198. Specifically, subsection 199(1) enables the Regulator to disclose Confidential Information for the purpose of facilitating the carrying out of a Public Function, subject to section 199(2), if the disclosure is —

          (a) permitted or required under any enactment applicable to the Regulator, including, for the avoidance of doubt, any applicable international obligations; or
          (b) made to —
          (i) the ADGM Registrar of Companies;
          (ii) a Non-Abu Dhabi Global Market Regulator;
          (iii) a governmental or regulatory authority exercising powers and performing functions relating to anti-money laundering, counter-terrorist financing or sanctions compliance, whether in the ADGM or otherwise;
          (iv) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services, whether in the ADGM or otherwise;
          (v) a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings;
          (v) a civil law enforcement agency or body, whether in the Abu Dhabi Global Market, U.A.E or otherwise;
          for the purpose of assisting the performance by any such person of its functions and powers; or
          (c) made in good faith for the purposes of the exercise of the functions and powers of the Regulator or in order to further the Regulator's objectives.
          Amended on (18 April, 2019).

        • 3.3.3

          The provisions in section 199(2) relate specifically to Confidential Information originating in another governmental or regulatory authority, or Confidential Information that is CRD Information, and provide for and are consistent with the exchange of information and professional secrecy requirements in the European Union's Capital Requirements Directive. For the purposes of section 199(2):

          (a) 'CRD Information' is defined as Confidential Information received or obtained by the Regulator from the EEA Competent Authority by virtue of the Capital Requirements Directive; and
          (b) 'EEA Competent Authority' means a public authority or body officially recognised by national law of a jurisdiction within the EEA and empowered by that national law to supervise institutions as part of the supervisory system.
          Added on (18 April, 2019).

        • 3.3.4

          Section 199(2) provides that paragraphs 198(1)b)(i), (ii), (iii), (iv), (vi) and 1(c) do not permit the Regulator to disclose this Confidential Information unless—

          (a) the governmental or regulatory authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
          (b) where the Confidential Information is CRD Information:
          (i) the EEA Competent Authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
          (ii) if such consent was given for a particular purpose, the disclosure by the Regulator is solely for that purpose.
          Added on (18 April, 2019).

      • Disclosure to a criminal law enforcement agency

        • 3.3.5

          Importantly, disclosure of Confidential Information by the Regulator to a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings under paragraph 199(1)(b)(v) is not subject to the requirements under section 199(2).

          Added on (18 April, 2019).

    • 3.4 3.4 Admissibility of compelled testimony in criminal proceedings

      • 3.4.1

        In addition to the overriding duty of confidentiality set out in section 198, section 207(2) of the FSMR prohibits the Regulator from disclosing a statement made by a person to an investigator at an interview conducted pursuant to section 206(1)(a) to any law enforcement agency for the purpose of criminal proceedings against that person unless:

        (a) the person consents to the disclosure; or
        (b) the Regulator is required by law or court order to disclose the statement.

    • 3.5 3.5 The effect of foreign secrecy laws

      • 3.5.1

        Foreign banking secrecy laws lack extraterritorial effect and thus do not apply in the ADGM; entities regulated by the Regulator and their clients are not prevented from complying with obligations to disclose information related to financial services activities conducted in or from the ADGM.

      • 3.5.2

        Similarly, a request from the Regulator for disclosure of confidential client account information (if the client's business is booked, held, serviced and managed exclusively in a foreign jurisdiction) shall be governed by and be subject to the secrecy laws, if any, of that jurisdiction.

    • 3.6 3.6 Criminal prosecutions in the UAE Courts [Deleted]

      • 3.6.1 [Deleted]

    • 3.7 3.7 The effect of foreign secrecy laws [Deleted]

      • 3.7.1 [Deleted]

      • 3.7.2 [Deleted]