Guidance & Policies Manual (GPM) [03 February 2020]
1. 1. Introduction
1.1 1.1 General
This document is called the Guidance and Policies Manual ("GPM"). The GPM is for information purposes only and explains how we may regulate and supervise financial services firms and markets that operate in ADGM. The GPM has purposely been written in plain English. The GPM contains guidance on:(a) our regulatory policies;(b) our risk-based approach to authorisation, supervision and enforcement; and(c) what we consider and take into account when exercising our powers.
The GPM is meant to assist persons operating or intending to operate financial services or a market in the ADGM and should be read in conjunction with the Financial Services and Markets Regulations ("FSMR") and the ADGM Rulebooks.
The GPM is not meant to be all of our guidance and policies on how we will operate and exercise our powers and we are not bound to follow it on all occasions. It is merely an informative document, which sets how we may act when exercising our powers.
1.2 1.2 Defined terms
Where we have used a defined term in the GPM, these are identified by the capitalisation of the word or a phrase capitalised. You can find meanings of these defined terms in the Glossary module ("GLO") of the ADGM Rulebook. There are also defined terms in the FSMR. If there is no capitalisation of the initial letter, the word or phrase has its normal common day meaning.
1.3 1.3 Updating the GPM
We will make amendments to the GPM when we make changes in our policies or processes to ensure it remains current.
1.4 1.4 Our mandate
We are committed to foster, promote and maintain a fair, efficient and responsive regulatory environment for our market participants and stakeholders.
We have adopted and apply international standards, such as those set out by the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, the International Organisation of Securities Commissions, the Financial Stability Board and the Financial Action Task Force.
2. 2. Becoming Regulated
2.1 2.1 Our approach to authorisation
This chapter outlines our approach when assessing if an applicant or registrant can become:(a) an Authorised Firm;(b) a Recognised Body;(c) a Representative Office;(d) an Approved Person; or(e) a Principal Representative.
Before submitting an application, an applicant or registrant should contact our Authorisation Team at email@example.com.
Prohibition and by way of business
The FSMR impose a prohibition on all persons who carry on an activity regulated by us in the ADGM "by way of business" unless the person is an Authorised Firm, Recognised Body or an Exempt Person.
Whether or not an activity is carried on by way of business is a question of fact that takes account several factors, including:(a) how often the activity is conducted;(b) whether there is a commercial element involved;(c) the size and proportion of non-regulated activities carried on by the same person; and(d) the nature, context and circumstances of the activity that is carried on.
Whether someone is carrying on his or her own business
Another aspect of the prohibition is that an employee will not breach the prohibition by carrying on an activity on behalf of his employer, as in such cases it is the employer who is carrying on that activity. The employee is simply carrying on the employer's business. This principle potentially also applies to agents and others who assist another to carry on that other's business.
General Prohibition and by way of business
The regulations impose a general prohibition on all persons who carry on a Regulated Activity in the ADGM "by way of business" unless the person is a firm, Recognised Body or an exempt person.
Whether or not an activity is carried on by way of business is a question of fact that takes account of several factors. These include:(a) the degree to which the activity is conducted with continuity, regularity and systemically;(b) the existence of a commercial element;(c) the scale proportion and impact which the activity bears to other activities carried on by the same Person but which are not regulated; and(d) the nature, context and circumstances of the particular activity that is carried on.
Regulated Activities and the need for a Financial Service Permission
Schedule 1 to the Financial Services and Markets Regulations contains a complete list of Regulated Activities. When determining whether an applicant will require a Financial Services Permission to engage in a specific Regulated Activity, the applicant should first, determine that such Regulated Activity will be carried on in or from the ADGM 'by way of business' as described in 2.1.6 and 2.1.7. If they are then the applicant will need to consider whether any of the applicable exclusions apply either (i) specified following the description of the relevant Regulated Activity or (ii) amongst the general exclusions contained in Chapter 18 of Schedule 1.
Combinations of Regulated Activities
Generally, we will rely upon the applicant's written application and discussions when considering which Regulated Activities should be included in any Financial Service Permission granted to the applicant. The Regulator will only include a Regulated Activity within a Financial Service Permission when it reasonably believes such Regulated Activity is required for the applicant to conduct its business. Applicants should consider each Regulated Activity as a distinct activity with a distinct Financial Service Permission.
While no Regulated Activity will require the Regulator to include a second Regulated Activity within the Financial Service Permission to enable the applicant to engage in the original Regulated Activity, certain Regulated Activities may be combined with other Regulated Activities. For example, where an applicant may be arranging transactions which arise from advice given to a client. This would be acceptable, provided (i) the applicant has requested both Regulated Activities to be included in its Financial Service Permission, (ii) the applicant satisfies the relevant criteria necessary to engage in both Regulated Activities and (iii) no conflicts arise as a consequence of the conduct of both Regulated Activities by a single person (see 2.1.10).
Conflicts between Regulated Activities
By their nature, certain combinations of Regulated Activities may be difficult for a single applicant to undertake without risk of a material conflict of interest. In such circumstances the Regulator will not grant a Financial Service Permission to engage in both Regulated Activities without being satisfied that both activities may be undertaken independently in a manner which addresses potential conflicting duties between clients or conflicts between the interests of the applicant and its clients.
The Regulator does not provide an exhaustive list of potential conflicting duties and interests and expects that each applicant will have reviewed the scope of those Regulated Activities it wishes to engage in, in order to identify and take steps to mitigate potential conflicts.
2.2 2.2 Assessing the fitness and propriety of applicants
We expect applicants seeking authorisation/recognition to be fit and proper. This provides us with the assurance that applicants are willing and able to fulfil their obligations under the law. The onus is on each applicant to establish that they are fit and proper.
Reputation and standing
In assessing the reputation and standing of an applicant, we can take into consideration any relevant matters including:(a) any matter affecting the propriety of the applicant's conduct, whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of the law, or the institution of legal or disciplinary proceedings of whatever nature;(b) whether an applicant has ever been the subject of disciplinary procedures by a government body or agency or any self-regulatory organisation or other professional body;(c) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under it or made by a recognised self-regulatory organisation, non-ADGM financial services regulator or regulated exchange or clearing house;(d) whether an applicant has been refused, or had a restriction placed on, the right to carry on a trade, business or profession requiring a licence, registration or other permission;(e) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against or payment by an applicant;(f) whether an applicant has been censured, disciplined, publicly criticised or the subject of a court order at the instigation of any regulatory authority, or any officially appointed inquiry, or any other non-ADGM financial services regulator;(g) whether an applicant has been open and truthful in all its dealings with us; and(h) any other matter that we consider relevant.
Locations of offices
An applicant should be able to satisfy us that it will establish an office and maintain a presence in the ADGM based on the activities it will carry on.
We need to be satisfied, as to who are the applicant's Close Links or where the applicants is closely related to another person (for example a parent or subsidiary company or someone who owns and controls 20% or more of the applicant). This is to make sure we are not prevented from effectively supervising the applicant.
Legal status of Firms and Recognised Bodies
We will only consider an application for authorisation or recognition where the legal status of the proposed ADGM entity is a Body Corporate or a Partnership. Individuals cannot make an application. In respect of the regulated activities of Effecting Contracts of Insurance or Carrying Out Contracts of Insurance as Principal, a firm can only be a Body Corporate.
In the case of non-ADGM persons other than companies limited by shares, we will consider whether the legal form is appropriate for the activities proposed.
If the applicant is seeking to branch in to the ADGM, we will take into account where the applicant's head office is located.
Ownership and Group
In relation to the ownership and Group structure of an applicant, we may have regard to:(a) the applicant's position within its group, including any other relationships that may exist between the applicant, controllers, associates and other persons that may be considered a close link;(b) the financial strength of the Group and its implications for the applicant;(c) whether the Group has a structure which makes it possible to:(i) exercise effective supervision;(ii) exchange information among regulators who supervise group members; and(iii) determine the allocation of responsibility among the relevant regulators;(d) any information provided by other regulators or third parties in relation to the applicant or any entity within its Group; and(e) whether the applicant or its group is subject to any adverse effect or considerations arising from a country or countries of incorporation, establishment and operations of any member of its group. In considering these matters, we may also have regard to the type and level of regulatory oversight in the relevant country or countries of the group members and the regulatory infrastructure and adherence to internationally held conventions.
In relation to the controllers of an applicant, we may, taking into account the nature, scale and complexity of the firm's business and organisation, have regard to:(a) the background, history and principal activities of the applicant's controllers, including that of the controller's directors, partners or other officers associated with the applicant, and the degree of influence that they are, or may be, able to exert over the applicant and/or its activities;(b) where the Controller will exert significant management influence over the applicant, the reputation and experience of the controller or any individual within the controller;(c) the financial strength of a controller and its implications for the applicant's ability to ensure the sound and prudent management of its affairs, in particular where a controller agrees to contribute any funds or other financial support such as a guarantee or a debt subordination agreement in favour of the Firm or Recognised Body; and(d) whether the applicant is subject to any adverse effect or considerations arising from the country or countries of incorporation, establishment or operations of a controller. In considering such matters, we may have regard to, among other things, the type and level of regulatory oversight, which the controller is subject to in the relevant country or countries and the regulatory infrastructure and adherence to internationally held conventions and standards.
Where we have any concerns relating to the fitness and propriety of an applicant for a Financial Services Permission stemming from a Controller of such a Person, we may consider imposing conditions on the Financial Services Permission designed to address such concerns. For example, we may impose, in the case of a start-up, a condition that there should be a shareholder agreement that implements an effective shareholder dispute resolution mechanism.
Resources, systems and controls
We will have regard to whether the applicant has sufficient resources, including the appropriate systems and controls, such as:(a) the applicant's financial resources and whether it complies, or will comply, with any applicable financial rules, and whether the applicant appears to be in a position to be able to comply with such rules;(b) the extent to which the applicant is or may be able to secure additional capital in a form acceptable to us where this appears likely to be necessary at any stage in the future;(c) the availability of sufficient competent human resources to conduct and manage the applicant's affairs, in addition to the availability of sufficient Approved Persons to conduct and manage the applicant's activities;(d) whether the applicant has sufficient and appropriate systems and procedures in order to support, monitor and manage its affairs, resources and regulatory obligations in a sound and prudent manner;(e) whether the applicant has appropriate anti-money laundering procedures and systems designed to ensure full compliance with applicable money laundering and counter terrorism legislation, and relevant UN Security Council and applicable sanctions and resolutions, including arrangements to ensure that all relevant staff are aware of their obligations;(f) the impact of other members of the applicant's group on the adequacy of the applicant's resources and, in particular, though not exclusively, the extent to which the applicant is or may be subject to consolidated prudential supervision by us or another non-ADGM financial services regulator;(g) whether the applicant is able to provide sufficient evidence about the source of funds available to it, to our satisfaction. This is particularly relevant in the case of a start-up entity; and(h) the matters specified in paragraph 2.2.88(c).
Firms and Recognised Persons: Collective suitability of individuals or other Persons connected to the firm
Although individuals performing Controlled and Recognised Functions are required to be Approved Persons and/or Recognised Persons and that a firm is required to appoint certain Approved and Recognised Persons to certain functions, we will also consider:(a) the collective suitability of all of the firm's staff taken together, and whether there is a sufficient range of individuals with appropriate knowledge, skills and experience to understand, operate and manage the firm's affairs in a sound and prudent manner;(b) the composition of the Governing Body of the firm. The factors that would be taken into account by us in this context include, depending on the nature, scale and complexity of the firm's business and its organisational structure, whether:(i) the governing body has a sufficient number of members with relevant knowledge, skills and expertise among them to provide effective leadership, direction and oversight of the firm's business. For this purpose, the members of the governing body should be able to demonstrate that they have, and would continue to maintain, including through training, the necessary skills, knowledge and understanding of the firm's business to be able to fulfil their roles;(ii) the individual members of the governing body have the commitment necessary to fulfil their roles, demonstrated, for example, by a sufficient allocation of time to the affairs of the firm and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, we will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the firm and its customers and stakeholders; and(iii) there is a sufficient number of independent members on the governing body. We will consider a member of the governing body to be "independent" if he is found, on reasonable grounds by the governing body, to be independent in character and judgement and able to make decisions in a manner that is consistent with the best interests of the Firm;(c) the position of the Firm in any Group to which it belongs;(d) the individual or collective suitability of any person or persons connected with the firm;(e) the extent to which the firm has robust human resources policies designed to ensure high standards of conduct and integrity in the conduct of its activities;(f) whether the firm has appointed Auditors, actuaries and advisers with sufficient experience and understanding in relation to the nature of the firm's activities; and(g) whether the remuneration structure and strategy adopted by the firm is consistent with the requirements in GEN 3.3.42(1).
Recognised Bodies: other considerations
In determining whether a Recognised Body has satisfied its recognition requirements set out in MIR Chapter 2 and GEN Chapter 3, we will consider:(a) its arrangements, policies and resources for fulfilling its obligations under the recognition requirements as set out in MIR 4.2.1;(b) its arrangements for managing conflicts and potential conflicts between its commercial interest and applicable regulatory requirements;(c) the extent to which its constitution and organisation provide for effective governance;(d) the arrangements made to ensure that the Governing Body has effective oversight of its regulatory functions;(e) the fitness and propriety of its Approved Persons and the access the approved persons have to the Governing Body;(f) the size and composition of the Governing Body including:(i) the number of independent members on the Governing Body;(ii) the number of members of the Governing Body who represent members of the Recognised Body or other persons and the types of persons whom they represent; and(iii) the number and responsibilities of any members of the governing body with executive roles within the Recognised Body;(g) the structure and organisation of its Governing Body, including any distribution of responsibilities among its members and committees;(h) the integrity, relevant knowledge, skills and expertise of the members of the governing body to provide effective leadership, direction and oversight of the Recognised Body's business. For this purpose, such individuals should be able to demonstrate that they have, and would continue to maintain, including through training, necessary skills, knowledge and understanding of the Recognised Body's business to be able to fulfil their roles;(i) the commitment necessary by the members of the governing body to fulfil their roles effectively, demonstrated, for example, by a sufficient allocation of time to the affairs of the Recognised Body and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, the Regulator will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the Recognised Body and its stakeholders;(j) the integrity, qualifications and competence of its approved persons;(k) its arrangements for ensuring that it employs individuals who are honest and demonstrate integrity;(l) the independence of its regulatory departments from its commercial departments; and(m) whether the remuneration structure and strategy adopted by the Recognised Body is consistent with the requirements in GEN 3.3.42(1).
We will consider a Director to be "independent" if the Director is found, on the reasonable determination of the Governing Body, to:(a) be independent in character and judgement; and(b) have no relationships or circumstances which are likely to affect or could appear to affect the director's judgement in a manner other than in the best interests of the Recognised Body.
In forming a determination the Governing Body should consider the length of time the director has served as a member of the Governing Body and whether the relevant director:(a) has been an employee of the Recognised Body or group within the last five years;(b) has or has had, within the last three years, a material business relationship with the Recognised Body, either directly or as a partner, shareholder, director or senior employee of a body that has such a relationship with the Recognised Body;(c) receives or has received, in the last three years, additional remuneration or payments from the Recognised Body apart from a director's fee, participates in the Recognised Body's share option, or a performance- related pay scheme, or is a member of the Recognised Body's pension scheme;(d) is or has been a director, partner or employee of a firm which is the Recognised Body's auditor;(e) has close family ties with any of the Recognised Body's advisors, directors or senior employees;(f) holds cross directorships or has significant links with other directors through involvement in other bodies; or(g) represents a significant shareholder.
2.3 2.3 Assessing the fitness and propriety of Approved Persons, Recognised Persons and Principal Representatives
This section sets out the matters which we take into consideration, and expect the firm or Recognised Body to take into consideration, when assessing the fitness and propriety of:(a) In the case of a firm, an Approved Person, Recognised Person under GEN 5.3 and GEN 5.4 and Principal Representative under 9.8;(b) In the case of a Recognised Body, an Approved Person under MIR 7.2.
Applications for approved person status in respect of the controlled functions of Senior Executive Officer, Licensed Director and Licensed Partner shall be made by the firm and approved by us. We may reject an application for an Approved Person status or grant an Approved Person status with or without conditions and restrictions.
In relation to applications for Recognised Persons status the firm or Recognised Body will approve the Recognised Functions of Finance Officer, Compliance Officer, Senior Manager, Money Laundering Reporting Officer and Responsible Officer, and notify us of such appointments. The onus is on the firm or Recognised Body to carry out proper due diligence to ensure that the person is fit and proper to carry out the function, and to maintain the necessary supporting documentation for its due diligence.
We expect a firm and Recognised Body to continually ensure that all Approved and Recognised Persons are fit and proper for the controlled and or recognised Functions that they have been appointed to.
When assessing whether an individual meets the fitness and propriety criteria to be able to perform the role of an Approved Person or Recognised Person, we take the following considerations into account, as set out in paragraphs 2.3.6 to 2.3.8 below.
In determining whether an individual has met the fitness and propriety criteria with respect to his/her integrity, the following matters may be taken into account:(a) the propriety of an individual's conduct whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of a law or the institution of legal or disciplinary proceedings of whatever nature;(b) a conviction or finding of guilt in respect of any offence, other than a minor road traffic offence, by any court of competent jurisdiction;(c) whether the individual has ever been the subject of disciplinary proceedings by a government body or agency or any recognised self-regulatory organisation or other professional body;(d) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under or by a recognised self-regulatory organisation, Recognised Body, regulated exchange or regulated clearing house or non-ADGM Financial Services Regulator;(e) a refusal or restriction of the right to carry on a trade, business or profession requiring a licence, registration or other authority;(f) a dismissal or a request to resign from any office or employment;(g) whether an individual has been or is currently the subject of or has been concerned with the management of a Body Corporate which has been or is currently the subject of an investigation into an allegation of misconduct or malpractice;(h) an adverse finding in a civil proceeding by any court of competent jurisdiction of fraud, misfeasance or other misconduct, whether in connection with the formation or management of a corporation or otherwise;(i) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against the individual;(j) an order of disqualification as a director or to act in the management or conduct of the affairs of a corporation by a court of competent jurisdiction or regulator;(k) whether the individual has been a director, or concerned in the management of, a body corporate which has gone into liquidation or administration whilst that individual was connected with that body corporate or within one year of such a connection;(l) whether the individual has been a partner or concerned in the management of a partnership where one or more partners have been made bankrupt whilst that individual was connected with that partnership or within a year of such a connection;(m) whether the individual has been the subject of a complaint in connection with a financial service, which relates to his integrity, competence or financial soundness;(n) whether the individual has been censured, disciplined, publicly criticised by, or has been the subject of a court order at the instigation of, us or any officially appointed inquiry, or Non-ADGM Financial Services Regulator; and(o) whether the individual has been candid and truthful in all his dealings with us.
Competence and capability
We will take into account the individual's qualifications and experience, in determining the fitness and propriety criteria of competence and capability of an individual to perform a role as an Approved Person or Principal Representative.
With respect to the financial soundness of an individual, we will take into account :(a) whether an individual is able to meet his debts as and when they fall due; and(b) whether an individual has been declared bankrupt, had a receiver or an administrator appointed, had a bankruptcy petition served on him, had his estate sequestrated, entered into a deed of arrangement (or any contract in relation to a failure to pay due debts) in favour of his creditors, or within the last 10 years, has failed to satisfy a judgement debt under a court order.
2.4 2.4 Waivers during authorisation
An applicant for authorisation may request a waiver or modification when the application is made and being processed. In some circumstances, the applicant may need to work with us in developing the waiver or modification and may not be required to use the formal application process. However, the written consent to the waiver or modification will be required if the applicant is authorised.
2.5 2.5 Start-up entities in the ADGM
What are "Start-up" entities?
This paragraph serves as a guide to assist Start-up entities that are interested in applying for a Financial Services Permission to conduct Regulated Activities in the ADGM. It sets out the information required to support an application and what criteria that we may consider in the authorisation process. Start-ups, as with any applicants, will be required to satisfy all of our requirements prior to being granted a Financial Services Permission.
A Start-up entity is:(a) any newly set up business entity which is not part of a group that is subject to financial services regulation; or(b) part of an existing business entity which it, or whose group is not subject to financial services regulation.
As a general position, we will not usually accept applications for start-up banks or insurers however each application will be considered on its merits. We will take into account such factors as the applicant's financial position, systems and controls and whether the Start-up entity is managed by persons who have the necessary expertise and knowledge to conduct such activities.
Our risk-based approach to Start-ups
Any consideration of an application for the granting of a Financial Services Permission to carry on a regulated activity is likely to involve an assessment of the risks posed to our objectives by the proposed regulated activity. Whilst the broad categories of risks for all applicants will be the same, the nature of those risks within start-ups can be amplified, as a start-up does not have a regulatory track record to deal with risks and upon which we may place reliance. In the case of a new business, even where senior management has substantial experience and relevant competence in the business sector, this does not necessarily imply an ability to create and sustain an adequate management control environment and compliance culture, particularly when faced with all the other issues of establishing a new business.
The broad categories of risk and some of the unique elements of those risk categories that apply to start-ups include financial risk, governance risk, business/operational risk and compliance risk.
All applicants are required to demonstrate they have a sound initial capital base and funding and must be able to meet the relevant prudential requirements of the ADGM laws, on an on-going basis. This includes holding enough capital resources to cover expenses even if expected revenue takes time to materialise. Start-ups can encounter greater financial risks as they seek to establish and grow a new business.
In addition to the risks associated with the financial viability of the start-up, particular attention may be given to the clarity and the verifiable source of the initial capital funding.
All applicants are required to demonstrate robust governance arrangements together with the fitness and integrity of all controllers, directors and senior management. We are aware that management control, in smaller start-ups especially, may lie with one or two dominant individuals who may also be amongst the owners of the firm. In such circumstances, we would expect the key business and control functions (i.e. risk management, compliance and internal audit) to be subject to appropriate oversight arrangements which reflect the size and complexity of the business. Applicants can assist us by describing in detail the ownership structure, high level controls and clear reporting lines which demonstrate an adequate segregation of duties.
We may request details of the background, history and ownership of the start-up and, where applicable, its Group. Similar details relating to the background, history and other interests of the directors of the start-up may also be required. Where it considers it necessary to do so, we may undertake independent background checks on such material. A higher degree of due diligence will apply to individuals involved in a start-up and there would be an expectation that the start-up itself will have conducted detailed background checks, which may then be verified by us.
All applicants are required to establish appropriate systems and controls to demonstrate that the affairs of the firm are managed and controlled effectively. The nature of the systems and controls may depend on the nature, size and complexity of the business. A start-up may wish to consider which additional systems and controls may be appropriate in the initial period of operation following launch, such as increased risk or compliance monitoring. Due to the unproven track record of a startup, we may, for example, impose restrictions on the business activities of the entity or a greater degree and intensity of supervision until such a track record is established.
The Senior Executive Officer of a firm is expected to take full responsibility for ensuring compliance with the ADGM laws by establishing a strong compliance culture which is fully embedded within the organisation. A start-up will be required to appoint a U.A.E. resident as the senior executive officer as well as the compliance officer and money laundering reporting officer (MLRO) with the requisite skills and relevant experience in compliance and anti-money laundering duties. The individuals fulfilling the compliance and MLRO roles will be expected to demonstrate to us their competence to perform the proposed roles and adequate knowledge of the relevant sections of the ADGM laws and, in the case of the MLRO, the wider anti-money laundering laws.
Main information requirements
The main information requirements are the same for all applicants, including startups, and each application will be assessed on its own merits.
A key document will be the regulatory business plan submitted in support of the application. It will facilitate the application process if applicants cover the following areas within this submission:(a) an introduction and background;(b) strategy and rationale for establishing in the ADGM;(c) organisational structure;(d) management structure;(e) proposed resources;(f) high level controls;(g) risk management;(h) operational controls;(i) systems overview;(j) how the proposed activities are mapped against the Regulated Activities and why particular Regulated Activities are applied for; and(k) financial projections.
Start-up applicants may find it useful to include diagrams illustrating corporate structures, and, where applicable, group relationships, governance arrangements, organisational design, clear reporting lines, business process flows and systems environments.
Comprehensively addressing these areas and detailing how the key risks will be identified, monitored and controlled may significantly assist us in determining applications from a start-up.
2.6 2.6 Application for carrying out a Regulated Activity with or for a Retail Client
GEN 5.2.3 outlines the requirements to be met by an applicant intending to carry on a Regulated Activity where the client is a Retail Client.
When assessing an application of this type we may consider the following:(a) the adequacy of an applicant's systems and controls for carrying on Regulated Activities with a Retail Client;(b) whether the applicant is able to demonstrate that its systems and controls (including policies and procedures) adequately provide for, among other things, compliance with the requirements specifically dealing with Retail Clients under the Conduct of Business Rulebook (COBS), in particular:(i) marketing materials;(ii) the content requirements for Client Agreements;(iii) the suitability assessment for recommending a financial product;(iv) the disclosure of fees and commissions, and any inducements; and(v) the segregation of Client Money and/or Client Investments, where relevant;(c) whether the applicant has adequate systems and controls to ensure, on an on-going basis, that its Employees remain competent and capable to perform the functions which are assigned to them, including any additional factors that may be relevant if their functions involve interfacing with Retail Clients; and(d) the adequacy of the applicant's Complaints handling policies and procedures. An applicant's policies and procedures must provide for fair, consistent and prompt handling of Complaints. In addition to the matters set out in GEN Chapter 7, the policies and procedures should explicitly deal with how the applicant ensures that:(i) Employees dealing with Complaints have adequate training and competencies to handle complaints, as well as impartiality and sufficient authority (see GEN 3.3.19, 7.2.7 and 7.2.8);(ii) a Retail Client is made aware of the firm's Complaints handling policies and procedures before obtaining its services (see COB 12.1.2(a)(viii)); and(iii) the applicant's Complaints handling policies and procedures are freely available to any Retail Client upon request (see GEN 7.2.11).
2.7 2.7 Application to conduct Islamic Financial Business
A firm wishing to carry on Islamic Financial Business must have a Financial Services Permission authorising it to Conduct Islamic Financial Business either as an Islamic Financial Institution or by operating an Islamic Window.
A Firm that is granted a Financial Services Permission to operate an Islamic Window may conduct some of its Regulated Activities in a conventional manner while conducting its Islamic Financial Business through the Islamic Window.
We may grant a Financial Services Permission only if we are satisfied that the applicant has demonstrated that it has the systems and controls in place to undertake Islamic Financial Business. In determining whether to grant such a Financial Services Permission, we may consider, among other things, those matters set out in the IFR module of the ADGM Rulebook.
2.8 2.8 Application to be a Representative Office
An applicant seeking to become a Representative Office will need to comply with requirements including those set out in GEN Chapter 9.
In assessing an application for a Representative Office, we will need to be satisfied that:(a) the proposed activities are that of marketing, which means providing information on investments or financial services; engaging in promotions of investments or financial services; or making introductions or referrals of investments or financial services. It does not include advising on investments or the receiving or transmitting of orders(see paragraph 67 of Schedule 1 of the FSMR); and(b) the applicant is incorporated and regulated by a Non-ADGM Financial Services Regulator and setting up in the ADGM as a branch.
2.9 2.9 Application for a withdrawal of Financial Services Permission
In considering requests for the withdrawal of a Financial Services Permission, a firm will need to satisfy us that it has made appropriate arrangements with respect to its existing customers, including the receipt of any customers' consent where required and, in particular:(a) whether there may be a long period in which the business will be run-off or transferred;(b) whether deposits must be returned to customers;(c) whether money and other assets belonging to customers must be returned to them; and(d) whether there is any other matter which we would reasonably expect to be resolved before granting a request for the withdrawal of a Financial Services Permission.
In determining a request for the withdrawal of a Financial Services Permission, we may require additional procedures or information as appropriate, including evidence that the firm has ceased to carry on Regulated Activities.
A firm should submit detailed plans where there may be an extensive period of wind-down. It may not be appropriate for a firm to immediately request a withdrawal of its Financial Services Permission in all circumstances, although it may wish to consider reducing the scope of its Financial Services Permission during this period. Firms should discuss these arrangements with us.
We may also refuse a request for the withdrawal of a Financial Services Permission where:(a) the firm has failed to settle its debts owed to us; or(b) it is in the interests of a current or pending investigation by us, or by another regulatory body or a Non-ADGM Financial Services Regulator.
Some other matters which a firm should be mindful of in relation to the withdrawal of its Financial Services Permission include:(a) Where a firm's FSP is withdrawn, the approved status of its Approved Persons will also be withdrawn on the same date. However, this does not remove the obligation on a firm to provide a statement where an approved person has been dismissed or requested to resign (under GEN 8.7.3); and(b) Where a Fund Manager or the Trustee makes a request for withdrawal (under GEN 8.4.1), the Fund Manager or the Trustee will need to satisfy us that it has made appropriate arrangements in accordance with the requirements under the FUNDS Rules with respect to the continuing management of the Fund for which it is the Fund Manager or the Trustee, as the case may be.
Application for variation of a Financial Services Permission
Where a firm applies to change the scope of its Financial Services Permission, it should provide the following information:(a) a revised business plan as appropriate, describing the basis of, and rationale for, the proposed change;(b) details of the extent to which existing documentation, procedures, systems and controls will be amended to take into account any additional activities, and how the firm will be able to comply with any additional regulatory requirements; and(c) descriptions of the firm's senior management responsibilities (see GEN Chapter 5) where these have changed from those previously disclosed, including any updated staff organisation charts and internal and external reporting lines;(d) details of any transitional arrangements where the firm is reducing its activities and where it has existing customers who may be affected by the cessation of a Regulated Activity;(e) the appropriate financial reporting statement where the variation may result in a change to the firm's prudential category or the application of additional or different financial rules. If a capital increase is required in order to demonstrate compliance with additional financial rules but such capital is not paid up or available at the time of application, proposed or forecast figures may be used;(f) details of the effect of the proposed variation on the approved persons including, where applicable, submitting any written applications for individuals to perform additional or new controlled functions, or to remove existing controlled functions; and(g) revised pro forma financial statements.
In considering whether a Firm or Recognised Body is fit and proper with respect to a change in the scope of its Financial Services Permission, we may take into account the matters set out in Chapter 2 of this document, which provides guidance on assessing fitness and propriety for firms and Recognised Bodies.
3. 3. Supervision: Being Regulated
3.1 3.1 Our approach to supervision
We adopt a risk-based approach to the regulation and supervision of all regulated firms in order to concentrate our resources on the mitigation of risks to our objectives. We will work with a regulated entity to identify, assess, mitigate and control these risks where appropriate.
Our supervisory risk-based approach involves:(a) establishing the supervisory intensity of a given firm based on the combination of its size and complexity (impact rating) and its risk profile (risk rating), see paragraphs 3.1.8–3.1.11 below). The higher the impact and/or risk profile of the firm, the higher the supervisory intensity and the resources deployed by us;(b) continuous risk management cycle, utilising sectoral and firm-specific data, notifications by the firm, risk assessments and the risk and impact ratings;(c) using appropriate supervisory tools; and(d) where applicable, considering any lead or consolidated supervision which a firm or its Group may be subject to in other jurisdictions, taking into account our relationship with other regulators and the extent to which it or they meet appropriate regulatory criteria and standards.
We believe a firm's culture and behaviour affects both its overall financial condition and its interaction with individual customers and market counterparties. Our aim is to reduce the risk and impact of a failure or inappropriate conduct by requiring our regulated firms to have sound risk management systems and adequate internal controls.
Risk management cycle
We adopt a structured risk management cycle. This comprises the identification, assessment, prioritisation, mitigation and monitoring of risks. It ensures appropriate action is taken upon the identification and/or materialisation of risks.
We will identify and collate a comprehensive set of indicators on a regular basis which provides insights into the financial position and business activities of all our regulated entities. This data set allows us to assess the specific risk profile of regulated entities, sectoral risks by types of entities, and systemic risks posed by the firms to other market counterparties and the wider financial system.
Based on the analysis of this data set, we will prioritise and step up our supervision with respect to certain firms as appropriate, or use thematic reviews to target certain products, services or practices across a set of firms, to mitigate any emerging, specific or systemic risks.
We will monitor and use this data, amongst other factors, to review the effectiveness of our mitigation plans, and set organisational risk tolerances to allocate our supervisory resources.
Impact and risk ratings
The impact and risk rating is an assessment of the potential adverse consequences that could follow from the failure of, or significant misconduct by, a firm. The potential adverse consequences include not only the direct financial impact on such firm's customers, counterparties and stakeholders, but also the potential for damage to our reputation and objectives.
In assessing the impact rating, we will consider a variety of factors such as:(a) the complexity of the firm's activities and structure, which is dependent on the nature and type of Regulated Activities it conducts. For instance, a firm that holds customers' deposits and assets will be operationally more complex and more difficult to resolve any issues or to supervise into compliance, as opposed to a Regulated Activity that does not involve accepting / holding customers' assets;(b) the scale of the firm's activities and its linkages with other financial institutions and the wider financial system.
The risk rating is an assessment of the firm's level of risk exposure or probability of failure across a wide range of risk factors. It takes into consideration a number of broad risk groups, including:(a) Financial Strength(b) Liquidity(c) Credit Risk(d) Market Risk(e) AML/CFT and Financial Crime(f) Conduct Risk(g) Operational Risk(h) Corporate Governance(i) Internal Control System(j) Business Model Risk
The combination of the risk and the impact will determine the level and intensity of supervision. Firms with higher ratings will be subject to higher supervisory intensity. Our supervisory oversight of these firms will entail more frequent and routine engagements and on-site visits to oversee the activities and developments in the firm. These engagements would typically involve discussions with the board and senior management, business and compliance heads, auditors and risk managers of the firm and, in the case of overseas financial Groups, its head office staff and home country regulators.
Whenever appropriate, we may inform the firm of the steps it needs to take in relation to specific risks. We then expect the firm to demonstrate that it has taken appropriate steps to mitigate these risks.
Where necessary, risk mitigation programmes may be developed for a firm in order to mitigate or remove identified areas of risk.
Our relationship with firms
In order to meet our objectives, we require an open, transparent and co-operative relationship with our regulated firms. We expect to establish and maintain an on-going dialogue with the firm's senior management in order to develop and sustain a thorough understanding of the firm's business, systems and controls and, through this relationship, to be aware of all areas of risk to our objectives.
We seek to reinforce the responsibilities of senior management for the risk oversight and governance of the firm's activities, to ensure financial soundness, fair dealing and compliance with regulatory standards.
We seek to maintain an up-to-date knowledge of a firm's business. However, a firm is also required to keep us informed of significant events, or anything related to the firm of which we would reasonably expect to be notified (as set out below).
Notifications to us
GEN 8.10 sets out the requirements on a firm to notify us of specified events, changes or circumstances a firm (other than a Representative Office) may encounter. The list of notifications outlined in GEN 8.10 is not exhaustive and there are other areas of the Rulebooks that also specify additional notification requirements. (See appendix A)
Co-operation with other regulators
We view co-operation with other regulators as an important component of our supervisory activities. Effective co-operation arrangements with other regulators will provide for prompt exchange of information in relation to supervision, investigation and enforcement matters. The information exchange may enhance, for example, our understanding of the operations of a firm's Group and the effect on our firm.
We may also exercise our powers for the purposes of assisting other regulators or agencies, see sections 215 – 217 of the FSMR.
3.2 3.2 Supervision of Firms
When we authorise a firm, we take into consideration the relationship the firm has within its Group, with related parties or other parties closely linked to it. We may also take into account lead or consolidated supervision to which a firm or its Group may be subject to in another jurisdiction.
A firm is expected to provide information as required or reasonably requested relating to the Authorised Person and, where applicable, its consolidated or lead regulatory arrangements. This information may include:(a) prudential information;(b) reports on systems and controls relating to a firm's Group;(c) internal and external audit reports;(d) details of disciplinary proceedings or any matters which may have financial consequences, reputational impact or pose any significant risk to the ADGM or to the firm; and(e) the group-wide corporate governance practices and policies, and the remuneration structure and strategies adopted.
This information may be taken into account as part of our fit and proper test as set out in Chapter 2.2 0 above and the supervision of the firm. Further Rules and Guidance with regard to obtaining information from a Representative office's lead regulator are set out in GEN 9.15.3.
We have an interest in the relationship of a firm with other regulators, particularly in order to determine the level of reliance we may place on a regulator in another jurisdiction concerning any lead supervision arrangements. Depending on the legal structure of a firm and our relationship with the regulator in question, we may place appropriate reliance on the supervision undertaken by this regulator.
Domestic Firm's Group with ADGM head office
We will usually be the lead and consolidated regulator of any Group headquartered as a Domestic Firm in the ADGM. Members of the Group, that is, any of the firm's Subsidiaries or Branches, will be either subject to our exclusive supervision or, where members of the Group are located in a jurisdiction outside the ADGM, generally subject to lead or consolidated supervision by us in co-operation with another regulator, provided we are satisfied that it meets appropriate regulatory criteria and standards.
Subsidiary of a non-ADGM firm
We will be the host regulator for the purpose of prudential supervision of a firm which is an ADGM incorporated Subsidiary of a non-ADGM firm.
Where a firm is a Subsidiary of a regulated non-ADGM parent company, we take into account any consolidated prudential supervision arrangements to which the firm is subject and will liaise with other regulators as necessary to ensure that these are adequately carried out, taking into account the firm's activities. We may place appropriate reliance on the firm's consolidated regulator in another jurisdiction if we are satisfied that it meets appropriate regulatory criteria and standards.
A firm carrying on Regulated Activities as a Subsidiary of an unregulated non-ADGM parent company may be subject to our consolidated prudential supervision, taking into account the parent's activities.
Branch of a non-ADGM firm
A firm carrying on Regulated Activities through a Branch will be subject to supervision by both us and the regulator in its head office jurisdiction.
We will have regard to any lead or consolidated prudential supervision arrangements to which a firm is subject. We may place appropriate reliance on a firm's lead regulator in another jurisdiction and, where appropriate, it's consolidated prudential regulator if we are satisfied that it meets appropriate regulatory criteria and standards. Where a firm is subject to lead regulation arrangements with a foreign regulator, we will usually not seek to impose consolidated prudential supervision on the firm's Group.
In determining the level of regulatory and supervisory oversight required for a specific firm, we will consider:(a) the degree of home country regulation and supervision by the home regulator;(b) the fitness and propriety of the head office and its Controllers;(c) the strength of support, both financial and managerial, which the head office is capable of providing to the branch, taking into account the branch's activities and the adequacy of, among other things, the corporate governance framework and practices at the head office; and(d) the risk and control mechanisms within the Branch itself.
Based on this assessment, we may consider granting a waiver or modification notice in respect of specific prudential or other regulatory requirements relating to a Branch.
Periodic returns for Firms
A firm is required to submit periodic returns. In addition, a firm may be required to submit copies of its Group's annual interim and audited accounts. We may also require a firm to provide copies of Group returns which are sent to any other regulator.
Collecting this data in a timely and accurate manner is imperative to our risk management cycle.
Review of risk management systems
Under GEN 3.3.4, a firm must ensure that its risk management systems provide the firm with the means to identify, assess, mitigate, monitor and control its risks. In addition to undertaking our own assessment of the firm, we may review the firm's internal risk self-assessment and determine the extent to which each of the firm's risks impacts on our objectives, the likelihood of the risk occurring, and the controls and mitigation programmes the firm has in place.
We may undertake desktop analyses to review a firm's business activities and compliance with our laws. A desktop review may involve analysing information provided by the firm through periodic returns, internal management information, ad-hoc questionnaires, published financial information or specially requested information. Through monitoring key indicators and the development of the firm's business, we seek to detect emerging issues for further in-depth reviews through meetings with the firm's management, onsite examinations, or otherwise. Apart from reports such as regular prudential returns, we may from time to time also request from a firm additional supplementary information and documents, including non-financial information such as a firm's internal policies on particular areas of risk and compliance.
On-site visits provide us with an overview of the firm's operations and enable us to form a first-hand view of the personnel, systems and controls and compliance culture within the firm as well as identifying and evaluating the risks to our objectives, taking into account any mitigation by the firm. They enable us to test the soundness of the firm's systems and controls and the extent to which we can continue to rely on them and the firm's senior management to prevent or mitigate risks to our objectives. On-site visits will also assist us to assess the extent of supervision and the use of other supervisory tools required to address certain key risk areas.
We are committed to open and transparent communication with firms. From time to time, we may issue letters to Senior Executive Officers or equivalent persons across the ADGM. Frequently, these letters will be issued as a means of communicating findings arising from thematic visits, emerging trends and risks in the financial sector, or in response to any major events or developments.
From time to time, we may consider a particular item of communication to a firm to be of key regulatory importance. For this reason, it may be necessary to issue such communications directly to a senior member of staff at the board level of the ADGM entity copied (where appropriate) to the group's home regulator. For entities established as a Branch in the ADGM, these communications will likely be delivered to the Chairman of the Board at the ADGM Branch entity's head or Parent office. For ADGM incorporated entities, these communications will likely be delivered directly to the Chairman of the firm's board or head office. These communications may include, for example, the findings of our risk assessment visits where a risk mitigation plan has been sent that contains significant matters of concern to our objectives.
External Auditor reports, statements and meetings
An Auditor of a firm is required to provide reports to us addressing the matters outlined in section 191 of the FSMR. As part of an audit, we would expect an Auditor to review any relevant correspondence between us and the firm (e.g. on matters of regulatory concern) and ensure that appropriate follow-up actions have been taken by the firm. We may also require the firm to commission the auditor to conduct a special purpose audit to certify and ensure that any risk mitigation plan has been appropriately implemented. Further, we may from time to time, request tripartite meetings between the firm's senior management, the Auditor, and ourselves.
Controllers — Our approval
A person who proposes to become a Controller of a Domestic Firm or an existing Controller who proposes to increase the level of control which that person has in a domestic firm beyond the threshold of 20%, 30% or 50% is required to obtain our prior approval before doing so. Our assessment of a proposed acquisition or increase in control of a domestic firm is a review of such a firm's continued fitness and propriety and ability to conduct business soundly and prudently, and takes into account considerations set out in para 2.2.8.
Under GEN Rule 8.8.5(1), a person who proposes either to acquire or increase the level of control in a Domestic Firm must provide written notice to us in such form as we shall set. We may approve of, object to or impose conditions relating to the proposed acquisition or the proposed increase in the level of control of the firm. If the information in the written application lodged with us is incomplete or unclear, we may in writing request further clarification or information. We may do so at any time during the processing of such an application. The period of 90 days within which we will make a decision will not commence until such clarification or additional information is provided to our satisfaction. We may, in our absolute discretion, agree to a shorter period for processing an application where an applicant requests for such a period, provided all the information required is available to us.
Where we propose to object to or impose conditions relating to a proposed acquisition of or increase in the level of control in a domestic firm, we will first notify the applicant in writing of its proposal to do so and its reasons. We will take into account any representations made by an applicant before making our final decision.
We may consider whether a person has become an unacceptable Controller as a result of any notification given by a firm, including under GEN Rule 8.8.11(2) or as a result of our own supervisory work. The considerations which we will take into account in assessing whether a person is an acceptable Controller are those set out in paragraphs 3.2.21 above.
We may request, in writing, any further information required to enable us to complete our assessment of the application no later than the 50th Business Day of the assessment period.
3.3 3.3 Supervision of Representative Offices
As part of our risk-based approach to supervising firms we may undertake periodic visits to Representative Offices and may also include Representative Offices in our thematic visits.
Onsite visits to Representative Offices are likely to focus on issues including:(a) confirming that activities undertaken by the Representative Office are allowed under its Financial Services Permission;(b) reviewing the adequacy of its systems and controls to comply with its responsibilities;(c) reviewing the material distributed by the Representative Office to ensure it is clear, fair and not misleading;(d) any solvency concerns with the head office or Group; and(e) the firm's disclosure of its regulated status.
The onsite visit is likely to include interviews with the Principal Representative and a review of relevant records.
3.4 3.4 Supervision of Recognised Bodies
The FSMR and the Rules establishes a principles-based framework for the recognition and supervision of Recognised Bodies and for taking regulatory action against those recognised institutions. This framework is supplemented by supervisory powers and other requirements in MIR and MKT rulebooks.
When we recognise a Recognised Body, we take into consideration the relationship with any wider group to which the Recognised Body may belong or with other Persons closely linked to it. We will also take into account lead or consolidated supervision to which a Recognised Body or its Group may be subject in another jurisdiction to the extent it is satisfied that it meets appropriate regulatory criteria and standards. This may lead to us placing some reliance on the supervisory arrangements in another jurisdiction or creating and participating in special arrangements for the supervision of the Recognised Body and its Group. The Recognised Body is expected to provide information required or reasonably requested in relation to these consolidated or lead supervisory arrangements before final supervisory arrangements are established.
Each relationship will be considered on a case by case basis and according to the risks posed by the Recognised Body's activities identified during supervisory arrangements. Such supervisory arrangements may include a process to be agreed by us, the Recognised Body itself and other relevant regulators.
Effective co-operation with regulators will provide for prompt exchange of information and co-operation in relation to supervision and enforcement between jurisdictions. This may include exchanges of information and co-operation in respect of activities conducted by a Recognised Body. Usually co-operation arrangements will be in the form of memoranda of understanding. The information exchange will enhance our understanding of the operations of the Group and the impact (if any) on the Recognised Body.
Application for a change in control
GEN 8.8 sets out the requirements relating to a change in control. See also paragraphs 3.2.21 to 3.2.25 above.
MIR Chapter 6 empowers us to give a Recognised Body certain directions in relation to the Recognised Body's duties under the laws. It also gives us the power to direct a Recognised Body to do specified things, including closing the market, suspending transactions and prohibiting trading in Investments. MIR Chapter 6 also empowers us to exercise the powers contained in the Recognised Body's rules for participants as though it was the Recognised Body where we consider that the Recognised Body has not exercised the powers under those rules.
In considering whether to exercise such powers, we may take into account the following factors:(a) what steps the Recognised Body has taken or is taking in respect of the issue being addressed in the planned direction;(b) the impact on our objectives if a direction were not issued; or(c) whether it is in the interests of the ADGM.
The written notice given by us will specify what a Recognised Body is required to do under the exercise of such directions. Though we are not required to do so under MIR, in most cases we will endeavour to contact the Recognised Body prior to issuing such a direction.
Part 14 of the FSMR and MIR 6.1 allow us to direct a Recognised Body to suspend or delist Securities from its Official List. Such directions may take effect immediately or from a date and time as may be specified in the direction. MKT Chapter 2 contains details in this regard.
4. 4. Supervisory And Enforcement Powers
4.1 4.1 Introduction
This chapter sets out how we may exercise our supervisory and enforcement powers. We can exercise these powers in respect of any person who has been approved or recognised by us, including persons in senior positions.
Chapter 5 of this document describes how we will exercise additional powers when conducting enforcement activities.
The range of powers available to us includes the power to:(a) require information or documents (FSMR section 201 and 206);(b) require a firm to provide a report from a skilled person (FSMR section 203);(c) impose requirements on a firm (FSMR section 35);(d) issue a direction to a firm or an Affiliate for prudential purposes (FSMR section 202);(e) impose conditions on an Approved Person on our own initiative (FSMR section 48); and(f) suspend the Financial Services Permission of a firm (FSMR section 33).
In exercising a power specified in this Chapter (except when requesting information and/or documents; or a skilled person report), we will generally follow the decision making procedures set out in Chapter 7 of this document.
4.2 4.2 Power to request information and documents
In order to supervise the conduct and activities of a firm, a Recognised Body, any director, officer, employee or agent of such firm or Recognised Body, we require access to a broad range of information relating to a Person's business. In particular, firms, Recognised Bodies, Approved Persons or Recognised Persons are expected to deal with us in an open and co-operative manner and disclose to us any information of which we would reasonably expect to be notified.
We may require a person referred to in paragraph 4.2.1 above to give information and produce documents about its business (including reports prepared by external parties such as consultants appointed by the firm or Recognised Body), transactions or employees to us. When we require the giving of information or production of documents, it will give the person a written notice specifying what is required to be given or produced.
We may exercise this power either within, or outside, the ADGM.
4.3 4.3 Power to require a report
We may require a firm or Recognised Body to provide it with a report from a skilled person on specified matters, in circumstances where:(a) we have concerns about the adequacy of systems and controls (such as compliance, internal audit, anti-money laundering, risk management and record keeping);(b) we seek verification of information submitted by it; or(c) we require remedial action to ensure the firm or Recognised Body complies with the laws.
GEN 8.12 sets out various requirements relating to the appointment of a skilled person, including:(a) give written notification to the firm or Recognised Body, by us, concerning the purpose of the proposed report, the scope, the timetable for completion and any other relevant matters;(b) specify the nature of the concerns, by us, that led to the decision to appoint a skilled person and the uses we may have for the results of any skilled person's report;(c) the skilled person must be appointed by the firm or Recognised Body and be nominated or approved by us;(d) a firm or Recognised Body is required to ensure it provides all assistance that the skilled person may reasonably require and ensure that the skilled person co-operates with us; and(e) a firm or Recognised Body is required to pay for the services of the skilled person.
4.4 4.4 Power to impose requirements on a firm or Recognised Body
We may impose a requirement on a firm or Recognised Body under FSMR section 35, so as to:(a) require a firm or Recognised Body to take action specified by us; or(b) require a firm or Recognised Body to refrain from taking action specified by us.
Examples of requirements that we may consider imposing include, among other things, a requirement:(a) not to take on new business;(b) not to hold or control Client Money;(c) not to trade in certain categories of Specified Investment;(d) prohibiting or restricting the disposal of, or other dealing with, any of the firm's or Recognised Body's assets (whether in the ADGM or elsewhere); and(e) that all or any of the firm's assets (or all or any assets belonging to investors but held by the firm or Recognised Body) must be transferred to a trustee approved by us.
We may exercise our power under paragraph 4.4.1 above in certain circumstances, as set out in FSMR section 35(2) and GEN 8.13.1, including where:(a) the firm or Recognised Body is failing, or is likely to fail, to satisfy the Threshold Conditions when it was first granted a Financial Services Permission including:(i) having adequate and appropriate resources;(ii) being fit and proper to carry on a activity regulated by us for which it has an authorisation or recognition;(iii) capability of being effectively supervised; and(iv) having adequate compliance arrangements to enable it to comply with all applicable legal requirements.(b) the firm or Recognised Body has committed a contravention of the FSMR, Rules or other enactments or subordinate legislation administered by us;(c) the firm or Recognised Body has failed, during the period of at least 12 months, to carry on an activity regulated by us to which the Financial Services Permission relates; or(d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.
In determining whether to exercise our power under section 35 of the FSMR, we may take into account relevant facts and circumstances including, the following:(a) whether we have concerns about the fitness and propriety of the firm or Recognised Body;(b) whether the firm's or Recognised Body's resources are adequate for the scale or type of activity which the firm is authorised to undertake;(c) whether the firm or Recognised Body has conducted its business in compliance with the FSMR and the Rules;(d) whether the firm or Recognised Body has ensured full compliance with applicable money laundering or counter terrorism legislation; and(e) whether the firm's or Recognised Body's management is able to address the Regulator's concerns about the firm or Recognised Body, or the way the business is being or has been run.
When exercising this power, we will have regard to the principle that any restriction imposed on a firm or a Recognised Body should be proportionate to the objectives which we are seeking to achieve.
4.5 4.5 Power to cancel a Financial Services Permission or revoke recognition
At the request of a firm
On application of the firm or Recognised Body (in such firm as we shall prescribe), we may exercise our powers to vary or cancel a firm's Financial Services Permission or a Recognised Body's recognition (See FSMR section 32(2)).
Depending on the circumstances, we may need to consider whether we should first use our powers to impose requirements on a firm or Recognised Body or to vary a firm's Financial Services Permission or Recognised Body's recognition, before going on to cancel or revoke the Financial Services Permission.
On our own initiative
We may exercise our powers to cancel a Financial Services Permission to carry on one or more Regulated Activities, or to revoke recognition in respect of a Recognised Body (see FSMR sections 33 and 134(2)), respectively where:(a) firm or Recognised Body is failing, or is likely to fail, to satisfy the threshold conditions;(b) firm or Recognised Body has committed a contravention of the laws administered by us;(c) firm or Recognised Body has failed, during the period of at least 12 months, to carry on a Regulated Activity to which the Financial Services Permission or recognition relates; or(d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.
Circumstances when we may exercise our powers to cancel a Financial Services Permission or revoke a recognition include, among other things, where:(a) we have serious concerns about the manner in which the business of the firm or Recognised Body has been or is being conducted;(b) we consider it necessary to protect regulated entities and customers in the ADGM;(c) the firm or Recognised Body has failed to have or maintain adequate financial resources or a failure to comply with regulatory capital requirements;(d) the firm or Recognised Body has not submitted regulatory returns in a timely fashion or has provided false information in regulatory returns;(e) as a result of withdrawal of authorisation in relation to one or more Regulated Activities, the firm or Recognised Body is no longer authorised to carry on a Regulated Activity;(f) whether the firm or Recognised Body no longer satisfies the relevant criteria in respect of the fitness and propriety to carry on a Regulated Activity or hold a Financial Services Permission or recognition order (set out in GEN, Chapter 5 and MIR Chapters 2 and 4);(g) the firm or Recognised Body has repeatedly contravened the FSMR or the Rules.
4.6 4.6 Power to impose conditions on the status of an Approved Person
We may at any time by a written notice to an Approved Person and the relevant firm:(a) impose conditions on the grant of Approved Person status (FSMR section 48); and(b) vary or withdraw conditions imposed on the grant of such status (FSMR section 46).
We may exercise this power in circumstances where:(a) the Approved Person has not exercised the expected level of skill, care and diligence in carrying out the Controlled Function;(b) the conduct of the Approved Person is inconsistent with the requirements and standards expected; or(c) we have concerns about the fitness and propriety of the Approved Person (but not such as to warrant the suspension or withdrawal of an Approved Person's status pursuant to section 46 of FSMR).
4.7 4.7 Power to withdraw the status of an Approved Person
Under section 46 of the FSMR, we may withdraw an individual's Approved Person status given under section 45 of FSMR, if we consider that the Approved Person is no longer fit and proper to perform the Controlled Function in question, including for example, where:(a) the individual is in breach of an obligation applicable as a result of their Approved Person status;(b) the Financial Services Permission of the relevant firm is withdrawn;(c) the individual becomes bankrupt;(d) the individual is convicted of an offence that would be considered relevant to his integrity and honesty, or his ability to perform his functions;(e) the individual becomes incapable, through mental or physical incapacity, of managing his affairs; or(f) the individual or the relevant firm asks us to withdraw the relevant status.
In determining whether to exercise its power under section 46 of FSMR, we will have regard to all relevant matters including, but not limited to:(a) the criteria for assessing the fitness and propriety of an Approved Person as set out in GEN Chapter 5 (GEN 5.2.9) and paragraph 2.3 of this document;(b) the commission of any offences involving dishonesty, fraud or a Financial Crime by the Approved Person;(c) whether other enforcement action should be taken, or has already been taken, against the Approved Person by us or by other enforcement agencies;(d) the particular Controlled Function the Approved Person is or was performing;(e) the nature and activities of the firm concerned;(f) the markets in which the firm operates; and(g) the severity of the risk which the individual poses to consumers and to confidence in the ADGM financial system.
Disqualification of Auditors and actuaries under section 233 of the FSMR
We recognise that the use of our powers to disqualify Auditors and actuaries from being an Auditor of, or acting as an actuary for, a firm will have serious consequences for the Auditors or actuaries concerned and their clients.
In deciding whether to exercise our power to disqualify an Auditor or actuary under section 233(3) of FSMR, and what the scope of any disqualification will be, we will take into account all the circumstances of the case, including:(a) the nature and seriousness of any contravention of the FSMR or Rules and the effect of that contravention;(b) whether any contravention of the FSMR or Rules, or any failure to disclose information to us, has resulted in, or is likely to result in:(i) loss to customers;(ii) damage to the reputation of the ADGM; or(iii) an increased risk that an firm, Recognised Body or Reporting Entity may be used for the purposes of Financial Crime;(c) any action taken by the Auditor or actuary to remedy the contravention;(d) any disciplinary action taken (or to be taken) against the Auditor or actuary by a relevant professional body, and whether that action adequately addresses the particular contravention; and(e) the previous compliance record of the Auditor or actuary concerned, and whether the relevant regulatory body or professional body has imposed any previous disciplinary sanctions on the firm, Recognised Body, Reporting Entity or individual concerned.
5. 5. Enforcement
5.1 5.1 Our approach to enforcement
This Chapter sets out our approach to enforcement including how we may commence and conduct investigations and exercise our powers to address any misconduct or contravention of the FSMR or Rules. Our approach to imposing a penalty can be found in Chapter 6 of this document.
The fair and proportionate use of our enforcement powers plays a critical role in fulfilling our objectives as set out in section 1(3) of FSMR.
There are a number of principles underlying our approach to the exercise of our enforcement powers, including:(a) the effectiveness of the regulatory regime depends on the maintenance of an open and co-operative relationship between us and those we regulate;(b) we adopt a risk-based approach to regulation, focusing our efforts on those activities that we perceive as posing the greatest risk to the furtherance of our objectives;(c) we will act fairly, openly, accountably and proportionally in the exercise of our enforcement powers;(d) we will act swiftly and decisively to stop conduct which threatens the integrity of the ADGM or the stability of the financial services industry in the ADGM, minimise its effects, and prevent such conduct re-occurring;(e) we aim to:(i) deter or reduce the likelihood of future non-compliance;(ii) reduce or eliminate any financial gain or benefit from non-compliance; and(iii) where appropriate, remedy the harm caused by the non-compliance.
5.2 5.2 Enforcement framework
Enforcement is one of a number of regulatory tools available to us. We will take enforcement action in line with our objectives and approach to enforcement and may conduct investigations where there is a suspected contravention.
As a risk-based regulator, priority will be given to those areas which pose the biggest risk to achieving our objectives.
The proactive supervision and monitoring of Authorised Persons and an open and cooperative relationship between such Authorised Persons and their supervisors may, in some cases where a contravention of the FSMR or Rules has taken place, lead us to decide against taking formal disciplinary action. In those cases, we would expect the firm or person to act promptly in taking the necessary remedial action agreed with its supervisors to deal with our concerns. If the firm or person does not take such action, we may then proceed to take formal enforcement action.
General contravention provisions
Pursuant to section 218 of FSMR, a person commits a contravention if he:(a) does an act or thing that the person is prohibited from doing by or under the FSMR or Rules;(b) does not do an act or thing that the person is required or directed to do by or under the FSMR or Rules;(c) fails to comply with a requirement or condition imposed by or under the FSMR or the Rules; or(d) otherwise contravenes a provision of the FSMR or Rules.
Involvement in contravention
If a person is Knowingly Concerned in a contravention of the FSMR or Rules committed by another person then, under section 220 of FSMR, both persons may be held liable for committing a contravention.
A person is "Knowingly Concerned" in a contravention if the person:(a) has aided, abetted, counselled or procured the contravention;(b) has induced, whether by threats or promises or otherwise, the contravention;(c) has in any way, by act or omission, directly or indirectly, been knowingly involved in or been party to, the contravention; or(d) has conspired with another or others to commit the contravention.
Enforcement assessment: Threshold Conditions cases
We may take enforcement action against an Authorised Person who no longer meets the Threshold Conditions. . We view the Threshold Conditions as being fundamental requirements for a firm operating within the ADGM under a Financial Services Permission.
Decision to take action
We will make an assessment on a case by case basis whether to carry out a formal investigation, having considered all the available information, including:(a) elements of suspected contravention of the FSMR or Rules;(b) the Authorised Person's willingness to co-operate with us;(c) whether confidentiality obligations prevent individuals from providing information unless we compel them to do so by using our formal powers; and(d) whether the Authorised Person concerned has undertaken, or offered to undertake, remedial action.
When taking enforcement action, we will generally adopt the following process:(a) Step 1 — Assessment of complaints and referrals (paragraph 5.3);(b) Step 2 — Commencement of an investigation (paragraph 5.4);(c) Step 3 — Information gathering (paragraph 5.5);(d) Step 4 – Analysis of information provided (paragraph 5.7);(e) Step 5 — Assessment of remedies (paragraph 5.8); and(f) Step 6 — Conclusion of the investigation (paragraph 5.19).
5.3 5.3 Step 1 — Assessment of complaints and referrals
Assessment of complaints and referrals concerning suspected misconduct or suspected contraventions is a key function of our regulatory remit and enforcement framework. Every complaint and referral, regardless of source, is assessed to determine whether an investigation or other action ought to take place.
Sources of complaints and referrals
We may become aware of suspected misconduct or suspected contraventions from a variety of sources, including:(a) members of the public;(b) our supervisory activities; and(c) other external regulatory authorities or law enforcement agencies.
Complaints received by us from members of the public which relate to:(a) any conduct of, or dissatisfaction with, any person regulated by us;(b) a potential contravention of the FSMR or Rules; or(c) any conduct that causes, or may cause, damage to the reputation of the ADGM or the financial services industry in the ADGM;
are classified as regulatory complaints and are assessed through our complaints management function.
A person wishing to lodge a regulatory complaint with us should, where possible, do so in writing. A complaint can be lodged:(a) by email to: FSRA.Complaints@adgm.com;(b) by sending the complaint to Financial Services Regulatory Authority, Abu Dhabi Global Market PO Box 111999, Abu Dhabi, United Arab Emirates; or(c) delivering the complaint to us at Financial Services Regulatory Authority, Abu Dhabi Global Market Square, Al Maryah Island Abu Dhabi, United Arab Emirates.
When a complaint is received, we will send an acknowledgement letter to the complainant which will include the contact details of our complaints management function.
If, during the assessment of a regulatory complaint, we identify suspected misconduct or a suspected contravention, we will refer the complaint to the relevant staff member. After that, the relevant department assumes responsibility for the complaint and undertakes further consideration of the complaint.
All complaints lodged with us are held in confidence in accordance with the FSMR. However, in order to assess a complaint properly, we may need to speak to third parties including any person who is the subject of the complaint.
There are two types of referrals — internal and external.(a) Internal referrals
Internal referrals originate from our supervisory activities. Our supervisory framework is designed to detect and mitigate risks to the ADGM and the financial services industry in the ADGM.
An internal referral occurs when our supervision division refers a matter to our enforcement department, when the supervisory department has identified possible contraventions.
When the enforcement division receives an internal referral, the referring division may continue to be responsible for the on-going supervision of the firm who may be the subject of the referral.(b) External referrals
We may also receive allegations of misconduct through an external referral from other regulatory authorities and law enforcement agencies or any other person.
Such allegations may be received pursuant to the IOSCO or IAIS Multilateral Memoranda of Understanding (MMoU), or bilateral arrangements for the exchange of information between us and other regulatory and enforcement agencies.
5.4 5.4 Step 2 — Commencement of investigations
On receipt of an internal or external referral, the allegation will be assessed to determine if there is a suspicion of a contravention. If a suspicion arises and it is appropriate and expedient, we may start an investigation.
Section 205 of FSMR empowers us to conduct investigations if we consider there is good reason to do so, including investigations into reasonable suspicions of contraventions of FSMR and Rules.
In determining whether to commence an investigation, we will consider a number of factors including:(a) the nature and seriousness of the suspected contravention;(b) whether the suspected contravention is on-going;(c) whether the suspected contravention affects, or has the potential to affect, our objectives;(d) whether those involved in the suspected contravention are likely to cooperate;(e) the disciplinary record and compliance history of the person(s) involved in the suspected contravention;(f) whether, if proven, a suitable remedy is available;(g) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter;(h) the nature of any request for assistance made by another regulator or body under sections 216 or 217of FSMR; and(i) whether any party who may have suffered a detriment as a result of the suspected contravention is able to take his own remedial action.
Whether we "reasonably suspect" a contravention is a question which we will determine on the facts and circumstances available at the time of the determination to commence investigation.
While we are not bound to disclose to any party that an investigation has commenced or is on-going, or the basis on which an investigation is commenced, we may where necessary or desirable to do so, notify a person who is the subject of an investigation that an investigation has commenced, and the nature of our investigation.
We will not normally make public the fact that we are investigating a matter. We also expect that the person who is the subject of an investigation will treat the matter as confidential. However, subject to the restrictions on disclosure of confidential information in sections 197 and 198 of the FSMR, this does not stop the person under investigation from seeking professional advice or making their own enquiries into the matter, giving their Auditors appropriate details of the matter or making notifications required by law.
5.5 5.5 Step 3 — Information gathering
Once an investigation has commenced, we may exercise our powers to gather information to advance our objectives.
Our information-gathering powers may only be exercised by the Chief Executive or his delegate(s). The delegation need not be limited to our employees and can extend to other, non FSRA staff who are able to assist the investigation.
Power to require documents or information
During an investigation, the investigator may obtain relevant information and/or documents either: on a compulsory basis, principally through the exercise of its powers under section 206(1)(b) and (c) of FSMR, and/or on a voluntary basis.
Our compulsory information gathering powers are divided into two broad categories – supervisory and investigative. When we require the giving of information or production of documents, we will generally give the Person a written notice specifying what is required to be given or produced.
Under our supervisory powers, we may require a Person to give us information and produce documents about its business under section 201 of the FSMR. The power of section 201 of FSMR permits us to request information and documents from an Authorised Person, Recognised Body, Issuer of Securities admitted to the Official List and any director, officer, employees or agent of such Authorised Person, Recognised Body or Issuer, which we consider is necessary or desirable to meet our objectives.
Under our investigative powers, we also have the power to require documents or information under section 206(1)(b) and (c) of the FSMR. Unlike the supervisory power under s201, the powers under section 206 may only be used:(a) for the purposes of an investigation; and(b) in circumstances where the investigator considers that a person is or may be able to give information or produce a document which is or may be relevant to an investigation.
Power to Inspect and copy documents
The section 206(1)(e) of FSMR permits the investigator to enter the business premises of the person under investigation for the purpose of inspecting and copying documents.
The investigator will generally not provide prior notice of an inspection in circumstances where the provision of prior notice may prejudice the investigation.
When exercising this power, the investigator may:(a) require any appropriate person to:(i) make available any relevant information stored at the business premises for inspection or copying; or(ii) convert any relevant information into a physical form capable of being copied; and(b) use the facilities of the occupier of the business premises where appropriate and necessary, free of charge, to make copies.
Power to require production of information
Section 206(1)(c) of FSMR empowers the investigator to require a person to give, or procure the giving of, information. The term "information" should be interpreted broadly, in accordance with its ordinary meaning, and may include(a) knowledge communicated or received concerning a particular matter, fact or circumstance;(b) knowledge gained through work, commerce, study, communication, research or instruction;(c) data obtained as output from a computer by means of processing input data with a program or any data at any stage of processing including input, output, storage or transmission data;(d) an explanation or statement about a matter;(e) the identification of a person, matter or thing; or(f) the provision of a response to a question.
Power to require production of documents
Section 206(1)(b) of FSMR empowers the investigator to require a person to produce, or procure the production of, specified documents or documents of a specified description. Specified documents may include, for example, any record of information, including:(a) anything on which there is writing;(b) anything on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them;(c) anything from which sounds, images or writings can be reproduced with or without the aid of anything else; or(d) a map, plan, drawing or photograph.
Section 206(1)(b) of FSMR empowers the investigator to require production of original documents or copies.
When exercising his powers under section 206(1)(b) of FSMR, the investigator may retain possession of any original document for as long as is necessary for the investigation to which the notice relates. When a person is unable to produce documents in compliance with a requirement made by the investigator, the investigator may require the person to state, to the best of that person's knowledge or belief, where the documents may be found and who last had possession, custody or control of those documents.
Time for responding to information and document requirements
As delays in the provision of information and/or documents can have an adverse impact on the efficient and effective progression of an investigation, we expect persons to respond to information and document requests within the timeframe required by us, in particular where a deadline for submission has been imposed.
Power to require a Person to attend an interview
Section 206(1)(a) of FSMR empowers the investigator has the power to require a person (the interviewee) to attend before us (the interviewer) for an interview to provide oral evidence relevant to an investigation we are conducting.
A person attending an interview will first be served with a written notice requiring his attendance. Pursuant to section 206(5) of FSMR, an interviewee is not entitled to refuse or fail to answer a question on the basis that his answers may incriminate him, make him liable for a penalty or reveal communications made in confidence (subject to section 209(6) of the FSMR).
An interview will be conducted in private and the interviewer may give directions to the interviewee regarding:(a) who may be present during the interview;(b) swearing an oath, or giving an affirmation, that the answers provided will be true;(c) what, if any, information may be disclosed by the interviewee or any other person present at the interview to any third party;(d) the conduct of any person and the manner in which they will participate during the interview; and(e) answering any question which is relevant to the investigation.
An interviewee is entitled to legal representation during the course of an interview.
Power to require a Person to provide assistance
Section 206(1)(d) of FSMR empowers the investigator to require a person to provide assistance in relation to an investigation, which may include requiring a person to do a physical act or provide information to advance an investigation. For example, it may require a person to assist in the location of specific documents.
This power can be used independently, or in conjunction with, the exercise of other investigative powers. For example, the investigator can exercise its powers under section 206(1)(a) of FSMR to require a person to attend an interview and under section 206(1)(d) of FSMR, to require the interviewee to provide reasonable assistance during or after the interview. For example, the interviewee may be required, during the interview, to explain the context of a document shown to him, or, after the interview, to locate and later produce a document referred to during the interview.
5.6 5.6 Power to enter the premises for the purposes of an investigation
For the purposes of an investigation conducted under section 205 of FSMR, we may require any Authorised Person or Recognised Body to allow entry on to the premises (during normal business hours or at any other time as may be agreed) for the purpose of inspecting and copying information or documents (at the relevant person's expense).
We will provide reasonable notice to an Authorised Person, Recognised Body, or other person when we seek information, documents or access to premises. In exceptional circumstances, such as where any delay may be prejudicial to the interests of the ADGM, we may seek access to premises without the giving of prior notice.
When carrying out our regulatory functions, we must maintain confidentiality of information, unless disclosure is permitted by section 199 of FSMR. We have issued a separate policy statement on Confidentiality and it is available on our website.
We may also impose obligations of confidentiality in respect of information and documents provided during the exercise of an investigator's powers under section 206(1) of FSMR.
The investigator can make directions to protect the confidentiality of information and documents which are part of an interview, in accordance with section 206(4)(b) of FSMR.
We or our investigator conducting an interview pursuant to section 206(1)(a) of FSMR may direct any person present during the interview from disclosing any information provided to the interviewee or questions asked by the interviewer during the interview.
Directions under section 206(4) of FSMR are made to ensure that an investigation is not prejudiced by the disclosure of the nature of the information sought or the questions asked during an investigation. In each case, we need to consider whether or not such directions are appropriate in the circumstances of that matter.
Parties who are required to comply with a requirement made by us during the course of an investigation, and persons who are the subject of an investigation, may benefit from certain protections in the FSMR, including:(a) section 198, which provides that confidential information provided to us must not be disclosed except in certain limited circumstances;(b) section 207(2), which provides that where a person takes part in an interview, any statements made during the interview cannot be disclosed by the investigator to a law enforcement agency for the purpose of criminal proceedings unless the person consents to the disclosure or the investigator is required by law or court order to disclose the statement; and(c) claims of legal professional privilege and other protections (see paragraph 5.6.9 – 5.6.10 below)
Claims of privilege and other protections
As set out in sections 210 and 211 of FSMR, there are a number of limitations on our powers to require documents and information.
we will recognise a valid claim for Legal Professional Privilege (LPP), made by:(a) the privilege holder, or(b) a third party seeking to assert the LPP claim on behalf of the privilege holder.
Non-compliance with requirements
Pursuant to section 214 of FSMR, a person must not, without reasonable excuse, engage in conduct that is intended to obstruct us in the exercise of our investigative powers by any means, including:(a) the failure to attend at a specified time and place to answer questions;(b) the falsification, concealment or destruction of documents;(c) the failure to give or produce information or documents specified by us(d) the failure to provide assistance in relation to an investigation which the person is able to give.
We will regard any breach of a requirement under Part 17 of FSMR as serious and take appropriate action where necessary.
Return of information and documents
Where, during the course of an investigation, we have obtained original documents, we will usually return these to the person from whom the documents were received, as soon as practicable after the conclusion of the investigation or related proceedings.
Where information or documents have been produced to us in the course of an investigation to assist another regulator or agency, we may release the information or documents to that other regulator or agency. The information and documents will usually be returned to the person from whom the information and documents were received, as soon as practicable after receiving them back from the other regulator or agency.
5.7 5.7 Step 4 — Analysis of information provided
On completion of the information gathering step, we will carefully consider all the relevant facts and circumstances of the matter to determine:-(a) whether there has been a contravention of the FSMR or the Rules; and(b) if so, if there is a regulatory benefit of pursuing the contravention in question.
The effective and proportionate use of our powers to enforce the requirements of the FSMR and the Rules will play an important role in our pursuit of our objectives as set out in section 1(3) of the FSMR. Imposing financial penalties, public censures and other disciplinary measures shows that we are upholding regulatory standards and helps to maintain market confidence and deter financial crime.
However, they are not the only tools available to us, and there will be instances of non-compliance which we consider appropriate to address without the use of such tools. For example, consistent with our risk-based approach to regulation, activities that are not seen as posing a significant risk to the furtherance of our objectives may not attract the same remedies as activities which we are seeking to prioritise.
At the conclusion of an investigation, we may:(a) take no further action;(b) commence a settlement negotiation;(c) accept a settlement;(d) accept an enforceable undertaking;(e) refer a matter for determination to a delegated decision-maker, e.g. for the(i) imposition of a financial penalty;(ii) imposition of a public censure;(iii) variation or cancellation of a Financial Services Permission;(iv) imposition of conditions on an Approved Person;(v) suspension or withdrawal of an Approved Person's Approval; or(vi) revocation of recognition of a Recognised Body;(f) commence Court proceedings; or(g) exercise a power on behalf of another regulator.
5.8 5.8 Step 5 — Assessment of Remedies
There is a range of remedies which we may pursue to achieve our objectives, including:(a) financial penalties;(b) public censure;(c) private warning; and(d) injunctions and other court orders.
We may, in any matter, pursue more than one remedy.
We do not have criminal jurisdiction. Should criminal conduct be identified, it will be referred to the appropriate law enforcement agency.
5.9 5.9 Financial penalties
We may seek to impose a financial penalty under section 232 of FSMR on a person whom we consider has contravened a provision of the FSMR or the Rules. We may impose a financial penalty in any amount considered appropriate, provided such amount is not less than 5,000 UAE Dirhams and not exceeding the higher of 50 million UAE Dirhams or 10% of the value of the relevant transaction.
In determining whether to impose a financial penalty, and the quantum of the financial penalty, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in Chapter 6 of this document.
Prior to making a decision, we will follow the procedures set out in Part 21 of the FSMR (see also Chapter 7 of this document for guidance).
5.10 5.10 Public censure
We may, under section 231 of FSMR, seek to publicly censure a person whom we consider has contravened a provision of the FSMR and Rules.
In determining whether to publicly censure a person, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in paragraph 6.3 of this document.
5.11 5.11 Private warnings
In certain cases, despite concerns about a person's behaviour or evidence of a breach of the FSMR or the Rules, we may decide that it is not appropriate, having regard to all the circumstances of the case, to bring formal action for a financial penalty or public censure, or that an alternative regulatory outcome is preferable in light of the circumstances of the case. This is consistent with our risk-based approach to enforcement.
Private warnings is a non-statutory tool, primarily used by us as an enforcement tool, but they may also be used in other departments. Whilst a private warning is not intended to be a determination by us as to whether the recipient has breached a provision of the FSMR or the Rules, private warnings, together with any comments received in response, will form part of the person's compliance history.
Instances where we may issue a private warning
We may give a private warning rather than take formal action where the matter giving cause for concern is minor, or where the person has taken full and immediate remedial action. In any event, we will take into account all the circumstances of the case before deciding whether a private warning is appropriate.
Generally, we would expect to use private warnings in the context of Authorised Person, Recognised Bodies and Approved Persons. However, we may also issue private warnings in circumstances where the persons involved may not necessarily be authorised or approved, including, for example, in potential cases of Market Abuse.
5.12 5.12 Injunctions and orders
We have a broad power to make an application to the ADGM Court for injunctive relief and other orders (see FSMR, sections 236 — 238). The ADGM Court may make one or more of the following orders:(a) an order restraining a person that is engaging in conduct that would constitute a contravention;(b) an order requiring a person to do an act or thing to remedy a contravention or to minimise loss or damage; or(c) any other order as the Court sees fit, including an order restraining the transfer of assets or the departure of individuals from the jurisdiction of the court.
In deciding whether an application for an injunction is appropriate, we will consider all relevant circumstances including:(a) the nature and seriousness of the contravention;(b) whether the contravention is on-going;(c) whether the contravention affects, or has the potential to affect, our objectives;(d) where we consider it necessary to protect regulated entities and clients in the ADGM;(e) whether there is a danger of assets being dissipated or removed from the jurisdiction of the Court;(f) whether there is a danger that a person or persons may leave the jurisdiction and, if so, the effect that his or their absence may have on the effectiveness of the court's orders;(g) costs we would incur in applying for and enforcing an injunction and the likely effectiveness of such an injunction or other order;(h) the disciplinary record and compliance history of the person;(i) whether the losses suffered are substantial;(j) whether the assets at risk are substantial;(k) whether the number of clients at risk is significant;(l) whether the conduct in question can be adequately addressed by other disciplinary measures;(m) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter in question; and(n) whether there is a reason to believe that the person who is the subject of the possible application is or has been involved in money laundering, terrorist financing or other form of financial crime or criminal conduct.
5.13 5.13 Actions for damages
Section 242 of FSMR provides that where a person:(a) intentionally, recklessly or negligently commits a breach of duty, requirement, prohibition, obligation or responsibility imposed under the FSMR; or(b) commits fraud or other dishonest conduct in connection with the matter arising under the FSMR;
the person is liable to compensate any other person for any loss or damage caused to that other person as a result of such conduct.
Section 242 of FSMR gives us, and any aggrieved persons, broad powers to make application for recovery of damages where there has been an identified contravention of the FSMR or Rules administered by us. An aggrieved person may exercise rights provided under section 242 of FSMR independently of, or contemporaneously with, us.
In determining whether to commence proceedings, we will take into account all relevant circumstances, including:(a) the nature and seriousness of the suspected contravention;(b) whether the suspected contravention is on-going;(c) whether the contravention affects, or has the potential to affect, our objectives;(d) whether a party who may have suffered detriment as a result of the alleged contravention is able to take his own remedial action;(e) in circumstances where more than one person has suffered loss or damage:(i) the number of those that have suffered loss or damage and the amount of loss or damage involved; and(ii) whether it is convenient or possible for a class of aggrieved persons to commence a proceeding;(f) the cost we would incur in applying for or enforcing any order that it is successful in obtaining;(g) whether the conduct in question can be adequately addressed by the use of other regulatory powers;(h) whether redress is available elsewhere or through another Non-ADGM Financial Services Regulator;(i) whether there is a reason to believe that the person is or has been, involved in money laundering, terrorist financing or other form of financial crime or criminal conduct;(j) whether the profits are quantifiable;(k) whether the person is solvent; and(l) whether we have a reasonable prospect of success in the relevant proceedings.
Determining the amount of restitution
In determining the amount of compensation payable in accordance with section 241 of FSMR, we may obtain information relating to the amount of profits made and/or losses or any other adverse effects resulting from the conduct of Authorised Person, Recognised Bodies or unauthorised persons.
As well as obtaining information through the use of our information gathering powers, we may consider using our powers under section 203 of FSMR to require an Authorised Person or Recognised Body to provide a report prepared by a Skilled Person, or appoint a Skilled Person ourselves to prepare a report. A Skilled Person's report may be requested to assist us to determine:(a) the amount of profits which have been made by the Authorised Person or Recognised Body;(b) whether the conduct of the Authorised Person or Recognised Body has caused any losses or other adverse effects to persons and/or the extent of such losses; or(c) how any amounts to be paid by the Authorised Person or Recognised Body are to be distributed between persons.
5.14 5.14 The compulsory winding-up of a regulated entity
We may apply to the ADGM Court for the winding up of a company which is, or has been, an Authorised Person or Recognised Body, or operating in breach of the General Prohibition, where we consider it is just and equitable and in the interests of the ADGM, in accordance with section 244 of FSMR.
In deciding whether such an application is just and equitable and is in the interests of the ADGM, we will consider all relevant circumstances, including:(a) whether the company has operated in accordance with the FSMR and Rules;(b) where the company has contravened the FSMR or Rules:(i) the nature, scale and seriousness of the contravention;(ii) whether the contravention is on-going;(iii) whether the contravention affects, or has the potential to affect, our objectives;(iv) what other steps the person could take or other orders a court could make to remedy the contravention;(c) the need to protect a firm's clients, particularly in cases where an Authorised Person holds or controls Client Assets;(d) whether the needs of those operating in the ADGM and the interests of the ADGM are best served by the company ceasing to operate;(e) in the case of an Authorised Person, where we consider that our Financial Services Permission should be withdrawn or, where it has been withdrawn, the extent to which there is other business that the firm carries on without authorisation;(f) whether there is reason to believe that the firm or person is or has been involved in money laundering, terrorist financing or other form of financial crime or other criminal conduct;(g) where there is a significant cross-border or international element to the business being carried on by the company, the impact on the business in other jurisdictions and whether another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter; or(h) the extent to which the firm or person company has co-operated with us.
5.15 5.15 Injunctions and restitution orders in cases of market abuse
Sections 238 and 240 of FSMR provide that the ADGM Court, on application by us, may make one of a range of orders in relation to a person, irrespective of whether a contravention has occurred, if it is satisfied that it is in the interests of the ADGM for such an order to be made.
We may seek a range of orders from the ADGM Court, including:(a) an order requiring that trading in any Investments cease, either permanently or for such period as is specified in the order;(b) an order requiring that a disclosure be made to the market;(c) an order prohibiting a person from making offers of Securities in or from the ADGM; or(d) an order prohibiting a person from being involved in Reporting Entities, Listed Funds or Securities within the ADGM.
Before we make an application for an order (whether interim, ex parte or final), we must be satisfied that such an order would be in the interests of the ADGM and will take into account all relevant circumstances, including:(a) the nature and extent of the conduct or any other matters in question;(b) the effect of the conduct on the market and our objectives;(c) whether the market is informed of all material information;(d) what steps the relevant person has taken in respect of the conduct or any other matters being considered;(e) what other form of relief (if any) is available to us; and(f) whether the conduct in question could have a significant impact on the integrity of, or confidence in, the ADGM.
5.16 5.16 Intervention power
We may intervene as a party in any proceeding in the ADGM Court where we consider such intervention appropriate to meet our objectives (section 243 of FSMR). Where we intervene, it shall be subject to any other law, and have all the rights, duties and liabilities of such a party.
This provision does not affect our ability to seek leave to appear in proceedings as Amicus Curiae (i.e. someone not a party to the case, who volunteers to offer information to assist a court in deciding a matter before it, to make submissions on an issue of significance to the ADGM, or to place material before the Court that may otherwise not be available).
We will generally only exercise this right of intervention where we form the view that we will not be able to meet our objectives by simply appearing as Amicus Curiae and that, to serve the interests of the ADGM fully, it is necessary to join the proceeding as a party and stay involved in the matter throughout.
5.17 5.17 Settlement guidance
A settlement is a resolution, between us and a person who is subject to potential enforcement action, to agree an outcome resulting from an investigation. A person who is or may be the subject of any form of enforcement action arising out of, or during the course of, an investigation may enter into settlement discussions with us. The possibility of a settlement does not, however, change the fact that enforcement action is, and continues to be, one of the tools available to us to secure our objectives under section 1(3) of the FSMR.
We generally consider that early settlement of an investigation advances our objectives in that it may result in, for example, consumers obtaining compensation sooner, the saving of our and industry resources and the promotion of good business and regulatory practices.
However, we will only consider settlement when we are confident we have sufficient understanding of the nature and gravity of the suspected misconduct to make a reasonable assessment of the appropriate outcome.
We will conduct all settlement discussions on a "without prejudice" basis; namely, that no party to the discussions may subsequently rely upon any admissions or statements made during the course of the settlement discussion or on any document recording those discussions.
We will only settle when the agreed terms result in what we consider to be an appropriate and proportionate regulatory outcome.
In the interests of efficiency and effectiveness, we will set clear and reasonable timetables for settlement discussions to ensure they do not unreasonably delay settlement or a regulatory or enforcement outcome. Where we have concerns that a party to settlement discussions is using negotiations as a means to delay or frustrate us with no genuine intention to settle, we, having made our concerns known to the other party, may bring the settlement discussions to an end and pursue other appropriate enforcement action.
Settlement in particular circumstances should not be regarded as binding precedent for future settlement discussions. Whilst we recognise the importance of consistency in its decision-making, we recognise that the facts of two enforcement cases are seldom identical. For this reason, and to ensure that we are able to respond to the demands of a changing and principles-based regulatory environment, it is important for us to be able to take a different view to that taken in an earlier case. However, any decision to depart from the earlier approach will only be made after careful consideration of the reasons for doing so.
Factors we will consider when contemplating settlement
In deciding whether a proposed settlement is acceptable, and in accordance with meeting our objectives, we will consider a number of factors, including:(a) the nature and seriousness of the conduct or suspected contravention the subject of the proposed settlement;(b) whether the suspected contravention is continuing;(c) whether the person is prepared to publicly acknowledge our concerns about the conduct or suspected contravention that is the subject of the proposed settlement;(d) the necessity for protective or corrective action;(e) the prospects for a swift resolution of the matter;(f) whether the suspected contravention that is the subject of the proposed settlement was:(i) inadvertent; or(ii) the result of the conduct of one or more individual officers or employees of the Authorised Person (and their level of seniority);(g) whether the person has co-operated with us (e.g. by providing complete information about the conduct or suspected contravention, taking any remedial action);(h) whether the settlement will achieve an effective outcome for those who have been adversely affected by the suspected contravention;(i) whether the person is likely to comply with the terms of the settlement;(j) the person's disciplinary record and compliance history; and(k) whether the settlement promotes general deterrence.
Form of settlement
We will generally only settle an enforcement matter on the basis of either:(a) a Final Notice setting out the action taken (see paragraph 5.17.10); and/or(b) an Enforceable Undertaking (see paragraph 5.17.11).
A settlement which results in a notice of decision will be documented in the form of a legally enforceable agreement executed by all parties to the settlement.
The outcome of a settlement with us may result in a Final Notice (in accordance with section 251 of FSMR), which promotes consistency of regulatory outcomes and transparency of approach to enforcement decision-making.
An Enforceable Undertaking ("EU") is a form of settlement that we may accept, under section 235 of FSMR as an alternative to other remedies available to us to influence behaviour and encourage a culture of compliance.
An EU involves a written undertaking from a person against whom action could be taken under the FSMR or any Rules made under the FSMR, to do or refrain from doing a specified act or acts. It may, amongst other things, include remedial actions that are not otherwise available under a notice of decision.
An EU may be offered by a person and accepted by us at any time, either before, during or after an investigation, the making of a decision or the commencement of proceedings in the court. Entry into an EU is voluntary. We do not have the power to require a person to enter into an EU, nor can a person compel us to accept an EU.
We will generally only consider accepting an EU that we consider to be necessary or desirable in pursuit of our objectives and where the EU contains:(a) an admission or acknowledgement of any contraventions or our concerns;(b) undertakings addressing our concerns; and(c) an agreement to make the EU public, and(d) an agreement not to make public statements conflicting with the spirit of the EU.
A person offering us an EU may also undertake in the EU to pay a pecuniary penalty and/or our costs, including any costs associated with compliance with the EU.
Variation or withdrawal
Once accepted by us, an EU can only be withdrawn or varied with our consent in writing. We will only consider a request to vary an undertaking if:(a) the variation will not alter the spirit of the original undertaking;(b) compliance with any one or more terms of the undertaking is subsequently found to be impractical or impossible; or(c) there has been a material change in the circumstances which led to the undertaking being given.
Compliance with an EU or decision
If we consider that a person has not complied with a term of the EU or a decision, we may:(a) apply to the ADGM Court for appropriate orders;(b) publish the fact of the application to the ADGM Court and any subsequent orders of the court; and(c) seek the costs of the application.
5.18 5.18 Costs
We will generally seek litigation costs orders from the ADGM Court where we have commenced a proceeding and been successful in achieving all or part of the outcome sought.
Costs in proceedings before the ADGM Appeals Panel
The ADGM Appeals Panel, on conclusion of any proceedings before it, may make an order (under section 229(2)€ of the FSMR) requiring a party to the appeal to pay a specified amount, being all or part of the costs of the proceedings, including those of any party to the proceedings.
Where a person is found by the Court to have contravened the FSMR or Rules, the ADGM Court may order that person to pay or reimburse us in respect of the whole or a specified part of the costs and expenses of the investigation, including the remuneration of a Person involved in the investigation.
5.19 5.19 Step 5 — Conclusion of an investigation
We will conclude an investigation when:(a) we have decided to take no further action in response to the suspected contraventions which are the subject of the investigation (due to, for example, insufficiency of evidence); or(b) all remedies and obligations resulting from an investigation are concluded and fulfilled.
5.20 5.20 Publicity
Publicity of enforcement actions
We will generally publish, in a manner we consider appropriate and proportionate, information and statements relating to enforcement actions, including public censures and any other relevant matters. The publication of enforcement outcomes is consistent with our commitment to open and transparent processes and our objectives.
In all cases we retain the discretion to take a different course of action, where it furthers our ability to achieve our objectives or is otherwise in the public interest to do so. For example, if we issue a private warning, rather than taking formal action, we may decide not to publish this if it furthers our ability to achieve our objectives. Please refer to paragraph 5.11 for further details about how we use private warnings.
Commencement and conclusion of investigations
We will generally not publish information about the commencement, conduct or conclusion of the investigative phase of our enforcement actions.
Where we do publish the fact that we are conducting an investigation and no enforcement action results, we may issue a press release confirming the conclusion of the investigation and that no action is to be taken.
Commencement of proceedings
We expect to publish information about the commencement or hearing of enforcement proceedings, unless otherwise required not to by the relevant body or it is not in the public interest to do so and would not achieve our objectives.
Disclosure of decisions
5.21 5.21 Executive Decisions
We will generally make public any enforcement administrative decision made by our Executive and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Regulatory Committee has expired or appeal process has come to an end, unless it is not in the public interest to do so and would not achieve our objectives.
The Regulatory Committee's Decisions
We will generally make public any decision made by the ADGM Regulatory Committee and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Appeals Panel has expired or appeal process has come to an end, unless otherwise required not to by the ADGM Regulatory Committee, or it is not in the public interest to do so and would not achieve our objectives.
Appeals Panel or Court Decisions
FSMR requires all ADGM Appeals Panel hearings to be heard in public unless the Appeals Panel orders otherwise or its rules of procedure provide otherwise. The Appeals Panel may exercise its discretion not to make public any decisions it may make. Where it does determine to publish a decision or interim decision, the Appeals Panel will publish these on its website.
Following hearings and decisions by the ADGM Appeals Panel, we expect to make timely public disclosure of the Appeals Panel's decisions, including any interim decisions, unless otherwise ordered.
Decisions made by the ADGM Courts will be publicised by us in a timely manner, unless ordered otherwise.
This approach is adopted on the basis that any delay in disclosure may hinder and unfairly prejudice us in achieving some of our primary objectives. For example, non-disclosure may potentially prejudice users and prospective users of financial services in the ADGM if they are acting unaware of facts known in the enforcement action.
Disclosure of settled enforcement actions
We expect to disclose publicly the outcome of any settlement of an enforcement action, including the notice of decision or EU, to ensure all stakeholders and the general public are clearly informed of the outcome.
Settlement agreements which result in a Final Notice or an EU will result in the publication of the relevant notice of decision or EU on our website as well as an associated press release.
We may be ordered, or required by law, not to publish information regarding a settlement. For example, disclosure may not occur if a third party has commenced proceedings in the courts in respect of the same conduct and the publication of the undertaking or settlement may prejudice that party's case in the courts. However, simply because a third party has commenced proceedings does not preclude us from publishing our settlements, including the notice of decision or EU.
Content and mode of publication
Where appropriate, we may comment publicly on investigations, enforcement actions and other formal regulatory decisions publishing final notices of regulatory decision, EUs or other enforcement actions. In doing so, we will take into account:(a) any privileged or sensitive information when considering the content of our publications; and(b) the possibility that any publication may potentially affect the rights of a third party and, if so, will endeavour to give that third party notification of the publication and an opportunity to make representations on the publication.
Publication may take any one or more forms including a media release, a statement on our website or any other forums as determined suitable by us.
6. 6. Penalty Guidance
6.1 6.1 Approach to imposing a penalty
This chapter sets out the matters that will be taken into account by us when determining a "penalty", which includes a financial penalty, public censure or any other enforcement action.
We may also refer to matters described in this chapter when determining an appropriate penalty in settlement agreements, including an EU.
6.2 6.2 Deciding to take action
When determining a penalty, we will consider all relevant facts and circumstances, including the factors listed below that may be relevant for this purpose:(a) our objectives;(b) the deterrent effect of the penalty on:(i) persons that have committed or may commit the contraventions; and(ii) other persons that have committed or may commit similar contraventions;(c) the nature, seriousness, duration and impact of the contravention, including:(i) whether the contravention was deliberate or reckless;(ii) the duration and frequency of the contravention;(iii) whether the contravention reveals serious or systemic weaknesses of the management systems or internal controls relating to all or part of a person's business;(iv) the impact (actual or potential) of the contravention on the orderliness of markets, including whether confidence in those markets has been damaged or put at risk;(d) if the contravention involved a number of persons, the degree of involvement and specific role of each Person;(e) the benefit gained (whether direct or indirect, pecuniary or non-pecuniary) or loss avoided as a result of the contravention;(f) the conduct of the person after the contravention, including:(i) how quickly, effectively and completely the person brought the contravention to our attention;(ii) the degree of cooperation the person showed during the investigation of the contravention;(iii) any remedial steps the person has taken in respect of the contravention;(iv) the likelihood that the same type of contravention (whether on the part of the person or others) will recur if no action is taken;(v) the nature and extent of any false or inaccurate information given by the person and whether the information appears to have been given in an attempt to knowingly mislead us;(g) the difficulty in detecting and investigating the contravention that is the subject of the penalty;(h) whether the person committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;(i) the disciplinary record and compliance history of the person on whom the penalty is imposed, including whether we have taken any previous disciplinary action against the person;(j) where the person reasonably believed that their behaviour did not amount to a contravention and whether they undertook reasonable precautions and diligence to avoid committing such a contravention;(k) whether the person acted in accordance with our guidance and other published materials;(l) action taken by us in previous similar cases; and(m) action taken by other domestic or international regulatory authorities. Where other regulatory authorities propose to take action in respect of the contravention which is under consideration by us, or one similar to it, we will consider whether the other authority's action would be adequate to address our concerns, or whether it would be appropriate for us to take our own action.
Actions against Approved Persons and Recognised Persons
In addition to the general factors listed in paragraph 6.2.1, there are some additional considerations that may be relevant when we decide whether to take action against an Approved or Recognised Person. The list is not exhaustive; not all of these factors may be applicable in a particular case, and there may be other factors, not listed that are relevant. The factors include:(a) the approved or recognised person's position and responsibilities. We may take into account the responsibility of those exercising important functions in the firm. The more senior the person responsible for the misconduct, the more seriously we are likely to view the misconduct, and the more likely it is to take action against the Approved or Recognised Person;(b) whether disciplinary action against the firm rather than the person would be a more appropriate regulatory response; and(c) whether disciplinary action would be a proportionate response to the nature and seriousness of the contravention by the person.
6.3 6.3 Financial penalty, public censure or other enforcement action
We will consider all the relevant circumstances of the case when deciding whether to impose a financial penalty, or other enforcement action. As such, the factors set out in paragraph 6.2 are not exhaustive. Not all of the factors may be relevant in a particular case and there may be other factors, not listed, that are relevant.
The criteria for determining whether it is appropriate to issue a public censure or other enforcement action (rather than impose a financial penalty) include those factors that we will consider in determining the amount of a financial penalty, as set out in paragraphs 6.5 to 6.7. In particular, considerations that may be relevant when we determine the penalty are:(a) whether deterrence may be effectively achieved by issuing a public censure;(b) whether the person has brought the contravention to our attention;(c) whether the person has admitted the contravention and provides full and immediate co-operation to us, and takes steps to ensure that those who have suffered loss due to the contravention are fully compensated for those losses; and(d) our approach to previous similar cases — we will aim for a consistent approach.
Some particular considerations that may be relevant when we determine whether to issue a financial penalty rather than impose a public censure or other enforcement action are:(a) if the person has made a profit or avoided a loss as a result of the contravention, on the basis that a person should not be permitted to benefit from its contravention;(b) if the contravention is more serious in nature or degree, on the basis that the sanction should reflect the seriousness of the contravention; other things being equal, the more serious the contravention, the more likely we are to impose a financial penalty; and(c) if the person has a poor disciplinary record or compliance history, on the basis that it may be particularly important to deter future cases.
6.4 6.4 Determining the appropriate level of financial penalty
Our penalty-setting regime is based on three principles:(a) disgorgement: a firm or individual should not benefit from any contravention;(b) sanction: a firm or individual should be penalised for wrongdoing; and(c) deterrence: any penalty imposed should deter the firm or individual who committed the contravention, and others, from committing further or similar contraventions.
The total amount payable by a person subject to enforcement action may be made up of two elements:(a) disgorgement of the benefit received as a result of the contravention; and(b) a financial penalty reflecting the seriousness of the contravention.
These elements are incorporated in a five-step framework, which can be summarised as follows:(a) Step 1: the removal of any economic benefit derived from a contravention;(b) Step 2: the determination of a figure which reflects the seriousness of the contravention;(c) Step 3: an adjustment made to the step 2 figure to take account of any aggravating and mitigating circumstances;(d) Step 4: an adjustment made to the step 3 figure, where appropriate, to ensure that the penalty has an appropriate deterrent effect; and(e) Step 5: if applicable, an adjustment for cooperation/early settlement may be made.
These steps will apply in all cases, although the details of Steps 1 to 4 will differ for cases against firms (paragraph 6.5), and cases against individuals (paragraph 6.6).
The lists of factors and circumstances in paragraphs 6.5 and 6.6 are not exhaustive. Not all of the factors or circumstances listed will necessarily be relevant in a particular case and there may be other factors or circumstances not listed which are relevant.
We will not, in determining our policy with respect to the amount of penalties, take account of expenses which we incur, or expect to incur, in discharging its functions.
6.5 6.5 Financial penalties imposed on a firm
Step 1: Disgorgement
We will seek to deprive a firm of the economic benefits derived from a contravention (which may include the profit made or loss avoided) where it is practicable to quantify this.
Step 2: The seriousness of the contravention
We will determine a financial penalty figure that reflects the seriousness of the contravention, taking into the following factors:(a) factors relating to the impact of a contravention;(b) factors relating to the nature of a contravention;(c) factors tending to show whether a contravention was deliberate; and(d) factors tending to show whether a contravention was reckless.
Factors relating to the impact of a contravention committed by a firm include:(a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the firm from the contravention;(b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;(c) the loss or risk of loss caused to individual clients, investors or other market users;(d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;(e) the distress or inconvenience caused to clients; and(f) whether the contravention had an adverse effect on the orderliness of, or confidence in, markets and, if so, how serious that effect was.
Factors relating to the nature of a contravention by a firm include:(a) the nature of the FSMR or Rules contravened;(b) the frequency of the contravention;(c) whether the contravention revealed serious or systemic weaknesses in the firm's procedures or in the management systems or internal controls relating to all or part of the firm's business;(d) whether the firm's senior management were aware of the contravention;(e) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;(f) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;(g) whether the firm failed to conduct its business with integrity; and(h) whether the firm, in committing the contravention, took any steps to comply with the FSMR and Rules, and the adequacy of those steps.
Factors tending to show the contravention was deliberate include:(a) the contravention was intentional, in that the firm's senior management, or a responsible individual, intended, could reasonably have foreseen, or foresaw that the likely or actual consequences of their actions or inaction would result in a contravention;(b) the firm's senior management, or a responsible individual, knew that their actions were not in accordance with the firm's internal procedures;(c) the firm's senior management, or a responsible individual, sought to conceal their misconduct;(d) the firm's senior management, or a responsible individual, committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;(e) the firm's senior management, or a responsible individual, were influenced to commit the contravention by the belief that it would be difficult to detect; and(f) the contravention was repeated.
Factors tending to show the contravention was reckless include:(a) the firm's senior management, or a responsible individual, appreciated that there was a risk that their actions or inaction could result in a contravention and failed to adequately mitigate that risk; and(b) the firm's senior management, or a responsible individual, were aware that there was a risk that their actions or inaction could result in a contravention but failed to check if they were acting in accordance with the firm's internal procedures.
Step 3: Mitigating and aggravating factors
We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.
The following list of factors may have the effect of aggravating or mitigating the contravention:(a) the conduct of the firm in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);(b) the degree of cooperation the firm showed during the investigation of the contravention to us, or any other regulatory authority allowed to share information with us;(c) where the firm's senior management were aware of the contravention or of the potential for a contravention, whether they took any steps to stop the contravention, and when these steps were taken;(d) the nature, timeliness and adequacy of the firm's responses to any supervisory interventions by us and any remedial actions proposed or required by us;(e) whether the firm has arranged its resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;(f) whether the firm had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;(g) whether the firm had previously undertaken not to perform a particular act or engage in particular behaviour;(h) whether the firm concerned has complied with any requirements or rulings of another regulatory authority relating to the contravention;(i) the previous disciplinary record and general compliance history of the firm;(j) action taken against the firm by other domestic or international regulatory authorities that is relevant to the contravention in question;(k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials; and(l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention.
Step 4: Adjustment for deterrence
If we consider the figure arrived at after Step 3 is insufficient to deter the firm or person who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:(a) where we consider the absolute value of the financial penalty too low in relation to the contravention to meet our objective of credible deterrence;(b) where our previous action in respect of similar contravention has failed to improve industry standards;(c) where we consider it is likely that similar contraventions will be committed by the firm or by others in the future in the absence of such an increase to the financial penalty; and(d) where we considers that the likelihood of the detection of such a contravention is low.
Step 5: Adjustment for cooperation/early settlement
We and the firm upon whom a financial penalty is to be imposed may seek to agree the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the firm's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the firm concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.
6.6 6.6 Financial penalties imposed on an individual
Step 1: Disgorgement
We will seek to deprive an individual of the economic benefits derived from the contravention (which may include the profit made or loss avoided) where it is possible to quantify this. We will ordinarily also charge interest on the benefit.
Step 2: The seriousness of the contravention
We will determine a financial penalty figure that reflects the seriousness of the contravention. In determining such a figure, we will take into account the following factors relating to:(a) the impact of the contravention;(b) the nature of the contravention;(c) whether the contravention was deliberate; and(d) whether the contravention was reckless.
Factors relating to the impact of a contravention committed by an individual include:(a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the individual from the contravention;(b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;(c) the loss or risk of loss caused to individual clients, investors or other market users;(d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;(e) the distress or inconvenience caused to clients; and(f) whether the contravention had an adverse effect on orderliness of, or confidence in, markets and, if so, how serious that effect was.
Factors relating to the nature of a contravention by an individual include:(a) the nature of the FSMR or Rules contravened;(b) the frequency of the contravention;(c) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;(d) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;(e) whether the individual failed to act with integrity or abused a position of trust;(f) whether the individual committed a contravention of any professional code of conduct;(g) whether the individual caused or encouraged other individuals to commit contraventions;(h) whether the individual held a prominent position within the industry;(i) whether the individual is an experienced industry professional;(j) whether the individual held a senior position with the firm;(k) the extent of the responsibility of the individual for the product or business areas affected by the contravention, and for the particular matter that was the subject of the contravention;(l) whether the individual acted under duress; and(m) whether the individual took any steps to comply with Regulatory rules, and the adequacy of those steps.
Factors tending to show the contravention was deliberate include:(a) the contravention was intentional, in that the individual intended, could reasonably have foreseen or foresaw that the likely or actual consequences of his actions or inaction would result in a contravention;(b) the individual intended to benefit financially from the contravention, either directly or indirectly;(c) the individual knew that his actions were not in accordance with his firm's internal procedures;(d) the individual sought to conceal his misconduct;(e) the individual committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;(f) the individual was influenced to commit the contravention by the belief that it would be difficult to detect;(g) the individual knowingly took decisions relating to the contravention beyond his field of competence; and(h) the individual's actions were repeated.
Factors tending to show the contravention was reckless include:(a) the individual appreciated there was a risk that his actions or inaction could result in a contravention and failed to adequately mitigate that risk; and(b) the individual was aware there was a risk that his actions or inaction could result in a contravention but failed to check if he was acting in accordance with the firm's internal procedures.
Step 3: Mitigating and aggravating factors
We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.
The following list of factors may have the effect of aggravating or mitigating the contravention:(a) the conduct of the individual in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);(b) the degree of co-operation the individual showed during the investigation of the contravention by us, or any other regulatory authority allowed to share information with us;(c) whether the individual took any steps to stop the contravention, and when these steps were taken;(d) any remedial steps taken since the contravention was identified, including whether these were taken on the individual's own initiative or that by us or another regulatory authority;(e) whether the individual has arranged his resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;(f) whether the individual had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;(g) whether the individual had previously undertaken not to perform a particular act or engage in particular behaviour;(h) whether the individual has complied with any requirements or rulings of another regulatory authority relating to the contravention;(i) the previous disciplinary record and general compliance history of the individual;(j) action taken against the individual by other domestic or international regulatory authorities that is relevant to the contravention in question;(k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials;(l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention; and(m) whether the individual agreed to undertake training subsequent to the contravention.
Step 4: Adjustment for deterrence
If we consider the figure arrived at after Step 3 is insufficient to deter the individual who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:(a) where we considers the absolute value of the penalty too small in relation to the contravention to meet our objective of credible deterrence;(b) where our previous action in respect of similar contraventions has failed to improve industry standards. This may include similar contraventions relating to different products;(c) where we consider it is likely that similar contraventions will be committed by the individual or by other individuals in the future; and(d) where we consider that the likelihood of the detection of such a contravention is low.
Step 5: Adjustment for cooperation/ early settlement
We and the individual on whom a penalty is to be imposed may seek to agree on the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the individual's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the individual concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.
6.7 6.7 Serious financial hardship
Our approach to determining financial penalties described in paragraphs 6.5 and 6.6 is intended to ensure that financial penalties are proportionate to the contravention. We recognise that financial penalties may affect Persons differently, and that we should consider whether a reduction in the proposed financial penalty is appropriate, including if such penalty would cause the subject of enforcement action serious financial hardship.
Where an individual or firm claims that payment of the financial penalty proposed by us will cause them serious financial hardship, we will consider whether to reduce the proposed financial penalty only if:(a) the individual or firm provides verifiable evidence that payment of the financial penalty will cause them serious financial hardship;(b) the individual or firm provides full, frank and timely disclosure of the verifiable evidence, and co-operates fully in answering any questions asked by us about their financial position; and(c) the onus is on the individual or firm to satisfy us that payment of the financial penalty will cause them serious financial hardship.
In assessing whether a financial penalty would cause an individual serious financial hardship, we will consider the individual's ability to pay the financial penalty over a reasonable period, including agreeing to payment of the financial penalty by instalments where the individual requires time to realise his assets, for example, by waiting for payment of a salary or by selling property.
We will consider reducing the amount of a financial penalty if a firm will suffer serious financial hardship as a result of having to pay the entire financial penalty. In deciding whether it is appropriate to reduce the financial penalty, we will take into consideration the firm's financial circumstances, including whether the financial penalty would render the firm insolvent or threaten the firm's solvency. We will also take into account our statutory objectives, for example, in situations where clients would be harmed or market confidence would suffer. We may also consider if it is appropriate to reduce a financial penalty in order to allow a firm to continue in business and/or pay redress.
There may be cases where, even though the individual or firm has satisfied us that payment of the financial penalty would cause serious financial hardship, we consider the contravention to be so serious that it is not appropriate to reduce the financial penalty. We will consider all the circumstances of the case in determining whether this course of action is appropriate, including whether:(a) the individual or firm directly or indirectly derived an economic benefit from the contravention and, if so, the extent of that economic benefit;(b) the individual or firm acted fraudulently or dishonestly with a view to personal gain;(c) previous action by us in respect of similar contraventions has failed to improve industry standards; or(d) the individual or firm has spent money or dissipated assets in anticipation of enforcement action with a view to frustrating or limiting the impact of action taken by us or other authorities.
Withdrawal of authorisation or registration
We may withdraw a firm's Financial Services Permission, or the status of an Approved or Recognised Person or Principal Representative, as well as impose a financial penalty. Such action by us does not affect our assessment of the appropriate financial penalty in relation to a contravention.
However, the fact that we have withdrawn such Financial Services Permission or registration, as a result of which the firm or individual may have less earning potential, may be relevant in assessing whether the financial penalty will cause the firm or individual serious financial hardship.
6.8 6.8 Adjustment for cooperation/early settlement
It is our policy to encourage and recognise cooperation. A cooperative approach to dealing with us will be taken into consideration when assessing what type of enforcement action to pursue and/or what remedy we will seek. Cooperation can take many forms, including but not limited to:(a) self-reporting any misconduct to us and disclosing all the relevant information;(b) assisting us voluntarily during the investigation;(c) admitting any misconduct that the person or firm had committed or was involved in committing.
For the avoidance of doubt, merely fulfilling the person's or firms legal obligations will not be considered as cooperation for the purpose of assessing any adjustment to the financial penalties imposed on a firm or an individual.
Subject to enforcement action, we may be prepared to agree on the amount of any financial penalty, and other conditions which we seek to impose by way of such action, for example, the amount or mechanism for the payment of compensation to consumers. We recognise the benefits of such agreements, in that they offer the potential for securing earlier redress or protection for clients and the saving of cost to the Person concerned, and us, in contesting the financial penalty. The financial penalty that might otherwise be payable, in respect of a contravention by the person concerned, may, therefore, be reduced to reflect the timing of any settlement agreement.
In appropriate cases our approach may be to negotiate with the person concerned to agree in principle on the amount of a financial penalty having regard to our policy as set out in Chapter 5 of this document. Where part of a proposed financial penalty specifically equates to the disgorgement of profit accrued or loss avoided, then the percentage reduction will not apply to that part of the financial penalty.
7. 7. Decision Making
7.1 7.1 Introduction
This chapter sets out our general approach to making decisions when exercising our discretionary powers.
7.2 7.2 Who can exercise our powers?
Our powers can be exercised by the Chief Executive or any delegate of the Chief Executive, including:(a) to any employee to whom the Chief Executive has delegated his powers ("Regulatory officer"); and(b) to any panel or committee established by the Chief Executive for the purpose of making decisions; or(c) to any other delegated person.
7.3 7.3 Our general approach to decision-making
Natural Justice and Procedural fairness principles
Our approach to decision-making is based on observance of natural justice and the procedural fairness principles, by:(a) acting without bias or conflict of interest;(b) giving the Person an opportunity to present his case; and(c) taking into account only those considerations which are relevant to the matter to be decided upon.
Acting without bias or conflict of interest
A decision maker called upon to make a decision is expected to act impartially in doing so. If the decision maker has a vested financial or personal interest in the matter, a conflict of interest may arise that prevents an impartial or unbiased decision being made. A decision maker who does have a financial or other personal interest in the matter is required to disclose this interest and, if the interest is material, would not be the decision maker in relation to that matter.
We may refer an executive decision to the ADGM Regulatory Committee for determination under section 225(5) of the FSMR in order to avoid the risk of bias or conflict of interest affecting any such decision.
The decision maker is expected to take into account all and only those considerations which are relevant to the matter to be decided upon. This requires the decision maker to:(a) ensure that it has all the material information that is necessary to be able to make the relevant decision (and, if necessary, obtain further information, including from any third party sources);(b) disregard any irrelevant information; and(c) have the relevant power to make the decision.
To meet its procedural fairness obligations, the key elements to our approach to decision-making include:(a) having adequate systems and controls to ensure that those making decisions on our behalf are impartial and not affected by conflicts of interests that may affect their decisions;(b) giving a person in respect of whom we propose to make a decision (in this Chapter, the "affected person") advance notice about our proposed action (with the exception of cases when we may take immediate action because any delay resulting from advance notice would be prejudicial to the interests of direct or indirect users of financial services in the ADGM or otherwise prejudicial to the interests of the ADGM);(c) giving the affected person clear reasons why we propose to take the relevant action;(d) giving the affected person a suitable opportunity to make representations (in person and in writing) with regard to the our proposed action;(e) taking into account any representations made by, or on behalf of, the affected person before making a final decision, i.e. making any consequential changes to the proposed action given the representations made or other additional material available to us, as appropriate;(f) taking into account only those considerations which are relevant to the matter to be decided upon;(g) giving, without undue delay, the affected person a clear statement in writing of our final decision, the reasons for that decision and the effective date;(h) informing the affected person what rights of review that person has in respect of our decision, and within what period those rights of review must be exercised; and(i) having in place adequate mechanisms to enable the affected person to have our decision properly and impartially reviewed.
In certain circumstances, including:(a) the issuing of a stop order under section 71 of FSMR; and(b) suspension of a Listed Entity's Securities from the Official List under section 180 of FSMR,
We do not have to give an affected person advance notice of our proposed action and a right for that person to make prior representations before we make our final decision.
In such circumstances, we are still obliged to give the affected person a right of representation within 14 days (or other longer period as may be agreed) from the date on which the decision is made and communicated to the affected person. We are obliged to consider any representations made by, or on behalf of, the affected person during that period.
Where a right to make representations is exercised by an affected person, we will communicate to the affected person whether we confirm our original decision, or otherwise we vary or withdraw that decision, given the representations made.
Where no representations are made by, or on behalf of, the affected person during the relevant period, our original decision will remain in effect and will be confirmed.
Categories of decisions
The decisions which are made by us fall into three broad categories:(a) decisions which are subject to the procedures in Part 21 of the FSMR ("Part 21 Decisions") e.g. a decision to cancel the Financial Services Permission of an Authorised Person or to revoke the recognition of a Recognised Body;(b) decisions which are not subject to the procedures set out in Part 21 of the FSMR ("Non Part 21 Decisions") e.g. the rejection of a new Controller of an Authorised Person; and(c) routine operational decisions that do not affect the rights, interests and liabilities of a person ("Operational Decisions") e.g. a decision to commence an investigation against a person.
7.4 7.4 Part 21 Decisions
Where, on our own initiative, we propose to:(a) impose a public censure or financial penalty;(b) cancel the Financial Services Permission of an Authorised Person firm;(c) revoke the recognition of a Recognised Body; or(d) withdraw the approval of an Approved Person,
the procedures must be exercised according to what is set out in Part 21 of the FSMR.
To facilitate a consistent approach to decision-making, Part 21 of the FSMR sets out the steps we are required to follow in relation to Part 21 Decisions.
The procedures set out in Part 21 are designed to ensure procedural fairness by giving:(a) advance notice of our proposed decision (the Warning Notice), except in the cases referred to in paragraph 7.5 and 7.6 and the reasons for proposing to make such a decision;(b) an opportunity to make representations relating to the proposed decision;(c) our final decision (the Decision Notice) and the reasons for that decision, including any changes made to the preliminary decision, taking into account any representations made for, or on behalf of, the affected person; and(d) notice of the affected person's right to have our decision reviewed by the Regulatory Committee, including the period within which that right can be exercised.
Prior to any issue of a Warning Notice, we will notify the person concerned and provide an opportunity to present enquiries and make representations, provided this would not result in a tip-off, prejudice the exercise of our powers or otherwise jeopardise our objectives.
Figure 1: the Regulator's Decision Making Process for Part 21 Decisions
7.5 7.5 Non Part 21 Decisions
Certain decisions are not subject to the procedures set out in Part 21 of the FSMR — for example our powers relating to Controllers of regulated firms and the power to approve or reject the Business Rules of a Recognised Body.
7.6 7.6 Operational decisions
The remaining decisions, such as decisions made as part of our day-to-day supervision of regulated firms, do not invoke the procedures in Part 21 of the FSMR. Examples of these operational decisions include decisions to:(a) obtain additional information from an Authorised Person;(b) disclose information about an Authorised Person to a Non-ADGM Financial Services Regulator;(c) issue a risk mitigation plan stemming from any supervisory concerns identified in the course of firm visit; or(d) commence an investigation.
Operational decisions are generally not reviewable by the ADGM Regulatory Committee. In making these decisions, we are still subject to overarching administrative law principles of acting in good faith and acting in a proportionate and reasonable manner.
7.7 7.7 The Regulatory Committee
Section 225(1) of FSMR provides that all of our decisions that may affect the rights or liabilities of a person or otherwise adversely affect the interests of a person (except operational decisions) may be referred to the ADGM Regulatory Committee for review. Upon a referral, the Regulatory Committee (which is independent of us) is required to conduct a full merits review of our decision.
To enable an affected person to exercise properly and effectively his right to have our original decision referred to the Regulatory Committee, we will provide to such a person a Decision Notice specifying:(a) our decision and the reasons for making that decision;(b) the date on which the decision is to take effect; and(c) the person's right to seek a review of the decision by the Regulatory Committee; and(d) by when the right referred to in paragraph (c) has to be exercised.
7.8 7.8 The Appeals Panel
Any decision, order or direction made by the Regulatory Committee may in turn be referred to the Appeals Panel for review by the person in respect of whom the decision was made or by us, in accordance with section 228(1) of FSMR. A second full merits review may then be conducted by the Appeals Panel.
Decisions of the Appeals Panel may only be reviewed on judicial review basis. An application for judicial review of a decision of the Appeals Panel may be made to the ADGM Court on the grounds that the decision is wrong in law or is in excess of the Appeal Panel's jurisdiction.
8. 8. Waivers And Modification
8.1 8.1 Introduction
Part 2 chapter 2 of FSMR provides for the modification or waiver of Rules by us.
This chapter outlines our approach to evaluating applications to grant relief from the requirements imposed by the Rules, by either waiving or modifying the application of one or more Rules. Our powers to waive or modify the requirements imposed by ADGM legislation do not extend to regulations such as the FSMR.
To waive the application of a Rule is to give relief to a Person from the entire obligation contained in that Rule. A modification can either modify the way in which a Person can comply with an obligation in a Rule or can give relief from part of the obligation in a Rule. A detailed description of the process to seek a waiver or modification of the Rules may be found in Rule 8.2 of the GEN Rules.
8.2 8.2 Power to issue relief
We may, on the application or with the consent of a Authorised Person or Recognised Body, direct that a Rule:(a) does not apply to a person; or(b) does apply to a person but with such modifications as are set out in a notice issued by us for this purpose.
Waivers and modifications may only be sought by an Authorised Person or Recognised Body, or an applicant seeking such status.
If an application is successful, we will issue its decision by means of written Direction provided to the applicant.
8.3 8.3 Making an application
Prior to submitting an application to us, the applicant should contact their assigned supervisory contact to discuss the application.
If the applicant is not regulated by us at the time of application, contact should be made through our Supervision Division.
Before making an application, we expect that the applicant will carry out appropriate research on:(a) the intention behind the Rule in question and the regulatory outcomes that the Rule aims to achieve;(b) whether there are any precedents where we have previously granted relief, or not granted relief, from the Rule in question, including any conditions which may have been imposed; and(c) if relief has been granted in the past, the similarities and differences between the cases where relief has previously been granted and the applicant's case.
All applications for waivers or modifications should be made in such form as we shall prescribe.
The applicant will need to in its application form address the following:(a) set out the reasons for requesting the granting of a waiver or a modification;(b) explain the impact of the application of the provisions as it stands on the applicant;(c) attach any precedent relief supporting the application which may have been issued;(d) identify any risks associated with the relief being sought and how the applicant plans to mitigate such risks; and(e) in the case of an application to modify a Rule, propose wording for the modified Rule.
It is for the applicant to demonstrate a compelling case for granting relief, we do not make decisions lightly. The granting of a waiver or modification, including the specific wording of any modification and any conditions attached to the relief granted, is at our discretion and it will generally only grant relief where there is shown to be an appropriate and necessary reason for doing so.
On occasion, we may believe that the relief being sought by an applicant may be relevant to, and should be applied to, a number of persons (or a class of persons) similarly affected by the Rule in question. In these circumstances, instead of requiring the affected persons to individually apply for the same relief, we will publish a notice on our website and invite the relevant Persons to "consent" to the "class Waiver" or "class Modification". This is simply done by notifying us that they wish the class Waiver or class Modification apply in relation to their activities.
8.4 8.4 Considering an application
We will acknowledge receipt of an application for relief and may request further information, potentially including meeting with the applicant to discuss the need for the relief sought. The time taken by us to determine the application will depend upon the complexity of the issues it raises.
When considering each application, we assess the net regulatory benefit or detriment which would result from granting the relief sought on the conditions proposed and any risks posed by such relief. We will generally grant relief where:(a) it has formed the opinion that there is a net regulatory benefit; or(b) the regulatory detriment is minimal as the relief sought does not conflict with the policy intent of the Rule and the applicant has demonstrated that the associated risks would be adequately mitigated if relief was granted.
Relief will be given to overcome the disproportionate effects of Rules in exceptional cases, the anomalous effects of Rules in unique cases for which they were not created, and the unforeseen side effects of Rules.
For example, changes in international standards may result in unforeseen differences between the Rules and the new standards. While the Rules would ordinarily adapt over time to reflect such changes, an Authorised Person or Recognised Body may seek a waiver or modification of a specific Rule to accommodate the evolution of the international standard. This may also represent a scenario where we may publish a notice to be made available to other affected persons within the ADGM upon their consent. Similarly, where material changes to a Rule may make it impractical for Authorised Persons or a Recognised Body to comply immediately, a request for a temporary waiver or modification may be granted.
We may impose such conditions on relief as it may see fit, and a notice may specify that the relevant waiver or modification may be available for only a specified period of time, after which time it will cease to apply.
If we decide not to grant relief, it will give reasons for the decision. An applicant may withdraw its application for relief at any time up until notification of our decision has been given to the applicant. In doing so, the applicant should give reasons for the withdrawal of the application.
8.5 8.5 Publication of waivers and modifications
We will publish all Directions concerning waivers and modifications unless we are satisfied that it is inappropriate or unnecessary to do so.
We will publish all Directions concerning waivers and modifications in such a way that we consider appropriate for bringing the notice to the attention of:(a) those likely to be affected by it, such as clients of the applicant; and(b) others who may be likely to be affected by the same Rule and may seek a similar waiver or modification.
The principal method of publication of waivers and modifications Directions is by publication on our webpage. The fundamental principle behind publication is transparency. This allows any person dealing with the applicant, for example, its clients and competitors, to know to what extent the relevant provisions apply to the applicant.
If an applicant believes that it is inappropriate or unnecessary for us to publish the relief, or to publish it after a delay, or without disclosing the identity of the applicant, it should make this clear in its application. Decisions not to grant relief will not be published by us.
8.6 8.6 Withdrawal or variation of waivers and modifications
Under section 9(5) of the FSMR, we may:(a) revoke a Direction; or(b) on the application of, or with the consent of, the Person to whom it applies, vary a Direction.
8.7 8.7 Enforcement of waivers and modifications
If a Direction under section 9 of the FSMR states that a Rule is to apply to the applicant with modifications, then a contravention of the modified provision could lead to us taking enforcement action.
If relief is given subject to a condition, the relief will not apply to activities conducted in breach of the condition. Further, those activities, if in breach of the original provision, could lead to enforcement action.
8.8 8.8 Expiry and extension of current waivers and modifications
Where relief has been granted for a limited period of time (see paragraph 9.4.4) it is the responsibility of the Person to whom the notice applies to monitor any expiry date.
There is no automatic renewal process for any relief granted by us for a limited period of time.
It is the responsibility of the person to whom a time-limited Direction applies to notify us within a reasonable period in advance of the expiry of the Direction of their intention to apply for an extension of the relief or explain how they intend to comply with the original Rule.
Notification should be made through the same contact point as described above, namely either the assigned supervisory contact, the dedicated contact portal or the Supervisory Division.
We will consider every application for extension of the term of the Direction in the same manner as an initial application and will not necessarily grant extensions as a matter of course.
FSRA Confidentiality Policy [18 April 2019]
1. 1. Dealing With Confidential Information
1.1 1.1 Introduction
This Confidentiality Policy provides guidance concerning the obligations and requirements on the Financial Services Regulatory Authority (the "Regulator") when using and disclosing non-public information provided by third parties in the course of regulating financial services in the Abu Dhabi Global Market ("ADGM"). Unless expressly provided in this Confidentiality Policy, definitions for capitalized terms may be found in the Financial Services Markets Regulations (2015) (the "FSMR").
1.2 1.2 Regulatory Approach
When dealing with Confidential Information, the Regulator employs best practice, consistent with international standards set by organisations such as the Basel Committee on Banking Supervision ("BCBS"), the International Organisation of Securities Commissions ("IOSCO"), the Financial Action Task Force ("FATF") and the Islamic Financial Services Board ("IFSB").
With the application of international best practice standards, the Regulator is obligated to:(a) ensure compliance with and enforce applicable financial services legislation, consistent with the Basel Core Principles for Effective Banking Supervision, the IOSCO Objectives and Principles of Securities Regulation and the FATF Recommendations on combating money laundering, the financing of terrorism and proliferation of weapons of mass destruction;(b) assist financial services regulators in other jurisdictions to the best possible extent regarding co-operation and the exchange of Confidential Information consistent with the obligations contained and in the manner prescribed in the IOSCO Multilateral Memorandum of Understanding;(c) use all reasonable efforts to ensure that neither ADGM regulations nor foreign laws relating to confidentiality and secrecy prevent the Regulator from gathering, protecting or disclosing Confidential Information where required for lawful regulatory purposes;(d) limit the disclosure of Confidential Information to other financial services regulators and enforcement agencies to the extent required for ensuring compliance with, and enforcement of, applicable financial services and criminal legislation;(e) to adopt and implement internal control systems and procedures for the handling, storing, processing and securing of Confidential Information that meet international best practices; and(f) to comply with all applicable laws and ADGM regulations which govern the Regulator's collection and dissemination of Confidential Information.
1.3 1.3 Applicable legislation
The main legislative provisions governing the use of Confidential Information by the Regulator are set out in Abu Dhabi Law No. (4) of 2013, Part 16 of the FSMR, the Data Protection Regulations (2015) and the UAE Penal Code (Federal Law No. (3) of 1987).
2. 2. Regulatory Powers To Obtain Confidential Information
2.1 2.1 Background
The Regulator may be provided with information which is confidential in two ways:(a) voluntarily (that is, information obtained on a voluntary basis); and(b) under compulsion, including through:i. the exercise of the Regulator's supervisory and investigative powers (see section 2.2 below); andii. the exercise of the Regulator's information gathering powers at the request, and on behalf, of Non-ADGM Regulators (see section 2.3 below).
2.2 2.2 Regulator's Supervisory and Investigative Powers
The Regulator has comprehensive powers under the FSMR to carry out its duties and responsibilities. These include the power to require reports, conduct on-site inspections of business premises of authorised entities within the ADGM, interview individuals, as well as compel the production of documents, testimony and other information — see, for example, sections 201 and 206 of the FSMR.
The Regulator has in place internal procedures to monitor and manage access to and the use of Confidential Information and documents obtained during the course of its regulatory activities. These procedures include the use of manual and electronic document storage and retrieval systems.
For example, the Regulator limits access to confidential documents obtained to those members of the Regulator's staff engaged with the relevant matter to which the documents are related by use of secure filing of physical documents and restricted computer drives containing confidential documents in electronic form.
The Regulator may obtain information relating to regulated entities from third parties including intermediaries and companies that perform outsourced functions for regulated entities.
As the Regulator's mandate is to regulate all financial services provided in and from the ADGM, the Regulator has broad access to compel the disclosure of Confidential Information from individuals and firms participating in or connected to the provision of financial services in or from the ADGM. This includes, without limitation, all market participants, listed companies, reporting entities and their respective officers and directors.
For example, an ADGM-based fund manager which manages a fund organized in and sold to investors in a foreign jurisdiction will be subject to the jurisdiction of the Regulator and all books and records relating to the fund and its unitholders will be subject to examination by the Regulator upon request.
2.3 2.3 Powers to cooperate with, assist and support Non-ADGM Regulators
The Regulator may also exercise its information gathering powers at the request, and on behalf, of regulators and authorities in other jurisdictions, solely to assist them in performing their regulatory or enforcement functions.
Amended on (18 April, 2019).
The following sections of the FSMR give the Regulator specific authority to exercise some of its specific powers on behalf of other authorities:(a) section 215 enables the Regulator to co-operate with other persons (in ADGM or elsewhere) who have functions (i) similar to those of the Regulator or (ii) in relation to the prevention or detection of Financial Crime. Co-operation may include the sharing of information which the Regulator is not prevented from lawfully disclosing;(b) section 216 gives the Regulator specific authority to exercise its Own-Initiative Powers at the request, or on behalf, of Non-ADGM Regulators; and(c) section 217 gives the Regulator specific authority to exercise its Investigative Powers at the request of Non-ADGM Regulators. In deciding whether or not to exercise its Investigative Powers, section 217(2) sets out a non-exhaustive list of factors that the Regulator may take into account.
If the Regulator decides to exercise its powers at the request, or on behalf, of a Non-ADGM Regulator, Confidential Information gathered as result of the Regulator exercising its powers under sections 215, 216 or 217 can only be disclosed to that Non-ADGM Regulator in accordance with the provisions of sections 198 or section 199 of the FSMR.
Amended on (18 April, 2019).
3. 3. Regulator's Obligation Of Confidentiality
3.1 3.1 Background
The Regulator's powers to obtain, use and disclose Confidential Information in order to discharge its functions and powers are subject to statutory limitations. These protections exist to protect individual privacy and to assure regulated firms and individuals that any Confidential Information they provide to the Regulator will be dealt with in confidence and used only for lawful purposes.
Amended on (18 April, 2019).
3.2 3.2 Overriding Duty of Confidentiality
The Regulator must keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, subject to the exceptions set out in section 3.3 below.
Abu Dhabi Law No. (4) of 2013
This duty of confidentiality is set out in Article 12 of Abu Dhabi Law No. (4) of 2013 and requires the Regulator to keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, unless disclosure is permitted in accordance with ADGM regulations.
The relevant ADGM regulations impacting on the Regulator's duty of confidentiality are the FSMR and the Data Protection Regulations 2015.
Similarly to the duty of confidentiality in Abu Dhabi Law No. (4) of 2013, section 198 of the FSMR also prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of it, subject to exceptions set out in section 3.3 below.
Amended on (18 April, 2019).
Data Protection Regulations 2015
Certain duties and obligations contained within the Data Protection Regulations 2015 apply to the Regulator when dealing with personal data, concerning accuracy and the duty to ensure security of processing when personal data is being collected and maintained.
The Regulator is excused from certain obligations set out in the Data Protection Regulations in circumstances where compliance with such duties would be likely to prejudice the proper discharge of the Regulator's powers or functions to protect the public from financial loss due to improper conduct, unfitness or incompetence of persons engaging in offering financial services.
The UAE Penal Code (Federal Law No. (3) of 1987)
As the UAE criminal laws apply in the ADGM, Article 379 of the UAE Penal Code provides for criminal penalties for disclosure of Confidential Information in cases other than those lawfully permitted. Public officials, or those persons in charge of a public service, are subject to more severe penalties than the general persons for unlawful disclosure of Confidential Information — namely, imprisonment of up to five (5) years.
Regulator's internal practices and procedures
The above-mentioned statutory obligations requiring all Regulator's employees, agents and independent contractors to keep all Confidential Information confidential is further reinforced by requiring all Regulator's employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause.
3.3 3.3 Exceptions to the Duty of Confidentiality
With prior consent under section 198(1) of FSMR
Amended on (18 April, 2019).
Section 198(1) prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of Confidential Information unless they have the prior consent of—(a) the person from whom the Confidential Information was obtained; and,(b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)).
Amended on (18 April, 2019).
The exceptions under section 199(1) of FSMR
Section 199 of the FSMR provides certain exceptions from the overriding restriction on disclosure of Confidential Information in section 198. Specifically, subsection 199(1) enables the Regulator to disclose Confidential Information for the purpose of facilitating the carrying out of a Public Function, subject to section 199(2), if the disclosure is —(a) permitted or required under any enactment applicable to the Regulator, including, for the avoidance of doubt, any applicable international obligations; or(b) made to —(i) the ADGM Registrar of Companies;(ii) a Non-Abu Dhabi Global Market Regulator;(iii) a governmental or regulatory authority exercising powers and performing functions relating to anti-money laundering, counter-terrorist financing or sanctions compliance, whether in the ADGM or otherwise;(iv) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services, whether in the ADGM or otherwise;(v) a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings;(v) a civil law enforcement agency or body, whether in the Abu Dhabi Global Market, U.A.E or otherwise;for the purpose of assisting the performance by any such person of its functions and powers; or(c) made in good faith for the purposes of the exercise of the functions and powers of the Regulator or in order to further the Regulator's objectives.
Amended on (18 April, 2019).
The provisions in section 199(2) relate specifically to Confidential Information originating in another governmental or regulatory authority, or Confidential Information that is CRD Information, and provide for and are consistent with the exchange of information and professional secrecy requirements in the European Union's Capital Requirements Directive. For the purposes of section 199(2):(a) 'CRD Information' is defined as Confidential Information received or obtained by the Regulator from the EEA Competent Authority by virtue of the Capital Requirements Directive; and(b) 'EEA Competent Authority' means a public authority or body officially recognised by national law of a jurisdiction within the EEA and empowered by that national law to supervise institutions as part of the supervisory system.
Added on (18 April, 2019).
Section 199(2) provides that paragraphs 198(1)b)(i), (ii), (iii), (iv), (vi) and 1(c) do not permit the Regulator to disclose this Confidential Information unless—(a) the governmental or regulatory authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and(b) where the Confidential Information is CRD Information:(i) the EEA Competent Authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and(ii) if such consent was given for a particular purpose, the disclosure by the Regulator is solely for that purpose.
Added on (18 April, 2019).
Disclosure to a criminal law enforcement agency
Importantly, disclosure of Confidential Information by the Regulator to a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings under paragraph 199(1)(b)(v) is not subject to the requirements under section 199(2).
Added on (18 April, 2019).
3.4 3.4 Admissibility of compelled testimony in criminal proceedings
In addition to the overriding duty of confidentiality set out in section 198, section 207(2) of the FSMR prohibits the Regulator from disclosing a statement made by a person to an investigator at an interview conducted pursuant to section 206(1)(a) to any law enforcement agency for the purpose of criminal proceedings against that person unless:(a) the person consents to the disclosure; or(b) the Regulator is required by law or court order to disclose the statement.
3.5 3.5 The effect of foreign secrecy laws
Foreign banking secrecy laws lack extraterritorial effect and thus do not apply in the ADGM; entities regulated by the Regulator and their clients are not prevented from complying with obligations to disclose information related to financial services activities conducted in or from the ADGM.
Similarly, a request from the Regulator for disclosure of confidential client account information (if the client's business is booked, held, serviced and managed exclusively in a foreign jurisdiction) shall be governed by and be subject to the secrecy laws, if any, of that jurisdiction.
3.6 3.6 Criminal prosecutions in the UAE Courts [Deleted]
3.7 3.7 The effect of foreign secrecy laws [Deleted]
4. 4. Disclosure Of Confidential Information
4.1 4.1 Making a request for disclosure of Confidential Information
Every request to disclose Confidential Information, will be assessed by the Regulator on a case-by-case basis, whether this information was obtained voluntarily, in the course of the Regulator exercising its own functions and powers or exercising its powers on behalf of other authorities.
Amended on (18 April, 2019).
In deciding whether to comply with a request to disclose Confidential Information, the Regulator would satisfy itself that there are legitimate reasons for the request and that the authority requesting the information has the appropriate policies and procedures in place for dealing with Confidential Information.
Amended on (18 April, 2019).
Section 199(3) of the FSMR enables the Regulator to, among other things:(a) impose conditions on the information disclosed, which may relate to, among other things, the obtaining of consents or, where appropriate, subjecting information received to restrictions on disclosure that are at least equivalent to those set out in section 198, per paragraph 199(3)(a); and(b) restrict the uses to which the Confidential Information disclosed may be put.
Added on (18 April, 2019).
Where the disclosure by the Regulator is made subject to conditions, the person to whom the Confidential Information has been disclosed may not use the Confidential Information in breach of any such condition, as set out in section 199(4) of the FSMR.
Added on (18 April, 2019).
4.2 4.2 Disclosure to governmental and regulatory authorities in section 199 of the FSMR
Amended on (18 April, 2019).
Section 199(1)(b) gives the Regulator specific authority to disclose Confidential Information to the authorities listed therein so that they may properly carry out their function, subject to section 199(2).
Amended on (18 April, 2019).
Where the Confidential Information (in whole or in part) originates in another governmental or regulatory authority, the Regulator may only disclose that Confidential Information in accordance with section 199(2), as set out in paragraphs 3.3.3 – 3.3.4 above, subject to paragraph 3.3.5.
Amended on (18 April, 2019).
As set out in paragraphs 4.1.3 and 4.1.4 above, in disclosing any Confidential Information under section 199(1), the Regulator may require the requesting authority to comply with certain conditions or agree to restrict the uses to which the Confidential Information may be put, insofar as the Regulator considers appropriate.
Amended on (18 April, 2019).
In addition, should a memorandum of understanding be in place between the Regulator and a Non-ADGM Regulator concerning the sharing of Confidential Information, subject to the limitations contained in the FSMR, the Regulator will conduct itself in accordance with section 199(2) and the terms of such memorandum of understanding. For example, the Regulator may include a provision that each party's consent is required to be obtained prior to disclosing any Confidential Information to a third party (unless the information is required for the purpose of a criminal investigation or criminal proceedings, as discussed in paragraph 3.3.5).
For example, on receipt of a legitimate request for Confidential Information in possession of the Regulator from a Non-ADGM Regulator ("the requestor"), made for the purpose of facilitating the carrying out of a Public Function, the Regulator:a) may disclose the Confidential Information to the requestor subject to conditions, including that:—i. the requestor may only use the Confidential Information for their own lawful purpose as identified in the request;ii. the requestor may not voluntarily disclose the Confidential Information to a third party (including other regulatory entities in their home jurisdiction) without the further consent of the Regulator; andiii. if the requestor is compelled to disclose the Confidential Information by court order or subpoena, it must give notice to the Regulator prior to disclosure unless such notice would violate applicable laws.b) will generally not notify affected parties of the request for Confidential Information. Notice to the affected party/parties will only be considered where such notification would not be contrary to the public interest and would not frustrate or prejudice the purpose of the disclosure to the requestor.
Amended on (18 April, 2019).
When the Regulator receives a request from an authority to disclose Confidential Information (other than compelled testimony – see paragraph 4.5), the Regulator will generally comply with such request if made in good faith for the specific purpose of fulfilling the performance of the requesting party's functions and powers, as contemplated by section 199(1).
Added on (18 April, 2019).
4.3 4.3 Disclosure for use in civil litigation
In other circumstances, such as where Confidential Information is sought by a party other than a governmental or regulatory authority, such as, for example, as evidence for use in civil litigation, the Regulator will require prior consent of—(a) the person from whom the Confidential Information was obtained; and,(b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)),consistent with its general duty of confidentiality, as contemplated by section 198(1) of the FSMR.
Amended on (18 April, 2019).
The Regulator will, to the extent permitted by applicable law, provide the person whose interests are likely to be adversely affected by the proposed disclosure with the information necessary to enable the person to make submissions to the Regulator. These may include the following:(a) whether the factual and legal conditions justifying the disclosure are met;(b) the scope of the disclosure of Confidential Information; and(c) whether any conditions should apply to the disclosure.
If a person would be adversely affected by the proposed disclosure of Confidential Information and the purpose for the request is to use the information in civil proceedings in the ADGM Court, the person requesting the Confidential Information would be required to obtain an order of the ADGM Court compelling the Regulator to disclose the Confidential Information.
Upon receipt of such an order, the Regulator would generally notify the person adversely affected by the proposed disclosure of Confidential Information of this so that the person has an opportunity to challenge the request according to the rules of the Court.
4.4 4.4 Disclosure to a court
Civil proceedings in the ADGM Court
The ADGM Court's enabling legislation, Abu Dhabi Law No. (4) of 2013, gives it exclusive judicial jurisdiction in the ADGM and over ADGM bodies, including the Regulator. Therefore, the Regulator may be obliged to disclose Confidential Information if it is compelled to do so under an order from the ADGM Court.
If the Regulator is required to disclose Confidential Information received from a government or Regulatory Authority (for example, information received under a Memorandum of Understanding), the Regulator will ordinarily:(a) notify the Regulatory Authority that provided the Confidential Information of the receipt of the legally enforceable demand, in accordance with section 199(2); and(b) where appropriate, assert any legal rights or privileges to protect the Confidential Information (for example, Public Interest Immunity — see paragraph 4.6 below).
Criminal prosecutions in the UAE Courts
All activities in the ADGM remain subject to UAE criminal laws by virtue of the Federal Law No. 8 of 2004 concerning Financial Free Zones. Accordingly, the Regulator is obliged, under Article 78, Part 2 of the UAE Penal Procedures Law (Federal Law No. 35) of 1992, to comply with any legally enforceable demand or order from a competent authority responsible for administering the criminal laws of the UAE. This includes orders or demands to disclose Confidential Information.
As in the case of legally enforceable demands in civil or commercial matters discussed at paragraph 4.4.2 above, the Regulator will, where appropriate, assert any legal rights or privileges to protect the Confidential Information and resist disclosure (for example, Public Interest Immunity – see paragraph 4.6 below).
4.5 4.5 Compelled testimony in criminal proceedings
If the Regulator receives a request from a law enforcement agency for a person's answers in an interview conducted under section 206(1)(a) of the FSMR for the purpose of criminal proceedings against the person, the Regulator will, in accordance with section 207(2) of the FSMR, generally notify the person concerned of such request (so that the person has an opportunity to either consent to the disclosure or challenge the request), unless the Regulator is required by law or court order to disclose the statement.
4.6 4.6 Public Interest Immunity
Public Interest Immunity ("PII") is an immunity from the production of documents or information where their disclosure would be against the public interest. PII is a common law doctrine, developed to allow the courts to reconcile any potential conflict between the following two public interests—(a) the interest in the administration of justice which demands that relevant material is available to the parties to litigation; and(b) the interest in maintaining the confidentiality of certain documents whose disclosure would be damaging to the public interest.
When a PII claim is asserted, a court would be required to balance between whether the public interest in disclosing certain information is outweighed by the public interest in preserving the confidentiality of that information.
A claim of PII, for example, may be appropriate in the circumstances where disclosure would prejudice or otherwise unduly interfere with the Regulator's ability to perform its functions and exercise its powers (including if the disclosure would adversely affect its ability to cooperate with and receive Confidential Information from other Regulatory Authorities).
Guidance on Joint Guidance on the treatment of IFRS 9 Expected Credit Loss provisions in the UAE in the context of the COVID-19 crisis [5 April 2020]
Click here to view PDF.
Executive SummaryThis Joint Guidance proposes practical solutions to manage the impact of economic uncertainty on Expected Credit Loss, while remaining compliant with globally accepted financial reporting standards, IFRS. It is suggested to employ the flexibility embedded in the IFRS 9 framework to cope with the Covid-19 crisis.Banks and finance companies are required to group clients that are part of the Targeted Economic Support Scheme (TESS). Such grouping will be performed according to the impact of the crisis on those clients as follows:• Those that are temporarily and mildly impacted (“Group 1”); and• Those that are significantly impacted (“Group 2”).Group 1 clients are not expected to face substantial changes in their creditworthiness, beyond liquidity issues, over the duration of the TESS or the period during which they are subject to stresses arising from Covid-19, whichever is the shorter. Consequently, their assigned “stage” under IFRS 9 should remain the same, at least for the duration of the scheme or their distress, whichever is the shorter.Group 2 clients are expected to face substantial changes in their creditworthiness, in addition to liquidity issues addressed by the TESS.• Where there is sufficient deterioration in credit risk to trigger a migration to stage 2, this migration should take place.• Due to the possibility of a future economic upturn, these clients will not normally be migrated to stage 3, based on their financial performance for the duration of the program. In exceptional circumstances, stage 3 migration can be triggered during the TESS program if clients’ business models are no longer sustainable.• Banks and finance companies should continue to treat clients, that are not part of the TESS, as per their existing IFRS 9 policies for the purpose of determining their stage.Banks and finance companies are not encouraged to recalibrate IFRS 9 models during the crisis, due to the high degree of uncertainty surrounding its economic consequences. Rather, input adjustments and judgmental overlays should be considered. Exposure at default should incorporate realized exceptional drawdowns occurring because of the crisis. Generally, banks and finance companies should also consider overlays to accounts for weaknesses in the predictive power of models during the crisis.Banks and finance companies are not required to incorporate the updated macroeconomic forecasts into ECL until September 1, 2020. However, dedicated governance should be put in place to review thoroughly these forecasts before they are used to compute IFRS 9 Expected Credit Loss.Finally, comprehensive specific disclosures are required to ensure transparency in the grouping process, the design of the economic forecasts, any adjustment to model input and/or any judgmental overlay.
1. BackgroundAs the Covid-19 virus spreads across the globe, economic consequences will follow, both in the short- and long-term. The Central Bank of the UAE (the “CBUAE”) has already taken relief measures under the Targeted Economic Support Scheme (“TESS”), effective from 15th March 2020. The economic disruption and the relief measures will have an effect on the financial accounts of banks and finance companies operating in the UAE, including the Dubai International Financial Centre (“DIFC”) and Abu Dhabi Global Market (“ADGM”), and this effect needs to be appropriately reflected by the existing financial reporting framework. Given that the principles-based nature of International Financial Reporting Standards (“IFRS”) are open to significant interpretations, the CBUAE, together with the Dubai Financial Services Authority (the “DFSA”) and the Financial Services Regulatory Authority (the “FSRA”), as the banking regulators in the UAE’s financial free zones (collectively the “Regulators”), believe that additional guidance is needed.This Joint Guidance is issued pursuant to the powers vested, respectively, in (i) the CBUAE under the Central Bank Law, No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities (the “Central Bank Law”), (ii) the DFSA under Article 36 of the Regulatory Law, DIFC Law No.1 of 2004 and (iii) the FSRA under section 15 of the Financial Services and Markets Regulations 2015.Paragraph 5.5.17 of the IFRS 9 standard states that expected credit loss (“ECL”) used as to determine accounting provisions must be “an unbiased and probability-weighted amount that is determined by evaluating a range of possible outcomes”. It must be based upon “reasonable and supportable information that is available without undue cost or effort at that date about past events, current conditions and forecasts of future economic conditions”. In other words, the ECL must be point-in-time and forward looking in a way that is not overly optimistic nor overly pessimistic. However, the exceptional circumstances surrounding the Covid-19 crisis make this exercise challenging because of the uncertainty regarding its economic consequences.This Joint Guidance is necessary to ensure (i) harmonization across the UAE banking sector and (ii) that provisions are appropriately calculated. This Joint Guidance proposes practical solutions to manage the impact of economic uncertainty on ECL, while remaining compliant with globally accepted financial reporting standards, IFRS. This implies meeting the accounting requirements of an accurate and point-in-time estimation of risk, while recognizing that this decision process needs to be adjusted in the current environment. The Regulators hold the view that the flexibility embedded in IFRS 9 framework should be employed to cope with the current crisis. This Joint Guidance presents a mixture of adjustments offered by the IFRS 9 principles, such as individual assessment, portfolio assessment, macroeconomic adjustment and management overlay.At this point-in-time, banks and finance companies are not required to update model parameters to account for this crisis. Rather, banks and finance companies are required to adjust inputs, consider model outputs critically and make use of temporary, judgmental overlay if necessary.For foreign banks operating in Financial Free Zones as branches, they can choose to follow this Joint Guidance or guidance issued by their home country relevant authorities, if any.
2. 2. Staging And DefaultIFRS 9 requires banks and finance companies to assess, at each reporting date, whether the credit risk of a financial instrument has increased significantly since its initial recognition. For that purpose, it relies on the concept of Significant Increase in Credit Risk (“SICR”). Clients subject to SICR have their ECL computed over the lifetime of their facility (stage 2) instead of the one-year horizon applicable otherwise (stage 1). SICR is generally driven by several quantitative and qualitative factors, under the discretion of banks and finance companies, and reviewed by external auditors. Amongst others, common drivers of SICR are clients’ number of days-past-due (“DPD”), increase in probability of default (“PD”) and change of rating.
2.1. Repayment Events and Staging Implications
Over the next few months, banks and finance companies are likely to witness a range of facility repayment events, directly or indirectly, linked to the Covid-19 crisis. These events should not automatically trigger SICR. The nature of such events is set out below, as well as their staging implications.• Payment deferrals: A large number of clients are expected to be offered payment deferrals by which they will temporarily cease payments of principal and/or interest/profit. Their facilities may be re-scheduled or restructured, and in some cases, additional credit lines may be offered. The TESS scheme issued by the CBUAE intends to facilitate this process by offering zero-cost funding to banks and finance companies. Regulators recognise that some clients will also benefit from payment deferrals outside of the TESS scheme, as banks and finance companies may voluntarily offer payment deferrals to clients outside of this programme. Consequently, the pool of clients benefitting from payment deferrals will comprise both ‘TESS clients’ and ‘non-TESS clients’.• Staging for TESS clients: The TESS circular amended on 4 April 2020 states under point 9.1. d), that the IFRS 9 staging for TESS clients shall normally remain unchanged for the duration of the scheme. This is based on the presumption that most of these clients will not experience a significant increase in credit risk by virtue of their eligibility for the scheme. In reality, the range of situations will vary and a tailored approach is necessary to align with IFRS principles. Therefore, the aforementioned stage migration principle contained in the TESS needs to be interpreted to allow migrations when needed. Further guidance is given in section 2.2 below.• SICR Issues: In light of these repayment arrangements and of the government support scheme, the existing mechanisms in place within banks and finance companies to trigger SICR may not be appropriate to address the exceptional circumstances of this crisis. These mechanisms would most likely fail to recognize the scale of various support measures being put in place by government authorities and central banks, both globally and in the UAE. In addition, even certain clients not benefitting from repayment arrangements can be indirectly impacted by the Covid-19 crisis and therefore the SICR triggers currently in place, should be applied cautiously and subject to exercise of judgement.• Rebuttable Presumption: More specifically, IFRS 9 includes a rebuttable presumption that a facility with more than 30 DPD has undergone a SICR. However, this assumption is likely to be rebutted for clients benefitting from exceptional payment deferrals due to the crisis. For these clients, DPD should no longer be used as a relevant automatic indicator of SICR. Instead it should be frozen at the date of facility rescheduling. DPD can be used again as a relevant indicator when the client leaves the scheme, if the client encounters delays in payment thereafter. Additionally, all other factors usually driving SICR should be carefully evaluated, without automatic triggers, in particular those resulting in the revision of PD and internal/external credit ratings, for the duration of the crisis.
2.2 2.2. Interim Solution: Categorisation
In light of the points mentioned above, for the purpose of staging updates, banks and finance companies are encouraged to apply judgment and consider clients as explained below - for wholesale and retail clients respectively.
The Regulators expect that such analysis should start as soon as sufficient, reasonable and supportable information is available. This process is expected to be gradual and iterative as the degree of uncertainty surrounding the Covid-19 crisis reduces through time. Until decided otherwise by bank and finance company management, all clients benefitting from payment deferrals will remain in their current stage, unless movement to a lower stage is motivated by events such as bankruptcy, fraud or skip of owners and senior managers. For consistency and practical purposes, the period of applicability of this interim solution is expected to be in line with that of the TESS scheme because, at this point in time, the TESS duration is a relevant benchmark for the crisis duration.
2.2.1. Wholesale Clients (including SMEs)
For clients not benefitting from payment deferrals, the SICR mechanisms in place would continue to be applied but with judgmental overrides, when deemed appropriate. This means that stage migrations automatically triggered should be analysed and understood, with the option to be stopped if clients are expected to recover relatively quickly, once the Covid-19 crisis is over. This remains in line with the spirit of IFRS 9, which requires an assessment of the lifetime creditworthiness of a facility.
For clients benefitting from payment deferrals (all TESS clients and some non-TESS clients) instead of relying on the mechanistic SICR triggers in place, banks and finance companies should separate these clients into two groups based on dedicated analyses, using the following principles:• Group 1: clients that are temporality and mildly impacted by the Covid-19 crisis.o For these clients, the payment deferrals are believed to be effective and thus the economic value of the facilities is not expected to be materially affected. These clients are expected to face liquidity constraints without substantial changes in their creditworthiness.o For these clients, banks should hold the view that, despite being subject to payment deferrals, there is insufficient deterioration in credit quality to trigger a stage migration. These clients will remain in their current stage, at least for the duration of the crisis, or their distress, whichever is the shorter. For instance, this would apply to industries that are expected to rapidly return to normal business conditions, once confinement policy decisions are over.• Group 2: clients that are expected to be significantly impacted by Covid-19 in the long term.o These clients are expected to face substantial changes in their creditworthiness beyond liquidity issues. For these clients, there is sufficient deterioration in credit risk to trigger a migration to stage 2, and this migration should take place.o Due to the possibility of later economic rebound, these clients are not expected to migrate to IFRS 9 stage 3 based on their financial performance during the period of the crisis. In exceptional circumstances, such stage 3 migration can be triggered by liquidation/ bankruptcy caused by (i) non-financial events (such as fraud) or (ii) significant disruptions threatening the long-term sustainability of the clients’ business model.o Consequently, banks and finance companies must continue to monitor the creditworthiness of these clients, particularly indications of potential inability to pay any of their obligations as and when they become due.
The above grouping decisions should take into consideration the specific circumstances of clients in the context of the Covid-19 outbreak. Banks and finance companies should perform analyses by incorporating at least the following principles:a) Grouping decisions should rely on a mixture of quantitative analysis and a judgmental approach based on the views of clearly identified subject matter experts within banks.b) Grouping decisions should be in line with the spirit of IFRS 9 stages; relying on the assessment of credit risk over the lifetime of facilities. Hence the necessary distinction between clients that are impacted over the short term vs. long term.c) It is expected that clients will face a range of impact intensity and duration. Therefore, grouping will be achieved by establishing cut-offs based on expert judgment. Industries and sectors could be used as a commonly accepted starting point for segmentation.d) For clients to which banks and finance companies have a material exposure, analyses are expected to be performed on a case-by-case basis. For clients with less material exposures, analyses should be performed on a portfolio basis and be based on credit risk drivers, typically industry, tenor and rating. It may be useful to set appropriate materiality thresholds for the purpose of client segregation. For example, in this context, a client could be considered material if it belongs to the top 50 clients ranked by the size of exposure at default (“EAD”) or contributes to the cumulative top 30% of the total wholesale portfolio EAD. Banks and finance companies with less than 50 clients would therefore treat their entire portfolio on a case-by-case basis, for the purpose of this exercise.e) For the purpose of establishing priorities in this grouping exercise, banks and finance companies are expected to organize their portfolio by materiality and susceptibility to the crisis, and start with the most material/susceptible segments. It is expected that the assessment will be more reliable at an individual account/obligor level rather than at a portfolio level.f) Ultimately, banks and finance companies should assess if their clients have put in place appropriate measures to cope with the crisis, in particular, decisions related to the management of their cash position, inventories, fixed costs and financial costs.g) Considerations related to parent/government guarantee and collateral should also be included in the grouping decision, as such decision should consider potential credit enhancement.
Return to stage 1: For wholesale clients classified in Group 2 during the crisis, banks and finance companies may consider migrating them back to stage 1 once there is clear evidence that customers are no longer impacted by the Covid-19 crisis. The analysis of staging upgrade must be performed at least at the same granularity employed for staging downgrade. For those clients that migrated to stage 2, a return back to stage 1 needs to be supported by three consecutive monthly payments or one payment if the payment intervals are longer than two months (typically quarterly), provided that there is reasonable evidence supporting an improvement in creditworthiness. For TESS clients in particular, such payments qualify only when clients are no longer supported by the TESS scheme.
2.2.2. Retail Clients
For clients not benefitting from payment deferrals, the SICR mechanisms in place would continue to be applied. As judgmental overrides are practically challenging to implement for retail portfolios, other solutions should be envisaged to manage the unwarranted consequences of an automatic stage migration as follows:• Banks and finance companies are encouraged to take pre-emptive initiatives towards clients to help them anticipate financial difficulties and potentially avoid deterioration of credit risk and consequential trigger of stage migrations. For instance, this can be achieved by clear communication to clients about payment deferral schemes (as part of TESS or not) and a process for them to report difficulties.• Banks and finance companies are also encouraged to undertake regular analysis by segments in order to identify spikes in migrations, which can subsequently be used to inform necessary updates of accounting policy.
For clients benefitting from payment deferrals (all TESS clients and some non-TESS clients), instead of relying on the mechanistic SICR triggers in place, banks and finance companies should separate these clients into two groups based on dedicated analyses.• Group 1: clients that are temporarily and mildly impacted by Covid-19. These clients will remain in their current stage; and• Group 2: clients that are expected to be significantly impacted by Covid-19 in the long term. These clients will migrate to stage 2. Migration to stage 3 will normally not occur for the duration of the program, unless motivated by specific circumstances.
The grouping decisions should take into consideration the specific circumstances of clients in the context of the Covid-19 outbreak, including at least the following principles:a) Case-by-case analyses may be practically challenging for retail clients. Instead, portfolio and/or product analyses might be more appropriate.b) Grouping decisions should rely on a mixture of quantitative analysis and a judgment-based approach based on the views of clearly identified subject matter experts within banks and finance companies.c) When possible, banks and finance companies should assess whether clients’ employment and financial situations are likely to be impacted temporarily or over the longer term. More specifically, banks and finance companies should consider at least (i) the severity of the impact on the sources of income, typically, whether clients are subject to temporary salary reduction or employment loss, (ii) clients’ financial leverage and (iii) residency status.d) If possible, the industry/sector associated with retail clients’ employment should be taken into consideration in the grouping analysis. The treatment of industries for retail clients should be consistent with that of wholesale clients.e) For the purpose of segregation, it might be necessary to systematically collect additional information from clients entering the TESS scheme and other payment deferral initiatives that banks and finance companies wish to put in place outside TESS.
Return to stage 1: For retail clients classified in Group 2 during the crisis, banks and finance companies may consider migrating them back to stage 1 once there is clear evidence that customers are no longer impacted by the Covid-19 crisis. The analysis of staging upgrade must be performed at least at the same granularity employed for staging downgrade. For clients benefitting from deferrals during the crisis, that migrated to stage 2, a return back to stage 1 can occur after 6 months of performing payments. For TESS clients in particular, such payments qualify only when clients are no longer supported by the TESS scheme.
3. Exposure And RecoveryExposure at Default (“EAD”), which is one of the parameters for the computation of ECL, should be estimated by incorporating the context of the Covid-19 crisis as follows:• Firstly, exceptional drawdowns permitted under TESS should be reflected in the calculation of EAD.• Secondly, any other realized drawings under loan contracts such as revolving facilities and overdrafts are also expected to impact EAD.• Thirdly, the predictions made by statistical EAD models are likely to deviate from realized drawdowns during the crisis. Therefore, banks and finance companies should critically assess the expected exposures under off-balance sheet facilities, in particular across wholesale and retail clients. If necessary, temporary add-ons and overlay can be considered, rather than model recalibration. It is essential that overlays are the subject of high-quality governance, given the unprecedented nature of the current situation.The Covid-19 crisis is also expected to impact loss given defaults (“LGD”). Banks and finance companies should take the necessary steps to understand the implication of the crisis on the drivers of LGD, including but not limited to (i) the cash situation of clients, (ii) the value of collateral and (iii) the enforceability of guarantees. In light of the potential illiquidity of certain types of collateral during the crisis, banks and financial companies are encouraged to consider the appropriateness of their valuation methods. Finally, for government guarantees, banks and finance companies should analyze whether such support should be incorporated in the LGD of the facility or considered as a separate reimbursement.For the duration of the Covid-19 crisis, we do not expect any re-calibration of the LGD models, unless such re-calibration is necessary to rectify deficiencies identified prior to the Covid-19 crisis.
4. Macroeconomic OverlayAs per the IFRS 9 accounting rules, ECL should incorporate forward looking information in the form of a macroeconomic overlay. The purpose of this overlay is to adjust the estimation of PD, LGD and EAD, in order to incorporate not only backward looking statistical data, but also forward-looking assessment. This is especially important if future economic developments are expected to be significantly different from past experience. The macroeconomic scenario inputs are expected to impact all clients.Under the IFRS 9 framework, banks and finance companies are expected to update the macroeconomic forecasts, in order to reflect the likely change in the economic environments (in both the UAE and abroad). However, the Regulators recognize the high degree of uncertainty surrounding the economic consequences of the Covid-19 crisis and therefore the challenges of constructing meaningful and accurate economic forecasts at this point in time. In addition, the UAE economy is materially dependent on the performance of the global economy, therefore the evolution of Covid-19 related government policies implemented throughout the world will also impact the UAE economic forecasts.Consequently, and in order to avoid excessive disparity amongst banks and finance companies’ macroeconomic forecasts, banks and financial companies are not expected to incorporate the updated forecasts into ECL until September 1, 2020. Subsequent to this date, banks and finance companies should follow their existing process for the production of economic scenario forecasts. Furthermore, in light of the exceptional circumstances, banks and finance companies are required to establish dedicated crisis-focused governance, in order to (i) undertake benchmark analyses using relevant sources, (ii) seek the view of economists and subject matter experts, (iii) ensure that key macro factors driving ECL are still relevant for the present circumstances and (iv) adjust the economic forecasts iteratively, as new information becomes available.When banks and finance companies are in a position to use economic forecasts to generate PDs and LGDs, they need to be mindful of lags currently employed in their macro models. The modelled lags are likely to be longer than observed in reality during this specific crisis.Finally, banks and finance companies also have the option to employ add-ons at portfolio or product level in order to holistically reflect changes in the economic environment, provided that the decision-making process and results are fully documented and disclosed.
5. 5. DisclosuresThe Regulators require transparency across the UAE banking sector during this crisis. It is essential that banks and finance companies provide additional relevant and comprehensive disclosures related to ECL computation in their 2020 Q1 audited financials and subsequent audited reporting until the end of the Covid-19 crisis.Banks and finance companies shall report material changes that occurred in their books since December 2019, susceptible to impact of ECL. This disclosure should contain detailed information related to each of the items listed below, and any other items the bank deems relevant:• The proportion of TESS clients per portfolio or product, for wholesale and retail clients.• When identified, the proportion of Group 1 and Group 2 clients as defined in this Joint Guidance, per portfolio, with their associated exposure, ECL, stage and average PD and LGD. Information on TESS clients shall be disclosed, for instance, in terms of size of counterparts, industry, rating and product types.• A breakdown of exposures associated with staging migrations covering TESS and non-TESS clients.• The changes in EAD since December 2019 and the expected future changes.In addition, banks and finance companies should disclose their approach employed during this exceptional period to assess ECL components and the required grouping of TESS customers. This disclosure should contain detailed discussion related to each of the below items, and any other items the bank deems relevant:• The dedicated crisis-focused governance put in place for the purpose of grouping decisions, macroeconomic scenario adjustment and any other management overlay.• Quantitative analyses performed with the information available.• Assumptions and judgements supporting the estimation of ECL components.• Any update made to the macro forecasts.• Any judgmental overlay implemented at portfolio of product level.
Quantitative information• The disclosures should contain information on the proportion of clients benefitting from deferrals per portfolio or product, for wholesale and retail clients.• When identified, the proportion of Group 1 and Group 2 clients as defined in this Joint Guidance, per portfolio, with their associated exposures and ECL.• The amount of macro overlay added to ECL per portfolio or product as explained in this Joint Guidance.• The total changes in EAD since December 2019.• Stage migrations estimated as EAD by portfolio since December 2019.• For wholesale clients, the change of ECL split by industry, since December 2019.• For retail clients, the change of ECL split by products, since December 2019.
In addition, banks and finance companies should disclose the approach employed during this exceptional period to assess ECL components and the required grouping driving stages. This disclosure should at a minimum contain detailed discussion related to each of the below items:• The dedicated crisis-focused governance put in place for the purpose of grouping decisions, macroeconomic scenario adjustment and any other management overlays.• Analyses performed with the information available at that point in time.• Assumptions and judgements supporting the estimation of ECL components.• The rationale behind updates made to the macro forecasts.• Any judgmental overlays implemented at portfolio or product level.
Guidance on Regulation of Digital Securities Activities in ADGM [24 February 2020]
Click here to view PDF.
Guidance on Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations [24 February 2020]
1. Introduction1.1 This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“FSRA”), the Guidance & Policies Manual of FSRA, the ‘Guidance – Regulation of Virtual Asset Activities in ADGM’1 and the ‘Guidance – Regulation of Digital Securities Activity in ADGM’ (“Digital Securities Guidance”). 21.2 This Guidance is applicable to those considering the use of initial coin or token offerings (“ICOs”, also known as a Coin or Token Sale) to raise funds. The Guidance is also applicable to those considering transacting in, and the general use of, virtual tokens and Virtual Assets (as defined below).1.3 The Guidance sets out FSRA’s approach to digital security issuers seeking to raise funds through ICOs, and market intermediaries or operators dealing in or offering services in digital securities and Virtual Assets.1.4 This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its regulatory mandate, and the FSRA may impose other, specific conditions to address any specific risks posed by the proposed activities set out herein.1.5 The FSRA is not bound by the requirements set out in this Guidance and may waive or modify this Guidance at its discretion where appropriate.1.6 Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (GLO).
2. Background2.1 Globally, the use of virtual tokens and Virtual Assets to raise funding and facilitate economic transactions has been on the rise in recent years. A number of financial services regulators have issued comments or consumer alerts setting out their regulatory position on virtual tokens and/or Virtual Assets. This is especially relevant since the use of virtual tokens and Virtual Assets can be subject to risks arising from fraud, money-laundering and terrorist financing, as well as the observed volatility of the “value” of Virtual Assets.2.2 The FSRA adopts a technology-neutral approach to regulation, where regulatory requirements are applied to the conduct of Regulated Activities or activities envisaged under a Recognition Order3, as opposed to the technological means to conduct a Regulated Activity. To the extent that virtual tokens are used as a mechanism to enable or facilitate a Regulated Activity to be carried out, they are generally permitted. For example, subject to fit and proper safeguards, an authorised money remittance house may receive fiat currencies from Clients and use virtual tokens to securely remit an equivalent value overseas directly to a regulated foreign counterparty via the internet in real-time; the foreign counterparty can then pay out in fiat currencies to the intended end-clients.2.3 Given the evolving developments in the space of virtual tokens and Virtual Assets, FSRA will continue to closely monitor industry developments. FSRA may issue further Guidance as necessary, to ensure the regulatory framework is updated and risk-appropriate in order to facilitate the sound development and deployment of promising financial technology innovations.
3 Pursuant to Section 124 of the FSMR, these include activities of Recognised Investment Exchanges and Recognised Clearing Houses.
3. 3. Initial Coin Offerings3.1 ICOs can take many forms, but all of them utilise Distributed Ledger Technology (“DLT”). Investors will typically give Virtual Assets to an ICO issuer in exchange for a proprietary digital medium of exchange on the DLT platform, being termed a “coin” or “token” (where the latter term will be used hereafter). In some cases the proprietary tokens will not represent an underlying financial asset; for example, a DLT token may represent a digital identity record, a voting right, or simply access to software running on a DLT platform.3.2 Alternatively, an emerging method of fund-raising uses DLT with the tokens representing a “traditional” regulated issuance, such as Shares, Debentures or Units in a Collective Investment Fund. In these instances, a DLT platform may also comprise a share or bond register. We are aware that there are many companies seeking to raise money through such traditional and regulated means using a DLT-enabled platform.
Innovation3.8 In our engagement with innovative firms in the financial services sector, we have been made aware of business models using a DLT platform to facilitate the issuance of Securities on a private placement basis. These business models may include a high level of disclosure and transparency with investors, and a robust reconciliation and reporting mechanism. These types of business models may benefit from the Exempt Offers regime set out above.3.9 We are also aware of firms seeking to build investment funds using DLT platforms for the purposes of investor reporting and funds management. In such cases, the Digital Securities issued as a result of the ICO may be Units in a Collective Investment Fund as defined in Section 106 of FSMR. This may fall within our FUNDS Rules, and again we encourage firms considering such DLT-enabled business models to engage with us as early as possible.
Regulatory treatment of tokens deemed to be Securities3.3 Whether an ICO is to be regulated under FSMR will be assessed by FSRA on a case-by-case basis. To this end, if the tokens in an ICO are assessed to exhibit the characteristics of a Security, FSRA may deem the tokens as a Security pursuant to Section 58(2)(b)4 of FSMR, hereinafter referred to as “Digital Securities”. Consequently, an issuer seeking to launch an ICO in or from ADGM should approach FSRA at the earliest opportunity.3.4 For regulatory purposes, issuances of Securities (as defined in Section 258 of FSMR), whether through a DLT platform or other means, will see no difference in their treatment under our regulatory framework. Those issuers/market actors who seek to raise funds in a regulated, robust and transparent manner using new business models or technologies such as DLT are encouraged to engage with us as early as possible in the fund-raising process.3.5 The requirements for Offers of Securities fall under Sections 58 to 71 of FSMR and Chapter 4 of the Markets Rules (“MKT”). When an Issuer wishes to make an Offer of Securities to the Public in or from ADGM, these requirements include, for example, the obligation to publish a Prospectus under Section 61 of FSMR.3.6 Offers of Securities may benefit from an exemption under the Exempt Offers regime set out in Rule 4.3 of MKT. In the circumstances specified in that Rule, it should be noted that a Person may make an Offer of Securities to the Public without a Prospectus where any one of the following conditions, amongst other conditions in that Rule, is met:(i) an Offer is directed at Professional Clients other than natural Persons;(ii) fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural persons; or(iii) where the consideration to be paid by a Person to acquire Securities is at least USD100,000.3.7 Additionally, any market intermediaries (e.g., broker-dealers, investment managers, custodians) and primary / secondary market operators dealing in Digital Securities and/or their Derivatives with or on behalf of Clients, will need to be approved by FSRA as Financial Services Permission (“FSP”) holders, Recognised Investment Exchanges or Recognised Clearing Houses (collectively referred to as “Regulated Firms”).
4 Section 58(2) of FSMR sets out that FSRA may, by written notice ‘deem any investment which is not a Security to be a Security for the purposes of these Regulations and the Rules made under these Regulations’.
Tokens not deemed to be Digital Securities3.10 It should also be noted that not all ICOs constitute an Offer of Securities under the FSMR or MKT. Where tokens do not have the features and characteristics of Securities such as Shares, Debentures or Units in a Fund, the offer of such tokens is unlikely to be an Offer of Securities, nor is the trading of such tokens likely to constitute a Regulated Activity under FSMR.3.11 In unregulated ICOs, investors do not benefit from any of the safeguards that accompany a regulated Offer of Securities. Reliable information regarding the issuer, and what it plans to do with the funds raised may be lacking. The risk of fraud and loss of capital is therefore significantly higher. This is particularly likely to be the case where a token issuer promises extremely high investment returns that are disproportionately high relative to those generally available in the market. We advise potential investors in unregulated ICOs to exercise extreme caution before committing any funds.3.12 However, there are instances of such unregulated ICOs being used to raise money for legitimate companies and development efforts. In such cases, while these do not fulfil the same requirements as a regulated Offer of Securities, issuers of the ICO may disclose detailed information on their products / tokens and business plan. We welcome engagement from the industry, in particular from trade bodies, in developing voluntary best-practice standards in relation to the use of such unregulated ICOs as a legitimate method for raising funds.
4. 4. Virtual Assets4.1 As set out in the FSMR, a Virtual Asset is defined as:“A digital representation of value that can be digitally traded and functions as (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status in any jurisdiction. A Virtual Asset is -(a) neither issued nor guaranteed by any jurisdiction, and fulfils the above functions only by agreement within the community of users of the Virtual Asset; and(b) distinguished from Fiat Currency5 and E-money6.”4.2 Although not legal tender, Virtual Assets (such as bitcoin) have “value” in that they can be exchanged for other things of value, with that value being dependent on considerations of supply and demand. In this respect, Virtual Assets have much in common with physical commodities such as precious metals, fuels and agricultural produce. Therefore from a regulatory policy perspective, Virtual Assets are treated as commodities, instead of Specified Investments as defined under the FSMR.4.3 Under FSRA’s regulatory framework for Virtual Assets, any market operator, custodian or intermediary dealing in Virtual Assets is required to be approved by FSRA as an FSP holder in relation to the applicable Regulated Activity. Details of FSRA’s approach to the regulation of spot Virtual Asset activities are set out in FSRA’s ‘Guidance – Regulation of Virtual Asset Activities in ADGM’.4.4 Where a Regulated Firm uses Virtual Assets in an ancillary manner (e.g. as a means to enable or facilitate the carrying on of any financial services businesses), it does not necessary mean that the Regulated Firm needs to seek approvals from the FSRA in order to use Virtual Assets as part of its Regulated Activities. As illustrated in paragraph 2.2, an authorised money remittance house does not need to apply for specific approvals from the FSRA to use Virtual Assets if it merely uses Virtual Assets as a medium of exchange to facilitate the remittance of fiat currencies on behalf of Clients across jurisdictions. The Regulated Firm will, however, have to demonstrate that the use of the Virtual Asset, used in such ancillary manner, is fit for purpose, e.g., putting in place control requirements to address technology and security risks associated with the use of the Virtual Asset. On the other hand, for example, if the Regulated Firm offers its Clients services to exchange Virtual Assets for fiat currencies, the Regulated Firm will need to apply to, and be authorised by, the FSRA to use Virtual Assets as part of its Regulated Activities.
5 “Fiat Currency” means government issued currency that is designated as legal tender in its country of issuance through government decree, regulation or law.
6 “E-money” means a digital representation of Fiat Currency used to electronically transfer value denominated in Fiat Currency.
Derivatives of Virtual Assets4.5 In line with the policy treatment of Virtual Assets as commodities, Derivatives of Virtual Assets are regulated as Commodity Derivatives and hence, a type of Specified Investment under the FSMR. Consequently, any market operators or market intermediaries dealing or managing investments in Derivatives of Virtual Assets will be subject to the appropriate regulations and rules applicable under FSMR.4.6 Notwithstanding that certain Virtual Asset activities are subject to regulations under the FSMR, the FSRA does not take a view on the merits of transacting or investing in Virtual Assets. Given the volatility of Virtual Assets, they constitute high-risk investments. FSRA therefore advises consumers and companies to consider the risks of investing in Virtual Assets or any related Derivatives carefully before committing any funds.4.7 For avoidance of doubt, where a Virtual Asset has the features and characteristics of a Digital Security, it will additionally be subject to the applicable regulatory requirements as explained in section 3 above.
5.1 A summary of the regulatory treatment of Digital Assets is shown in the table below.
Category of Digital Assets / Instruments Regulatory Approach “Digital Securities”
(e.g., digital/virtual tokens that have the features and characteristics of a Security under the FSMR (such as Shares, Debentures and Units in a Collective Investment Fund)).
Deemed to be Securities pursuant to Paragraph 58(2)(b) of FSMR.
All financial services activities in relation to Digital Securities, such as operating primary / secondary markets, dealing / trading / managing investments in or advising on Digital Securities, are subject to the relevant regulatory requirements under the FSMR.
Market intermediaries and market operators dealing or managing investments in Digital Securities need to be licensed / approved by FSRA as FSP holders (including as Multilateral Trading Facilities), Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
(e.g., non-fiat virtual currencies, virtual asset ‘exchange tokens’).
Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.
Market intermediaries (e.g., broker dealers, custodians, asset managers) dealing in or managing Virtual Assets, and Multilateral Trading Facilities using Virtual Assets, need to be licensed / approved by FSRA. Only activities in Accepted Virtual Assets will be permitted.
Capital formation activities are not provided for under the Virtual Asset Framework, and such activities are not envisaged under the Market Rules (MKT).
Derivatives and Collective Investment Funds of Virtual Assets, Digital Securities and Utility Tokens Regulated as Specified Investments under the FSMR.
Market intermediaries and market operators dealing in such Derivatives and Collective Investment Funds will need to be licensed / approved by FSRA as FSP holders, Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
(e.g., tokens which can be redeemed for access to a specific product or service, typically provided using a DLT platform, do not exhibit the features and characteristics of a regulated investment / instrument under the FSMR).
Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.
Unless such Utility Tokens are caught as Accepted Virtual Assets, spot trading and transactions in Utility Tokens do not constitute Regulated Activities, activities envisaged under a Recognition Order (e.g., those of a Recognised Investment Exchange or Recognised Clearing House), or activities envisaged under MKT.
(e.g. stablecoins whose value are fully backed by underlying fiat currencies)
Treated as a form of digital representation of Fiat Currency.
Where used as a payment instrument for the purposes of Money Transmission as defined under the FSMR, the activity will be licensed and regulated as Providing Money Services.
5.2 A schematic representation of the FSRA’s regulatory ambit under the FSMR is shown within the blue dotted box.
Guidance on Regulation of Virtual Asset Activities in ADGM [24 February 2020]
Click here to view PDF
Guidance — Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations [24 February 2020]
Click here to view PDF.
Funds and Investment Management
Guidance on Authorisation of Digital Investment Management ("Robo-advisory") Activities [16 July 2019]
1. 1. Introduction
This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the Rulebook of the Financial Services Regulatory Authority (“FSRA”) and the Guidance & Policies Manual (“GPM”) of the FSRA.
It is relevant to an applicant for a Financial Services Permission (“FSP”) to carry on one or more Regulated Activities, as defined in section 19 of FSMR, where the applicant undertakes “digital investment management”, as outlined in Paragraph 2.1 of this Guidance, and is termed a “Digital Investment Manager”. It explains the requirements that applicants must satisfy to be authorised and operate as Digital Investment Managers.
This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its statutory powers and discretions. In discharging its regulatory mandate, the FSRA may impose additional, specific conditions to address other risks posed by the proposed activities of a Digital Investment Manager, above and beyond those in the Rulebook.
The FSRA is not bound by this Guidance and may modify the Guidance at its discretion where appropriate.
Unless otherwise defined, or the context otherwise requires, capitalised terms in this Guidance have the same meanings as defined in FSMR and the Glossary (“GLO”).
2. 2. Objectives
For the purposes of this Guidance, digital investment management refers to the provision of investment management services using algorithm-based tools that require limited/optional human interaction between clients and the provider of digital investment management services. It does not include asset management or advisory activities that rely on algorithm-based tools solely for the purposes of back-office support services. The term, Digital Investment Manager, refers to the entity that provides digital investment management services.
The digitisation of the financial services industry has provided wealth managers with a cost-effective and scalable way of providing tailored investment management services to mass-affluent clients. These clients are generally comfortable with services delivered through digital channels, which also influences their preferences in engaging with service providers, including investment managers.
The wealth management industry has seen a steady rise in assets under the management of Digital Investment Managers that utilise algorithms to provide automated investment management services including suitability assessments, portfolio modelling and account re-balancing. The business models of Digital Investment Managers in the GCC region typically tend to fall within the following categories.a. Fully digital model: little or no human interaction with clients, with the exception of technical support services.b. Hybrid model: clients have the option to interact with a human financial adviser to discuss the automated digital investment advice generated by algorithm-based tools.
Additionally, a number of firms operating in the GCC region have developed digital investment management technology to white-label or sell to wealth management firms. Firms that operate solely as technology providers are not considered to be Digital Investment Managers and do not require an FSP.1
1 These firms may be eligible to apply for the Registration Authority’s Tech Start-Up Commercial Licence.
The scope of this Guidance covers Digital Investment Managers that may be fully digital or hybrid and that provide advice, discretionary investment management, arrange deals in investments, or any combination of these services.
While digital investment management models are scalable and offer greater access to investment management services, they also present different risks than those inherent in traditional investment management business models. The differences are most pronounced in the investment process, use of technology, compliance with suitability requirements and disclosure of key risks. In light of these considerations, this guidance clarifies how the FSRA applies regulatory safeguards to Digital Investment Managers in a manner that is commensurate with the risks they pose, both to clients and to the FSRA’s objectives.
3. 3. Permissions required for Digital Investment Management
This section of the Guidance outlines the permissions that may be required to conduct digital investment management in or from ADGM. It also describes the relief available to Digital Investment Managers whose business models meet conditions that serve to reduce the risks they pose.
Financial Services Permissions requirements
Digital Investment Managers operating in ADGM will require an FSP to undertake any Regulated Activity as part of their business model. The FSRA has observed that the core services provided by a Digital Investment Manager typically involve the provision of one or more of the following Regulated Activities.a. Advising on Investments or Credit: for example, recommending that a client invest in a portfolio of Financial Instruments, or recommending that a client buy or sell particular Financial Instruments in order to rebalance the client’s portfolio.b. Arranging Deals in Investments: for example, after recommending that a client invest in a portfolio of Financial Instruments and, with the consent of the client, passing instructions to a broker to buy those Financial Instruments on the client’s behalf.c. Managing Assets: for example, exercising discretion to rebalance a client’s portfolio by passing instructions to a broker to either buy or sell particular Financial Instruments on the client’s behalf.
In order to facilitate the investment process, a Digital Investment Manager may choose to hold Client Assets directly (i.e. in a Client Account in the Digital Investment Manager’s name that is held with a Third Party Agent as banker or custodian), or may instead arrange for its clients to establish a direct relationship with a regulated Custodian to hold Client Assets. In the latter case, the Digital Investment Manager may require an FSP to carry on the Regulated Activity of Arranging Custody, unless it meets the exclusion criteria2 set out in Paragraph 47 of Schedule 1 of FSMR.
2 The exclusion criteria sets out that a person (the “introducer”) does not Arrange Custody by introducing a person to another person ("the custodian") who is authorised by the FSRA or a Non-Abu Dhabi Global Market Regulator to carry on the activity of Providing Custody, if the introducer is not connected with the custodian. An introducer is considered to be connected to a custodian if (a) the custodian is a member of the same Group as the introducer or (b) the introducer is remunerated by the custodian or a member of the custodian's Group for making the introduction.
A Digital Investment Manager holding an FSP to carry on the Regulated Activity of Managing Assets will not require separate permissions for Advising on Investments or Credit and/or Arranging Deals in Investments if it only undertakes those Regulated Activities incidentally, as part of its investment management activities.3
3 If the Digital Investment Manager operates advisory accounts or arranges deals in investments that are separate from, or not incidental to, its discretionary investment management activities, it will have to apply for permission to carry on one or both of the Regulated Activities of Arranging Deals in Investments and/or Advising on Investments or Credit as applicable.
Prudential capital requirements
Each of the Regulated Activities mentioned in paragraphs 3.2 and 3.3 has associated regulatory obligations, including in respect of prudential capital requirements.Table 1: Prudential capital requirements4
Prudential Category Maximum of: Base Capital Expenditure Based Capital Minimum Requirement Managing Assets 3C $250,000 •Holding Client Assets: 18/52nds of Annual Audited Expenditure •Otherwise: 13/52nds of Annual Audited Expenditure Advising on Investments or Credit Arranging Deals in Investments Arranging Custody 4 $10,000 •6/52nds of Annual Audited Expenditure
4 Note that the applicable Capital Requirement is the higher of the Base Capital Requirement and Expenditure Based Capital Minimum. Where a Digital Investment Manager undertakes a combination of activities, the highest prudential category will apply.
Relief for Digital Investment Managers engaged in Managing Assets
Relief For Digital Investment Managers Utilising Regulatory Technology
Paragraphs 3.7 to 3.13 of this Guidance outline the prudential capital relief available to Digital Investment Managers that undertake the Regulated Activity of Managing Assets, subject to meeting all of the conditions detailed below.
Where any Digital Investment Manager makes use of technology that enables the FSRA to better supervise the Manager’s activities, manage business risks or achieve better regulatory outcomes, the FSRA may also consider modifying or waiving prudential and other regulatory requirements. Applications for modifications or waivers will be assessed on a case-by-case basis and granted at the FSRA’s discretion.
3.7The higher prudential capital requirement for Digital Investment Managers engaged in Managing Assets, compared with those that are only engaged in Advising on Investments or Credit and/or Arranging Deals in Investments, is primarily a function of:a. the risks inherent in an investment process whereby an investment manager has discretion to make investment decisions for the client without first obtaining the client’s approval; andb. the increased operational complexity involved in holding Client Assets as part of the discretionary asset management process.
The FSRA recognises that many Digital Investment Managers engaged in Managing Assets only exercise discretion in the investment management process when ‘rebalancing’ a client’s portfolio, in order to ensure that the asset allocation remains suitable in light of the client’s investment objectives and parameters.5 This approach is typical of Digital Investment Managers that apply passive investment strategies that track the performance of an index or benchmark by investing in products such as exchange traded funds (“ETFs”) and index trackers.
5 Typically, the initial decision to invest in a portfolio of Financial Instruments is taken with the client’s consent. Thereafter, the decision to rebalance a client’s portfolio by buying or selling Financial Instruments is taken by the Digital Investment Manager without first obtaining the client’s consent for the specific transaction to go ahead.
These products are generally well-diversified, causing them to be less volatile relative to Financial Instruments that are commonly traded in active investment strategies (such as shares in a particular company, for example). A consequence of lower volatility is that the Digital Investment Manager has less cause for trading, including to adjust for market movements that would cause the portfolio to become unbalanced relative to the allocation agreed with the client.6 Digital Investment Managers that operate in this way present less risk than traditional investment managers who may have greater discretion to buy and sell a broader set of Financial Instruments for their clients on a more frequent basis as part of an active investment strategy.
6 That is, the initial decision to invest in a portfolio of Financial Instruments is not discretionary but subject to the client’s agreement.
Similarly, some Digital Investment Managers engaged in Managing Assets do not hold Client Assets, arranging instead for Client Assets to be held by an independent third-party financial institution under an agreement between the financial institution and the client. Digital Investment Managers who adopt this approach are less complex from an operational perspective. They take less time to wind down in the event of insolvency because Client Assets are easily identifiable, being held by a business that remains a going concern, has a direct relationship with the investor-client, and are protected from the claims of the Digital Investment Manager’s creditors. As such, less capital needs to be set aside to ensure that an insolvency practitioner can effect an orderly wind down of the Digital Investment Manager’s business.
3.11In light of these considerations, the FSRA will lower the prudential capital requirements applicable to Digital Investment Managers that are engaged in Managing Assets with a business model that meets all of the following conditions.a. Financial Instruments: the product offering is limited to passive investment products such as ETFs and index trackers. The Digital Investment Manager must satisfy the FSRA that the passive investment products are sufficiently liquid, non-complex and diversified.b. Discretionary Management: the discretionary investment management activities are limited to portfolio rebalancing. Such rebalancing must not involve the purchase of new investment products that were not included in the portfolio agreed to by the client.c. Client Assets: the Digital Investment Manager does not hold Client Assets. Instead, clients have a direct contractual relationship with an independent third-party financial institution to hold Client Assets.
Details of the lowered prudential capital requirements for Digital Investment Managers who meet the criteria in Paragraph 3.11 are set out in the table below.
Prudential Category Base Capital Requirement Expenditure Based Capital Minimum Managing Assets
3C $10,000 •6/52 of Annual Audited Expenditure
The lowered prudential capital requirements will be made available via a class modification. Digital Investment Managers wishing to avail of the class modification are required to approach and satisfy the FSRA that each of the conditions in paragraph 3.11 are met.
4. 4. Key controls for Digital Investment Managers
This section of the Guidance describes how the FSRA applies particular requirements of the FSRA Rulebook to all Digital Investment Managers, regardless of whether they are eligible for the prudential capital relief outlined in section 3, above. It is not exhaustive, and should be read in conjunction with the Rulebook itself, as well as:a. chapter 2 of the GPM, which outlines the FSRA’s approach to authorisation for all FSP applicants; andb. Supplementary Guidance - Authorisation of Investment Management Activities.7
A critical component of the digital investment management business model is the use of algorithms to automate the investment process. Accordingly, the FSRA sees a need to ensure that Digital Investment Managers have adequate algorithm and technology governance policies and processes in place to address the specific risks arising from such a technology-driven business model. The limited human interaction between Digital Investment Managers and their clients necessitates consideration of how suitability assessments are performed and the disclosures that are made to clients.
Additionally, given their heavy dependence on collecting and processing client data and the risks of cyberattacks to their automated and largely digital mode of operations, Digital Investment Managers must also put in place robust data security policies and systems to ensure compliance with all relevant data protection regulations, including the ADGM’s Data Protection Regulations and, as appropriate, PRU 6.6 – 6.9.8
8 These sections of PRU pertain to information technology systems, information security, outsourcing, and business continuity.
Algorithms are at the core of the service offered by Digital Investment Managers. They are used to undertake critical components of the investment management process such as risk profiling, portfolio allocation and rebalancing. Accordingly, the FSRA expects that Digital Investment Managers will establish internal governance structures that enable its Board and Senior Management to have robust oversight and control over the design, performance, deployment and security of algorithms.9 The roles and responsibilities of all personnel who oversee the design, performance and integrity of algorithms must be clearly defined.10
9 Refer to GEN 2.2.3 and 18.104.22.168 Refer to GEN 3.3.2(1).
4.5In assessing the adequacy of the oversight and controls that the Digital Investment Manager establishes in relation to the development and deployment of its algorithms, the FSRA will take into account the following considerations.11a. Qualifications and competency of staff: the Digital Investment Manager must ensure that it has qualified and competent staff to ensure the proper functioning and supervision of the algorithm model (the “Model”) on an ongoing basis. The Digital Investment Manager must have adequate training and documented manuals in place to address any key-man and business continuity risks.12b. Developing and testing the Model: the Digital Investment Manager must maintain proper documentation explaining the decision tree or logic of the algorithm to ensure that the outcomes produced by the Model are explainable, traceable and repeatable. The Digital Investment Manager must also ensure the relevance of any data or assumptions upon which the Model is based, and that any client questionnaire it uses takes into account potential behavioural biases that may lower the accuracy of client responses. The Digital Investment Manager must carry out sufficient testing to demonstrate that its Model meets these principles. Where appropriate (e.g. in the case of a complex Model), the FSRA may require a third-party audit to validate the performance outcomes of the Model as purported.c. Managing and maintaining the Model: the Digital Investment Manager must establish safeguards, including with respect to access controls and security, to protect the integrity of the Model (including algorithm source code). The Digital Investment Manager should maintain the ability and relevant resources to modify the Model in the event that there is a need to stop the algorithm or make changes to it. The FSRA will also require the Digital Investment Manager to demonstrate that it has a clear process for detecting and reporting programming errors and unexpected outcomes. In the event of failure or outage of the Model, the Digital Investment Manager must have contingency plans to ensure that its services to clients are not adversely affected and that the clients’ interests are safeguarded.13d. Ongoing monitoring and reviews: the Digital Investment Manager must conduct ongoing monitoring and reviews to assess whether the Model effectively achieves its intended objectives and outcomes, and to manage the risks of inaccuracy, bias or exception. The Board and Senior Management must also periodically review the Digital Investment Manager’s internal governance structure and measures to ensure that they remain appropriate and effective.
11 Sub paragraphs (b), (c) and (d) follow from GEN 22.214.171.124 Refer to GEN 3.3.33 and PRU 6.9.13 Refer to GEN 3.3.33 and PRU 6.9.
4.6The Digital Investment Manager must ensure that its systems and controls are adequate and appropriate for the scale, nature and complexity of its business.14 This applies in particular to systems and controls concerning:a. the transmission and storage of information;b. the assessment, mitigation and management of risks relating to the provision of digital investment management services, including data security;c. the effecting and monitoring of transactions by the Digital Investment Manager;d. the technical operations of the Digital Investment Manager, including contingency arrangements for disruption to its facilities;e. the operation of its functions relating to the safeguards and protections to investors; andf. outsourcing.
14 Refer to GEN 2.2.3 and chapter 3.3, PRU 6.6 and 6.7, and other requirements in the Rulebook as applicable.
4.7In assessing whether the systems and controls used by the Digital Investment Manager are adequate and appropriate for the scale and nature of its business, the FSRA may have regard to the following:a. the distribution of duties and responsibilities among its key individuals;b. the staffing and resources of the Digital Investment Manager;c. the arrangements made to enable key individuals to supervise the operations of the Digital Investment Manager; andd. the arrangements for internal and external audit, including technology audits.
4.8Digital Investment Managers must comply with the rules relating to suitability in the FSRA’s Conduct of Business Rulebook (“COBS”).15 These rules require Digital Investment Managers to have a reasonable basis for considering that any Specified Investments they recommend, or Transactions they execute on a discretionary basis, are suitable for the client.16 In making this determination of suitability, Digital Investment Managers must:a. undertake an appropriate assessment of the particular client's needs, objectives, financial situation and also, to the extent relevant, their risk tolerance, knowledge, experience and understanding of the risks involved; andb. take into account any other relevant requirements and circumstances of the client of which the Authorised Person is, or ought reasonably to be, aware.17
15 Digital Investment Managers are also subject to the Principles for Authorised Persons in GEN 2.2. Principle 8 requires Authorised Persons to take reasonable care to ensure the suitability of their Advice and discretionary decisions for clients who are entitled to rely upon their judgment: GEN 126.96.36.199 COBS 3.4.2(a).17 COBS 3.4.2(a). Pursuant to COBS 3.4.2(b) and (e), Digital Investment Managers may limit the extent to which they will consider suitability for Professional Clients.
4.9Given the nature of their business models, Digital Investment Managers typically rely heavily on an online questionnaire to collect the information needed to perform suitability assessments (“Risk Profile Questionnaire”). When designing a Risk Profile Questionnaire, the FSRA expects that Digital Investment Managers will ensure that the following requirements are met.a. The information obtained to assess suitability is proportionate with the complexity and risk of the Specified Investments recommended or transacted through the platform. Digital Investment Managers that offer Specified Investments that are relatively high risk or have complex features will need to undertake more extensive due diligence to form a reasonable basis for assessing that these products are suitable for the client.b. There is a mechanism to exclude clients for whom the Digital Investment Manager’s services would not be suitable, or who require advice that goes beyond the scope of what the Digital Investment Manager can provide. These mechanisms may take the form of ‘knock out’ questions that, for example, reject prospective clients whose investment horizon, liquidity needs or other circumstances are misaligned with the Specified Investments offered through the platform.c. Inconsistencies in the information provided by prospective clients are addressed through follow up questions or engagement with a human advisor who can explain the context of the questions and their purpose.d. Where a client selects a portfolio that is not recommended, information is provided to the client explaining why the recommended portfolio (as opposed to the portfolio selected by the client) is considered suitable in light of the client’s personal circumstances as understood from the client’s responses to the Risk Profile Questionnaire.
Digital Investment Managers must take reasonable steps to ensure that the client information they hold is accurate, complete and up to date.18 In order to comply with this requirement, the FSRA expects that Digital Investment Managers will periodically prompt clients to update their information. This may be achieved by requiring clients to recomplete the Risk Profile Questionnaire, or by posing a more targeted set of questions to identify any changes in the client’s personal circumstances which may impact the suitability of the clients’ portfolios.
18 COBS 3.4.3.
Digital Investment Managers must comply with the disclosure requirements in COBS.19 The information that must be provided to a client differs according to the particular services provided20 and whether the client is a Retail Client or Professional Client. In all cases, communication between a Digital Investment Manager and a client must be clear, fair and not misleading.21
19 The majority of these requirements are contained in Chapter 12 of COBS.20 Refer to COBS 12.1.3 for the disclosures required for Investment Business and COSB 12.1.4 for the disclosures required for an Investment Manager.21 GEN 2.2.6, COBS 3.2.1.
4.12In the case of Retail Clients, Digital Investment Managers must provide sufficient details of the service that they will provide.22 In discharging this obligation, the FSRA considers that Digital Investment Managers will need to disclose, among other things, the following information to clients.a. The nature and scope of the services it offers, including the types of products and how it determines whether these products are suitable to meet the investment objective(s) of the client;b. Details of how the Model is relied upon in the investment process;c. The key assumptions and limitations of the Model used by the Digital Investment Manager;d. Circumstances where the Model may fail to perform as intended or where the Digital Investment Manager may halt (for instance due to volatile markets) or make material adjustments to the algorithm, and how these would impact clients;e. The degree of human involvement and oversight of the investment process; andf. The inherent, material risks arising from the Digital Investment Manager’s business model, such as the risks arising from automated portfolio rebalancing.
22 COBS 12.1.2(a)(v).
4.13Digital Investment Managers are also subject to a number of other disclosure requirements including, but not limited to, the following.a. Circumstances where the Digital Investment Manager expects clients to update the information they have provided in their Risk Profile Questionnaire.23b. Details of any conflicts of interest.24c. Details of the arrangements put in place by the Digital Investment Manager regarding Client Assets.25 The Digital Investment Manager should also describe the specific risks faced by clients where Client Assets are held by:i. a regulated financial institution within the UAE; orii. a regulated financial institution outside the UAE, which could complicate the process of recovering Client Assets in the event of the financial institution defaulting or becoming insolvent.d. In the case of Retail Clients:i. key particulars of the Digital Investment Manager’s complaints handling procedures;26ii. details of fees, costs and other charges and the basis upon the Digital Investment Manager will impose them;27 andiii. the content and frequency of the periodic reporting statements that the Digital Investment Manager will issue.28
23 COBS 188.8.131.52 COBS 3.5.4 and, in the case of Retail Clients, 12.1.2(vi).25 Refer to COBS 14.2.10 and 15.7 as applicable.26 COBS 12.1.2(viii).27 COBS 12.1.2(a)(iv).28 COBS 12.1.3(e).
In addition to the content of the disclosures, Digital investment Managers should also consider when and how best to make the disclosures in order to ensure that they are read and understood by clients (in particular, Retail Clients).
Guidance on Authorisation for Investment Management Activities [10 April 2017]
1. 1. Purpose
This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the ADGM Rulebooks.
The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Managing Assets or Managing a Collective Investment Fund (collectively referred to as "Investment Management Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant. The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.
Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.
2. 2. Consideration and Assessment of Applications
As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:(a) has adequate and appropriate resources, including financial resources;(b)is fit and proper;(c) is capable of being effectively supervised; and(d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.
In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without investment management track record may seek authorisation to conduct Investment Management Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.
1 A "Start-up" entity is:(a) any newly set up business entity which is not part of a Group subject to financial services regulation; or(b) any existing business entity which, or whose Group is not subject to financial services regulation.
The Regulator will apply a risk-based assessment according to the categories of investment management companies ("Manager") as set out in Table 1 below.
Table 1 — Categories of Managers
Category Permissible Activities Retail Manager Carrying on business in investment management activities with all types of Clients, including Retail Clients. Restricted Manager Carrying on business in investment management activities with Professional Clients only, without restriction on the number of Professional Clients. Start-up Manager Carrying on business in investment management with no more than 30 Professional Clients (which may be in the form of funds or other investment vehicles) and the total value of the assets under management ("AUM")2 does not exceed US$250 million.
2 In determining the value of the AUM:(a) Moneys committed by investors but not drawn down should be excluded from the Manager's AUM.(b) AUM should be based on the net value of the assets being managed. Any leverage to which the managed assets are exposed should be excluded from the Manager's AUM.
For the purpose of the clientele restrictions, a "look through" approach is adopted. For instance, an investment vehicle that is not wholly owned by Professional Clients or in which not all the beneficiaries are Professional Clients will not qualify as a Professional Client. Restricted and Start-up Managers should not target Retail Clients through the use of investment structures that circumvent clientele class restrictions.
3. 3. Minimum Criteria for Authorisation
Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the investment management or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.
To be a Retail Manager, the applicant should have a total Group AUM of at least US$1 billion.
Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.
Competency of Key Individuals — A Manager should ensure that the minimum competency criteria, set out in Appendix 1, are met.
Capital Requirements — As set out in section 3 of the PRU Rulebook, a Manager must satisfy a Base Capital Requirement or Expenditure-Based Capital Minimum, whichever is higher.
The table below sets out the Base Capital Requirement for the different categories of Managers.
Regulated Activity Base Capital Requirement Managing Assets US$250,000 Managing a Public Fund US$150,000 Managing an Exempt Fund or Qualified Investment Fund US$50,000
The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.
Use of shareholders' loans to meet Capital Requirements. Under current rules, the Capital Requirement of a Manager can only be met by certain forms of capital instruments. Recognising that Managers in general have relatively simple capital structures, the Regulator may consider granting a waiver to allow Managers who do not hold client money to use shareholders' loans as eligible capital resources to meet Capital Requirement exceeding the BCR, subject to appropriate ring-fencing conditions.
Compliance Arrangements — A Manager shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Manager's Senior Executive Officer ("SEO") and Board of Directors.
Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Manager. It should be segregated from and independent of the investment management function. The Manager should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.
Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Manager, an internal audit team from the head office of the Manager, or outsourced to a third party service provider, as set out in Appendix 3.
Independent Custody — A Manager should ensure that assets under management are subject to independent custody3. The independent custodians should be suitably authorised in their respective jurisdictions.
3 Unless otherwise provided in the Rules.
Valuation & Reporting — A Manager should ensure that assets under management are subject to independent valuation and customer reporting. The Manager may have:(a) a third party service provider, such as a fund administrator or custodian, perform the valuation; or(b)an in-house asset valuation function4 that is segregated from the investment management function. Such arrangements may be adopted within larger financial services groups where there are sufficient resources and internal controls to provide for effective segregation of both functions.
The annual audit performed by the independent auditor is intended to serve as a periodic check on the valuation of the assets. Taken on its own, the annual audit will not fulfil the requirement for independent valuation.
4 Unless otherwise required in the Rules, e.g. Fund Managers of Property Funds pursuant to the FUNDS Rulebook.
Professional Indemnity Insurance ["PII"] — As set out in section 6.12 of the PRU Rulebook, a Manager shall maintain PII cover appropriate to the nature, size, and risk profile of the Manager's business. A Retail Manager should obtain a minimum PII coverage as set out in Appendix 4. For Restricted and Start-up Managers, we may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.
Appendix 1 — Minimum Competency Criteria
Start-Up Manager Restricted Manager Retail Manager(i) Number of Licensed Directors:
A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.
Of these Directors,• Minimum years of individual relevant experience#:• Number of Directors resident in the U.A.E.
At least 2
At least 1
At least 2*
At least 1
At least 2*
At least 1(ii) Number of Approved Persons residing in the U.A.E:
Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and Senior Executive Officer ["SEO"] of the Manager.
Minimum years of relevant experience#:
At least 2
At least 2
At least 3
(10 years for the SEO)(iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:
Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Manager.
At least 2 At least 2 At least 3
#: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Manager. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting regulated activities in respect of discretionary portfolio management activities. Relevant experience may also include sector experience (e.g. corporate strategy and management of businesses), particularly for private equity and venture capital Managers. Directors/Partners, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.
*: For a Manager that is deemed as high impact or systemically important, the Regulator may require the Manager to have more than 2 directors.• The following are examples where the Regulator would consider a Start-up/Restricted Manager as having met the minimum competency criteria:
The Manager has two resident Licensed Directors, one of whom is the SEO, who is responsible for the conduct of investment management activities. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and reporting (i.e. not conducting a regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Manager will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional, who will conduct investment management activities. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.
The Manager has two Licensed Directors conducting investment management activities. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in investment management. One of the directors is the SEO. The Manager should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.
The Manager in ADGM ("ADGM Manager") is a subsidiary of a foreign-based Manager who is regulated in its home jurisdiction. The ADGM Manager has one resident Licensed Director appointed as the SEO, who has 5 years of relevant experience and carries out investment management activities. The ADGM Manager has another director based overseas. The ADGM Manager will meet the criteria if it employs an additional resident full-time employee/professional to conduct the investment management activities, and this employee will be required to have at least five 5 years of relevant experience.
Appendix 2: Minimum Compliance Arrangements
Category Compliance Arrangements Retail Manager• The Manager should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.• Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel. Restricted Manager• A Manager should have an independent compliance function with staff who are suitably qualified and independent from the front office.• The Manager may, depending on the size and scale of the business:(i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or(ii) engage an external service provider to support its compliance arrangements. The Manager should ensure that the service provider is competent and familiar with the regulatory requirements for Managers in ADGM. The service provider should be able to provide meaningful onsite presence at the Manager.In either case, the Manager should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement; Start-up Manager• A Start-up Manager should ensure that it has adequate compliance arrangements appropriate to the scale, nature and complexity of its operations. This may take the form of an independent compliance function, compliance support from overseas affiliates and/or use of external service providers that meet the requirements set out above.
Appendix 3 — Internal Audit Arrangements
Category Internal Audit Arrangements Retail Manager• The Manager should have an independent and dedicated internal audit function.• The internal audit function may be undertaken by an internal audit team within the Manager, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider. Restricted Manager• The internal audit function may be undertaken by an internal audit team within the Manager independent from the business functions, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.• Where the Manager does not have a dedicated internal audit function, the adequacy of the Manager's internal audit arrangements should be assessed against the context of the Manager's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by control functions such as risk management and compliance. Start-up Manager• The SEO and Board of the Manager are ultimately responsible for ensuring there are adequate internal controls within the Manager and should take reasonable measures to ensure that the internal controls are complied with.
Appendix 4 — PII Coverage for Retail Managers• PII coverage — A Retail Manager should maintain a PII coverage as follows:
Min PII Remarks 0.15% x AUM
(subject to a cap of
US$15mil)• Copy of PII to be submitted to the Regulator on an annual basis.• Amount of PII deductible should not exceed 20% of the Manager's CET1 Capital.• Alternative PII — The Regulator may consider alternative forms of PII subject to the following conditions:
Type Conditions Group PII• Minimum coverage to be at least 5 times the required quantum under a standalone non-hybrid PII.• If the deductible of the Group PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required. Hybrid PII• Sub-limits to be set for the non-PII sections of the hybrid PII.• Total coverage under the hybrid PII less the sub-limits for the non-PII sections should be at least equivalent to the required quantum under a standalone non-hybrid PII. Group Hybrid PII• Sub-limits to be set for the non-PII sections of the Group hybrid PII.• Total coverage of the Group hybrid PII less the sub-limits for the non-PII sections has to be at least 5 times the required quantum under a standalone non-hybrid PII.• If the deductible of the Group hybrid PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.
Guidance on Developing and using APIs in ADGM [14 October 2019]
INTRODUCTION1) This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“the Regulator”), and the Guidance & Policies Manual of the Regulator.2) This Guidance is applicable to those considering developing or using “Application Programming Interfaces (APIs)”, including applicants for a Financial Services Permission in ADGM, financial services firms located outside ADGM, and participants in FinTech, RegTech, SupTech1, amongst others.3) ADGM encourages Financial Service firms to adopt and promote the use of standardised, “interoperable”2 and trusted Application Programming Interfaces (APIs) in order to create the means to adapt and update in the context of an increasingly complex and changing business environment, and the rapidly evolving needs of customers.4) The FSRA encourages a standardised approach to creating, maintaining and governing APIs that will allow the development of innovative financial products and approaches in ADGM that will benefit customers and financial institutions throughout the UAE, the region and further afield. It is the intention of the FSRA to promote experimentation, accelerate implementation of cutting-edge technologies, and speed up industry adoption of customer-focused disruptive ideas, in order to help drive financial inclusion and realise the API economy.5) Organisations that create APIs will be able to pivot, adopt new ideas and discard old ones quickly. They will be able to iterate their products to keep up with changes in customer behaviour in a timely manner. Investing in the agile development mind-set, and therefore APIs, can give an organisation a competitive edge. Organisations who commit to building a marketplace to trade and settle discrete, understandable, and valuable APIs will be able to accelerate their realisation of the API economy’s dividends.6) To that end this Guidance takes a high level overview of the fundamental elements, standards and considerations that the FSRA deems necessary in providing safe and robust APIs. This Guidance should not restrict the use of APIs; rather, it is there to promote standardised approaches to building and providing APIs, which will be promoted in the ADGM Digital Sandbox.7) This Guidance is not an exhaustive source of the Regulator’s policy on the exercise of its statutory powers and discretions. The FSRA is not bound by the requirements set out in this Guidance and may impose additional requirements to address any specific risks posed by APIs/ API developers. The Regulator is not bound by the requirements set out in this Guidance and may modify this Guidance at its discretion where appropriate.8) Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (GLO).9) For more information please contact the FSRA at FinTech@adgm.com
1 These terms are used in various ways in the financial services industry. “FinTech” at its broadest incorporates all financial technology. “RegTech” includes those technologies that facilitate compliance with regulations. “SupTech” includes those technologies that facilitate supervision of financial markets and actors.2 The API is able to exchange and use information with other APIs, different systems, devices, applications or products to connect and communicate in a coordinated way.
BACKGROUND10) Advances in new technologies, and maturity of others, have provided opportunities for significant change and disruption to financial services and other related activities globally. Powering this innovation are APIs. APIs can fuel internal innovation, reach new customers, extend products and create vibrant partner ecosystems. APIs by their very nature allow for rapid prototyping, agile development and a fail fast, learn quick culture. They provide a way to share, move and access information previously ring fenced within isolated systems.11) “Big Tech” companies3 are opening up access to vast resources and computing power providing access to cutting edge technology, such as machine learning neural networks, blockchain development tools and even quantum computing, that were previously unavailable to the wider market. Additionally, in recent years there has been wide adoption of open-sourced technologies, giving developers suites of tools to create new programmes, systems and networks.12) Combined with the ever growing surge of the use of smart phones, consumers are now expecting seamless digital interactions tailored to their own specific needs. Which in turn is giving rise to the ‘Challenger’ or ‘Neo’ banks who are focused on providing customers with personalised ‘experiences’ rather than standard financial products.13) These new business models represent a fundamental step in the evolution of the financial services industry and have already disrupted more traditional ways of offering financial services. For example, ‘marketplace banking’ business models, i.e. exposing internal digital business assets or services in the form of APIs to external counterparties, is creating an entirely new ecosystem of banking services predicated on intelligent data management and agility in developing new products. The creation of and broadening of access to new data assets are in turn creating many new opportunities for both incumbent and start-up organisations. Fundamental to the development of this new paradigm is the “API economy4” which facilitates efficient and secure access to data and processes held at different actors within the financial services sector.14) However in order to realise an efficient API economy, APIs must be able to ‘talk’ the same language. In recognition of this, several open banking initiatives such as in the UK5, the EU6, Singapore7, Hong Kong8, Australia9 and New Zealand have taken this one step further to maximise interoperability and collaboration, by mandating certain Financial Institutions (FIs) to make data available (in the banking sector, often termed “Open Banking” or “Open Data” in a broader context) according to strict standards, predicated upon API usage.15) While the FSRA does not propose that Open Data or APIs are made mandatory it does see them as an integral part of any FIs digital strategy and as such will look to align with international best practices so as to maintain a safe and trusted digital environment.
3 These include some of the world’s largest multinational technology corporations, e.g. Google, Apple, Facebook and Amazon.4 https://www2.deloitte.com/content/dam/Deloitte/us/Documents/financial-services/us-fsi-api-economy.pdf7 http://www.mas.gov.sg/Singapore-Financial-Centre/Smart-Financial-Centre/Financial-Industry-API-Register.aspx
Objectives of the API GuidanceThe high level objectives of the API guidance are to promote:a. Interoperability - to promote the adoption of globally recognised and accepted standards, to ensure the sustainable growth of the digital economy, interoperability across sectors and connectivity to global marketsb. Security & Trust – to promote the use of internationally recognised security and governance practices in order to safeguard consumers and the financial services market.c. Innovation - to drive and encourage a culture of innovation and competitiveness.d. Collaboration - to advance and foster collaboration amongst the financial services and technology ecosystems.
What is an API16) An API can be seen as a user interface just with different users in mind. Rather than an individual interacting with an application on their smart phone, it is a computer application interacting with another, over the internet or within a private network, using predefined rules described in the API.17) Some APIs are designed to enable the query or update of a database, other APIs simply enable a process that has been exposed by one system to be initiated by another. In each API interaction there are the ‘providers’ of the API and the ‘consumers’ of the API:• ‘API Provider’ refers to an organisation that exposes their data or services through APIs;• ‘API Consumer’ refers to any organisation or person who uses an exposed API to access and consume the data or information.18) In order for a successful interaction between the API Provider and API Consumer, the terms of their engagement (protocols) have to be pre-defined. Once both parties have agreed this so-called ‘API Contract’, thereby establishing the relevant permissions to connect, then interactions and interoperability can be instantaneous and potentially limitless.
The types of APIs19) APIs can be classified into to the following three types (although many methodologies for classification exist):• Private APIs – used within an organisation to provide interoperability between internal applications in order to help automation and provide flexibility.• Partner APIs - used to integrate software between a company and its partner, often for a very specific purpose like providing a product or service.• Open APIs - an interface that has been designed to be easily accessible by the wider population where a business relationship is not necessary.20) In terms of design and governing rules there are currently two widely-used types of API methodologies in the financial services industry (although as of the date of this Guidance, newer approaches such as GraphQL are emerging and should be considered if they are relevant):• Representational State Transfer (REST); and• Simple Object Access Protocol (SOAP).To connect different systems and networks, both approaches can leverage the Hypertext Transfer Protocol (HTTP10), which defines how messages are formatted and transmitted over the internet, and encryption techniques so that the information being passed cannot be read by anyone other than the originator and the intended recipient. However, the two types differ in terms of structure and approach and as such have different applications in mind.22) REST is a framework which provides a specific methodology for how to design, build and operate an API which allows an application to use certain commonly-used and standard HTTP operations11. These operations enable one application to retrieve, send, update and remove data from another application12. RESTful APIs can output data in various different formats. These attributes make RESTful APIs easy to adopt, and flexible in connecting systems of different types.23) SOAP is another methodology and differs from REST especially in that it only uses one format, XML. SOAP also allows an application to programme another application directly using a wide degree of functions. Given these attributes, and the wide use of the XML standard in financial services, SOAP is like REST a commonly-used API methodology in the industry.24) SOAP is often used for transactional operations such as in payment gateways. It was developed in order to enable the API Provider to expose business logic to approved API Consumers so that they could interact safely over any communication protocol being used, usually the internet, in order to initiate a specific automated process.25) REST is often used in situations where rapid, wide-scale adoption is a goal, for example mobile apps for social networks or web chat services. It was developed in order to facilitate simpler information sharing in a fast and efficient manner over HTTP only.26) The most appropriate type of API style to use will depend on the environment, the project scope, the processes required and the type of information being shared.27) A more detailed comparison between the two API design styles can be found in Appendix A.
11 APIs that use the REST methodology are called “RESTful” APIs12 These functions corresponds to the GET, POST, PUT and DELETE commands respectively.
REGULATORY REQUIREMENTS28) Due to the very nature of collaboration and innovation that an API economy encourages amongst the financial services sector and others, the FSRA’s expectations regarding API Consumers and Providers and maintaining a safe, sound and trusted financial services ecosystem are set out in this Guidance.
Anti-Money Laundering29) Money Laundering (ML) and Terrorist Financing (TF) are two major risks that threaten economic growth and social stability through the illicit flow of funds and illegal activities. ML and TF pose significant negative impacts on the financial system.30) As such the FSRA expects organisations providing or consuming APIs to adhere to the FSRA’s Anti Money Laundering and Countering Financing of Terrorism “AML/CFT” framework at all times and put the appropriate measures in place to mitigate these risks, as well as:a) UAE AML/CFT Federal Laws, including the UAE Cabinet Resolution No. (38) of 2014 Concerning the Executive Regulation of the Federal Law No. 4 of 2002 concerning Anti-Money Laundering and Combating Terrorism Financing;b) the FSRA AML and Sanctions Rules and Guidance (“AML Rules”) or such other AML rules as may be applicable in ADGM from time to time;c) the adoption of international best practices (including FATF Recommendations); andd) monitoring national and international sanctions lists.
Data Protection31) Protecting confidentiality and security of customer data is vital for the stability and reputation of any financial services institution and should not be compromised. As such, organisations are required to comply with the ADGM Data Protection Regime13 and to apply best-practice safeguards for the security and protection of sensitive customer data during transit, processing and storage.32) There are also a number of secure hosting standards, e.g. ISO27001, which organisations should adhere to. This standard aids organisations in securing their information and helps implementation of an information security framework that is appropriate to the scale and maturity of the relevant organisation, the services they provide, and the third party suppliers they contract with.33) For a list of technical standards that should be considered when providing and consuming APIs, please see Appendices B and C.
Third Party Outsourcing34) For organisations regulated by the FSRA any issues that may result from the outsourcing including the failure of any third party to meet its obligations are the responsibility of the regulated organisation (GEN 3.3.31, PRU 6.8).35) In its assessment of a potential third party service provider, the regulated firm must therefore satisfy itself that the service provider maintains robust processes and procedures regarding the relevant service (including, for example, in relation to the testing and security required in this section on Technology Governance).
API REQUIREMENTS36) This section is intended to provide guidance on industry best practices around the design, security, maintenance and use of APIs in order to ensure interoperability, resilience and scalability of the API economy that we wish to encourage in ADGM and with other international API implementations.37) It is recommended that an organisation should first identify why it wants to develop and provide (or consume) an API, who the stakeholders within the organisation are, who the audience for the API will be, the systems and business processes involved and the actors/system that the API will interact with or replace.
Design38) All APIs should:a. Have platform independence – any web or mobile client should be able to call and interact with the API, regardless of how the API has been implemented internally.b. Allow for unhindered API evolution – APIs should flexibly evolve and be able to add functionality independently from other applications using them. As the APIs evolve, the existing applications using them should be unaffected and can continue to function without having to update to the latest version of the API.c. Use appropriate data standards – APIs should be using the most relevant data standard that are applicable for the type of data being transacted and the use case it is being applied to. Where there is no fit within an existing data standard organisations may decide their own data specification. However, it should publish the associated definitions using a ‘data dictionary’ in line with industry practices such as those outlined in the Open API Specification or Web Service Definition Language.d. Have good data security - It is important to have stringent information security, cyber security and other data related policies/guidelines.e. Be complete and concise – an API should be easy to understand and work with, as should be the API contract. Implementing and integrating with it should be a straight forward process.
API Documentation39) The API documentation (or ‘contract’) describes all aspects of the API in order to enable successful interaction between the API provider and API consumer. As such it should be a concise reference manual containing all the information required to work with the API, with details about the functions, classes, return types, and arguments. The API contract should, where relevant, be supported by tutorials and examples.40) At a high level the fundamentals that need to be documented in the API contract in order for both parties to be able to interact are:a. The business rules and service agreed between the API Providers and Consumers.b. The rules around how each party authenticates themselves before gaining access to the API.c. The standards that the API is adhering to including the change management and version control information that the consumer must be aware of.d. The design of the API i.e. its structure, the resources (data) that it provides access to and how to interact with the API to obtain them.e. The certification, on-boarding and acceptance of the API consumer from the API.41) As such the API contract should also include the following content (but not be limited to):• sampling code and example responses• rules on information handling, incident management and risk management• method of authentication (and how it impacts service interoperability, single sign-on, and rate-limiting)• design changes (recent and planned) and versioning information• availability, latency, ownership, depreciation policies and status capability• approach to backwards compatibility• guidance on configuring the API to make sure any relevant governance frameworks are followed• the open data standards used• security information• cost of use of the APIs, if applicable• support that will be provided to the consumer of the API
Security42) Most important of all the considerations for organisations providing and consuming APIs is the security measures that are deployed, which must comply with network security best practices. Updates and patches to all systems, particularly security systems, should be performed as soon as safely feasible after such updates and patches have been released. The following sections set out the main risk areas and mitigations for these that, in the opinion of the FSRA, need to be taken into account.43) As a general rule organisations providing and using APIs should also ensure that all parties that they are engaging with:• Use access tokens to establish trusted identities and control access to the services and resources.• Encryption and signatures are employed as standard.• Quotas and throttling are in place that determine how often APIs can be called. For example, more calls on an API may indicate that there is a Denial-of-Service attack. Or it could also be a programming mistake such as calling the API in an endless loop.• API traffic is enforced using an API gateway that allows authentication as well as control.44) For more detailed technology standards that should be employed please see Appendix B.
Cyber security45) As APIs are another entry or exit point for an attack on an organisation, the API security strategy must include the following cybersecurity mitigations (but not be limited to):• Strong firewall defences• Vulnerability and threat management• Antivirus and malware protection• Denial of Service (DoS) or Distributed Denial of Service (DDoS) protection• Patch management• Email filtering• Web filtering• Administration privileges• Access control• Intelligence and information sharing
Encryption46) The encryption of data, both at rest and in transit, should be included in the security policy. In particular, encryption and decryption of private keys should utilise encryption protocols, or use alternative algorithms that have broad acceptance with cyber security professionals. Critical cryptographic functions such as encryption, decryption, generation of private keys, and the use of digital signatures should only be performed within cryptographic modules complying with the highest, and ideally internationally recognised, applicable security standards.
Two-factor authentication47) As well as ensuring that architecture supporting the API and the API itself is secure, organisations should also consider the use of two-factor authentication (2FA) when APIs are initiated by a consumer accessing online service. 2FA is an extra layer of security designed to ensure that the only person who can access an account is the individual who owns it, even if the individual’s password has been compromised. The process involves the user providing two different authentication factors to verify themselves.48) However, it is worth noting that whilst this reduces the chance of being hacked, 2FA is not completely secure and still relies on the vigilance of the individual. For example, phishing attacks purportedly coming from trusted services login page can result in users giving away their credentials. In some extreme cases, hackers have been able to negate 2FA by spoofing an individual’s SIM card and intercepting the unencrypted message as it is sent over the network.
Penetration testing49) It is recommended that all systems and infrastructure should be regularly tested for vulnerabilities by an external penetration testing expert who is professionally accredited (such as CREST, IISP, TIGER scheme or OSCP Offensive Security).
Credentials management50) Authentication, authorisation and encryption are fundamental to the security of APIs. In terms of authentication, as far as possible, API providers should have a well-defined process to help ensure that individuals or organisations are robustly authenticated.51) Authorisation should only allow the authorised/accredited organisations and people to have access to the right API resources.52) Organisations must therefore ensure that they have the appropriate infrastructure in place for secure storage and management of relevant access credentials. These credentials include (but not limited to):• Identity keys• Signing keys• OAuth client IDs and secrets• Usernames and passwords• Access tokens53) Where authentication processes are handed off or redirected to other sites or apps, the technical processes should avoid the potential for disclosure or interception of the credentials. The organisation should also maintain the ability for the user to verify the authenticity of the site into which they are entering their credentials such as displaying the relevant URL and lock icon that they are interacting with.
Monitor API activity54) The security of an API is only as good as the organisation’s day-to-day security processes. All APIs should be monitored for unusual behaviour such as changes in IP addresses or users using APIs at unusual times of the day.55) It is recommended that the ability to write audit logs before and after security related events is in place as this increases the potential to monitor and detect attacks.56) Larger organisations should also look to create a Security Operations Centre (SOC) dedicated to monitoring, assessing and defending enterprise information systems such as APIs, web sites, applications, data servers, networks, hardware and software.
Error handling57) All responses to errors should use the commonly used HTTP codes and should not reveal details of the failure unnecessarily as this may provide unintended attack vectors for bad actors.
DataTo enable the interoperability of APIs at all levels (whether among systems, sectors, or geographies), the adoption of common data standards is necessary. Open data standards and ontologies provide a reference point that enables two parties to share data and information in a way that ensures understanding is preserved and the meaning can be conveyed.58) To that end organisations should adopt international open data standards and ontologies when providing an API in order to ensure maximum interoperability.59) For more detailed information on appropriate data standards please see Appendix D.
API Governance60) Business failures have often arisen as a result of the lack of adequate technology-related procedures, including, for example, lack of security measures, systems development methodologies, limited system penetration testing for operating a robust business, and lack of technical leadership and management. The FSRA has therefore included specific Guidance regarding expected controls and processes to help mitigate these issues.
Version control61) Versioning and change control is very important and needs to be managed effectively. As such, organisations should have formalised policies and procedures in respect of the following where relevant:- release numbers for all major and minor releases- backwards compatibility for all API changes- support for technology developers for major API versions for a specified period- escalation path for when vulnerabilities come to light- make a new endpoint available for significant changes62) If, however, for some reason the change is not backwards compatible, then the organisation must consider:• Incrementing a version number in the URL (start with /v1/ and increment with whole numbers).• Supporting both old and new endpoints in parallel for a suitable time period before discontinuing the old one.
Depreciation policies63) Clear API depreciation policies should be in place so old client applications are not unnecessarily supported.64) The time by which users/consumers have to upgrade, and how they will be notified of these deadlines should be clearly stated.
Appendix A: API Design Comparison65) The following table describes the main differences between the SOAP and REST API design styles.
SOAP REST SOAP is function driven and focuses on exporting pieces of application ‘logic’ rather than data. It relies exclusively on XML to provide messaging services.
REST is data driven and is focused on accessing named ‘resources’ (which represent data or an object) through a single consistent interface.
SOAP uses a Web Service Definition Language (WSDL) that describes the functionality offered by a web service for communication between the consumer and provider.
Most Web services using REST can obtain the needed information using a URL.
Appendix B: API Standards66) The following describes the standards that should be applied when building APIs.
Area/Subject Standard Publishing of technical, engagement details and data dictionary At a high level the API provider should provide the API documentation and a data dictionary. Code samples, tutorials and a software development kit (SDKs) should also be provided. Documentation and definitions should be in line with industry practices outlined in the Open API Specification (Swagger), the RESTful API Modelling Language specifications (RAML), or the Web Service Definition Language (WSDL) for SOAP APIs.
API architecture/Communication Protocols (i.e. the code to call the API) RESTful (Representational State Transfer) or SOAP (Simple Object Access Protocol) depending on the use case. Firms should provide for conversion of SOAP to REST or vice versa if relevant.
Transmission of data HTTPS & TLS v1.2 (Transport Layer Security)
Onboarding of customer onto service username/password and two-factor authentication where appropriate
AuthorisationOAuth 2.0N.B RESTful API calls with the HTTPS protocol should use a session-based authentication using OAuth 2.0 and JSON web tokens (JWT)
Authentication SAML 2.0 or OpenID
Encryption AES, RS, SHA 256-bit where relevant depending on the use case
Appendix C: Technology Standards67) The following is a list of European and International standards, where available, that should be considered when building APIs.
Appendix D: Data Standards68) The following describes some of the international data standards that should be applied where relevant for APIs in order to ensure interoperability.
Open data standard/Ontology
Financial Industry Business Ontology (FIBO) https://www.omg.org/hot-topics/finance.htm Defines financial industry terms, definitions and synonyms using semantic web principles such as OWL/RDF and widely adopted OMG modeling standards such as UML. Providing a means for integrating disparate technical systems and message formats, and aid in regulatory reporting by providing clear and unambiguous meaning of data from authoritative sources.
Financial Industry Regulatory Ontology (FIRO) https://github.com/GRCTC/FIRO FIRO is a series of interlinked Ontologies based on industry standards to capture regulatory imperatives and rules in formal semantics. It will enable efficient access to, and smarter consumption of, the wide and complex spectrum of financial services industry regulations.
Financial Regulatory Data Format (FIRE) https://github.com/SuadeLabs/fire
The Financial Regulatory data format defines a common specification for the transmission of granular data between regulatory systems (in finance)
International Financial Reporting Standards (IFRS) https://www.ifrs.org/ Provide a common global language for business affairs so that company accounts are understandable and comparable across international boundaries.
Standard for electronic data interchange between financial institutions. It describes a metadata repository containing descriptions of messages and business processes, and a maintenance process for the repository content. The standard covers financial information transferred between financial institutions that includes payment transactions, securities trading and settlement information, credit and debit card transactions and other financial information.
eXtensible Business Reporting Language (xBRL) https://www.xbrl.org Business documents, such as financial statements, performance reports, or compliance reports. The standard formats allow the documents to be transmitted and parsed between entities easily
Statistical Data and Metadata eXchange (SDMX) https://sdmx.org Designed to describe statistical data and metadata, normalise their exchange, and improve their efficient sharing across statistical and similar organisations.
Open Financial Exchange (OFX) http://www.ofx.net Open Financial Exchange is a reference data standard used for exchanging financial data, and performing transactions between financial institutions and underlying applications.
Association for Cooperative Operations Research and Development (ACORD)
ACORD is the global standards-setting body for the insurance and related financial services industries. Financial products Markup Language (FpML) http://www.fpml.org FpML is a standard based on XML and used for data exchange for electronic dealing and processing of derivatives instruments like interest rate derivatives, inflation swaps, dividend derivatives and other structured products. Financial Information eXchange (FIX) http://www.fixtradingcommunity.org FIX is the standard used for pre-trade and trade messaging across Financial Markets globally. It describes trade-related messages, and used for automated trading of securities, derivative, and other financial instruments. Market Data Definition Language (MDDL) http://xml.coverpages.org/mddl.html MDDL enables the exchange of information necessary to account, analyse, and trade financial instruments.
FinTech Regulatory Laboratory Guidance [02 November 2016]
1. 1. Introduction
This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the relevant FSRA Rulebooks where applicable.
The Guidance is applicable to the following Persons:(a) an applicant for a Financial Services Permission to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab in or from ADGM; and/or(b) a FinTech Participant.
This Guidance sets out the Financial Services Regulatory Authority's ("FSRA's" or the "Regulator's") approach to the Regulatory Laboratory ("RegLab") framework. In particular, this Guidance includes the eligibility and authorisation criteria applicants must satisfy to be authorised as FinTech Participants, the authorisation process, the types of restrictions that the Regulator may impose on the FinTech Participants' conduct, as well as the information that FinTech Participants may be required to produce to the Regulator.
This Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other parameters to address any specific risks posed by the proposed activities of the applicant to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.
The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.
Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.
2. 2. Objectives Of The Reglab Framework
FinTech allows the use of new technologies in the financial services industry to improve operational and customer engagement capabilities by leveraging analytics, data management and digital functions.
The fast evolving FinTech landscape where new and emerging FinTech solutions are becoming more diverse and sophisticated requires a responsive and progressive regulatory framework to facilitate the development, testing and adoption of promising FinTech innovations. In particular, the FinTech regulatory framework should encourage, rather than front-run innovation, should be tailored and proportionate to the materiality of the risks posed, and should be responsive to support time-to-market of new FinTech solutions in a cost-efficient environment.
In light of these considerations, FSRA has created the RegLab, which is a specially tailored regulatory framework that provides a controlled environment for FinTech Participants to develop and test innovative FinTech solutions without immediately being subject to all the regulatory requirements that would otherwise apply to Authorised Persons.
3. 3. The Reglab's Intended Participants
FSRA's RegLab framework may apply to two categories of FinTech Participants:-(a) those who have a FinTech product that is untested in the UAE market, to enable the FinTech Participants to live-test the product in a clearly demarcated environment in ADGM with controlled scope and scale, without attracting the full suite of regulatory requirements; and(b) those who may already be offering their FinTech product in the market, but wish to continue researching and developing it, and to live-test and offer any product enhancements, variations or new features on a limited rollout basis within the confines of the RegLab.
The RegLab is not intended to be a platform for firms to launch an established FinTech product which complies with all relevant regulatory requirements to a wider market. Financial institutions wishing to pilot and launch their complying technological innovations can do so in the ADGM under the existing authorisation and supervisory regime under the FSMR, without the need for the RegLab authorisation.
4. 4. Features Of The Reglab
Developing Financial Technology Services within the RegLab
FinTech Participants that qualify for authorisation under the RegLab framework will be granted an FSRA Financial Services Permission ("FSP") in accordance with section 30 of the FSMR to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.
Developing Financial Technology Services within the RegLab means the Regulated Activity specified in paragraph 73A of Schedule 1 to the FSMR.
The FinTech Participant authorised under the RegLab will be required to establish a commercial presence in ADGM.
The legislative requirements applicable to FinTech Participants under the RegLab framework will be tailored according to the specific characteristics and risks associated with the FinTech Proposal. This approach is consistent with the Regulator's objective to offer a responsive and risk-appropriate regulatory framework.
The requirements that will apply to FinTech participants under the RegLab framework may be adapted from existing regulations (including but not limited to the FSMR) and the FSRA Rules, as applicable.
As such, generally, the regulatory requirements applicable to all Persons to whom the FSMR applies would initially apply to each applicant for an FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.
On receipt of the RegLab application, the Regulator will work with the applicant to identify those Rules (or Rulebooks, as the case may be) that are not relevant to the applicant's FinTech Proposal. The Regulator may then waive or modify any of these Rules or Rulebooks (in part or entirely, as appropriate) by way of a waiver or a modification notice.
As certain Rules will be waived or modified for the FinTech Participant under the RegLab, the Regulator will, among other things:-(a) set client and exposure limits to limit the scope and scale of the FinTech Participant's test activities; and(b) impose boundaries/geographical restrictions to ensure that client impact is controlled and the clients' interests are protected.
Please refer to section 5.2 below titled Authorisation Requirements for further details of the requirements that the Regulator may impose.
The Regulator may vary the applicable waivers and modifications as the FinTech Participants progress through different stages of testing of their FinTech solution. Variations will be subject to the changing risks that the FinTech Proposal may pose at any point.
The RegLab is not intended to create a risk-free FinTech environment — an acceptable degree of risk is unavoidable in all innovation and entrepreneurial endeavours. What the RegLab aims to achieve is a controlled environment that promotes FinTech innovation, yet minimises the risks of poor client outcomes posed by these innovative solutions.
Two-year validity period
The FSP granted under the RegLab will have a validity period of up to two years for the FinTech Participant to test its FinTech solution.
At the end of the two-year validity period (or earlier if the size, scale or progress of the FinTech Proposal warrants), the FinTech Participant will exit the RegLab and, if eligible, migrate to the full authorisation and supervisory regime under the FSMR.
To be eligible to migrate to the full authorisation and supervisory regime, the FinTech Participant will be required to demonstrate to the Regulator that it:-(a) has achieved its intended test outcomes under the RegLab so as to deploy the FinTech product on a broader scale, and(b) continues to be fit and proper to be an Authorised Person in the ADGM.
If the FinTech Participant is unable to satisfy the above criteria, it will be required to cease carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab. The deadline for ceasing the Regulated Activity will be upon the expiry of its RegLab FSP, or at such time as the Regulator varies or cancels the FSP in accordance with section 33 of the FSMR. Please refer to section 8 below for more details.
During the two-year validity period, the Regulator will engage with and support the FinTech Participant and ensure the FinTech Participant operates within the parameters as set and agreed to prior to the grant of the FSP.
The two-year validity period of the authorisation granted under the RegLab may be extended in exceptional circumstances only, determined at the Regulator's discretion on a case-by-case basis.
Dedicated FinTech supervisory team
The Regulator's dedicated FinTech supervisory team will provide tailored guidance and support to applicants interested in applying to the RegLab and guide them in, among other things:-(a) understanding the RegLab regulatory framework;(b) preparing their RegLab application;(c) drawing up a risk-appropriate testing parameters; and(d) meeting their ongoing regulatory requirements.
5. 5. Reglab Authorisation Criteria
To qualify for authorisation under the RegLab framework, the applicant must demonstrate how it satisfies the following evaluation criteria:(a) the FinTech Proposal promotes FinTech innovation, in terms of the business application and deployment model of the technology.(b) the FinTech Proposal has the potential to:i. promote significant growth, efficiency or competition in the financial sector;ii. promote better risk management solutions and regulatory outcomes for the financial industry; oriii. improve the choices and welfare of clients.(c) the FinTech Proposal is at a sufficiently advanced stage of development to mount a live test.(d) the FinTech Proposal can be deployed in the ADGM and the UAE on a broader scale or contribute to the development of ADGM as a financial centre, and, if so, how the applicant intends to do so on completion of the validity period.
In order to become authorised under the RegLab framework, the applicant must also demonstrate to the satisfaction of the Regulator that it:(a) satisfies, and will continue to satisfy, any Threshold Conditions made under section 7(2) of the FSMR, including but not limited to the following:i. the applicant has adequate and appropriate resources, including financial resources, to develop and test its FinTech Proposal;ii. the applicant is fit and proper; andiii. the applicant has relevant technical and business knowledge and experience to develop and test the FinTech Proposal;(b) is able to clearly define the FinTech Proposal's test parameters, control boundaries, key milestones and intended outcomes;(c) is able to propose an acceptable reporting schedule to report to the Regulator on the status and progress of development and testing of its FinTech Proposal;(d) is able to satisfactorily detail the safeguards that have been put in place, and demonstrate how they are appropriate to the FinTech Proposal being tested, the risks that are posed and the type of clients that are likely to be affected by the proposed innovation;(e) is able to set out a fair and proper exit strategy for clients should the FinTech Proposal be discontinued, completed or deployed on a broader scale outside the RegLab; and(f) is able to satisfy all applicable ADGM Regulations, Rules, conditions and/or limitations that the Regulator may prescribe.
6. 6. Application Process For Authorisation
If the applicant is suitable participant for the FSRA's RegLab framework (refer to section 3) and meets the authorisation criteria (set out in section 5 above), it can proceed to complete and submit the RegLab Application Form. A copy of the RegLab Application Form is attached at Appendix A to this Guidance and can be submitted to the Regulator by email at FinTech@adgm.com.
Once the applicant has submitted its RegLab application form, the Regulator will review the application and inform the applicant whether the FinTech Proposal potentially qualifies for the RegLab.
The Regulator will work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the FinTech solution in question. The applicant will then assess if it is able to meet these requirements.
If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant will be granted an FSP in accordance with section 30 of the FSMR to carry on the Regulated Activity of "Developing Financial Technology Services within the RegLab".
Once the Regulator grants the FSP, the FinTech Participant will be able to develop and test its FinTech product within the parameters and control boundaries agreed upon with the Regulator.
Figure 1 overleaf depicts the RegLab application process.
Figure 1: RegLab Application Process
7. 7. Conditions / Limitations On The Fintech Participants
On being granted the FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab, the Regulator may impose limitations or conditions on the FinTech Participant in accordance with sections 30(4) and 35 of the FSMR. These may include, but are not limited to, any of the following:(a) the number and type of Clients with or for whom the FinTech Participant carries on, or intends to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab;(b) the type and size of Client transactions that the FinTech Participant is permitted to enter into;(c) the suitability assessment and Clients' written consent required prior to carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab;(d) the FinTech Participant's ability (if any) to hold or control Client Money and Client Investments;(e) the requirements surrounding the FinTech Participant's handling and protection of Client information;(f) the manner and type of financial promotion that the FinTech Participant may undertake and the associated disclosures that the FinTech Participant is required to make to Clients1;(g) the key information required to be contained in a Client Agreement;(h) the prevention of money laundering and countering the financing of terrorism measures that the FinTech Participant is required to implement2;(i) the FinTech Participant's capital requirements (if any)3;(j) the FinTech Participant's financial and other reporting requirements;(k) any other safeguards to protect the interests of Clients or maintain the safety and soundness of the financial system as the Regulator may prescribe.
1Requiring appropriate disclosures to, and consent of clients willing to use the FinTech product in order for clients to make an informed decision.
2If the Regulator has greater concerns regarding a FinTech solution, it may require the FinTech Participant to appoint an established financial institutions as a sponsor to undertake responsibility for compliance assurance or resolution of any client issue if a test does not perform as expected — e.g. the trial deployment of a robo-advisor may be excluded from Anti Money Laundering/Know Your Client due diligence if the consumer opens an investment account with a sponsor bank, which takes on the corresponding regulatory obligations.
3For example, reducing or waiving capital requirements where the Regulator deems appropriate.
FSRA may, at any time through the life-cycle of the FinTech Proposal, by notice in writing to the FinTech Participant, cancel or vary any condition or restriction imposed on the FinTech Participant or impose such further condition or restriction as it may think fit in accordance with sections 33, 35 and 36 of the FSMR.
8. 8. Exiting The Reglab
At the end of the two-year validity period, the FSP for the RegLab will expire.
Unless an application to extend the two-year validity period is made at least three months before its expiry, or at such time as is otherwise agreed by the Regulator4, the FinTech Participant will have to exit the RegLab and choose to either:(a) migrate to the full authorisation and supervisory regime under the FSMR and deploy its FinTech solution on a broader scale; or(b) employ an exit strategy.
4 Please refer to paragraphs 8.5–8.6 of this Guidance.
The exit strategy of a FinTech Participant may vary according to its commercial needs. For example, the FinTech Participant may choose to cease its business at the end of the validity period, or it may transfer its FinTech product and any clients to other authorised financial institutions.
The two-year validity period of the authorisation granted under the RegLab may only be extended in exceptional circumstances.
In applying for an extension of the validity period, the FinTech Participant shall provide the justifications for extension to the Regulator in such form and manner as FSRA may prescribe.
All applications for an extension of the validity period are to be determined at the Regulator's discretion on a case-by-case basis. The Regulator reserves the right to refuse an application for an extension of the validity period if it is of the view that it is desirable to do so in order to further one or more of its regulatory objectives.
Cancellation of the FSP
FSRA may cancel the FSP on the application of the FinTech Participant, in accordance with section 32 of the FSMR, or on the initiative of the Regulator, in accordance with section 33 of the FSMR, if it appears to the Regulator that:(a) the FinTech Participant is failing, or is likely to fail, to satisfy the Threshold Conditions made under section 7(2) of the FSMR and set out in paragraph 5.2(a) of this Guidance;(b) it is desirable to exercise this power to further one or more of the Regulator's objectives, including, for example, if:i. the FinTech Participant is failing, or is likely to fail, to satisfy the authorisation requirements set out in section 5.2(b)–(f) of this Guidance; orii. the FinTech Participant is failing, or is likely to fail, to satisfy the limitations or conditions set out in section 7.1 of this Guidance; or(c) the FinTech Participant has committed a contravention of the FSMR or any Rules made under the FSMR.
Guidance on Regulatory Framework for Private Financing Platforms [10 September 2018]
1. 1. Introduction
This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“FSRA”) and the Guidance & Policies Manual (“GPM”) of the FSRA.
It is applicable to an applicant for a Financial Services Permission (“FSP”) to carry on the Regulated Activity of Operating a Private Financing Platform, as defined in Schedule 1, Chapter 17C, Section 73E of FSMR, and Authorised Persons having received an FSP to do so.
This Guidance includes the authorisation criteria that applicants must satisfy to be authorised to undertake the Regulated Activity of Operating a Private Financing Platform (a “PFP Operator”) in addition to their ongoing regulatory requirements.
This Guidance, together with the applicable Abu Dhabi Global Market (“ADGM”) Regulations and FSRA Rules governing PFP Operators, is collectively referred to as the “PFP Framework”.
This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the FSRA may impose other conditions to address any specific risks posed by the proposed activities of a PFP Operator.
The FSRA is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.
The term “client” is used in this paper to denote the lenders and investors on the buyside of a transaction facilitated through a PFP (a “PFP Transaction”); the PFP Operator will have duties in respect of those clients.
Unless otherwise defined or the context requires otherwise, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (“GLO”).
2. 2. Objectives Of The Private Financing Platform Framework
Private Financing Platforms (“PFPs”) are online platforms that allow private companies, such as start-ups and small and medium enterprises (“SMEs”) from early to pre-IPO stage, to source financing from private and institutional investors to launch and scale their businesses.
PFPs can play an important role in improving access to alternative financing for startups and SMEs, which are key engines of economic growth and diversification in the MENA region. PFPs may include equity funding, private placement and invoice financing platforms that leverage data and technology to unlock new ways of raising money for small businesses from professional investors such as high net worth individuals, private equity, venture capital, family offices, accelerators / incubators and angel investors.
Notwithstanding the benefits of a PFP Framework to the financing ecosystem for startups and SMEs, there are risks associated with PFP Transactions that include, but are not limited to, the following:(a) Loss of capital: PFPs will mainly attract start-ups and SMEs that have no or very little established track record, for which the observed failure rate is generally high.(b) Lack of liquidity: In the absence of a ready secondary market for PFP Transactions, clients face the risk of not being able to exit their PFP Transactions or having to transfer them at a significant discount.(c) Lack of information: There may not be sufficient information on the start-ups and SMEs (“PFP Prospects”) seeking financing through the PFP to enable clients to conduct proper due diligence and make fully informed investment decisions.(d) Platform failure: Clients of a PFP may not be able to readily recover their assets in the event that a PFP Operator that handles Client Assets fails and becomes insolvent.(e) Conflicts of interest between the PFP Operator and clients: The remuneration of a PFP Operator is typically linked to the amount of funds raised so the interests of a PFP Operator may be more aligned with those of the PFP Prospect than those of its client providing financing.
In light of these considerations, the FSRA has developed a proportionate, risk-based PFP Framework that facilitates access by start-ups and SMEs to alternate sources of funding, rather than traditional channels, while applying the necessary regulatory safeguards to ensure they operate in a safe and sound manner to protect their clients.
3. 3. Key Features Of The Private Financing Platform Framework
3.1 Definition of Regulated Activity
The Regulated Activity of Operating a Private Financing Platform is defined in Schedule 1, Chapter 17C, Section 73E of FSMR and captures a number of alternative financing arrangements.
As retail investors, in general, may not fully appreciate the high risks associated with the transactions facilitated through a PFP, the FSRA intends to restrict the accessibility to PFPs under the PFP Framework to primarily Professional Clients.
PFP Operators generally do not provide financial advisory services to clients. Under these circumstances, the onus is on clients to seek independent financial advice or to make their own evaluation of the risks associated with any potential loan or investment. Professional Clients are considered to be more sophisticated and have more resources and capacity to make informed decisions on prospective debt and equity instruments offered through a PFP after considering the inherent risks.
There may be instances where a PFP Operator would like to offer its services to potential, sophisticated clients who do not meet the current financial criteria to be classified as a Professional Client. The FSRA may consider allowing the participation of these clients where the FSRA considers them able to adequately understand the risks associated with PFP Transactions, based on their knowledge, skills and experience. In such circumstances, the FSRA may impose other appropriate conditions or safeguards upon the PFP Operator. Further, the PFP Operator’s FSP must permit it to deal with Retail Clients.
All clients must be pre-screened and on-boarded by the PFP Operator, in accordance with COBS Chapter 2, before being given access to the PFP.
3.3 PFP Prospects
A PFP Prospect must be a Body Corporate. The FSRA is of the view that a PFP would be an inappropriate forum for use by natural persons seeking financing for a business venture for a number of reasons, including:(a) the inappropriateness of a PFP for the formation of partnerships between individuals; and(b) the undesirability of posting personal information enabling the clients of a PFP to ascertain the creditworthiness of an individual.
The FSRA is additionally of the view that a PFP would be inappropriate for capitalising ventures at the pre-incorporation stage of their development, given the lack of track record and the limited scope of potential due diligence that may be undertaken.
3.4 Exempt Offers
A Security being offered to the public within the ADGM must be accompanied by a Prospectus under Section 61 of FSMR, unless it qualifies as an Exempt Offer. Accordingly, the FSRA will only allow a financing proposal to be published on a PFP where it qualifies as an Exempt Offer through satisfying any of the criteria set out in Markets (“MKT”) Rule 4.3.1, also bearing in mind Rules 4.3.2 and 4.3.3, which are included in Appendix 1 of this Guidance.
3.5 Client Assets
As best practice, a PFP Operator should appoint an Eligible Custodian to safeguard Client Assets. However, alternative arrangements may be permitted by the FSRA where appropriate safeguards are implemented.
In the case that a PFP Operator does not appoint an Eligible Custodian, it must comply with:(a) the higher capital requirements set out in Prudential – Investment, Insurance Intermediation and Banking (“PRU”) Chapter 3 and Section 4.3(f) of this Guidance; and(b) where applicable, the following Conduct of Business (“COBS”) Rules:(i) Chapter 14 – Client Money Rules (if holding or controlling Client Money, Providing Custody or Arranging Custody);(ii) Chapter 15 – Safe Custody Rules (if holding or controlling Client Investments, Providing Custody or Arranging Custody); and(iii) Chapter 16 – Recovery & Resolution Planning for Client Money & Safe Custody Assets (if holding Client Money or Client Investments).
4. 4. Authorisation Criteria For PFP Operators
When reviewing an FSP application from a proposed PFP Operator (a “PFP Applicant”), the FSRA will consider the Threshold Conditions set out in FSMR and Chapter 5 of the General (“GEN”) Rulebook and the matters set out in Chapter 2 of the GPM.
The Threshold Conditions set out in GEN Rule 5.2.7, require a PFP Applicant to demonstrate to the satisfaction of the FSRA that it:(a) has adequate and appropriate resources, including financial resources;(b) is fit and proper;(c) is capable of being effectively supervised; and(d) has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.
Chapter 2 of the GPM sets out in detail the FSRA’s approach to assessing whether an applicant for an FSP meets the Threshold Conditions above. Some key considerations for PFP Applicants are the following.(a) Business ModelThe FSRA will consider the PFP Applicant’s proposed business model and assess any potential risks it poses. In particular, the FSRA will consider:(i) the nature and structure of the products offered on the PFP;(ii) the PFP Applicant’s target clients;(iii) the roles and responsibilities of the PFP Applicant;(iv) whether the PFP Applicant might have any perceived conflicts of interest when authorised and how these might be managed;(v) any proposed outsourcing arrangements with third party service providers;(vi) whether the PFP Applicant is proposing to carry out any other Regulated Activities; and(vii) the safekeeping arrangements for Client Assets if the PFP Applicant intends to hold these.
In the case that a PFP Applicant proposes to carry out other Regulated Activities such as Advising on Investments or Credit, Managing Assets or Managing a Collective Investment Fund, the PFP Applicant would need to demonstrate how it would manage any potential conflicts of interest that these activities may pose.(b) Track RecordA PFP Applicant should demonstrate that it or its Group has an established track record in corporate finance or a related business, of a minimum of five years, in a jurisdiction that has a legislative and regulatory framework that is of comparable standard to that of the FSRA. The PFP Applicant or its Group, where applicable, should also be subject to proper supervision by a competent regulatory authority.Alternatively, where a PFP Applicant does not have an established track-record of at least five years or meet the regulatory status requirement, the FSRA may take into account (i) the track record of the PFP Applicant’s Controllers/substantial shareholders and (ii) the experience and qualifications of the PFP Applicant’s key individuals, when assessing the application.(c) Governing Body(i) Licensed Directors – A PFP Applicant which is a Body Corporate incorporated in the ADGM, must register all its Directors with the FSRA in accordance with GEN Rule 5.5.4.(ii) Licensed Partners – A PFP Applicant which is Partnership established in the ADGM, must register all its Partners with the FSRA in accordance with GEN Rule 5.5.5.
These appointments are not required for PFP Applicants that are branches of legal entities domiciled outside the ADGM.
The PFP Applicant must demonstrate that its Governing Body has sufficient collective skills and experience in corporate finance or related fields to oversee the firm’s operations.(d) Mandatory AppointmentsA PFP Applicant must also appoint the following individuals in accordance with GEN Rule 5.5.1:(i) Senior Executive Officer (“SEO”) – an SEO who is ultimately responsible for the day-to-day operation, supervision and control of the firm’s operation. The SEO must possess a minimum of five years’ relevant and demonstrable experience and qualifications.(ii) Finance Officer (“FO”) – a Finance Officer with the relevant expertise to prepare and oversee its financial reporting.(iii) Compliance Officer (“CO”) – a suitably experienced and qualified Compliance Officer who is independent of the firm’s operations and oversees the compliance function.(iv) Money Laundering Reporting Officer (“MLRO”) – a suitably experienced and qualified MLRO who is independent of the firm’s operations and responsible for the implementation of the firm’s anti-money laundering controls and the day-to-day oversight of its compliance with the Anti- Money Laundering and Sanctions (“AML”) Rules and Guidance.Other considerations for PFP Applicants:• The SEO, CO and MLRO must all be resident in the UAE;• The CO and MLRO functions may be carried out by the same individual; and• The FO, CO and MLRO may be carried out in-house or outsourced to another Group entity or service provider.The FSRA will consider the collective suitability of all of the PFP Applicant’s proposed staff and whether there is a sufficient range of individuals with appropriate knowledge, skills and experience to understand, operate and manage the firm's affairs in a sound and prudent manner.(e) Systems and ControlsThe FSRA will assess the following governance and control requirements in relation to the PFP Applicant.
Requirement Rule(s) Note Risk
GEN 3.3.4 –
A PFP Operator must establish and maintain risk management systems and controls to enable it to identify, assess, mitigate, control and monitor its risks.
This framework should include measures to minimise technology risks associated with the PFP. In particular, a PFP Operator should have measures in place to ensure data integrity and the protection of its technology from fraud, impairment, tampering, misuse or unauthorised access.
GEN 3.3.7 –
A PFP Operator must establish and maintain compliance arrangements, including processes and procedures that ensure and evidence, as far as reasonably practicable, that it complies with all Regulations and Rules.
While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with PFP Operator’s SEO and Governing Body.
Internal audit GEN 3.3.13 –
A PFP Operator’s internal audit arrangements should be appropriate to the scale, nature and complexity of its operations.
The internal audit may be conducted by the internal audit function within the PFP Operator, its Group’s internal audit function or outsourced to a third party service provider.
GEN 2.2.7 &
A PFP Operator must have arrangements in place to ensure that conflicts of interest between itself and its Customers, between its Employees and Customers and between one Customer and another are identified and prevented or managed, or disclosed, in such a way that the interests of a Customer are not adversely affected.(f) Capital RequirementsA PFP Operator will fall within Prudential Category 4. As set out in PRU Chapter 3, a PFP Operator must maintain at all times Capital Resources in excess of its Capital Requirement, which is the higher of its Base Capital Requirement or Expenditure-Based Capital Minimum.The table below sets out the Capital Requirement for PFP Operators: Client Asset Arrangements Base Capital
PFP Operator does not hold or control
10,000 6/52 x AAE1 PFP Operator holds or controls Clients
150,000 18/52 X AAE(g) Professional Indemnity Insurance (“PII”)In accordance with PRU Rule 6.12, a PFP Operator must maintain PII cover appropriate to the nature, size and risk profile of its business.
Prior to issuing an FSP, the FSRA may require the technology utilised by a PFP to be at a suitably advanced staged in order for the PFP Applicant to demonstrate the functionality of the platform and its compliance with the PFP Framework.
For more details on the process for authorisation as a PFP Operator, please contact the FSRA at: firstname.lastname@example.org.
5. 5. Ongoing Requirements For PFP Operations
Upon authorisation, a PFP Operator, as a holder of an FSP, must comply at all times with the relevant requirements in FSMR and the FSRA Rulebooks, including GEN, COBS, PRU and AML.
The principal conduct rules that apply to PFP Operators are set out in COBS Chapter 18, and are outlined below:(a) Risk WarningA PFP Operator must publish a prominent risk warning on the PFP which identifies the risks involved in participating in a PFP Transaction. As a minimum the risk warning should address the risks set out in section 2.3 of this Guidance.Prior to registering a Client to access the PFP, a PFP Operator must obtain their acknowledgement that they fully understand the risks set out in the risk warning.(b) Due DiligenceThe PFP Operator is required to undertake appropriate and proportionate due diligence on a PFP Prospect covering the matters set out in COBS Section 18.4, as a minimum. Where reasonable and prudent, the due diligence review of a PFP Prospect may require independent verification.A PFP Operator is not required to disclose its due diligence assessments to clients, although it may choose to do so. However, it is required to disclose and explain in a clear way its selection and acceptance criteria for a PFP Transaction to be offered on its platform. It must also disclose its due diligence methodology for each of its criterion including where the due diligence is undertaken by a third party.A PFP Operator must keep records of the due diligence undertaken on all PFP Prospects for the FSRA’s review.A PFP Operator must also form a reasonable basis for believing that the PFP Prospect has adequately set out relevant information regarding its proposal in a clear, fair and not misleading manner for clients to make an informed decision including, but not limited to:(i) general information about the PFP Prospect including details of its incorporation, commercial licence, directorships, major shareholders, beneficial holders;(ii) the business proposal and business model;(iii) financial information about the PFP Prospect;(iv) criteria by which the PFP Transaction would be regarded as being in default;(v) a wind-down plan, including information on the return of Client Assets, in the event of business default/failure of the PFP Prospect;(vi) features, structures, and subscription classes of the PFP Transaction;(vii) basis of subscription class and allotment to each client;(viii) treatment, voting / contractual rights and claims of clients of the PFP Transaction in any particular subscription class;(ix) pricing and valuation basis of the PFP Transaction;(x) risks specific to the PFP Prospect and PFP Transaction;(xi) parties involved in the PFP Transaction and any conflicts of interest, including any financial or other interests that the PFP Operator, its key officers, Employees and Associates have in the PFP Prospect or PFP Transaction;(xii) procedures and obligations for clients in any administrative / corporate actions;(xiii) whether the PFP Prospect is seeking funding from other sources at the same time;(xiv) intended use of funds;(xv) treatment of oversubscriptions and maximum amount accepted, if applicable;(xvi) any cancellation rights;(xvii) format / frequency of performance reporting to clients; and(xviii) format / frequency of ongoing disclosure of applicable information in relation to the PFP Transaction and PFP Prospect.Any material changes to the information disclosed in the proposal to clients must be updated and notified to clients within a reasonable timeframe and at least ten business days prior to closing of the PFP Transaction.(c) Forums / Message BoardsA PFP Operator is not required to comply with the above disclosure requirements where it is merely gauging the interest of clients on a potential PFP Transaction where the related start-up or SME is not identified.In such instances, the PFP Operator should monitor the forum or message board used to gauge client interest to remove any potentially misleading or fraudulent posts.(d) MarketingAs access to PFPs is restricted to registered clients only, mass solicitation, advertising or canvassing is not permitted.However, a PFP Operator may promote its platform to the general public. Such communication may include general information about the PFP Operator, its business model, performance and the PFP Prospects accepted on its platform. Such communication must not include any information on specific offers, research or recommendations relating to a PFP Prospect or a PFP transaction.(e) DisclosureA PFP Operator must disclose the following information to its clients, either in written form or electronically through the PFP, to enable them to make an informed decision on whether to participate in a transaction on the PFP:(i) how the PFP operates (e.g. whether it offers loan or investment based financing opportunities, the process for participating in a financing opportunity; how Client Assets are held, how transactions through the PFP may be structured);(ii) the PFP Operator’s remuneration model (e.g. whether the PFP Operator is remunerated entirely by PFP Prospects by a percentage of funds raised or on a transaction basis by its clients);(iii) the PFP Operator’s roles and obligations (including to clients in any administrative / corporate actions in relation to the PFP Transactions). Where the PFP Operator and clients relationship is non-advisory in nature, the PFP Operator must clearly disclose the fact and that the information presented does not constitute personal advice or a recommendation);(iv) the recourse available to clients in the event of the failure of the PFP Operator or the PFP Prospect;(v) in the event that there is a material adverse change in the circumstances of PFP Transaction or the PFP Prospect defaults, the PFP Operator’s roles and obligations, including any arrangements in relation to the recovery of the Client Assets; and(vi) the general disclosure obligations set out in COBS (e.g. where applicable, the client agreement content in Rule 3.3.2 and potential conflicts of interest in Rule 3.5.4).(f) Exit FacilityA PFP Operator may offer an incidental facility (termed an “Exit Facility”) to permit clients to exit their PFP transactions by allowing them to seek potential “buyers” who are also clients of the PFP Operator in order to transfer their rights and obligations under their loan or investment agreements.The Exit Facility should not allow active trading by clients and should be solely an ancillary service provided by the PFP Operator. The Exit Facility must comply with the requirements set out in COBS Section 18.8. In particular, the PFP Operator should not be remunerated for any transaction made through this facility nor should it provide advice to or make arrangements on behalf of clients using this facility.Where an Exit Facility exhibits characteristics of a trading facility, the PFP Operator may require a separate FSP for Operating a Multilateral Trading Facility or Operating an Organised Trading Facility2.Any investment-based offer made through the Exit Facility must continue to comply with the Exempt Offer criteria set out in Appendix A of this Guidance.(g) Intermediate entitiesWhere a PFP Operator structures a PFP Transaction using a special purpose vehicle, that vehicle must be incorporated in the ADGM to ensure the ease of administration and greater regulatory oversight in the event of the failure of the PFP Operator.
A PFP Operator will also need to consider the applicability of other ADGM Regulations including, but not limited to, the Companies Regulations 2015, Insolvency Regulations 2015, Data Protection Regulations 2015 and the Common Reporting Standard Regulations 2017; as well as other international regulations including the Foreign Account Tax Compliance Act.
Chapter 3 of the GPM sets out in detail the FSRA’s risk-based approach to the supervision of Authorised Persons.
6. 6. Other Considerations For PFP Operations
Pursuant to the Fees Rules, a PFP Operator will be required to pay the following fees:
$5,000 for the Regulated Activity of Operating a Private Financing Platform. An additional $5,000 would apply for each Regulated Activity for which it also seeks an FSP. Approved Person
$500 for each Approved Person for whom it is seeking
$5,000 for the Regulated Activity of Operating a Private Financing Platform. An additional $5,000 would apply for each Regulated Activity for which it has an FSP.
6.2 Islamic Financial Business
The Islamic Finance Rules (“IFR”) apply to:(a) every Authorised Person, including a PFP Operator, who carries on, or holds itself out as carrying on, an Islamic Financial Business in the ADGM whether as an Islamic Financial Institution or through an Islamic Window; and(b) an Authorised Person, including a PFP Operator, making an Offer in the ADGM relating to a Security which is, or is held out as being, a Shari'a-compliant Security.
Accordingly, should a PFP Operator itself wish to promote a Specified Investment as being Shari’a compliant, it must hold the requisite Islamic Financial Business qualification on its FSP.
APPENDIX A APPENDIX A: EXEMPT OFFER CRITERIA
MARKETS (“MKT”) RULE 4.3
This section prescribes the type of Offer that is an Exempt Offer. The prohibition in section 58(1) of the FSMR does not apply to such Offers. Accordingly, a Person may make an Offer of Securities to the Public in the circumstances specified in this Rule without a Prospectus.
For the purposes of section 61(3)(a) of the FSMR the Regulator hereby prescribes the circumstances in which an Offer is an Exempt Offer:(1) an Offer made to or directed at only Professional Clients other than natural Persons;(2) an Offer in or from the ADGM which is directed at fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural persons;(3) an Offer where the total consideration to be paid by a Person to acquire the Securities is at least $100,000, or an equivalent amount in another currency;(4) an Offer where the Securities are denominated in amounts of at least $100,000, or an equivalent amount in another currency;(5) an Offer where the total aggregate consideration for the Securities offered is less than $100,000, or an equivalent amount in another currency, calculated over a period of 12 months;(6) an Offer where Shares are issued in substitution for Shares of the same class as already issued, where the issue of the new Shares does not involve any increase in the issued Share capital;(7) an Offer where the Securities are Convertibles issued under a Prospectus to existing members or creditors of the Issuer or a member of its Group and there is no additional consideration to be paid;(8) an Offer where the Securities are offered in connection with a Takeover and a document is made available containing information which is considered by the Regulator as being equivalent to that of a Prospectus;(9) an Offer where the Securities are offered, allotted or to be allotted in connection with a merger if a document is available containing information which is regarded by the Regulator as being equivalent to that of a Prospectus;(10) an Offer where the Securities are offered, allotted or to be allotted in connection with a rights issue where:a. the Securities are of a class subject to Reporting Entity disclosure; andb. a document is made available containing information on the number and nature of the Securities including rights attaching to those Securities and the reasons for and details of the Offer;(11) an Offer where the Shares are offered, allotted or to be allotted to existing Shareholders free of charge or dividends paid out in the form of Shares of the same class as the Shares in respect of which the dividends are paid, and a document is made available containing information on the number and nature of the Shares and the reasons for and details of the Offer;(12) an Offer where the Securities are offered, allotted or to be allotted to an existing or former Director or Employee, or any Close Relative of such a Director or Employee, of the Issuer or a member of the same Group as the Issuer anda. the Issuer or the member of the Group already has its Securities admitted to trading on a Regulated Exchange; andb. a document is made available to the offerees containing information on the number and nature of the Securities and the reasons for and details of the Offer.
Where any Securities, which were previously the subject of an Exempt Offer, are subsequently offered to the public, such a subsequent Offer will be regarded, for the purposes of Part 6 of the FSMR and the Rules made for the purposes of that Part, as a separate and new Offer of Securities to the Public, unless that Offer meets one of the criteria in Rule 4.3.1.
An Offer of Securities remains an Exempt Offer even if the Offer falls in whole or part within more than one of the circumstances specified in Rule 4.3.1, as long as all of the Offer falls within at least one of those circumstances.
Guidance on Authorisation for Dealing Activities [21 October 2015]
1. 1. Purpose
This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR, the ADGM Rulebook and other applicable Rules.
The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Dealing in Investments as Principal, Dealing in Investments as Agent, or Arranging Deals in Investments (collectively referred to as "Dealing Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant.
Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.
2. 2. Consideration and Assessment of Applications
As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:(a) has adequate and appropriate resources, including financial resources;(b)is fit and proper;(c) is capable of being effectively supervised; and(d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.
In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without relevant track record may seek authorisation to conduct Dealing Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.
1 A "Start-up" entity is:(a) any newly set up business entity which is not part of a Group subject to financial services regulation; or(b) any existing business entity which, or whose Group is not subject to financial services regulation.
The Regulator will apply a risk-based assessment according to the categories of dealers ("Dealers") as set out in Table 1 below. The applicant should ensure that the category it chooses accommodates its needs over a reasonable timeframe.
Table 1 — Categories of Dealers
Category Permissible Activities Retail Dealer Dealing in investments with or for all types of Clients, including Retail Clients. Institutional Dealer Dealing in investments only with or for Professional Clients in the ordinary course of business. Restricted Dealer Dealing in investments only with or for Professional Clients and:• does not carry any customers' positions or accounts on its own books2; and• does not receive, hold or control Client Assets.
2 This includes any intra-day positions pending settlement or undertaking of settlement risks.
3. 3. Minimum Criteria for Authorisation
Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the dealing or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.
To be a Retail Dealer, the applicant should have a total Group shareholders' funds of at least US$200 million.
Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.
Competency of Key Individuals — A Dealer should ensure that the minimum competency criteria, set out in Appendix 1, are met.
Capital Requirements — As set out in section 3 of the PRU Rulebook, a Dealer must meet the following minimum capital requirements:
Table 2 — Capital Requirement
Category Capital Requirement Retail Dealer / Institutional Dealer (Dealing as principal)(a)Base Capital Requirement of US$2,000,000;(b)Expenditure-Based Capital Minimum; or(c)Risk Capital Requirement; whichever is higher. Retail Dealer / Institutional Dealer (Dealing as agent)(a)Base Capital Requirement of US$500,000;(b)Expenditure-Based Capital Minimum; or(c)Risk Capital Requirement; whichever is higher. Restricted Dealer3(a)Base Capital Requirement of US$10,000; or(b)Expenditure-Based Capital Minimum; whichever is higher.
The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.
3 As set out in section 6.12 of the PRU Rulebook, a Restricted Dealer shall maintain PII cover appropriate to the nature, size, and risk profile of its business. We may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.
Compliance Arrangements — A Dealer shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Dealer's Senior Executive Officer ("SEO") and Board of Directors.
Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Dealer. It should be segregated from and independent of the front office function. The Dealer should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.
Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Dealer, an internal audit team from the head office of the Dealer, or outsourced to a third party service provider, as set out in Appendix 3.
Appendix 1 — Minimum Competency Criteria
Restricted Dealer Institutional Dealer Retail Dealer(i) Number of Licensed Directors:
A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.
Minimum years of relevant experience#:
Of these Directors,• Number of executive Directors:
Executive Directors are employed full-time in the day-to-day operations of the company and should be resident in the U.A.E.• Minimum years of relevant experience# of Senior Executive Officer ["SEO"]:
The SEO is a Controlled Function set out in GEN 5.3.2.
At least 2
At least 1
At least 2*
At least 1
At least 2*
At least 1
10 years(ii) Number of Approved Persons residing in the U.A.E:
Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and SEO of the Dealer.
Minimum years of relevant experience#:
At least 2
At least 2
At least 3
5 years(iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:
Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Dealer.
At least 2 At least 2 At least 3
#: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Dealer. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting Dealing Activities on behalf of customers. Directors/Parnters, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.
*: For a Dealer that is deemed as high impact or systemically important, the Regulator may require the Dealer to have at least more than 2 directors.• The following are examples where the Regulator would consider a Restricted/Institutional Dealer as having met the minimum competency criteria:
The Dealer has two executive resident directors, one of whom is the SEO, who is responsible for dealing function. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and risk management (i.e. not engaged in regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Dealer will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional on the dealing desk. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.
The Dealer has two executive directors as dealers. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in dealing activities. One of the directors is the SEO. The Dealer should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.
The Dealer in ADGM ("ADGM Dealer") is a subsidiary of a foreign-based Dealer who is regulated in its home jurisdiction. The ADGM Dealer has one resident executive director appointed as the SEO, who has 5 years of relevant experience and heads the dealing function. The ADGM Dealer has another director based overseas. The ADGM Dealer will meet the criteria if it employs an additional resident full-time employee/professional to conduct dealing activities, and this employee will be required to have at least five 5 years of relevant experience.
Appendix 2: Minimum Compliance Arrangements
Category Compliance Arrangements Retail Dealer• The Dealer should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.• Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel. Institutional Dealer• The Dealer should have an independent compliance function with staff who are suitably qualified and independent from the front office.• The Dealer may, depending on the size and scale of the business:(i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or(ii) engage an external service provider to support its compliance arrangements. The Dealer should ensure that the service provider is competent and familiar with the regulatory requirements for Dealers in ADGM. The service provider should be able to provide meaningful onsite presence at the Dealer.In either case, the Dealer should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement; Restricted Dealer
Appendix 3 — Internal Audit Arrangements
Category Internal Audit Arrangements Retail Dealer• The Dealer should have an independent and dedicated internal audit function.• The internal audit function may be undertaken by an internal audit team within the Dealer, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider. Institutional Dealer• The internal audit function may be undertaken by an internal audit team within the Dealer independent from the business functions, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.• Where the Dealer does not have a dedicated internal audit function, the adequacy of the Dealer's internal audit arrangements should be assessed against the context of the Dealer's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by other control functions such as risk management and compliance. Restricted Dealer• The SEO and Board of the Dealer are ultimately responsible for ensuring there are adequate internal controls within the Dealer and should take reasonable measures to ensure that the internal controls are complied with.