Beneficial Ownership and Control Guidance
IntroductionAbu Dhabi Global Market (“ADGM”) is established pursuant to Abu Dhabi Law No. 4 of 2013 as a financial free zone in the Emirate of Abu Dhabi, with its own civil and commercial laws. ADGM offers market participants a world-class legal system and regulatory regime.This document has been prepared to guide clients in identifying the registrable beneficial owners of ADGM Entities.
Registration Authority OfficeThe Registration Authority (the “Registrar”) is an independent authority, which has the powers granted to it under the Abu Dhabi Law No. 4 of 2013. The Registrar’s office is located at 3rd floor, ADGM Building, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates.
The Registrar’s main functions• Registration of ADGM establishments• Registration of business names and maintenance of register• Registration of post-incorporation documentation and event-driven filings• Registration of changes in business name particulars• Registration of changes in directors, officers, shareholders and share capital• Enforcement, prosecution and strike off, dissolution or restoration of ADGM establishments• Cancellation of Commercial Licenses, amendment, suspension, etc.
Opening HoursThe Registrar’s office is open to public from Sunday to Thursday, 9:00am to 3:00pm and may be contacted during normal working hours at +971 2 3338777 or by email at email@example.com
ADGM RequirementBeneficial ownership identification and verification is essential component and an integral part of ADGM’s review process in registering a legal entity in ADGM. An applicant must provide such information at the time of incorporation and this information must be kept up to date during the life cycle of the legal entity.In particular, each ADGM Person (hereinafter referred to as ‘ADGM Person’) must keep a record of the required particulars of its beneficial owners in a register of beneficial owners.Where the ADGM Person is existing at the time of the enactment of ADGM Beneficial Owners and Control Regulations (“Regulations”), the ADGM Person must ensure that its record of beneficial owners is established no later than ninety (90) days after the date of enactment of the Regulations.Where the ADGM Person comes into existence after the date of enactment of the Regulations, the ADGM Person must ensure that a record of beneficial owners is established in accordance with that ADGM entity’s rules of formation.
What is beneficial owner?“beneficial owner”, in relation to a company or LLP“beneficial owner” for an ADGM Person who is a trustee, means each of the following but only in respect of the trust governed by the law of the Abu Dhabi Global Market for which the ADGM Person is a trustee“beneficial owner”, in relation to a foundationany person who owns or controls (in each case whether directly or indirectly), including through bearer share holdings or by other means, more than 25% of the shares or voting rights in the company or LLP;any person who controls the company or LLP, orany person who exercises control over the management of the company or LLP.the settlor of the trust;any other trustee(s) aside from the ADGM Person;each beneficiary of the trust;where the persons (or some of the persons) benefiting from the trust have not been determined, the class of persons in whose main interest, in the opinion of the Registrar, the trust has been established or operates; andany other person who, in the opinion of the Registrar, has control over the trust.the founder;the foundation council members (except council members that are ADGM registered corporate service providers);the guardian, if any; andthe beneficiaries (if named) or designee (if no beneficiaries are named) in whose main interest, in the opinion of the Registrar, the foundation has been established or operates.“control” if in relation to a company means such person who:holds, directly or indirectly, more than 25% of the company’s shares;holds, directly or indirectly, more than 25% of the voting rights in the company; orholds the right, directly or indirectly, to appoint or remove a majority of the board of directors of the company;in relation to an LLP, the person, holds, directly or indirectly, more than 25% of the voting rights in the conduct and management of the LLP.“control” means a power (whether exercisable alone, jointly with another person or with the consent of another person) under the trust instrument or by law to:dispose of, advance, lend, invest, pay or apply trust property;vary or terminate the trust;add or remove a person as a beneficiary to or from a class of beneficiaries;appoint or remove trustees or give another person control over the trust; anddirect, withhold consent to or veto the exercise of a power mentioned in sub-paragraphs (a) to (d).A person shall have “control” in relation to a foundation if such person:holds, directly or indirectly, more than 25% of the voting rights in the conduct and management of the foundation;holds the right, directly or indirectly, to appoint or remove a majority of the officials of the foundation.Note:Where any of the above roles are fulfilled by a company, LLP or partnership, the ADGM Person shall identify the natural persons who are the beneficial owners of such company, LLP or partnership, unless the company is a listed company.In any case where a beneficial owner is:• a listed company; or a company that it wholly-owned by the Federal Government of the United Arab Emirates, or by any of the governments of the member Emirates of the United Arab Emirates; or a company created by Emiri decree within the United Arab Emirates, it shall be treated as a natural person for the purposes of the Regulations, and therefore (for the avoidance of doubt) as the beneficial owner of the ADGM Person.• “listed company” means a company listed on a stock exchange recognised by the Registrar and subject to disclosure requirements which enable its beneficial owners to be identified.• “Beneficial owner”, in relation to a partnership (other than an LLP), means any person who ultimately is entitled to or controls (in each case whether directly or indirectly) more than 25% share of the capital or profits of the partnership or more than 25% of the voting rights in the partnership.
How to determine the beneficial owner?
Test 1 Test 1: The Ownership TestThe ownership test is to identify the individual who ultimately own the ADGM Entity. Ultimate owners are considered to be a registrable beneficial owner and their information and identification documents must be provided to the Registration Authority at the time of application and must be kept up-to-date throughout the lifecycle of ADGM Person.To help you identify the registrable beneficial owners, please refer to the illustration below. Registrable beneficial owners are identified through grey boxes.
Direct OwnershipIn this example, Individual 1 owns 100% of the ADGM Entity. He is the beneficial owner.In this example, Individual 1 and Individual 2 are direct owners of ADGM Entity. Both individual are the beneficial owners.
Indirect OwnershipIn this example, Individual 1 is the indirect owner and beneficial owner of the ADGM Entity.In this example, Individual 1 and Individual 2 are indirect owners and beneficial owners of the ADGM Entity.
Multiple Indirect OwnershipIn this example, there are multiple levels of indirect ownership. The two beneficial owners are clearly marked in grey boxes. In this case, Individual 4 has a 32.75% interest in ADGM Entity (50% x 65.5% = 32.75%) and Individual 1 has 50%.Calculating shareholdings: a reference in this Guidance Note to holding shares in an ADGM Person or other legal entity is to holding a right to share in the capital or, as the case may be, profits of that person or other entity, and a reference to holding “more than 25% of the shares” in that ADGM Person or other legal entity is to holding a right or rights to share in more than 25% of the capital or, as the case may be, profits of that person or other entity.If no registrable person can be identified under Test 1, Test 2 also needs to be considered.
Test 2: The Control TestThis test requires the identification of individual or corporate that ultimately controls the ADGM Entity by means other than ownership. For example, by a person, that holds more than 25% of the voting rights of ADGM Entity but the exercise of such voting rights is controlled by another. This latter person is a beneficial owner in respect of the ADGM Entity.It is important to note that if, in relation to ADGM Entity, there are individual who satisfy Test 2 in addition to individual / corporate beneficial owners that satisfy Test 1, then all are registrable in respect of that ADGM Entity.
Test 3: The Management TestThis test only applies if no registrable owners have been identified under Test 1 or Test 2 and stipulates that all natural persons who hold the position of a senior managing official of the ADGM Entity will be registrable as a beneficial owner.
DisclaimerThis Guidance (the “Note”) provides answers to many frequently asked questions and provides information on how to identify the beneficial owner of ADGM Entity. This is only a non-binding indicative guide and should be read together with the relevant legislation, in particular, ADGM Beneficial Owners and Control Regulations 2018 and any other relevant regulations and enabling rules, which may change over time without notice. The Note only refers to the procedures that need to be completed in relation to the Registrar. It does not cover other requirements as set out in the relevant legislation (which includes contact with the court and other obligations of an applicant). Further advice from a specialist professional may be required. The Registration Authority makes no representations as to accuracy, completeness, correctness or suitability of any information and will not be liable for any error or omission. Information in this Note is not to be deemed, considered or relied upon as legal advice and should not be treated as a substitute for a specific advice concerning any individual situation. Any action taken upon the information provided in this Note is strictly at your own risk and ADGM RA will not be liable for any losses and damages in connection with the use of or reliance on information provided in this Note.For more information, you may contact the Registrar:Telephone No.: 00 971 2 3338777
Email: firstname.lastname@example.orgAddress: 3rd floor, ADGM Building, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates.
Guidance on Applications for Accounts Filing Extensions
Guide overview and application
This guidance (“Guide”) provides an overview on applying for more time to file an ADGM private company or limited liability partnership’s accounts. The Guide also outlines the information that must be delivered to the Registration Authority (“RA”) as part of the application process and factors that the Registrar will consider when determining whether companies or limited liability partnerships will receive extensions.
The Guide applies to ADGM incorporated private limited companies, as well as limited liability partnerships (“LLPs”). For ease of reference, the term “Company” is used throughout this Guide to refer to both ADGM incorporated companies and LLPs, unless specifically stated otherwise.
This Guide is issued under section 28 of the Commercial Licensing Regulations 2015.
The relevant ADGM legislation regarding filing annual accounts of companies is the ADGM Companies Regulations 2020 (“CR 2020”) and for LLPs is the Limited Liability Partnership Rules 2020 (“LLPR 2020”).
Pursuant to section 416 of CR 2020 and rule 21 of LLPR 2020, the Registrar has the power to approve an application for an extension to file accounts for periods up to 3 months.
This Guide provides information on extending the filing due date of annual accounts and therefore should be read in conjunction with the CR 2020 and LLPR 2020 for companies and LLPs, respectively, as the Guide will not tell you everything about filing annual accounts.
ADGM’s Regulations and Rules are available on the ADGM website by following this link (https://en.adgm.thomsonreuters.com/).
Annual accounts – General information
All Companies, whether trading or not, must keep adequate accounting records.
Accounting records must, in particular, contain entries from day to day showing all money received by the Company and the matters in respect of which the receipt and expenditure takes place, and a record of the assets and liabilities of the Company. Parent Companies must ensure that any subsidiary keeps sufficient accounting records to enable the directors/members of the parent Company to prepare accounts that comply with CR 2020 or LLPR 2020.
A Company must keep its accounting records at its registered office address or any alternative location that the Company thinks suitable. Accounting records must be preserved by the Company for ten years from the date on which they are made.
Company’s accounts must be approved by the Board of Directors and a director must sign the balance sheet on behalf of the Board. A Company’s accounts must be audited unless the Company is exempt from audit, as per CR 2020 and LLPR 2020, as applicable. All Companies must file their accounts with the RA every year. If a Company’s accounts are filed late, the Company is liable to a fine.
Your Company should take appropriate measures to ensure that accounts are filed on time through the ADGM’s online registry solution: www.registration.adgm.com.
Please review the CR 2020 or LLPR 2020 to ensure that all requirements in relation to your Company’s annual accounts are complied with.
Registrar’s power to grant accounts filing extensions
The Registrar may, for any special reason he thinks fit, approve an application to extend the timeframe for filing accounts for periods of up to 3 months. Any extension will not extend the period for filing to more than 12 months after the end of the Company’s relevant accounting period.
A special reason would include an unforeseen event outside the Company’s control that prevents the Company from filing its accounts by the filing deadline. The unforeseen event could include, for example, an unexpected illness of a key individual in the company essential to the filing or a fire destroying company records. The Registrar will consider each application and supporting explanation on a case-by-case basis.
Applying for an extension
You can apply to extend your Company’s accounts filing deadline, however, you must apply for the extension before your filing deadline with a full explanation of why you need the extension. An application made after the filing deadline will be rejected.
Apply for your extension early. If you have not received a response from the Registrar on your application before the filing deadline for your Company’s accounts, you are required to file the annual accounts by the filing deadline.
Late filing penalties
If the Registrar has not yet approved your application for an extension and you file your accounts after the filing deadline, your Company will be liable to a fine. If you do not apply for an extension and your accounts are filed late, your Company will be liable to a fine. The Registrar does not have the discretion to waive the collection of a penalty.
Failure to deliver accounts to ADGM – No longer carrying on business
If a Company does not comply with the requirement to file accounts and the Registrar believes that the Company is no longer carrying on business or in operation, he may strike it off the register and dissolve it.
Failure to file documents is an offence under CR 2020 and LLPR 2020. All the directors/members of a Company may be liable to a fine, along with the Company.
How to apply for the filing extension
You must apply to extend your accounts filing deadline by completing the relevant application form and submitting it via email to the Monitoring and Enforcement Team at: email@example.com
To access the application form click here.
You will not receive a late filing penalty by the RA if your application is approved and you file your accounts before the extended deadline.
The Registrar will review your application and make a decision about your extension request.
It is important to file your accounts by the filing deadline. You should not wait for a decision about your extension request.
The RA will contact you by email to tell you if your application has been successful or not. The RA may also contact you if more information is needed.
If the Registrar approves your application for an extension of your Company’s filing deadline, you must file your accounts before the new filing deadline or your Company will be liable to a late filing penalty.
It is also important to note that if the extension is granted, it will not change the ordinary filing deadline for your Company’s future account filings.
COVID-19 Temporary Support Measure
If your accounts will be late because your company is affected by COVID-19, you can apply for a 3 month extension to file your accounts provided that your next filing deadline is before 1 January 2021 and your filing deadline has not yet passed.
After reading this Guide, if you require further information or clarification regarding applications for extension of accounts filings, please email the RA’s Monitoring & Enforcement Team at: firstname.lastname@example.org
This Guide is a non-binding indicative guide and should be read together with the relevant legislation, in particular the ADGM Companies Regulations 2020 and the Limited Liability Partnership Rules 2020 and any other relevant regulations and enabling rules, which may change over time without notice. Information in this Guide is not to be deemed, considered or relied upon as legal advice and should not be treated as a substitute for a specific advice concerning any individual situation. Any action taken upon the information provided in this Guide is strictly at your own risk and the Registration Authority will not be liable for any losses and damages in connection with the use of or reliance on information provided in this Guide. The Registration Authority makes no representations as to the accuracy, completeness, correctness or suitability of any information provided in this Guide.
COVID 19 Implication for Data Protection
Introduction to Abu Dhabi Global Market
Abu Dhabi Global Market (ADGM) is a broad based international financial centre, established pursuant to Abu Dhabi Law No. 4 of 2013 in the Emirate of Abu Dhabi. With its own civil and commercial laws based on the English common law, ADGM offers the local, regional and international business community a world-class legal system and regulatory regime.
ADGM Office of Data Protection
The Registrar of the ADGM Registration Authority, together with the Office of Data Protection (ODP), is responsible for supervising and ensuring the effective compliance of the obligations of Data Controllers under the Data Protection Regulations 2015 (as amended) (DP Regulations).
The ODP also provides guidance to registered entities and receives complaints from individuals.
For more information and data protection resources, please go to the ODP micro-site available at: https://www.adgm.com/operating-in-adgm/office-of-data-protection/guidance.
For further information or enquiries, please contact us via email at: Data.Protection@adgm.com.
Frequently Asked Questions
The ODP recognises that Data Controllers are facing unexpected challenges during the Coronavirus COVID-19 pandemic.
The ODP is aware that Data Controllers may need to share Personal Data rapidly or collect the Personal Data of visitors to their premises for such purposes as contact tracing and other response measures.
The DP Regulations do not prevent a Data Controller from processing Personal Data in cases of emergency, provided that the Personal Data is processed fairly, lawfully and securely, and it is adequate, relevant and proportionate for the purposes for which it is being processed.
The ODP is here to help and clarify frequently asked questions received in this regard:
1. What is the ODP’s position if a Data Controller does not meet certain regulatory requirements or experiences a delay in responding to Data Subject rights requests during the current COVID-19 situation?
Data Controllers should always seek to comply with their obligations under the DP Regulations. However, during these uncertain times, the ODP understands that Data Controllers might be distracted and there may be delays in responding to Data Subject requests and other compliance requirements under the DP Regulations. The ODP will take a pragmatic approach to regulation during these uncertain times and will take into consideration any mitigating circumstances before deciding what regulatory action to take (if any) against Data Controllers for non-compliance.
2. Can a Data Controller inform employees that a member of their team has contracted COVID-19?
Employers have a legal obligation to ensure the health and safety of all their employees. Accordingly, Data Controllers should keep employees informed about any cases of COVID-19 in their organization and take the necessary measures to keep employees safe. However, employers should avoid naming individuals, if possible, and should not provide any more information than is necessary.
3. Is a Data Controller, that is a public entity or healthcare provider, permitted to contact individuals in relation to COVID-19 without having prior consent?
The DP Regulations do not prevent any health professionals from sending public health messages to people, either by phone, text or email, as these messages are not direct marketing.
Public bodies may also require additional collection and sharing of Personal Data for the purpose of protection against serious threats to public health. This is a legitimate purpose for collecting and processing such Personal Data.
4. Can a Data Controller collect health data in relation to COVID-19 about employees or visitors of ADGM entities?
As an employer, Data Controllers have a duty to ensure employees’ health and safety, but that does not necessarily mean they may gather unnecessary information about their employees.
For example, it may be reasonable in the current circumstances to ask an employee or a visitor if they have visited a particular country or are experiencing COVID-19 symptoms. On the other hand, it would be unreasonable to ask an employee or visitor if they or any of their family members have ever been diagnosed with any other contagious disease.
If additional health data is required, employers must ensure that they do not collect any more Personal Data or Sensitive Personal Data than is necessary (note: Sensitive Personal Data includes health information). In addition, employers must ensure that any Person Data or Sensitive Personal Data that is collected is treated with the appropriate safeguards, as specified under the DP Regulations.
5. Can a Data Controller share employees’ health information to the relevant Health Authorities for public health purposes?
It is unlikely that a company will be required by Health Authorities to share information about specific individuals. However, if this does happen, the DP Regulations do not prevent employers from sharing such information, provided there is a legal basis for the processing of the Personal or Sensitive Personal Data and appropriate safeguards have been met.
6. Can employees work from home during this period?
The DP Regulations do not restrict a Data Controller’s employees from working from home, provided the appropriate safeguards have been met (e.g. appropriate IT security is made available to employees) to protect any Personal Data that may be processed during that period.
ADGM Data Controllers and their employees are responsible for ensuring robust security measures are in place and adhered to at all times.
7. Who can I contact for more info?
For further information, please do not hesitate to contact the ODP via e-mail: Data.Protection@adgm.com.
The object of Frequently Asked Questions (FAQs) is to provide guidance to ADGM Data Controllers during the unforeseen challenges caused by COVID-19. This is only a non-binding indicative guide and should be read together with the DP Regulations and any other relevant regulations and enabling rules, which may change over time without notice. Further advice from a specialist professional may be required. The Registration Authority makes no representations as to accuracy, completeness, correctness or suitability of any information and will not be liable for any error or omission. Information in this FAQ is not to be deemed, considered or relied upon as legal advice and should not be treated as a substitute for a specific advice concerning any individual situation. Any action taken upon the information provided in this FAQ is strictly at your own risk and ADGM RA will not be liable for any losses and damages in connection with the use of or reliance on information provided in this FAQ.
Data Protection Guidance Note
2. IntroductionAbu Dhabi Global Market2.1 Abu Dhabi Global Market (ADGM) is a broad based international financial center, established pursuant to Abu Dhabi Law No. 4 of 2013 in the Emirate of Abu Dhabi. With its own civil and commercial laws based on Common law, ADGM offers the local, regional and international business community a world-class legal system and regulatory regime.2.2 This guidance (“Guide”) is issued under section 28 of the Commercial Licensing Regulations 2015. The Guide has been prepared by the Registration Authority to assist ADGM registered entities in relation to data protection requirements.Registration Authority2.3 The Registration Authority is one of ADGM’s three independent authorities, together with the Financial Services Regulatory Authority and ADGM Courts. The Registration Authority is responsible for, among other things the registration and commercial licensing of businesses operating in or from Al Maryah Island, Abu Dhabi.The Office of Data Protection2.4 The ADGM Office of Data Protection is the data protection supervisor for the ADGM. The Office of Data Protection’s role is to administer the ADGM’s data protection regime (the Data Protection Regulations 2015 (as amended)), including maintaining a register of Data Controllers, enforcing the obligations upon Data Controllers and upholding the rights of individuals.2.5 The Office of Data Protection also provides guidance to registered entities and receives complaints from individuals.2.6 For more information and data protection resources, please go to the Office of Data Protection micro-site available at: https://www.adgm.com/operating-in-adgm/office-of-data-protection/overview2.7 For further information or enquiries please contact us via email at: Data.Protection@adgm.com
3. Overview3.1 This Guide has been written to assist ADGM registered entities in relation to ADGM’s data protection regime. This Guide covers:- What is data protection;- The five key principles of ADGM’s data protection regime;- The rights of the Data Subject in relation to their personal data;- The role and obligations of Data Controller and Data Processor;- The process of transferring Personal Data and Sensitive Personal Data outside ADGM;- The obligations to notify the Registration Authority; and- The use of consent for the purpose of data protection.3.2 All capitalized terms are defined in a Glossary of defined terms at Section 16 of this Guide.
4. What is Data Protection?4.1 Data protection is the process of safeguarding an individuals’ personal information, including how personal information is accessed, stored, disseminated and destroyed.4.2 Data protection regimes exist to create a balance between the rights of individuals to privacy and the needs of organizations to utilize data for the purposes of conducting their business, including sharing personal data with third parties.
5. What is ADGM’s Data Protection Regime?5.1 ADGM’s data protection regime consists of the ADGM Data Protection Regulations 2015 (as amended) (the “Data Protection Regulations”).5.2 The Data Protection Regulations were enacted on October 4, 2015 by the Board of Directors of the ADGM, in exercise of its powers under Article 6(1) of Law No. 4 of 2013 concerning the ADGM (issued by His Highness the Ruler of the Emirate of Abu Dhabi). The Data Protection Regulations make provision for the protection of personal data within the ADGM and for connected purposes. The Data Protection Regulations was amended in 2018 to include updates on matters such as defined terms, data breach notification timeframes and deadlines for notifications to the Registrar, alongside expanded enforcement provisions.5.3 The Data Protection Regulations control how personal information is used by organisations and businesses registered in ADGM. All entities registered in ADGM that hold or process Personal Data must follow the obligations under the Data Protection Regulations.
6. The Role and Responsibilities of the Data Controller6.1 The Data Controller determines the purposes for which, and the manner in which, any Personal Data that it holds, are processed. The Data Controller is responsible for ensuring that all Personal Data processing complies with the Data Protection Regulations.
7. Five Key Principles of Data Protection*:7.1 Data Controllers are expected to ensure that Personal Data which they process are:a) processed fairly, lawfully and securely;b) processed for specified, explicit and legitimate purposes in accordance with the Data Subject's rights and not further Processed in a way incompatible with those purposes or rights;c) adequate, relevant and not excessive in relation to the purposes for which they are collected or further Processed;d) accurate and, where necessary, kept up to date; ande) kept in a form, which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data were collected or for which they are further Processed.7.2 Further information on each principle is set out below.Principle 1. Processed fairly, lawfully and securely7.3 The Data Protection Regulations requires the Data Controller to process Personal Data fairly, lawfully and securely. The main purpose of this requirement is to protect the interests of the Data Subjects whose Personal Data is being processed.7.4 This principle applies to all actions that a Data Controller undertakes with Personal Data. In practice, it means:a) to have legitimate grounds for collecting and using the Personal Data;b) do not use the data in ways that have unjustified adverse effects on the individuals concerned;c) to be transparent about how they intend to use the data, and give individuals appropriate privacy notices when collecting their Personal Data;d) to handle people’s Personal Data only in ways they would reasonably expect; ande) to make sure they do not commit any unlawful actions with the data.Principle 2. Processed for specified, explicit and legitimate purposes in accordance with the Data Subject's rights and not further Processed in a way incompatible with those purposes or rights7.5 The Data Controller must be open about their reasons for obtaining Personal Data, and that what they undertake with the information is in line with the reasonable expectations of the individuals concerned. In practice, the Data Controller must:a) be clear from the outset about why they are collecting Personal Data and what they intend to do with it;b) comply with the Data Protection Regulation’s fair processing requirements – including the duty to give privacy notices to individuals when collecting their Personal Data; andc) ensure that if they wish to use or disclose the Personal Data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure is fair.Principle 3. Adequate, relevant and not excessive in relation to the purposes for which they are collected or further Processed7.6 The Data Controller must only collect the Personal Data that they need for the purposes that have been specified. They are also required to ensure that the Personal Data they collect is sufficient for the purpose for which it was collected. In practice, it means that the Data Controller should ensure that:a) they hold Personal Data about an individual that is sufficient for the purpose they are holding it for in relation to that individual; andb) they do not hold more information than they need for that purpose.Principle 4. Accurate and, where necessary, kept up to date7.7 To comply with this requirement, the Data Controller should:a) take reasonable steps to ensure the accuracy of any Personal Data they obtain;b) ensure that the source of any Personal Data is clear;c) carefully consider any challenges to the accuracy of information; andd) consider whether it is necessary to update the information.Principle 5. Kept in a form, which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data were collected or for which they are further Processed7.8 The Data Controller is required to retain Personal Data no longer than is necessary for the purpose that they obtained it for. They are expected to ensure that Personal Data is disposed of when no longer needed to reduce the risk that it will become inaccurate, out of date or irrelevant. In practice, it means that Data Controllers will need to:a) review the length of time that Personal Data is kept;b) consider the purpose or purposes they should hold the information for in deciding whether (and for how long) to retain it;c) securely delete information that is no longer needed for this purpose or these purposes; andd) update, archive or securely delete information if it goes out of date.
* Section 1(1) of the ADGM Data Protection Regulations 2015.
8. Requirements for Legitimate Processing of Personal Data*8.1 The conditions for processing Personal Data are set out in the Data Protection Regulations. At least one of the following conditions must be met whenever the Data Controller processes Personal Data:a) The Data Subject has given his written consent to the Processing of that Personal Data;b) Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;c) Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;d) Processing is necessary in order to protect the vital interests of the Data Subject;e) Processing is necessary for the performance of a task carried out in the interests of the ADGM or in the exercise of the Board's, the Court's, the Registrar's or the Regulator's functions or powers vested in the Data Controller or in a Third Party to whom the Personal Data are disclosed; orf) Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by the Third Party to whom the Personal Data are disclosed, except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation.
* Section 2 of the ADGM Data Protection Regulations 2015.
9. Requirements for Processing Sensitive Personal Data*9.1 Due to the nature of Sensitive Personal Data and its vulnerability to be misused, Section 3 of the Data Protection Regulations prohibits the processing of Sensitive Personal Data unless certain criteria are satisfied, including but not limited to:a) Additional written consent to the processing of this kind of Personal Data has been obtained from the Data Subject;b) Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller; orc) Processing is necessary to protect the vital interests of the Data Subject or of another person where the Data Subject is physically or legally incapable of giving his/her consent.9.2 Please refer to the Data Protection Regulations for the full list of criteria.
* Section 3 of the ADGM Data Protection Regulations 2015
10. Notifications to the Registration Authority*Initial Registration as a Data Controller10.1 The registration of any data controller residing within Al Maryah Island is mandatory with the Registration Authority. If you are an entity applying to be registered / incorporated in ADGM and will be processing Personal Data, it is therefore essential for you to complete the Data Protection initial registration form and pay the applicable fee. A Data Controller shall establish and maintain records of any Personal Data Processing operations or set of such operations intended to secure a single purpose or several related purposes.Application for renewal of Registration as a Data Controller10.2 Registration as a Data Controller is valid for one (1) year and can be renewed annually by submitting an “Application for renewal of registration – Data Protection” via the Registration Authority’s Online Solution available at https://www.registration.adgm.com and by paying the applicable fee. Renewal must be done on every anniversary of the company’s incorporation/registration.Appointment and Cessation of Data Processor10.3 A Data Controller must notify the Registration Authority of the appointment or cessation of a Data Processor. This notification can done by completing a Notice of Appointment / Cessation of Data Processor through the Registration Authority’s Online Solution.Change in Particulars of Data Processor10.4 A Data Controller must give notice to the Registration Authority of any change in the particulars of Data Processor. Such notice can be done by completing a Notice of Change of Particulars of Data Processor through the Registration Authority’s Online Solution.Change in business contact details10.5 A Data Controller must notify the Registration Authority in case of any change in its business contact details, for example the data protection contact person’s name, contact number, email, etc.Data Breach Notifications within 72 hours10.6 10.6 An unauthorized intrusion involving Personal Data is serious issue. Organizations must react appropriately when they become aware of breaches involving customer or employee personal information. A Data Controller must notify the Registration Authority in case of any security breach involving Personal Data as soon as possible.10.7 Breach notifications must be filed electronically via the Registration Authority’s Online Solution available at https://www.registration.adgm.com.
* Section 12 of the ADGM Data Protection Regulations 2015.
11. Transfers of Personal Data out of the ADGM*:11.1 Personal Data shall not be transferred to a country or territory outside ADGM unless that country or territory ensures an adequate level of protection for the rights and freedoms of Data Subjects in relation to the processing of Personal Data.11.2 The adequacy of the level of protection ensured by laws to which the Recipient is subject, shall be assessed in the light of all the circumstances surrounding a Personal Data transfer operation or set of Personal Data transfer operations, including, but not limited to:a) the nature of the Personal Data;b) the purpose and duration of the proposed Processing operation or operations;c) if the data do not emanate from the ADGM, the country of origin and country of final destination of the Personal Data; andd) any relevant laws to which the Recipient is subject, including professional rules and security measures.
*Section 4 of the ADGM Data Protection Regulations 2015.
12. Adequate level of protection*12.1 The following jurisdictions have been designated by the Registration Authority as providing an adequate level of protection. This list may be updated from time to time by a publication to such effect on the Registrar's website.Argentina
BulgariaCanada (provided the recipient is subject to the Canadian Personal Information Protection and Electronic Documents Act [PIPED Act])
DenmarkDubai International Financial Centre (DIFC)
Isle of ManItaly
United KingdomUruguayUnited States of America (subject to compliance with the terms of the EU-US Privacy Shield)
* Schedule 3 of the ADGM Data Protection Regulations 2015.
13. Transfers out of the ADGM in the absence of an adequate level of protection*13.1 If an ADGM registered entity intends to transfer Personal Data to a Recipient located in a jurisdiction other than in the table above, the transfer is only possible under certain conditions, including but not limited to:a) the Registration Authority has granted a permit for the transfer or the set of transfers and the Data Controller applies adequate safeguards with respect to the protection of such Personal Data;b) the Data Subject has given his written consent to the proposed transfer;c) the transfer is necessary for the performance of a contract between the Data Subject and the Data Controller or the implementation of pre-contractual measures taken in response to the Data Subject's request;d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Data Controller and a Third Party;e) the transfer is made to a person established outside the ADGM who would be a Data Controller (if established in the ADGM) or who is a Data Processor, if, prior to the transfer, a legally binding agreement in the form set out respectively, to these Regulations has been entered into between the transferor and Recipient; orf) the transfer is made between one or more members of a Group of Companies in accordance with a global data protection compliance policy of that Group, under which all the members of such Group that are or will be transferring or receiving the Personal Data are bound to comply with all the provisions of these Regulations containing restrictions on the use of Personal Data and Sensitive Personal Data in the same way as if they would be if established in the ADGM.
* Section 5 of the Data Protection Regulations 2015
14. The use of consent for the purpose of data protection14.1 This section highlights key issues that data controllers should be aware of and consider when using the Data Subject’s consent as legal grounds for the processing of Personal Data. For further information about the use of consent in the area of data protection, please contact the ODP.Relying on consent for data protection compliance14.2 Consent of the Data Subject is only one of several legal grounds that make the processing of Personal Data lawful. Although many data controllers view consent as the simplest route to compliance with their data protection obligations, it may not always be sufficient on its own. Having consent only ensures compliance with the requirement to process data fairly and lawfully. Data Controllers must still comply with the remaining data protection principles. This means that the Data Controllers will not be permitted to process Personal Data that are inaccurate or out of date, unnecessary, irrelevant or excessive for the specific purposes for which they were collected, even if the Data Subject had previously consented.14.3 Additionally, Data Controllers may only rely on consent as grounds for lawful processing of Personal Data if the individual Data Subject has a genuine free choice and is subsequently able to withdraw the consent without detriment.Definition of consent14.4 To be valid in a data protection context, consent must be freely given, specific, informed, and unambiguous. The Data Subject must also signify his agreement to the processing of his Personal Data.• Consent will only be deemed freely given if it is voluntary and if Data Subject is able to exercise a real choice, i.e. there is no risk of deception or coercion.• Consent will only be deemed specific if it is given with respect to the type of Personal Data that is processed, and the exact purpose for which it is processed.• Consent will only be deemed an informed consent if the Data Subject was given accurate and full information of all relevant issues in a clear and understandable manner. This should include the nature of the data processed, the purpose of the processing, the recipients of possible transfer, the right of the Data Subject, etc.• Consent will only be deemed unambiguous if the procedure to seek and to give consent leaves no doubt that the Data Subject does in fact agree to that processing. Methods to obtain unambiguous consent include express statements by the Data Subject, online forms that include a visible tick box to be ticked by individuals who agree to their data being processed in a particular way that is explained on the online form or a documents to which that form links, express oral consent, etc.Express or Explicit consent14.5 Express or explicit consent encompasses all situations where individuals are presented with a proposal to agree or disagree to a particular use of disclosure of their personal information and they respond actively to the question orally or in writing, consent which is inferred or implied will not normally meet the requirement of explicit consent.At what stage must consent be obtained?14.6 As a general rule, the Data Controller must obtain consent before processing Personal Data, particularly if it is a pre-condition for lawful processing.What happens When a Data Subject withdraws his consent?14.7 The Data Subject’s withdrawal of consent has no retroactive effect, this means that it will not make previous data processing that was based on the original consent unlawful. However, a withdrawal should, in principle, prevent any future processing of the Data Subject’s data unless the processing can be justified by other legal grounds.
15. Difference between Personal Data and Sensitive Personal Data15.1 The difference between Personal Data and Sensitive Personal Data may in certain instances be difficult to define. For example, names and surnames in connection with addresses and dates of birth are Personal Data rather than Sensitive Personal Data. However, more sensitive details such as ethnicity or religion may be inferred from these details, as frequently particular surnames are associated with a certain religion or ethnicity, or possibly both.15.2 This does not necessarily mean that in order to maintain these names on client databases you would have to comply with the requirements for processing Sensitive Personal Data. But where the data processor is processing such names due to the specific reason that they indicate a certain religion or ethnicity, e.g. to send advertising or marketing materials for items or services that are targeted specifically at persons of this particular religion or ethnicity, then this would constitute the processing of Sensitive Personal Data.15.3 In all instances assumptions about Data Subjects should be made with caution as such assumptions may lead to the collection of inaccurate Personal Data.
16. Glossary of Defined Terms*TermMeaningData:Any information which– (a) is being processed by means of equipment operating automatically in response to instructions given for that purpose; (b) is recorded with the intention that it should be processed by means of such equipment; or (c) is recorded as part of a Relevant Filing System or with the intention that it should form part of a Relevant Filing System.
Personal Data:Any information relating to an identified natural person or Identifiable Natural Person.
Identifiable Natural Person:A natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Data Controller:Any person in the Abu Dhabi Global Market (excluding a natural person acting in his capacity as a staff member) who alone or jointly with others determines the purposes and means of the Processing of Personal Data.
Data Processor:Any person (excluding a natural person acting in his capacity as a staff member) who Processes Personal Data on behalf of a Data Controller.
Data Subject:The natural person to whom Personal Data relate.
Processing:Any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and "Processed", "Processes" and "Process" shall be construed accordingly.
Recipient:Any person to whom Personal Data are disclosed, whether a Third Party or not, but does not include any person to whom disclosure is or may be made as a result of, or with a view to, a particular inquiry by or on behalf of that person made in the exercise of any power conferred by law.
Sensitive Personal Data:Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, political opinions, religious or philosophical beliefs, trade‐union membership and health or sex life.
* Section 20 of the ADGM Data Protection Regulations 2015.
DisclaimerThis Guide provides information on completing the annual Data Protection Register Renewal obligation. This is only a guide and should be read together with the relevant legislation, in particular, ADGM Companies Regulations 2015, ADGM Data Protection Regulations 2015 and any other relevant regulations and enabling rules. The Guide only refers to the procedures that need to be completed in relation to the Registrar. It does not cover other requirements such as obtaining relevant permits from third parties, if necessary. Further advice from a specialist professional may be required.For more information, please contact the Office of Data Protection by:Telephone: +971 2 333 8888Email: Data.Protection@adgm.comIn person: 3rd floor, ADGM Building, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi,
United Arab Emirates.Published: 18 February 2020
Decision Procedures and Enforcement Manual
Chapter 1 Chapter 1 – Introduction
Introduction1.1 This Decision Procedures and Enforcement Manual (the “Manual”) sets out information on the policies, processes and procedures of the Abu Dhabi Global Market (“ADGM”) Registration Authority in relation to the exercise of its enforcement powers and related decision making.1.2 The Manual contains various policies and procedures and is intended to be both a reference for staff of the Registration Authority as well as to provide guidance to persons operating, or intending to operate, as licensed persons in the ADGM. However, the information in this Manual is general and non-binding. Decisions about particular matters or investigations are made based on the specific facts of the case.1.3 The Manual is not an exhaustive source of the Registration Authority’s policy and procedures on the exercise of its enforcement and disciplinary powers and decision making (refer to the ‘Application’ section below for further detail on the scope of this Manual).1.4 This Manual should be read in conjunction with ADGM’s commercial legislation, in particular, the Commercial Licensing Regulations 2015 (“CLR”). A link to ADGM’s commercial legislation is available here.1.5 The term ‘ADGM’s commercial legislation’ used throughout this Manual refers to the regulations and rules governing the incorporation, registration, licensing, operation and de-registration of all legal entities in the ADGM. This includes but is not limited to the ADGM Companies Regulations 2020, Commercial Licensing Regulations 2015, Insolvency Regulations 2015, Data Protection Regulations 2015, Foundations Regulations 2017 and associated rules.1.6 However, it does not refer to ADGM legislation governing the provision of financial services, including anti-money laundering (which is regulated by the FSRA) nor the procedures of the ADGM Courts and arbitration regulations.1.7 Note: this Manual does not cover, include or relate to the use of enforcement powers by the ADGM Financial Services Regulatory Authority (“FSRA”).
Legal Basis1.8 The Registration Authority is established by Article 10 of Abu Dhabi Law No. (4) of 2013, as amended (“ADGM Law”). Further, Article 11 of the ADGM Law sets out the tasks, functions and responsibilities of the Registration Authority, which includes the registration, licensing, control and supervision of licensed persons.1.9 The powers and procedures of the Registration Authority in relation to investigation and enforcement are principally set out in Parts 1, 3 and 4 of the CLR.1.10 Section 45 of CLR requires the Registration Authority to prepare and issue a statement of policy with respect to:a. the imposition of fines, suspensions or restrictions under Part 4 of CLR; andb. the period for which suspensions or restrictions under Part 4 of CLR are to have effect.1.11 As per section 54 of CLR, the Registration Authority must determine the procedure that it proposes to follow in relation to the following:a. a decision which gives rise to an obligation to give a supervisory notice; orb. a decision which gives rise to an obligation for it to give a warning notice or decision notice.1.12 Under this section the Registrar must also issue a statement of its procedure.1.13 This Manual is issued under section 45 and subsection 54(5) of CLR.
Application1.14 This Manual is relevant to licensed persons in ADGM and other persons including potential applicants, advisors and interested parties. The Manual sets out:a. the Registration Authority’s decision making procedure for giving warning notices, decision notices and supervisory notices (collectively referred to as “statutory notices”);b. the Registration Authority’s policy with respect to exercising own initiative action to vary (narrow) the scope of a commercial licence;c. the Registration Authority’s policy with respect to the imposition of financial penalties under the CLR;d. the Registration Authority’s policy with respect to suspending, limiting or restricting a commercial licence; ande. the Registration Authority’s policy with respect to cancellation of a commercial licence.
Purpose1.15 The purpose of this Manual is to provide readers an understanding of how the Registration Authority operates in relation to the exercise of its enforcement powers and related decision making, as well as its expectations of licensed persons.1.16 Additionally, this Manual is intended to satisfy the requirements of section 45 and subsection 54(5) of the CLR that the Registration Authority publish statements of policy and procedure regarding the matters set out in the ‘Application’ section, above.1.17 The Manual is publically available at www.adgm.com
Updating the Manual1.18 This Manual will be subject to periodic review and updated as appropriate in the light of any amendments to relevant law, changes in policy and further experience in practice.1.19 In accordance with subsections 45(7) and 55(7) of CLR, the Registration Authority will publish a draft of any proposed alterations or revisions for public consultation, prior to issuing updates to the Manual.
Defined Terms1.20 Terms used in this Manual and in the CLR, have the same meaning in the Manual as in the CLR, unless stated otherwise.
Statutory Notices1.21 Subsection 54(5) of the CLR requires the Registration Authority to publish a statement of its procedure for the giving of statutory notices. The procedure must be designed to secure, among other things that the decision which gives rise to the obligation to give a statutory notice is taken by a person not directly involved in establishing the evidence on which that decision is based or by two or more persons who include a person not directly involved in establishing that evidence.1.22 The types of statutory notices and related notices, and the principal references to them in the CLR are set out in Table 1, below.Table 1: Summary of statutory and related notices
Notice Description CLR reference Warning Notice Gives the recipient details about action that the RA proposes to take and about the right to make representations. Section 47 Decision Notice Gives the recipient details about action that the RA has decided to take. The RA may also give a further decision notice if the recipient of the original decision notice consents. Section 48 Notice of Discontinuance Identifies proceedings set out in a warning notice or decision notice and which are not being taken or are being discontinued. Section 49 Final Notice Sets out the terms of the action that the RA is taking. Section 50 Supervisory Notice Gives the recipient details about action that the RA has taken or proposes to take, for example, to vary a condition. Section 54(13)1.23 In the Manual the supervisory notice about a matter first given to the recipient is referred to as the “first supervisory notice” and the supervisory notice given after consideration of any representations is referred to as the “second supervisory notice”.1.24 The requirement in subsection 54(5) of CLR to publish a procedure for the giving of notices does not extend to the giving of a notice of discontinuance or a final notice. Neither of these notices is a statutory notice for the purposes of the Manual; nor is the decision to give such a notice a statutory notice associated decision.1.25 For a list of actions that require the issuance of a warning or decision notice, please refer to Annex 1.1.26 For a list of actions that require the issuance of a supervisory notice, please refer to Annex 2.
Chapter 2 Chapter 2 – Approach to Enforcement
Introduction2.1.1 The purpose of this Chapter is to set out how the Registration Authority commences and conducts investigations as well as its approach to the exercise of its enforcement powers and the considerations that apply to the exercise of those powers.
Enforcement Principles2.1.2 The Registration Authority’s approach to enforcement is based on the following principles:a. Risk Based Approach: the Registration Authority follows a risk-based approach to the monitoring and enforcement of ADGM’s commercial legislation. The risk based approach ensures that the Registration Authority’s resources are focused on those areas that it perceives as posing the greatest risk to the achievement of its objectives.b. Acting Decisively: the Registration Authority acts decisively and swiftly to stop conduct which may cause reputational damage to, or threatens the integrity of, the ADGM, to minimise its effects, and prevent such conduct re-occurring.c. Procedural Fairness and Proportionality: the Registration Authority takes enforcement action in accordance with its policies and procedures. In the exercise of its enforcement powers the Registration Authority acts fairly, transparently and proportionally.d. Transparency: the Registration Authority ordinarily publicises outcomes arising from an enforcement action taken, in order to maintain the integrity of the ADGM and deter contraventions. The commencement and progress on investigations will not generally be publicized.e. Cooperation: the Registration Authority works closely with relevant U.A.E. Government Authorities to ensure the comprehensive, effective and efficient oversight of all non-financial business sectors in ADGM.
Enforcement process2.3 When taking enforcement action, the Registration Authority will generally adopt the enforcement process described in this Manual. The enforcement process consists of the following elements:- Receipt of allegation;- Assessment of allegation;- Investigation;- Decision making;- Warning Notice;- Representations;- Decision Notice; and- ADGM Courts.2.4 A diagram of the Registration Authority’s Enforcement Process is set out at Annex 3.
Receipt of allegation2.5 The Registration Authority becomes aware of complaints, allegations of misconduct, suspected contraventions of ADGM’s commercial legislation or matters that warrant investigation or enforcement action in a number of ways, including:a. reports of misconduct or complaints from members of the public or other ADGM firms;b. the Registration Authority’s monitoring operations;c. referrals from the FSRA and other regulatory or law enforcement authorities; andd. reports submitted by licensed persons as required under ADGM’s commercial legislation.
Complaints2.6 The scope of this Manual covers complaints received by the Registration Authority regarding licensed persons, that are made by third parties in relation to ADGM’s commercial legislation, as follows:a. any conduct by or dissatisfaction with a licensed person1;b. any alleged contravention of ADGM’s commercial legislation; orc. any conduct that causes, or may cause, damage to the reputation of the ADGM.2.7 A person wishing to lodge a complaint with the Registration Authority should do so in writing. Complaints can be lodged:a. By emailing the complaint to: email@example.com;b. By posting the complaint to:Registration Authority,
Abu Dhabi Global Market
PO BOX 111999,
Abu Dhabi, U.A.E.; orc. By delivering the compliant to: The Registration Authority, Level 3, ADGM Authorities Building, Al Maryah Island, Abu Dhabi.2.8 When a complaint is received, the Registration Authority will send a written acknowledgement to the complainant which will include the contact details of the relevant team responsible for managing the complaint.2.9 All complaints lodged with the Registration Authority are held in confidence and in accordance with ADGM’s commercial legislation, including the Data Protection Regulations 2015.2.10 However, to assess a complaint properly, the Registration Authority may need to contact third parties including the person who is the subject of the complaint. Where the Registration Authority contacts third persons it will not disclose the identity of the complainant without the prior written consent of the complainant.
1 Except in relation to obligations pursuant to the ADGM Employment Regulations 2019, which are not within the scope of this Decision Procedures & Enforcement Manual.
Referrals2.11 Referrals or allegations of misconduct arise both from other departments within the Registration Authority, or from the FSRA and other government or regulatory authorities.
Assessment of allegation2.12 The assessment of allegations of suspected misconduct or contraventions of the ADGM’s commercial legislation is a core aspect of the Registration Authority’s monitoring and control function. Every allegation, regardless of the source, is assessed to determine whether an investigation should take place.2.13 The Registration Authority’s Monitoring & Enforcement Department is responsible for assessing complaints and allegations of misconduct, and the Department Head decides whether a matter should be investigated.2.14 The Registration Authority may request further information from the complainant or source of an allegation to help it assess the allegation. The licensed person that is the subject of an allegation may also be contacted to obtain further information.2.15 At the assessment stage the Registration Authority generally obtains information voluntarily. However, as per section 29 of CLR, the Registration Authority does have non-investigative information gathering powers, which may be used at the allegation assessment phase if necessary.2.16 To ensure consistency and transparency in determining whether to commence an investigation, the Registration Authority considers allegations against certain criteria. The application of the criteria depends on the particular circumstances of a matter and include:a. whether the Registration Authority has jurisdiction in relation to the alleged misconduct;b. the seriousness of the alleged misconduct, its duration and whether it is ongoing;c. the nature of the alleged misconduct including whether it was deliberate, reckless, routine or minor;d. the effect of the misconduct, including whether it resulted in a benefit to a person, or detriment or loss to others;e. the compliance history of the licensed person, and likelihood of cooperation;f. the likelihood of the alleged misconduct being proven, and if so, the remedies available;g. the person’s conduct after the alleged misconduct, including whether they brought it to the Registration Authority’s attention;h. whether another authority has sought the Registration Authority’s cooperation, or is able to take its own action against the alleged misconduct;i. whether the alleged misconduct is by nature a commercial dispute and if so, whether the complainant is able to take their own action (and has the resources) to seek relief; andj. whether the alleged misconduct undermines or damages the integrity, transparency, confidence in, or reputation of, the ADGM.2.17 Not every allegation of misconduct received by the Registration Authority will result in an investigation. This may occur where, for example, the facts and contraventions are not in dispute and the licensed person has confirmed at an early stage that it is willing to resolve an issue by way of settlement; or where the matter can be investigated sufficiently without the need to exercise formal powers beyond the Registration Authority’s information gathering powers.2.18 Based on the assessment of the alleged misconduct against the criteria set out at paragraph 2.16 (above), the Head of the Registration Authority’s Monitoring & Enforcement Department will determine what action will be taken or recommended to the relevant decision maker.2.19 The range of actions that may follow the assessment of an allegation of misconduct vary depending on the facts and circumstances and may include:a. taking no further action;b. referring the alleged misconduct to another authority;c. commencing an investigation;d. taking immediate enforcement action; ore. taking other action such as a private warning.
Investigation2.20 Following the assessment of an allegation, the Registration Authority may decide to commence an investigation.2.21 Where the Registration Authority decides to commence an investigation it will not generally disclose to any party that an investigation has commenced or is ongoing, except for the Person who is the subject of an investigation, unless the disclosure is likely to prejudice or frustrate the investigation.2.22 Following a decision to commence an investigation, the Registration Authority will decide whether it is appropriate to appoint investigators under sections 30 and 31 of CLR.2.23 Where the Registration Authority’s Monitoring & Enforcement Department decides to investigate a matter it may exercise the Registration Authority’s power to require information.
Information Gathering Powers2.24 Under section 29 of CLR, the Registrar may, by written notice given to a licensed person, require him to:a. provide specified information or information of a specified description; orb. produce specified documents or documents of a specified description.2.25 The Registration Authority will provide a reasonable period for compliance with the requirement to give information. The period of time will depend on the circumstances of a particular case. Where the giving of prior notice may prejudice a case, the Registration Authority may require the giving of information immediately.2.26 Section 29 also provides the Registrar with powers to require any information provided to be verified and any document to be authenticated in such manner as it requires.2.27 This information gathering power applies to licensed persons (including a person who was at any time a licensed person but who has ceased to be a licensed person). However, the Registration Authority may also impose requirements on a person who is connected with a licensed person.2.28 A connected person is connected to a licensed person if he is or has at any relevant time been a member of the licensed person’s group, or is a controller of the licensed person, or is a member of a partnership of which the licensed person is a member.
Appointment of Investigators - general2.29 The Registrar may decide to appoint investigators if it appears that there is good reason for doing so. In determining whether there is “good reason” in a particular case, the Registration Authority takes into consideration the same assessment criteria that it applies when considering allegations of misconduct (see ‘Assessment of allegations’ section, above).2.30 Section 30 of CLR specifies that an investigator may conduct an investigation into the following:a. the nature, conduct or state of the business of the licensed person;b. a particular aspect of that business; orc. the ownership or control of a licensed person.2.31 In addition, the investigator appointed may, by written notice given to a person, extend the scope of the investigation to include the affairs of related businesses of the person.2.32 Furthermore, the power conferred under section 30 of CLR also includes that an investigation may look into the business carried on by a former licensed person or the ownership or control of a former licensed person.2.33 Following the appointment of an investigator, the Registrar may by direction given to the investigator, extend the investigation to additional matters.
Appointment of investigators – particular cases2.34 Section 31 of CLR allows the Registration Authority to appoint investigators where it appears to it that there are circumstances suggesting that a person may have committed a contravention of any enactment or subordinate legislation where such contravention is punishable by a fine.
Notice of appointment of investigators2.35 Section 32(2) of CLR requires the Registration Authority to give written notice of the appointment of an investigator (under section 30 or 31) to the person who is the subject of an investigation. This written notice must specify the provisions under which the investigator is appointed and the reason for his appointment.2.36 However, where the Registration Authority believes that the notification of an investigation would be likely to result in the investigation being frustrated, the Registration Authority may decide not to give it.2.37 Section 32(7) of CLR enables the Registrar to control the scope and conduct of the investigation by issuing directions to the investigator.2.38 Where there is a subsequent material change in the scope or conduct of an investigation and it is likely to significantly prejudice the person(s) subject to the investigation if not made aware of the change, the Registration Authority must give the person(s) written notice of the change.2.39 Where the Registration Authority decides to discontinue an investigation without taking any action, the Registration Authority is not required to notify the person(s) subject to the investigation that it is being discontinued. However, in cases where person(s) have been notified that they are subject to an investigation and the Registration Authority has decided to discontinue the investigation, it generally will confirm this to the person(s) concerned when considered appropriate to do so.
Investigation powers2.40 An investigator appointed under sections 30 and 31 of CLR has additional powers over and above the information gathering powers described in paragraphs 2.24 to 2.28 above. Investigators’ powers are set out at sections 33 and 34 of CLR.2.41 In support of an investigation, an investigator may require the person who is the subject of an investigation (or any connected person) to:a. attend before the investigator at a specified time and place and answer questions; orb. otherwise to provide such information as the investigator may require.2.42 Further, an investigator may also require any person to produce any specified documents or documents of a specified description.
Enforcement of information gathering and investigative powers2.43 The Registration Authority will enforce compliance with its information gathering and investigative powers where required by seeking orders in the ADGM Courts.2.44 Section 37 of CLR allows the Registration Authority to apply to the Court for the issuance of a search warrant in order to enforce compliance with information requirements. An application to the Court will be made in circumstances where there are reasonable grounds for believing that either:a. a person on whom an information requirement has been imposed has failed to comply with it; andb. the required information or documents are located on the premises specified in the warrant; orc. the premises specified on the warrant is the premises of a licensed person;d. the premises contains information or documents on which an information requirement could be imposed; ande. if such a requirement were to be imposed it would not be complied with, or the documents or information would be removed, tampered with or destroyed.2.45 A warrant under section 37 of CLR authorizes the person executing it to enter the premises specified in the warrant, to search the premises and take possession of any documents or information appearing to be of a kind in respect of which the warrant was issued, to require any person on the premises to provide an explanation of any document or information appearing to be relevant, and to use such force as may reasonably be necessary.
Retention and return of documents2.46 Any document of which possession is taken under section 37 may be retained so long as it is necessary to retain it.
Obstruction of the Registration Authority2.47 The Registration Authority expects that licensed persons and individuals that are subject to investigation to cooperate fully with the Registration Authority.2.48 However, as per section 39 of CLR, if a person fails to comply with a requirement imposed under the Registration Authority’s information gathering and investigation powers, the person imposing the requirement may certify that fact in writing to the ADGM Courts. If the Court is satisfied that the person has failed to comply, it may treat the person as if he were in contempt.2.49 Furthermore, conduct intended to obstruct the Registration Authority in exercising its investigative powers includes:a. falsifying, concealing, destroying or otherwise disposing of documents;b. causing or permitting the falsification, concealment, destruction or disposal of documents;c. providing false or misleading information; ord. recklessly providing information which is false or misleading.2.50 Any person who carries out the conduct set out in paragraph 2.49 commits a contravention under sections 39(3) and 39(4) of CLR and shall be liable to a fine. Where such contraventions are committed the Registration Authority will, take action accordingly, which may include additional action in respect of licensed persons.2.51 Any person who intentionally obstructs the exercise of any rights conferred by a warrant, commits a contravention under section 39(6) of CLR and the Registration Authority will, where appropriate, take action accordingly.
Conclusion of an investigation2.52 The Registration Authority will conclude an investigation when it determines to take no further action in response to an allegation or suspected contravention of the commercial legislation subject of the investigation, or all remedies imposed as a result of an investigation are concluded and fulfilled.
Chapter 3 Chapter 3 – Decision Making
Introduction3.1 The purpose of this Chapter is to set out the Registration Authority’s approach and procedure for making decisions which give rise to an obligation to give a statutory notice – i.e. a warning notice, decision notice, final notice, supervisory notice or notice of discontinuance.3.2 The types of decisions which give rise to an obligation to issue a warning notice, decision notice and final notice are explained in Chapter 4 and are listed in Annex 1 to this Manual. They include, for example, decisions made by the Registration Authority to impose a fine and to exercise its own-initiative action to cancel or suspend a licence.3.3 The types of decisions which give rise to an obligation to issue a supervisory notice are explained in Chapter 6 and are listed in Annex 2 to this Manual. They include decisions made by the Registration Authority to vary or impose a requirement on a licence.3.4 The Registration Authority’s exercise of certain powers may affect the rights, interests and liabilities of a person or persons on whom those powers are being exercised. As a result, decisions made by the Registration Authority to exercise those powers require the Registration Authority to give an affected person notice of the proposed action and offer them the right to make representations before a final decision is made. The procedures for these types of decisions is covered in this Chapter.3.5 The person subject to a decision notice or supervisory notice may have the right to refer the matter to the ADGM Courts.
The Decision Maker3.6 The principal decision maker at the Registration Authority is the Registrar. The Registrar may delegate his decision-making power to a member of senior management of the Registration Authority. For the purposes of this Chapter, a reference to the Registrar is also a reference to a delegated decision maker, if any.3.7 The Registrar makes a decision as to whether to give a statutory notice.
General procedures3.8 The Registrar follows the procedure described in this Chapter to enable him to determine matters under consideration fairly and efficiently.3.9 In each case the Registrar makes decisions based on all relevant information available to him by applying the relevant statutory tests, having regard to the context and nature of the matter, that is, the relevant facts, law and the Registration Authority’s priorities and policies.3.10 The Registration Authority will make and retain appropriate records of those decisions, including records of meetings and the representations (if any) and materials considered by the Registrar.
Warning notices and first supervisory notices3.11 A warning notice is issued in relation to proposed disciplinary action such as imposing a fine, suspending a licence or imposing a restriction on the carrying on of a controlled activity by a licensed person. Please refer to Annex 1 to this Manual for further information.3.12 Supervisory notices are issued in relation to supervisory actions, namely varying a licence or imposing or varying a requirement. Please refer to Annex 2 to this Manual for further information.3.13 If Registration Authority staff consider that action is appropriate, they will make a recommendation to the Registrar that a warning notice or a supervisory notice should be given.3.14 If the Registrar considers it relevant to his consideration, he may ask Registration Authority staff to explain or provide the following:a. additional information about the matter (which Registration Authority staff may seek by further investigation); orb. further explanation of any aspect of the Registration Authority staff recommendation or accompanying papers.3.15 The Registrar will consider whether the circumstances warrant a warning notice or supervisory notice being issued, having regard to the following considerations:a. whether the material on which the recommendation is based is adequate to support it – the Registrar may seek additional information about or clarification of the recommendation from Registration Authority staff; andb. whether the recommendation is appropriate in the circumstances.3.16 If the Registrar decides that he should give a warning notice setting out details of the action he proposes to take, then he will:a. ensure that the notice complies with the relevant provisions of the CLR;b. determine:i. the period for making representations (which may not be less than 14 business days);ii. whether to give a copy of the notice to any third party and, if so, the period for the third party to make representations;iii. whether to refuse access to Registration Authority material, relevant to the notice, under section 53 of CLR.c. ensure that the relevant Registration Authority staff make appropriate arrangements for the notice to be given.3.17 If the Registrar decides that he should give a first supervisory notice, then he will:a. ensure that the notice complies with the relevant provisions of CLR; andb. determine the period for making any representations; andc. ensure that the relevant Registration Authority staff make appropriate arrangements for the notice to be given.
Representations3.18 A warning notice or first supervisory notice will specify the time allowed for the recipient to respond in writing to the Registrar.3.19 The recipient of a warning notice or a first supervisory notice may request an extension of the time allowed for making representations. Such a request must normally be made within seven business days of the notice being given.3.20 If a request for an extension of time is made, the Registrar will decide whether to allow the extension, and if so, how much additional time is to be allowed for making representations. In reaching his decision the Registrar will take into account all relevant factors including any factors outside the control of the recipient of the notice that would impact on their ability to respond within the period set out in the warning notice or first supervisory notice, as well as any comments from the relevant Registration Authority staff.3.21 If the recipient of a warning notice or a first supervisory notice indicates that he wishes to make oral representations, the Registrar will fix a date or dates for a meeting at which the Registrar will receive those representations. The Registrar will ensure that the meeting is conducted so as to enable:a. the recipient of the notice to make representations;b. the relevant Registration Authority staff to respond to those representations;c. the Registrar to raise with those present any points or questions about the matter; andd. the recipient of the notice to respond to any points made by Registration Authority staff or the Registrar.3.22 The Registrar may ask the recipient of the notice or Registration Authority staff to limit their representations or response in length or to particular issues arising from the warning notice or first supervisory notice.3.23 The recipient of the warning notice or supervisory notice may elect to be legally represented at the meeting, but this is not a requirement.3.24 Where the Registrar deems appropriate, he may ask those present at the meeting to provide additional information in writing after the meeting. If the Registrar does so, he will specify the timeframe within which that information is to be provided.3.25 Registration Authority staff responsible for making a recommendation to the Registrar will continue to assess its appropriateness in the light of any new information or representations they receive and any material change in the facts or circumstances relating to a particular matter.
Decision notices and second supervisory notices3.26 If the Registrar receives no response or representations within the period specified in a warning notice, the Registrar may regard as undisputed the matters in the notice and a decision notice will be given accordingly.3.27 If the Registrar receives no response or representations within the period specified in a first supervisory notice, the Registrar will not give a second supervisory notice. If the action under the first supervisory notice:a. took effect immediately, or on a specified date which has already passed, it continues to have effect (subject to any proceedings on a referral to the ADGM Courts);b. was to take effect on a specified date which is still in the future, it takes effect on that date (subject to any proceedings on a referral to the ADGM Courts); andc. was to take effect when the matter was no longer open for review, it takes effect when the period to make representations (or for referral to the ADGM Courts, if longer) expires, unless the matter has been referred to the Court.3.28 In any case in which representations are made, the Registrar will consider whether it is right in the circumstances to give the decision notice or a second supervisory notice (as appropriate). In doing so, the Registrar will:a. consider all material before him;b. consider all representations made (whether written, oral or both) and any comments by Registration Authority staff or others in respect of those representations; andc. decide whether to give the notice and the terms of any notice given.3.29 If the Registrar decides to give a decision notice or a second supervisory notice, the Registrar will ensure that:a. the notice complies with the relevant provisions of the CLR;b. the notice includes a summary of the key representations made and how they have been taken into account; andc. the Registration Authority staff make appropriate arrangements for the notice to be given.3.30 If applicable, the Registrar will determine whether the Registration Authority is required to give a copy of the notice to a third party and, if so, facilitate the giving of the notice.
Notice of Discontinuance3.31 If the Registrar decides not to take the action proposed in a warning notice, or to which a decision notice given by it relates, the Registrar will issue a notice of discontinuance to the person to whom the warning notice or decision notice was given.
Final Notices3.32 If the Registrar has given a person a decision notice and the period for referral to the ADGM Courts lapses, the Registrar will issue a final notice in accordance with the relevant provisions of the CLR.
Right to refer matters to the Court3.33 A decision to give a decision notice or supervisory notice may lead to a referral to the Court under the CLR.
Chapter 4 Chapter 4 – Enforcement
Introduction4.1 The purpose of this Chapter is to set out the Registration Authority’s approach to the exercise of its enforcement powers and the considerations that it applies.4.2 The Registration Authority has several remedies available to it, in order to achieve its objectives. This includes, the imposition of fines, the imposition of limits or restrictions on a licence, and suspending a licence to carry on controlled activities.4.3 The Registration Authority will follow the policy and procedures set out in this Manual in relation to the use of enforcement powers. The Registration Authority does not have criminal jurisdiction, hence, should criminal conduct be identified, it will be referred to the relevant law enforcement agency.
Fines4.4 This section sets out the Registration Authority’s approach in relation to the imposition of fines under section 41 of CLR.4.5 Under section 41(1) of CLR, if the Registration Authority considers that a licensed person has contravened a relevant requirement imposed on the person, it may impose on him a fine in respect of the contravention.4.6 Under section 41(2) of CLR, if the Registration Authority considers that a person has committed a contravention of an enactment or subordinate legislation, it may impose on him a fine of an amount not exceeding the maximum specified for such contravention in the relevant enactment or subordinate legislation.
Purpose of fines4.7 The purpose of imposing fines on persons is to promote compliance with the Regulations and achieve the Registration Authority’s objectives by:a. penalising persons who have committed contraventions;b. deterring persons that have committed or may commit similar contraventions; andc. depriving persons of any benefit they may have gained as a result of their contraventions.
Determining the appropriate amount of a fine4.8 Under section 45(2) of CLR, to determine the amount of a fine to be imposed under section 41, the Registration Authority must have regard to the following factors:a. the seriousness of the contravention in question in relation to the nature of the relevant requirement or provision of the Regulations contravened;b. the extent to which the contravention was deliberate or reckless; andc. whether the licensed person against whom action is to be taken is an individual.4.9 In addition to having regard to the factors in paragraph 4.8 above, where the Registration Authority decides that a fine is appropriate, further considerations may also be relevant to determining the amount of that fine. The following paragraphs set out a non-exhaustive list of factors and considerations that the Registration Authority will consider to determine the amount of fines.
Seriousness4.10 The Registration Authority has regard to the seriousness of the contravention in relation to the nature of the requirement contravened. In considering the seriousness of the contravention, the following list of factors may be relevant:a. the duration and frequency of, and the period that has elapsed since, the contravention;b. if the person is (or was) a licensed person – whether the contravention happened because:i. of weak corporate governance arrangements;ii. of absent or weak policies and procedures regarding relevant licence conditions and/or requirements; oriii. inadequate resources (including staffing);c. if the person is (or was) a licensed person and the firm’s shareholders, officers or senior management were aware of the contravention – whether they took any steps to stop or prevent the contravention, the adequacy of any steps and when the steps were taken;d. the effect or potential effect of the contravention on the following:i. the integrity, transparency and efficiency of the ADGM; andii. confidence in the ADGM by participants and potential participants of the ADGM; andiii. the reputation of the ADGM;e. any loss or risk of loss caused to clients, customers and other affected people;f. whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;g. the scope for any potential financial crime to be caused or facilitated by the contravention; andh. whether publically available guidance or published materials raised concerns about the conduct constituting the contravention.
Deliberate or reckless4.11 The Registration Authority has regard to the extent to which the contravention was deliberate or reckless. If the contravention was deliberate or reckless, the Registration Authority is likely to impose a larger fine on the person than would otherwise be the case.4.12 In this regard, the Registration Authority considers the following:a. whether the breach was intentional, in that the person concerned intended or foresaw that their actions would or might result in a contravention;b. whether the person concerned knew that their actions were not in accordance with internal procedures;c. whether any steps were taken in an attempt to conceal the misconduct;d. whether the contravention was committed in such a way as to avoid or reduce the risk that the contravention would be discovered;e. whether the decision to commit the contravention was influenced by a belief that it would be difficult to detect;f. whether the contravention occurred more than once, and if so, how often; andg. whether reasonable professional advice was obtained before or during the contravention and was not followed or responded to appropriately. Obtaining professional advice does not remove a person’s responsibility for compliance with relevant requirements.4.13 Factors tending to show that a contravention was reckless include:a. the person knowing that there was a risk that their actions or inaction could result in a contravention but failing to mitigate that risk adequately; andb. the person knowing that there was a risk that their actions or inaction could result in a contravention but failing to check if they were acting in accordance with relevant internal procedures.
Whether the person is an individual4.14 The Registration Authority has regard to whether the person on whom the fine is to be imposed is an individual. In determining the amount of a fine to be imposed on an individual, the Registration Authority takes the following into account:a. that individuals may not have the resources of a firm;b. that enforcement action may have a greater effect on an individual than on a firm; andc. that it may be possible to achieve effective deterrence by imposing a smaller penalty on an individual than on a firm.4.15 The Registration Authority also considers whether the person’s position or responsibilities are such as to make a contravention committed by the person more serious and whether a larger fine should therefore be imposed.
Effect on third parties4.16 The Registration Authority has regard to the effect of the contravention on clients, customers or third parties.4.17 The Registration Authority considers a contravention to be more serious where it results in a loss, or the risk of loss, to clients, customers or third parties or if it had an effect on particularly vulnerable people, whether intentionally or otherwise.
Deterrence4.18 The Registration Authority’s policy is that deterrence is one of the main purposes of taking enforcement action. That is, deterring persons who have committed contraventions from committing further contraventions, and deterring others from committing similar contraventions.4.19 The Registration Authority has regard to the need to ensure that any fine imposed has the appropriate deterrent effect. In this regard, the Registration Authority considers the extent to which it is necessary to impose a fine of an appropriate amount in order to ensure that the deterrent effect of the action is not diminished.
Financial gain or loss avoided4.20 To the extent possible, the Registration Authority will seek to deprive a person who commits a contravention of the amount of any benefit gained or loss avoided by that person as a result of their contravention.4.21 Accordingly, if the person has made a profit or avoided a loss, the Registration Authority will impose a fine consistent with the principle that a person who commits a contravention should not benefit from the contravention, subject to the prescribed maximum penalty under CLR.4.22 Further, in taking into consideration the amount of any financial advantage gained by a person who committed a contravention, the Registration Authority has regard to the need to ensure that the amount of the fine acts as a deterrent to the person (and to others).
Subsequent conduct4.23 The Registration Authority takes into consideration the conduct of the person after the contravention in determining the amount of the fine, including, for example, the following:a. the conduct of the person in bringing (or failing to bring) the contravention quickly, effectively and completely to the attention of the Registration Authority;b. the degree of cooperation the person showed during the investigation of the contravention;c. any remedial steps the person has taken in relation to the contravention, including whether they were taken on the person’s own initiative or that of the Registration Authority. Remedial steps might include, for example:i. correcting any misleading statement or impression;ii. recruiting new staff to enhance or increase resources;iii. ascertaining whether clients or customers suffered loss and compensating them if they have;iv. if appropriate, taking disciplinary action against, or providing additional training for, staff involved in the contravention; andv. introducing or improving policies, procedures or systems and controls to reduce the likelihood of the contravention arising in future; andd. whether the person has complied with any requirements or decisions of the Registration Authority in relation to the contravention.4.24 That the person has fully cooperated in the investigation of the contravention by the Registration Authority is a consideration tending to reduce the amount of the fine.4.25 Generally, a licensed person is given recognition for being open and cooperative with the Registration Authority. The assessment of the level of cooperation offered by a person depends on the particular circumstances of the matter. A licensed person can demonstrate cooperation in many ways including, promptly reporting a contravention, taking responsibility for the matter and being open and communicative with the Registration Authority, taking steps to limit damage and being proactive in bringing the matter to an early conclusion.
Disciplinary record and compliance history4.26 The Registration Authority takes into consideration a person’s disciplinary record and compliance history in determining the amount of the fine, including, for example:a. the person’s general compliance history;b. whether the Registration Authority has previously taken any disciplinary action resulting in adverse findings against the person;c. whether the Registration Authority has previously taken action against the person under sections 13 or 14 of CLR (own initiative action); andd. whether the Registration Authority has previously given the person a notice under section 43 (fines, suspensions and restrictions).4.27 The disciplinary record of a person could lead to the Registration Authority imposing a larger fine than otherwise might be appropriate: for example, the fine might be increased if the person has committed similar contraventions in the past or been warned about similar misconduct. In assessing the relevance of the person’s disciplinary record and compliance history, generally the older the contravention is, the less significant it is regarded as being.
Maximum penalty4.28 The CLR prescribes the maximum level of financial penalty for contraventions of relevant requirements under the Regulations. The prescribed levels refer to the standard fines scale set out in the Commercial Licensing Regulations 2015 (Fines) Rules 2020. In determining the appropriate amount of a fine, notwithstanding all other considerations, the Registration Authority shall not exceed the prescribed maximum penalty.
Settlement discount4.29 In the event that the Registration Authority and the person concerned agree on the action to be taken in a particular case, it is possible that any fine imposed on the person will be reduced to take account of the settlement that has been reached.4.30 However, any settlement discount applied relates only to the punitive element of the fine and not to an amount included to deprive the person concerned of any profit made, or loss avoided, as a result of their contravention or to any restitution or compensation payable under the terms of the settlement.
Serious financial hardship4.31 Where a person claims that payment of a fine proposed by the Registration Authority will cause them serious financial hardship, the Registration Authority will consider whether to reduce the proposed fine based on the following considerations:a. the person provides verifiable evidence that payment of the proposed fine would cause them to suffer serious financial hardship; andb. the person provides full and timely disclosure of the verifiable evidence and cooperates fully with any enquiries the Registration Authority may make about their financial position.4.32 It is the responsibility of the person concerned to satisfy the Registration Authority that payment of the proposed fine would cause them to suffer serious financial hardship. It is not the Registration Authority’s responsibility to establish that the person has the means to pay the proposed fine.4.33 However, in some cases, even where a person has demonstrated that a proposed fine would cause serious financial hardship, the Registration Authority may consider the contravention to be so serious that it is not appropriate to reduce the proposed fine.4.34 Such circumstances include, providing false or misleading information to the Registration Authority, deliberate and repeated breaches of licensing requirements or where previous action by the Registration Authority has not been successful in bringing about a change in behavior by the person involved.
Suspend, Limit or Restrict Licence4.35 This section sets out the Registration Authority’s policy in relation to it suspending a licence to carry on a controlled activity or imposing limitations or restrictions in relation to the carrying on of a controlled activity by the person, under section 42 of CLR.4.36 Under section 42(1) of CLR, if the Registration Authority considers that a licensed person has contravened a relevant requirement imposed on the person, it may:a. suspend, for such period as it considers appropriate, any licence which the person has to carry on a controlled activity; orb. impose, for such period as it considers appropriate, such limitations or other restrictions in relation to the carrying on of a controlled activity by the person as it considers appropriate.4.37 Section 42(2) of CLR states that the period for which a suspension or restriction is to have effect may not exceed 12 months.
Scope of suspension or restriction4.38 Under section 42(3), a suspension may relate only to the carrying on of an activity in specified circumstances.4.39 Under section 42(4), a restriction may, in particular, be imposed so as to require the person concerned to take or refrain from taking, specified action.4.40 Having regard to the circumstances of the case, the Registration Authority may suspend or restrict a licensed person from carrying on a controlled activity. The Registration Authority considers that suspending a licence to carry on controlled activities is more restrictive and therefore more serious than imposing a restriction or limitation in relation to the carrying on of a controlled activity.4.41 Whether the Registration Authority imposes a suspension or restriction will depend on the facts of the matter, such as risk of harm to clients or customers, the need to protect the integrity of the ADGM and to ensure the confidence of its participants.
Determining the period for a suspension or restriction4.42 Under section 45(2) of CLR, to determine the period for which a suspension or restriction is to have effect, the Registration Authority must have regard to the following factors:a. the seriousness of the contravention in question in relation to the nature of the relevant requirement or provision of the Regulations contravened;b. the extent to which the contravention was deliberate or reckless; andc. whether the licensed person against whom action is to be taken is an individual.4.43 In this regard, the considerations that the Registration Authority will consider are set out in paragraphs 4.10 to 4.27 (above).
Suspensions, restrictions and other action4.44 In appropriate cases, the Registration Authority may take other action against a person such as imposing a fine, in addition to imposing a suspension or restriction in relation to the same contravention.
Chapter 5 – Settlement
Introduction5.1 This Chapter sets out the Registration Authority’s policy regarding settlement of enforcement actions.5.2 Settlement of an enforcement action has many advantages for both the Registration Authority and the person who is the subject of the action. Settlement avoids the need for further disciplinary proceedings and is thus time and resource effective for both the Registration Authority and persons who are the subjects of enforcement actions.5.3 Settlement discussions may be initiated by either the Registration Authority or the person concerned. Generally, the Registration Authority publicises the details of the settlement of an enforcement or disciplinary action.
Approach to settlement5.4 Under a settlement, a person against whom enforcement action is being or may be taken agrees to the imposition of a financial penalty or other enforcement outcome and to waive any rights to contest the financial penalty or other enforcement outcome. A settlement requires the agreement of both the Registration Authority and the person. A settlement is intended to bring the matters subject to the settlement to conclusion.5.5 Before engaging in settlement discussions, the Registration Authority satisfies itself that taking enforcement action is in the public interest and appropriate in the circumstances of the matter.5.6 The terms of the settlement of an enforcement action vary depending on the circumstances of the matter. The Registration Authority settles only if the agreed terms of the settlement result in an acceptable policy and regulatory outcomes.
Timing5.7 Settlement discussions can be held at any stage of the enforcement process, including at an early stage, provided the Registration Authority is satisfied that it understands the full nature and extent of the misconduct or issue. Therefore, settlement discussions may be more likely to occur following the issuance of a warning notice. This is to enable the person to understand the Registration Authority’s concerns and what it considers to be the appropriate action.5.8 However, the Registration Authority is unlikely to settle a matter through negotiation after a decision notice has been given to the person.5.9 Where the Registration Authority decides to exercise a disciplinary power, it must give the person a decision notice. Accordingly, the Registration Authority must give the person a decision notice where the terms of a settlement include disciplinary action. A person who receives a decision notice has the right to refer the matter to the ADGM Courts. However, if settlement has been reached, the Registration Authority expects the person concerned to waive their referral rights.5.10 Settlement discussions should also take place in a timely and diligent manner. The Registration Authority will set appropriate timetables for settlement discussions to ensure that the discussions do not delay or shift focus away from the formal enforcement process.
Decisions regarding proposed settlements5.11 If settlement discussions between Registration Authority staff and the person concerned result in a proposed settlement, the Registration Authority’s staff will document the proposed settlement and refer the matter to the Registration Authority decision maker.5.12 Only a formal decision by the Registration Authority decision maker binds the Registration Authority to a settlement.5.13 Once the decision maker receives a recommendation from Registration Authority staff the decision maker decides whether to (i) settle the matter, (ii) recommend other terms, or (iii) decline to settle the matter.
Terms of settlements5.14 The Registration Authority only accepts settlements where the person subject to the enforcement action accepts that it contravened relevant requirements and admits relevant facts regarding those contraventions in the settlement. When it agrees to the terms of a settlement the Registration Authority ensures that those terms are consistent with the Registration Authority’s objectives.
Fines and early settlement5.15 Where the Registration Authority considers that a person has been open and cooperative and has demonstrated a commitment to settling an enforcement matter as early as possible, the person should be given appropriate recognition.5.16 Where a fine is imposed on a person as a result of an early settlement, the amount of the fine payable by the person should generally be less than if the fine had been imposed on the person at a later stage in the enforcement process. Accordingly, the Registration Authority may reduce the fine payable by a person to reflect the stage of the enforcement process at which settlement was reached.5.17 Where a fine includes an element to deprive a person of any profits they made or losses they avoided as a result of their contravention, there is no reduction in respect of that part of the fine. Similarly, no reduction will be applied to any restitution or compensation payable to clients or customers under the settlement agreement.5.18 Where the Registration Authority is prepared to agree to a discounted fine through settlement, the settlement agreement will contain a statement as to the appropriate penalty and any discount agreed. In any public statements regarding the settlement, the Registration Authority will disclose the appropriate fine and the amount that is actually payable as a result of the settlement.
Publicity5.19 The Registration Authority generally publicises the outcome of a settlement, including the names of the persons who were subjects of the enforcement action and the key terms of the settlement. Such a public statement ensures transparency and accountability in the settlement of enforcement actions.5.20 However, the Registration Authority is mindful of the sensitivity of confidential information that may be provided as part of settlement negotiations and takes this into consideration when deciding on the information to be published.
Third party rights5.21 Where a decision notice has been given to a person following the settlement of an enforcement action with that person, the Registration Authority is required under section 52 of CLR to consider the effect of the decision on third party rights.5.22 Generally, if a decision notice identifies a third party a copy of the notice must be given to the third party unless it is impractical to do so. Third parties have the right to make representations and ultimately can refer the matter to the ADGM Courts.5.23 It is therefore important that any settlement reached with the Registration Authority takes account of the position of any third party.
Chapter 6 – Own-Initiative Action
Introduction6.1 The purpose of this Chapter is to set out the Registration Authority’s policy on the exercise of its powers to take action on its own-initiative.6.2 The CLR enables the Registration Authority to take the following actions on its own-initiative:a. vary a license to carry on controlled activities;b. cancel a license to carry on controlled activities; orc. impose requirements on a licence to carry on controlled activities.6.3 Circumstances may arise as part of the Registration Authority’s supervision of a licensed person, or issues may arise during an enforcement investigation, which prompt the Registration Authority to consider taking own-initiative action.6.4 Additionally, where a licensed person applies for a variation of a licence, the Registrar may impose on that person such requirements, taking effect on the variation of the licence, as the Registration Authority considers appropriate.6.5 The Registration Authority exercises its power to take own-initiative action when it considers it appropriate to do so in pursuit of one or more of its statutory objectives. The decision whether to take own-initiative action is based on the information available to the Registration Authority at the time the decision is made on a case by case basis.
Variation or cancellation of licence6.6 Section 13 of CLR details the power of the Registrar to vary or cancel a licence to conduct controlled activities on its own-initiative, which is collectively referred to as own-initiative variation power.6.7 The Registration Authority’s power under this section is the power to:a. vary the licence by:i. adding a controlled activity to those to which the licence relates;ii. removing a controlled activity from those to which the licence relates; oriii. varying the description of a controlled activity to which the licence relates; orb. to cancel the licence.
Grounds for taking own-initiative variation power6.8 Section 13(1) of CLR sets out the grounds for the Registration Authority to exercise own-initiative variation power. The grounds are as follows:a. the person is failing, or is likely to fail, to satisfy the conditions of licence applicable to him;b. that person has failed, during a period of at least 12 months, to carry on a controlled activity to which the licence relates; orc. it is desirable to exercise the power in the interests of the ADGM.6.9 The Registration Authority may exercise own-initiative variation power if it is satisfied that the grounds in section 13(1) apply.6.10 In circumstances where a licensed person has ceased carrying on controlled activities for a significant period of time (at least 12 months) and in particular, where the person is non-responsive, it may be a relatively routine matter for the Registration Authority to cancel that person’s licence, along with own-initiative de-registration considerations.6.11 In other cases, where a licensed person is carrying on controlled activities, then to vary, impose restrictions or cancel a licence may have serious consequences for that person. In such cases, the Registration Authority takes own-initiative action, particularly in respect of cancelling a licence, only where it has serious concerns regarding a licensed person.6.12 Having regard to the grounds specified under CLR, examples of circumstances where the Registration Authority might consider it appropriate to cancel a licensed person’s licence include:a. if it is found that a licensed person provided false or misleading information to the Registration Authority during the licensing process;b. if a licensed person appears to be failing, or is likely to fail to satisfy, relevant licensing criteria under ADGM’s commercial legislation;c. if a licensed person carrying on a controlled activity repeatedly fails to lodge filings with the Registration Authority as and when it is required to do so;d. if a licensed person knowingly provides misleading or false information in any filings lodged with the Registration Authority; ore. if a licensed person fails to pay fees to the Registration Authority as required, or renew its licence on or before its expiry.6.13 Depending on the circumstances, the Registration Authority may initially vary a licensed persons’ scope of licence or impose requirements. However, where that action does not resolve the Registration Authority’s concerns, the Registration Authority may then decide to cancel the licence.
Requirements6.14 Section 14 of CLR details the power of the Registrar to impose requirements on a licensed person on its own-initiative, which is referred to as own-initiative requirement power.6.15 The Registration Authority’s power under this section is the power to impose on a licensed person such requirements as the Registration Authority considers appropriate, where a person has applied for a variation of a licence. The own-initiative requirement power is a power to:a. impose a new requirement;b. vary a requirement imposed by the Registration Authority; orc. cancel a requirement.6.16 A requirement may be imposed so as to require the person concerned to take specified action or so as to require the person concerned to refrain from taking specified action. A requirement may also extend to activities which are not controlled activities.6.17 Under section 15(5) of CLR, a requirement may be expressed to expire at the end of such period as the Registration Authority may specify, but the imposition of a requirement that expires at the end of the specified period does not effect the Registration Authority’s power to impose a new requirement.
Grounds for taking own-initiative requirement power6.18 Section 14(2) sets out the grounds for the Registration Authority to exercise own-initiative requirement power. The grounds are as follows:a. the person is failing, or is likely to fail, to satisfy the conditions of licence applicable to him;b. that person has failed, during a period of at least 12 months, to carry on a controlled activity to which the licence relates; orc. it is desirable to exercise the power in the interests of the ADGM.6.19 The Registration Authority may exercise own-initiative requirement power if it is satisfied that the grounds in section 14(2) apply.6.20 When deciding whether to take own-initiative requirement power on a licensed person, the Registration Authority takes into account the effect of the powers exercised and seeks to ensure that any requirement imposed is proportionate to the objective the Registration Authority is seeking to achieve by taking action.6.21 In the course of monitoring of licensed persons or during the enforcement process, the Registration Authority might consider it appropriate to agree formally or informally with a licensed person on certain steps required to resolve the Registration Authority’s concerns.6.22 However, in some cases the Registration Authority forms the view that it is appropriate to take own initiative action to ensure that its concerns are satisfied. Such action is likely to be necessary where the Registration Authority:a. has serious concerns about a licensed person or about the way its business is being conducted;b. is concerned that there will be serious consequences if the licensed person fails to take the steps required by the Registration Authority; orc. considers that the action will demonstrate the importance that the Registration Authority attaches to the need for the firm to satisfy the Registration Authority’s concerns.
Own-initiative power procedure6.23 Where the Registration Authority decides to take own initiative action, it informs the licensed person of that action by written notice. That written notice is called a first supervisory notice.6.24 The Registration Authority will also generally give a licensed person an opportunity to make representations before the action is taken.6.25 The Registration Authority may extend the period allowed under the notice for making representations. After having considered any representations made by a licensed person, regardless of whether the Registration Authority decides to proceed or not proceed with the exercise of own-initiative power, it must give the licensed person a written notice. That written notice is called a second supervisory notice.6.26 Details on the Registration Authority’s decision making process is set out in Chapter 3 of this Manual.6.27 In some circumstances, a variation of a licence or the imposition or variation of a requirement, may be expressed to take effect immediately if the Registration Authority reasonably considers that it is necessary to do so. In these circumstances, the licensed person will not have the opportunity to make representations.6.28 A decision to exercise own-initiative action on an immediate basis depends on the circumstances of the matter. However, examples of the circumstances where the Registration Authority may consider such action include:a. where there is information to suggest that clients or customers of a licensed person have been harmed or are at significant risk of harm;b. where there are serious problems regarding the licensed person and/or its controllers, which raise concerns about the licensed person’s ability to continue its operations or meet its conditions of licence; orc. where a licensed person has provided false or misleading information to the Registration Authority in a material way.6.29 Where the Registration Authority decides to take immediate own-initiative action, it provides an opportunity for the licensed person to make representations promptly after the power has been exercised.
Chapter 7 – Publicity
Introduction7.1 This Chapter sets out the Registration Authority’s policy on publicity in relation to statutory decision making and the exercise of its investigation and enforcement powers. Specifically, the policy covers the following:a. general policy on publicity of enforcement actions;b. ongoing investigations or enforcement matters;c. publication of warning notices;d. publication of decision notices and supervisory notices;e. proceedings in the ADGM Courts;f. publication of settlements; andg. actions taken by the Registration Authority on its own-initiative.
General policy on publicity of enforcement and disciplinary actions7.2 Publicity about enforcement action improves the understanding of registration and licensing standards among licensed persons and potential users of the ADGM, it deters other persons from engaging in similar misconduct, and demonstrates how the Registration Authority uses its disciplinary and enforcement powers to meet its statutory objectives.7.3 The Registration Authority’s general policy is to publicise enforcement and disciplinary actions, providing information, statements and/or notices in the form and manner it regards as appropriate and most effective.7.4 However, the Registration Authority retains discretion regarding the approach to publication and in particular, the timing of publications of enforcement or disciplinary action, depending on the circumstances of a particular matter and in order to best advance ADGM’s interests.
Publicity about ongoing matters7.5 The Registration Authority’s general policy is not to publicise the fact that it is or is not investigating, or considering enforcement action about a matter.7.6 However, in certain circumstances the Registration Authority will make exceptions to this policy and make a public announcement about an ongoing investigation or enforcement action. The Registration Authority will consider a public announcement if it will:a. assist in maintaining the integrity of and confidence in ADGM or the Registration Authority;b. protect the public, for example by announcing unlicensed conduct by a person who is under investigation by the Registration Authority;c. prevent and restrain conduct which may cause damage to the reputation of the ADGM, for example to alert licensed persons that certain conduct is under investigation to stop and deter others from engaging in similar conduct; ord. assist the investigation itself, for example by encouraging witnesses to come forward.7.7 The Registration Authority may also make a public announcement about a matter under investigation if it has become the subject of public speculation or rumour, if it is considered that doing so will contain or prevent further speculation.
Publication of warning notices7.8 Under section 51(1) of CLR, neither the Registration Authority nor a person to whom a warning notice is given or copied may publish the notice or any details concerning it.7.9 Such a disclosure is a contravention under section 51(12) of CLR and the Registration Authority will, where appropriate, take action accordingly.
Publication of decision notices and supervisory notices7.10 Under sections 51(5) and 51(6) of CLR, the Registration Authority must publish such information about the matter to which the decision notice or supervisory notice relates, as it considers appropriate.7.11 However, under section 51(7) of CLR, the Registration Authority may not publish information if, in its opinion, publication of the information would be:a. unfair to the person with respect to whom the action was taken (or proposed to be taken);b. detrimental to the interests of participants of the ADGM; orc. detrimental to the interests of the ADGM.7.12 Generally, the Registration Authority’s policy is to publish decision notices and supervisory notices after any relevant period for referral has expired and the matter has not been referred to the ADGM Courts.7.13 The Registration Authority may make exceptions to this policy where it considers it appropriate to publish a decision notice or supervisory notice at an earlier stage. In these circumstances, the publication will highlight the right of review and time limit for review of the person to whom the notice relates.7.14 Such circumstances where the Registration Authority may consider it appropriate to publicise a notice at an earlier stage are where doing so will advance the interests of the ADGM and / or to protect the public.7.15 Under section 51(2) of CLR, a person to whom a decision notice is given or copied may not publish the notice or any details concerning it unless the Registrar has published the notice or those details.7.16 Such a disclosure is a contravention under section 51(12) of CLR and the Registration Authority will, where appropriate, take action accordingly.
Publication about proceedings7.17 Section 98 of the ADGM Courts, Civil Evidence, Judgements, Enforcement and Judicial Appointments Regulations 2015, provide that matters will be heard in public unless otherwise directed by the ADGM Courts. As publicity about proceedings is subject to such directions, the Registration Authority generally does not make any public statement about the commencement of proceedings until the ADGM Courts has given directions about publicity.7.18 The Registration Authority’s general policy is to make public statements about the outcome of enforcement proceedings in the ADGM Courts, unless the ADGM Courts directs otherwise. However, the Registration Authority retains discretion to not publicise the outcome of proceedings, or to not do so immediately, where it considers appropriate, such as where publication would not be in the public interest or be prejudicial to the interests of clients and customers.
Publication of settlements7.19 The Registration Authority’s approach to publicity in respect of settlements is set out in Chapter 5 of this Manual.
Publication of own-initiative action7.20 The Registration Authority may take action on its own-initiative against licensed persons under sections 13 and 14 of CLR. Further details about the Registration Authority’s policy and procedure on own-initiative action is set out in Chapter 6 of this Manual.7.21 Where the Registration Authority exercises its power to take action on its own-initiative it must give a statutory notice under sections 19 and 20. Therefore the Registration Authority’s approach to publicising own-initiative action follows the policy set out in paragraphs 7.10 to 7.16 (see ‘Publication of decision notices and supervisory notices’ section, above).7.22 Where the Registration Authority exercises its power to take action on its own-initiative, the licensed person to which that action relates has the right to refer the matter to the ADGM Courts. Where a referral is made to the Court, the Registration Authority follows its policy in relation to publication of matters subject to proceedings, as set out in paragraphs 7.17 and 7.18 (see ‘Publication about proceedings’ section, above).
This Manual provides information on the Registration Authority’s policy and processes on decision making and enforcement. This is only a guide and should be read together with the relevant legislation, in particular, ADGM Commercial Licensing Regulations 2015 and any other relevant regulations and enabling rules (which may change over time without notification). Further advice from a specialist professional may be required.
The Registration Authority makes no representations as to the accuracy, completeness, correctness or suitability of any information and will not be liable for any error or omission.
Information in this Manual is not to be deemed, considered or relied upon as legal advice and should not be treated as a substitute for specific advice concerning any individual situation. Any action taken based on the information provided in this Manual is strictly at your own risk and the Registration Authority will not be liable for any loss and damages in connection with the use of or reliance on information provided in this Manual.
For more information, please contact the Registration Authority by:
Telephone: +971 2 333 8888
In person: 3rd floor, ADGM Building, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates.
Annex 1 – Warning Notices and Decision Notices
Section of the CLR Description 18(1)(a) When the Registrar is proposing to grant a licence but to exercise its power under section 10(5)(a) or (b) 18(1)(b) When the Registrar is proposing to grant a licence but to exercise its power under section 14(1) in connection with the application for a licence 18(1)(c) When the Registrar is proposing to vary a licence on the application of a licensed person but to exercise its power under section 10(5)(a) or (b) 18(1)(d) When the Registrar is proposing to vary a licence but to exercise its power under section 14(1) in connection with the application for variation 18(3)(a) When the Registrar is deciding to grant a licence but to exercise its power under section 10(5)(a) or (b) 18(3)(b) When the Registrar is deciding to grant a licence but to exercise its power under section 14(1) in connection with the grant of the licence 18(3)(c) When the Registrar is deciding to vary a licence on the application of a licensed person but to exercise its power under section 10(5)(a) or (b) 18(3)(d) When the Registrar is deciding to vary a licence on the application of a licensed person but to exercise its power under section 14(1) in connection with the variation 18(3)(e) When the Registrar is deciding to refuse an application made under this Part 20(1) When the Registrar is proposing to cancel a licensed person’s licence otherwise than at the person’s request 20(2) When the Registrar is deciding to cancel a licensed person’s licence otherwise than at the person’s request 43(1)(a) When the Registrar is proposing to impose a fine on a person (under section 41) 43(1)(b) When the Registrar is proposing to suspend the licence of a licensed person or impose a restriction in relation to the carrying on of a controlled activity by a licensed person (under section 42) 44(1)(a) When the Registrar is deciding to impose a fine on a person under section 41 (whether or not of the amount proposed) 44(1)(b) When the Registrar is deciding to suspend a licence or impose a restriction under section 42 (whether or not in the manner proposed)
Annex 2 – Supervisory Notices
Section of the CLR Description 19(4) When the Registrar is proposing to vary a licence or to impose or vary a requirement, or varies a licence or imposes or varies a requirement, with immediate effect 19(7)(a) Having considered any representations made by a licensed person, when the Registrar is deciding to vary the licence, or impose or vary the requirement, in the way proposed 19(7)(b) Having considered any representations made by a licensed person, when the Registrar is deciding if the licence has been varied or the requirement imposed or varied, not to rescind the variation of the licence or the imposition or variation of the requirement 19(8)(b) Having considered any representations made by a licensed person, when the Registrar is deciding to vary the licence or requirement in a different way, or impose a different requirement
Annex 3 – Registration Authority Enforcement Process Flow Diagram