• COBS 20 COBS 20. THIRD PARTY PROVIDERS

    • COBS 20.1 COBS 20.1 Application

      • COBS 20.1.1

        Chapter 20 of these Rules applies to Third Party Providers.

      • Guidance

        1. Third Party Providers intermediate the relationship between their Customers and their Customers’ Financial Institutions. The relationship between Third Party Providers and their Customers is separate from and does not affect Customers’ existing relationships with their Financial Institutions.
        2. Third Party Providers differ from technical service providers because they have a relationship with Customers of Financial Institutions for the provision of Third Party Services. While technical service providers may provide software, infrastructure or other products and services that involve the accessing and processing of Specified Information, they do not have such a relationship with Customers of Financial Institutions.

        For example, a telecommunications company provides infrastructure and software that allows its customers to transfer information to other parties. Some of the telecommunications company’s customers are Customers of Financial Intitutions and these Customers use the telecommunications company’s services to transfer Specified Information to their Financial Institutions. The telecommunications company is not a Third Party Provider because it has not established a relationship between the Customers and the Customers’ Financial Institutions for the provision of Third Party Services.
        3. In some circumstances, a Third Party Provider may offer technical services (the Offering Third Party Provider) to another Third Party Provider (the Receiving Third Party Provider). Such technical services may include software or infrastructure that allows the Receiving Third Party Provider to connect to specific Financial Institutions on behalf of its Customers. Under these circumstances:
        (a) The Receiving Third Party Provider is a Third Party Provider to its Customers.
        (b) If the Offering Third Party Provider has a contractual relationship with the Receiving Third Party Provider’s Customers, then:
        (i) The Offering Third Party Provider is also a Third Party Provider to those Customers.
        (ii) The Offering Third Party Provider is the Primary Financial Institution for the Receiving Third Party Provider.
        (c) If the Offering Third Party Provider does not have a contractual relationship with the Receiving Third Party Provider’s Customers, then:
        (i) The Offering Third Party Provider is not a Third Party Provider when dealing with those Customers.
        (ii) The Offering Third Party Provider is a technical services provider for the Receiving Third Party Provider.
        (iii) The Customer’s Financial Institution is the Primary Financial Institution for the Receiving Third Party Provider.

    • COBS 20.2 COBS 20.2 Contractual Arrangements

      • Guidance

        A Governing Contract sets out the terms governing the operation of Third Party Services and the rights and obligations of the Third Party Provider and their Customer. This section sets out Third Party Providers’ obligations to include and disclose information in the Governing Contract.

        • Need for Governing Contract

          • COBS 20.2.1

            Third Party Providers must establish a Governing Contract between themselves and their Customers before providing Third Party Services.

        • General information

          • COBS 20.2.2

            Unless otherwise agreed in writing between a Third Party Provider and their Customer, the Governing Contract between the Third Party Provider and their Customers must contain the following information –

            (a) about the Third Party Provider:
            (i) the name of the Third Party Provider;
            (ii) the address and contact details of the Third Party Provider’s office in ADGM;
            (iii) the name of the Regulator of the Third Party Provider, and details of the Third Party Provider’s Financial Service Permission;
            (b) about the Third Party Services:
            (i) a description of the main characteristics of the Third Party Services to be provided;
            (ii) the information or unique identifier that must be provided by the Customer in order for a Third Party Transaction to occur;
            (iii) the form and procedure for giving consent to a Third Party Transaction;
            (iv) the time of receipt of a Third Party Transaction;
            (v) the maximum time taken for the Third Party Services to be provided; and
            (vi) any limits for the use of the Third Party Services;
            (c) about charges and exchange rates:
            (i) details of all charges payable by the Customer to the Third Party Provider, including those connected to information which is provided or made available and, where applicable, a breakdown of the amounts of all charges;
            (ii) where relevant, details of the exchange rates to be applied or, if Reference Exchange Rates are to be used, the method of calculating the relevant date for determining such Reference Exchange Rates;
            (iii) where relevant and if agreed, the application of changes in Reference Exchange Rates and information requirements relating to any such changes;
            (d) about communication:
            (i) the means of communication agreed between the parties for the transmission of information or notifications including, where relevant, any technical requirements for the Customer’s equipment and software for receipt of the information or notifications;
            (ii) the manner in which and frequency with which information under Chapter 20 is to be provided or made available;
            (iii) what information relating to the Customer will be transferred to the Customer’s Financial Institution as part of a Third Party Transaction;
            (iv) the Customer’s right to receive the revised terms of the Governing Contract and any other information in accordance with Rule 20.2.5;
            (e) about safeguards and corrective measures:
            (i) how and within what period of time the Customer must notify the Third Party Provider of any unauthorised or incorrectly executed Third Party Transaction;
            (ii) the secure procedure by which the Third Party Provider will contact the Customer in the event of suspected or actual fraud or security threats;
            (iii) where relevant, the conditions under which the Third Party Provider proposes to reserve the right to stop or prevent a Third Party Transaction from being executed;
            (iv) the Customer’s liability under Rule 20.12.6 including details of any limits on such liability;
            (v) the Third Party Provider’s liability for unauthorised Third Party Transactions under Rule 20.12.5;
            (vi) the conditions for the payment of any refund to the Customer under this Chapter
            (f) about changes to and termination of the contractual arrangement:
            (i) where relevant, the proposed terms under which the Customer will be deemed to have accepted changes to the Governing Contract in accordance with Rule 20.2.6, unless they notify the Third Party Provider that they do not accept such changes before the proposed date of their entry into force;
            (ii) the duration of the Governing Contract;
            (iii) where relevant, the right of the Customer to terminate the Governing Contract and any agreements relating to termination in accordance with Rule 20.2.6.
            (g) about redress:
            (i) any contractual clauses on the law applicable to the Governing Contract and the competent courts; and
            (ii) the availability of any alternative dispute resolution procedures, if applicable, for the Customer and the methods for having access to them.

          • COBS 20.2.3

            A Third Party Provider must provide a Customer the information specified in Rule 20.2.2 before the Customer is bound by the Governing Contract.

        • Information provision during period of the Governing Contract

          • COBS 20.2.4

            If the Customer so requests at any time during the term of the Governing Contract, the Third Party Provider must provide the information specified in Rule 20.2.2 as well as any other terms of the Governing Contract.

        • Changes in contractual information

          • COBS 20.2.5

            Subject to Rule 20.2.7, any proposed changes to:

            (a) the existing terms of the Governing Contract; or
            (b) the information specified in Rule 20.2.2,

            must be provided by the Third Party Provider to the Customer no later than two months before the date on which they are to take effect.

          • COBS 20.2.6

            If the Third Party Provider is allowed to make unilateral changes to the Governing Contract and proposes to make such changes, the Third Party Provider must inform the Customer that:

            (a) unless the Customer notifies the Third Party Provider to the contrary before the proposed date of entry into force of the changes, the Customer will be deemed to have accepted the changes comunicated to it under Rule 20.2.5; and
            (b) the Customer has the right to terminate the Governing Contract without charge at any time before the proposed date of entry into force of the changes.

          • COBS 20.2.7

            Changes in exchange rates may be applied immediately and without notice where:

            (a) such a right is agreed under the Governing Contract and any such changes in exchange rates are based on the Reference Exchange Rate information which has been provided to the Customer in accordance with Rule 20.2.2; or
            (b) the changes are more favourable to the Customer.

          • COBS 20.2.8

            Any change in the exchange rate used in Third Party Transactions must be implemented and calculated in a neutral manner that does not discriminate collectively against Customers.

        • Termination of a Governing Contract

          • COBS 20.2.9

            The Customer may terminate the Governing Contract at any time unless the parties have agreed on a period of notice not exceeding one month.

          • COBS 20.2.10

            Any charges for the termination of the Governing Contract must not exceed the actual costs to the Third Party Provider of termination.

          • COBS 20.2.11

            The Third Party Provider may not charge the Customer for the termination of a Governing Contract after the Governing Contract has been in force for six months.

          • COBS 20.2.12

            The Third Party Provider may terminate a Governing Contract concluded for an indefinite period by giving at least two months’ notice, if the Governing Contract so provides.

        • Information prior to execution of individual Third Party Transactions

          • COBS 20.2.13

            Where a Third Party Transaction is initiated by the Customer, at the Customer’s request the Third Party Provider must provide the Customer with a breakdown of all charges payable by the Customer in respect of the Third Party Transaction.

        • Information for the Customer on individual Third Party Transactions

          • COBS 20.2.14

            The Third Party Provider must provide to the Customer the following information in respect of each Third Party Transaction at least once per month free of charge:

            (a) a reference enabling the Customer to identify the Third Party Transaction;
            (b) if the Third Party Transaction leads to a Payment Transaction, the amount of the Payment Transaction in the currency in which the Customer’s Payment Account is debited or in the currency used for the Payment Order;
            (c) the amount of any charges for the Third Party Transaction and, where applicable, a breakdown of the amounts of such charges, or the interest payable by the Customer;
            (d) where applicable, the exchange rate used in the Third Party Transaction by the Third Party Provider;
            (e) the date of receipt of the Third Party Transaction; and
            (f) the date of execution of the Third Party Transaction.

        • Charges for information under a Framework Contract

          • COBS 20.2.15

            A Third Party Provider may not charge for providing or making available information which is required to be provided or made available under the provisions of Section 20.2.

          • COBS 20.2.16

            The Third Party Provider and the Customer may agree on charges for any information which is provided at the request of the Customer where such information is:

            (a) additional to the information required to be provided or made available by Section 20.2;
            (b) provided more frequently than is specified in Section 20.2; or
            (c) transmitted by means of communication other than those specified in the Governing Contract.

          • COBS 20.2.17

            Any charges imposed under Rule 20.2.16 must not exceed the Third Party Provider’s actual costs of providing such information.

        • Common provisions: communication of information

          • COBS 20.2.18

            Any information provided or made available by a Third Party Provider in accordance with Section 20.2 must be provided or made available in English, using easily understandable language, and in a clear and comprehensible form.

    • COBS 20.3 COBS 20.3 Information requirements required after the initiation of a Third Party Transaction

      • COBS 20.3.1

        A Third Party Provider must provide or make available to the Customer, immediately after the initiation of a Third Party Transaction:

        (a) confirmation of the receipt and successful initiation of the Third Party Transaction;
        (b) a reference enabling the Customer to identify the Third Party Transaction, and, where appropriate, any information transferred with the Third Party Transaction;
        (c) if the Third Party Transaction leads to a Payment Transaction, the amount of the Payment Transaction, in the currency used in the Payment Order;
        (d) the amount of any charges payable in relation to the Third Party Transaction and, where applicable, a breakdown of the amounts of such charges expressed;
        (e) where an exchange rate is used in the Third Party Transaction, the actual rate used or a reference to it, and, where the Third Party Transaction leads to a Payment Transaction, the amount of the Payment Transaction after that currency conversion; and
        (f) the date and time on which the Third Party Provider received the Payment Transaction.

      • COBS 20.3.2

        Where a Third Party Transaction is initiated by another Third Party Provider, the Third Party Provider must obtain and disclose the reference for the Third Party Transaction from the other Third Party Provider.

    • COBS 20.4 COBS 20.4 Disapplication of requirements for non-Natural Persons

      • COBS 20.4.1

        Where the Customer is not a Natural Person, the Customer and the Third Party Provider may agree in writing that the following Rules do not apply:

        (a) Rules 20.2.15 and 20.2.16 (charges for information);

        (b) Rule 20.7.3 and 20.7.4 (withdrawal of consent);

        (c) Rule 20.8.2 (revocation of a Payment Order);

        (d) Rules 20.10.1 and 20.10.2 (requests for refund);

        (e) Rule 20.11.1 (evidence on authentication and execution);

        (f) Rule 20.12.5 (liability for charges); and

        the parties may agree that a different time period applies concerning unauthorised or incorrectly executed Payment Transactions for the purposes of Rule 20.10.1.

    • COBS 20.5 COBS 20.5 Record keeping

      • COBS 20.5.1

        A Third Party Provider must maintain relevant records of all transactions and agreements with Customers and keep them for at least six years from the date on which the record was created.

      • COBS 20.5.2 COBS 20.5.2

        The records maintained by a Third Party Provider must include:

        (a) what Specified Information has been requested by the Customer;

        (b) what Specified Information has been accessed, processed and transferred by the Third Party Provider; and

        (c) what information about the Customer the Third Party Provider has obtained as part of its customer onboarding process.

        • Guidance

          1. As entities registered in the ADGM, Third Party Providers are subject to the Data Protection Regulations 2015. The Data Protection Regulations 2015 set out obligations for Third Party Providers to follow with regard to Customers’ personal data, regardless of where the Customer is domiciled.

          2. Where a Third Party Provider deals with Customers based outside the ADGM, the Regulator expects that the Third Party Provider will be in compliance with the relevant data protection regulations that apply to those Customers’ personal data.

    • COBS 20.6 COBS 20.6 Outsourcing of Operational Functions

      • COBS 20.6.1 COBS 20.6.1

        Where a Third Party Provider relies on a third party for the performance of operational functions it must take all reasonable steps to ensure that the Rules that are applicable to those operational functions are complied with.

        • Guidance

          GEN 3.3.31 and 3.3.32 and PRU 6.8 also govern outsourcing of functions and activities by an Authorised Person. A Third Party Provider is required to comply with those Rules.

    • COBS 20.7 COBS 20.7 Authorisation of Third Party Transactions

      • Consent and withdrawal of consent

        • COBS 20.7.1 COBS 20.7.1

          A Third Party Transaction is to be regarded as having been authorised by the Customer for the purposes of this Rule only if the Customer has given its consent to:

          (a) the execution of the Third Party Transaction; or
          (b) the execution of a series of Third Party Transactions of which that Third Party Transaction forms a part.

          • COBS 20.7.2

            Consent for the execution of a Third Party Transaction:

            (a) may be given before or, if agreed between the Customer and its Third Party Provider, after the execution of the Third Party Transaction;
            (b) must be given in the form, and in accordance with the procedure, agreed between the Customer and its Third Party Provider; and
            (c) may be given via another party as designated by the Customer in writing, including another Third Party Provider.

          • COBS 20.7.3

            The Customer may withdraw its consent to an individual Third Party Transaction at any time before the point at which the Third Party Transaction can no longer be revoked as set out in Rule 20.8.2.

          • COBS 20.7.4

            Subject to Rule 20.8.2, the Customer may withdraw consent to a series of Third Party Transactions at any time. All Third Party Transactions which have been previously consented to but not yet executed at the time that consent has been withdrawn will no longer be regarded as authorised.

    • COBS 20.8 COBS 20.8 Execution of Third Party Transactions

      • Refusal of Third Party Transactions

        • COBS 20.8.1

          (1) Where a Third Party Provider refuses to execute a Third Party Transaction, it must notify the Customer of the refusal at the earliest opportunity.
          (2) The Third Party Provider must provide the notification in the agreed manner of the refusal as set out in Rule 20.2.2.
          (3) Where possible, the Third Party Provider shall include the reasons for such refusal in the notification as well as the procedure that the Customer must take for rectifying any issues or factual errors that led to the refusal.

      • Revocation of a Third Party Transaction

        • COBS 20.8.2

          (1) A Customer may not revoke a Third Party Transaction after the Third Party Provider has confirmed receipt of the Third Party Transaction.
          (2) The Customer may not revoke a Third Party Transaction that it has initiated through another Third Party Provider.
          (3) A Third Party Transaction may only be revoked if the revocation is agreed between the Customer and the relevant Third Party Provider(s).

    • COBS 20.9 COBS 20.9 Authentication

      • Personalised Security Credentials

        • COBS 20.9.1

          A Third Party Provider must maintain adequate security measures to protect the confidentiality and integrity of Customers’ Personalised Security Credentials.

        • COBS 20.9.2

          A Third Party Provider must ensure that appropriate means are available at all times to enable a Customer to notify the Third Party Provider of the loss, theft, misappropriation or unauthorised use of the Customer’s Personalised Security Credentials.

      • Strong Customer Authentication

        • COBS 20.9.3

          A Third Party Provider must employ Strong Customer Authentication where a Customer accesses, processes or transfers Specified Information through the Third Party Provider.

    • COBS 20.10 COBS 20.10 Notification of unauthorised or incorrectly executed Third Party Transactions

      • COBS 20.10.1

        Subject to Rule 20.10.2, a Customer is only entitled to redress if it notifies its Third Party Provider without undue delay, and in any event no later than twelve months after the date of execution, on becoming aware of any unauthorised or incorrectly executed Third Party Transaction.

      • COBS 20.10.2

        Where the Third Party Provider has failed to provide or make available information concerning the Third Party Transaction in accordance with Section 20.3, the Customer is entitled to redress even if the Customer has failed to notify the Third Party Provider within the time period set out in Rule 20.10.1.

      • COBS 20.10.3

        Where a Customer has notified the Third Party Provider that a Third Party Transaction involving the Primary Financial Institution is unauthorised or incorrectly executed, the Third Party Provider must inform the Primary Financial Institution of the Customer’s notification.

      • COBS 20.10.4

        Where an unauthorised or incorrectly executed Third Party Transaction leads to a Payment Transaction, the Payment Transaction will be deemed to be unauthorised or incorrectly executed.

    • COBS 20.11 COBS 20.11 Evidence on authentication and execution of Third Party Transactions

      • COBS 20.11.1

        Where a Customer:

        (a) denies having authorised an executed Third Party Transaction; or

        (b) claims that a Third Party Transaction has not been correctly executed;

        it is for the Third Party Provider to prove that the Third Party Transaction was authenticated, accurately recorded, processed in line with the Third Party Provider’s procedures for executing Third Party Transactions and not affected by a technical breakdown or some other deficiency in the service provided by the Third Party Provider or any third party it relies upon for the performance of operational functions.

      • COBS 20.11.2

        If a Third Party Provider alleges that a Customer acted fraudulently or failed with intent or gross negligence to take all reasonable steps to keep safe Personalized Security Credentials, the Third Party Provider must provide supporting evidence to the Customer and to the Primary Financial Institution.

      • COBS 20.11.3

        Upon request by the Primary Financial Institution, the Third Party Provider shall provide supporting evidence to demonstrate that the Third Party Transaction was authenticated, accurately recorded and executed in accordance with the Third Party Provider’s policies for providing Third Party Services.

    • COBS 20.12 COBS 20.12 Liability

      • Third Party Provider’s liability for unauthorised Third Party Transactions

        • COBS 20.12.1

          Subject to Rules 20.10 and 20.11, where an executed Third Party Transaction was not authorised in accordance with Rule 20.7 and the Third Party Transaction leads to an unauthorised Payment Transaction, the Third Party Provider must:

          (a) refund the Primary Financial Institution for the amount that the Primary Financial Institution may have already refunded to the Customer; and

          (b) refund the Customer for the amount of the unauthorised Payment Transaction, less any amount that the Third Party Provider has refunded to the Primary Financial Institution.

        • COBS 20.12.2

          The Third Party Provider must provide a refund under Rule 20.12.1 as soon as practicable, and in any event no later than the end of the Business Day following the day on which it has confirmed that the Third Party Transaction was unauthorised or incorrectly executed.

        • COBS 20.12.3

          The requirement to provide a refund within the timeframe prescribed in Rule 20.12.2 does not apply where the Third Party Provider has reasonable grounds to suspect fraudulent behaviour by the Customer.

        • COBS 20.12.4

          The Third Party Provider is not liable for any losses incurred by the Customer in respect of an unauthorised Third Party Transaction where the Customer:

          (a) has acted fraudulently; or

          (b) has with intent or gross negligence failed to ensure that the Personalised Security Credentials are not accessible to persons other than the Customer.

        • COBS 20.12.5

          A Third Party Provider is liable to its Customer for any charges for which the Customer is responsible and any interest which the Customer must pay as a consequence of the non-execution, defective or late execution of a Third Party Transaction by the Third Party Provider.

      • Customer’s liability for unauthorised Third Party Transactions

        • COBS 20.12.6

          Except where the Customer has acted fraudulently or has with intent or gross negligence failed to ensure that its Personalised Security Credentials are not accessible to persons other than the Customer, the Customer is not liable for any losses incurred in respect of an unauthorised Third Party Transaction:

          (a) arising after notification to the Third Party Provider in the agreed manner on becoming aware of the loss, theft, misappropriation or unauthorised use of the Customer’s Personalised Security Credentials;

          (b) where the Third Party Provider has failed at any time to provide, in accordance with Rule 20.9.2, appropriate means for notification; or

          (c) where the Third Party Provider has failed to apply Strong Customer Authentication.

    • COBS 20.13 COBS 20.13 Dispute resolution

      • COBS 20.13.1

        A Third Party Provider must put in place and utilise adequate and effective complaint resolution procedures for the settlement of complaints from Customers about the rights and obligations arising under this Chapter.

      • COBS 20.13.2

        All complaints must be recorded, investigated and resolved within an adequate timeframe and at the latest fifteen Business Days after the day on which the Third Party Provider received the complaint.

      • COBS 20.13.3

        A Third Party Provider must make available to the Customer the details of the dispute resolution services able to deal with disputes concerning the rights and obligations arising under this Chapter in a clear, comprehensive and easily accessible form.

      • COBS 20.13.4

        The information to be made available under Rule 20.13.3 must be made available:

        (a) on the website of the Third Party Provider;

        (b) at the main office and any branches of the Third Party Provider; and

        (c) in the general terms and conditions of the Governing Contract.

    • COBS 20.14 COBS 20.14 Reporting and Risk mitigation

      • Management of operational and security risks

        • COBS 20.14.1 COBS 20.14.1

          (1) A Third Party Provider must establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks relating to the Third Party Services it provides.

          (2) As part of that framework, the Third Party Provider must establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents.

          (3) A comprehensive assessment of operational and security risks must be undertaken by the Third Party Provider relating to the Third Party Services it provides, at least annually or more frequently if requested by the Regulator, and provided to the Regulator on request.

          (4) The assessment must address the adequacy of the mitigation measures and control mechanisms implemented in response to those risks in such form and manner, and contain such information, as the Regulator may direct.

          • Guidance

            The Regulator may provide further guidance to Third Party Providers on their management of technology and data risks that sets out the Regulator’s expectations on how Third Party Providers should meet their obligations under this section and other applicable Rules. A Third Party Provider’s use of such guidance will be taken into account as part of the ongoing supervisory process of assessing Third Party Providers’ risk profile.

      • Incident reporting

        • COBS 20.14.2 COBS 20.14.2

          (1) A Third Party Provider must notify the Regulator without undue delay if it becomes aware of a major operational or security incident.

          (2) A notification under (1) must be in such form and manner, and contain such information, as the Regulator may direct.

          (3) The Third Party Provider must inform its Customers without undue delay of the incident and the measures that it will take to mitigate the incident if the incident has or may have an impact on the financial interests of its Customers.

          • Guidance

            1. Upon receipt of the notification referred to in 20.14.2(1), the Regulator may notify any other relevant authorities in the U.A.E..

            2. If the Regulator receives notification of an incident from any relevant regulator in the U.A.E. or internationally, it may direct the Third Party Provider to take appropriate measures to protect the immediate safety of their Customers and the financial system.

      • Safety and Integrity of Interfacing Systems

        • COBS 20.14.3 COBS 20.14.3

          (1) A Third Party Provider must take such steps as directed by the Regulator to demonstrate the safety and integrity of their Interfacing Systems.

          (2) Prior to commencing operations, the Senior Executive Officer of a Third Party Provider must provide the Regulator with an attestation that the Third Party Provider has taken all reasonable steps to ensure the security and integrity of their Interfacing Systems.

          (3) On an annual basis or more frequently if requested by the Regulator, the Senior Executive Officer of a Third Party Provider must provide the Regulator with an attestation that the Third Party Provider has taken all reasonable steps to ensure the security and integrity of their Interfacing Systems.

          (4) An attestation under (2) or (3) must be in such form and manner, and contain such information, as the Regulator may direct.

          (5) For each attestation provided to the Regulator, the Third Party Provider must provide a report by a qualified independent third party that assesses the adequacy of the personnel, procedural and technical controls put in place by the Third Party Provider or any other parties to whom the Third Party Provider may have outsourced operational functions.

          • Guidance

            1. The Regulator may require Third Party Providers to demonstrate the safety and integrity of their Interfacing Systems by, inter alia, connecting to systems operated by the Regulator or by conducting such tests on the Interfacing Systems as the Regulator may specify.

            2. An attestation provided under Rule 20.14.3 is not a legally binding instrument. It places personal responsibility on the Senior Executive Officer of the Third Party Provider to ensure that all reasonable steps have been taken. Should operational or security incidents occur, the Regulator will consider whether the Senior Executive Officer had misled the Regulator in line with Article 221 of the Financial Services and Markets Regulations 2015 on Misleading the Regulator.

            3. In considering whether a person meets the criteria of the qualified independent third party referred to in Rule 20.14.3(5), the Regulator will have regard to, inter alia, the experience and expertise of the person in conducting such assessments whether in the U.A.E. or internationally.

      • Technical Standards for Interfacing Systems

        • COBS 20.14.4 COBS 20.14.4

          (1) A Third Party Provider shall ensure that their Interfacing Systems comply with technical standards that the Regulator may prescribe.

          • Guidance

            From time to time, the Regulator may issue technical standards for Interfacing Systems. Such standards may be created taking in inputs from Third Party Providers as well as other industry parties.