• GUIDANCE & POLICY STATEMENTS

    • Guidance – Joint Guidance on the treatment of IFRS 9 Expected Credit Loss provisions in the UAE in the context of the COVID-19 crisis [5 April 2020]

      Click here to view PDF.

      • Executive Summary

        This Joint Guidance proposes practical solutions to manage the impact of economic uncertainty on Expected Credit Loss, while remaining compliant with globally accepted financial reporting standards, IFRS. It is suggested to employ the flexibility embedded in the IFRS 9 framework to cope with the Covid-19 crisis.
        Banks and finance companies are required to group clients that are part of the Targeted Economic Support Scheme (TESS). Such grouping will be performed according to the impact of the crisis on those clients as follows:
        • Those that are temporarily and mildly impacted (“Group 1”); and
        • Those that are significantly impacted (“Group 2”).
        Group 1 clients are not expected to face substantial changes in their creditworthiness, beyond liquidity issues, over the duration of the TESS or the period during which they are subject to stresses arising from Covid-19, whichever is the shorter. Consequently, their assigned “stage” under IFRS 9 should remain the same, at least for the duration of the scheme or their distress, whichever is the shorter.
        Group 2 clients are expected to face substantial changes in their creditworthiness, in addition to liquidity issues addressed by the TESS.
        • Where there is sufficient deterioration in credit risk to trigger a migration to stage 2, this migration should take place.
        • Due to the possibility of a future economic upturn, these clients will not normally be migrated to stage 3, based on their financial performance for the duration of the program. In exceptional circumstances, stage 3 migration can be triggered during the TESS program if clients’ business models are no longer sustainable.
        • Banks and finance companies should continue to treat clients, that are not part of the TESS, as per their existing IFRS 9 policies for the purpose of determining their stage.
        Banks and finance companies are not encouraged to recalibrate IFRS 9 models during the crisis, due to the high degree of uncertainty surrounding its economic consequences. Rather, input adjustments and judgmental overlays should be considered. Exposure at default should incorporate realized exceptional drawdowns occurring because of the crisis. Generally, banks and finance companies should also consider overlays to accounts for weaknesses in the predictive power of models during the crisis.
        Banks and finance companies are not required to incorporate the updated macroeconomic forecasts into ECL until September 1, 2020. However, dedicated governance should be put in place to review thoroughly these forecasts before they are used to compute IFRS 9 Expected Credit Loss.
        Finally, comprehensive specific disclosures are required to ensure transparency in the grouping process, the design of the economic forecasts, any adjustment to model input and/or any judgmental overlay.

      • 1. Background

        As the Covid-19 virus spreads across the globe, economic consequences will follow, both in the short- and long-term. The Central Bank of the UAE (the “CBUAE”) has already taken relief measures under the Targeted Economic Support Scheme (“TESS”), effective from 15th March 2020. The economic disruption and the relief measures will have an effect on the financial accounts of banks and finance companies operating in the UAE, including the Dubai International Financial Centre (“DIFC”) and Abu Dhabi Global Market (“ADGM”), and this effect needs to be appropriately reflected by the existing financial reporting framework. Given that the principles-based nature of International Financial Reporting Standards (“IFRS”) are open to significant interpretations, the CBUAE, together with the Dubai Financial Services Authority (the “DFSA”) and the Financial Services Regulatory Authority (the “FSRA”), as the banking regulators in the UAE’s financial free zones (collectively the “Regulators”), believe that additional guidance is needed.
        This Joint Guidance is issued pursuant to the powers vested, respectively, in (i) the CBUAE under the Central Bank Law, No. (14) of 2018 regarding the Central Bank & Organization of Financial Institutions and Activities (the “Central Bank Law”), (ii) the DFSA under Article 36 of the Regulatory Law, DIFC Law No.1 of 2004 and (iii) the FSRA under section 15 of the Financial Services and Markets Regulations 2015.
        Paragraph 5.5.17 of the IFRS 9 standard states that expected credit loss (“ECL”) used as to determine accounting provisions must be “an unbiased and probability-weighted amount that is determined by evaluating a range of possible outcomes”. It must be based upon “reasonable and supportable information that is available without undue cost or effort at that date about past events, current conditions and forecasts of future economic conditions”. In other words, the ECL must be point-in-time and forward looking in a way that is not overly optimistic nor overly pessimistic. However, the exceptional circumstances surrounding the Covid-19 crisis make this exercise challenging because of the uncertainty regarding its economic consequences.
        This Joint Guidance is necessary to ensure (i) harmonization across the UAE banking sector and (ii) that provisions are appropriately calculated. This Joint Guidance proposes practical solutions to manage the impact of economic uncertainty on ECL, while remaining compliant with globally accepted financial reporting standards, IFRS. This implies meeting the accounting requirements of an accurate and point-in-time estimation of risk, while recognizing that this decision process needs to be adjusted in the current environment. The Regulators hold the view that the flexibility embedded in IFRS 9 framework should be employed to cope with the current crisis. This Joint Guidance presents a mixture of adjustments offered by the IFRS 9 principles, such as individual assessment, portfolio assessment, macroeconomic adjustment and management overlay.
        At this point-in-time, banks and finance companies are not required to update model parameters to account for this crisis. Rather, banks and finance companies are required to adjust inputs, consider model outputs critically and make use of temporary, judgmental overlay if necessary.
        For foreign banks operating in Financial Free Zones as branches, they can choose to follow this Joint Guidance or guidance issued by their home country relevant authorities, if any.

      • 2. 2. Staging And Default

        IFRS 9 requires banks and finance companies to assess, at each reporting date, whether the credit risk of a financial instrument has increased significantly since its initial recognition. For that purpose, it relies on the concept of Significant Increase in Credit Risk (“SICR”). Clients subject to SICR have their ECL computed over the lifetime of their facility (stage 2) instead of the one-year horizon applicable otherwise (stage 1). SICR is generally driven by several quantitative and qualitative factors, under the discretion of banks and finance companies, and reviewed by external auditors. Amongst others, common drivers of SICR are clients’ number of days-past-due (“DPD”), increase in probability of default (“PD”) and change of rating.

        • 2.1. Repayment Events and Staging Implications

          Over the next few months, banks and finance companies are likely to witness a range of facility repayment events, directly or indirectly, linked to the Covid-19 crisis. These events should not automatically trigger SICR. The nature of such events is set out below, as well as their staging implications.

          Payment deferrals: A large number of clients are expected to be offered payment deferrals by which they will temporarily cease payments of principal and/or interest/profit. Their facilities may be re-scheduled or restructured, and in some cases, additional credit lines may be offered. The TESS scheme issued by the CBUAE intends to facilitate this process by offering zero-cost funding to banks and finance companies. Regulators recognise that some clients will also benefit from payment deferrals outside of the TESS scheme, as banks and finance companies may voluntarily offer payment deferrals to clients outside of this programme. Consequently, the pool of clients benefitting from payment deferrals will comprise both ‘TESS clients’ and ‘non-TESS clients’.
          Staging for TESS clients: The TESS circular amended on 4 April 2020 states under point 9.1. d), that the IFRS 9 staging for TESS clients shall normally remain unchanged for the duration of the scheme. This is based on the presumption that most of these clients will not experience a significant increase in credit risk by virtue of their eligibility for the scheme. In reality, the range of situations will vary and a tailored approach is necessary to align with IFRS principles. Therefore, the aforementioned stage migration principle contained in the TESS needs to be interpreted to allow migrations when needed. Further guidance is given in section 2.2 below.
          SICR Issues: In light of these repayment arrangements and of the government support scheme, the existing mechanisms in place within banks and finance companies to trigger SICR may not be appropriate to address the exceptional circumstances of this crisis. These mechanisms would most likely fail to recognize the scale of various support measures being put in place by government authorities and central banks, both globally and in the UAE. In addition, even certain clients not benefitting from repayment arrangements can be indirectly impacted by the Covid-19 crisis and therefore the SICR triggers currently in place, should be applied cautiously and subject to exercise of judgement.
          Rebuttable Presumption: More specifically, IFRS 9 includes a rebuttable presumption that a facility with more than 30 DPD has undergone a SICR. However, this assumption is likely to be rebutted for clients benefitting from exceptional payment deferrals due to the crisis. For these clients, DPD should no longer be used as a relevant automatic indicator of SICR. Instead it should be frozen at the date of facility rescheduling. DPD can be used again as a relevant indicator when the client leaves the scheme, if the client encounters delays in payment thereafter. Additionally, all other factors usually driving SICR should be carefully evaluated, without automatic triggers, in particular those resulting in the revision of PD and internal/external credit ratings, for the duration of the crisis.

        • 2.2 2.2. Interim Solution: Categorisation

          In light of the points mentioned above, for the purpose of staging updates, banks and finance companies are encouraged to apply judgment and consider clients as explained below - for wholesale and retail clients respectively.

          The Regulators expect that such analysis should start as soon as sufficient, reasonable and supportable information is available. This process is expected to be gradual and iterative as the degree of uncertainty surrounding the Covid-19 crisis reduces through time. Until decided otherwise by bank and finance company management, all clients benefitting from payment deferrals will remain in their current stage, unless movement to a lower stage is motivated by events such as bankruptcy, fraud or skip of owners and senior managers. For consistency and practical purposes, the period of applicability of this interim solution is expected to be in line with that of the TESS scheme because, at this point in time, the TESS duration is a relevant benchmark for the crisis duration.

          • 2.2.1. Wholesale Clients (including SMEs)

            For clients not benefitting from payment deferrals, the SICR mechanisms in place would continue to be applied but with judgmental overrides, when deemed appropriate. This means that stage migrations automatically triggered should be analysed and understood, with the option to be stopped if clients are expected to recover relatively quickly, once the Covid-19 crisis is over. This remains in line with the spirit of IFRS 9, which requires an assessment of the lifetime creditworthiness of a facility.

            For clients benefitting from payment deferrals (all TESS clients and some non-TESS clients) instead of relying on the mechanistic SICR triggers in place, banks and finance companies should separate these clients into two groups based on dedicated analyses, using the following principles:

            Group 1: clients that are temporality and mildly impacted by the Covid-19 crisis.
            o For these clients, the payment deferrals are believed to be effective and thus the economic value of the facilities is not expected to be materially affected. These clients are expected to face liquidity constraints without substantial changes in their creditworthiness.
            o For these clients, banks should hold the view that, despite being subject to payment deferrals, there is insufficient deterioration in credit quality to trigger a stage migration. These clients will remain in their current stage, at least for the duration of the crisis, or their distress, whichever is the shorter. For instance, this would apply to industries that are expected to rapidly return to normal business conditions, once confinement policy decisions are over.
            Group 2: clients that are expected to be significantly impacted by Covid-19 in the long term.
            o These clients are expected to face substantial changes in their creditworthiness beyond liquidity issues. For these clients, there is sufficient deterioration in credit risk to trigger a migration to stage 2, and this migration should take place.
            o Due to the possibility of later economic rebound, these clients are not expected to migrate to IFRS 9 stage 3 based on their financial performance during the period of the crisis. In exceptional circumstances, such stage 3 migration can be triggered by liquidation/ bankruptcy caused by (i) non-financial events (such as fraud) or (ii) significant disruptions threatening the long-term sustainability of the clients’ business model.
            o Consequently, banks and finance companies must continue to monitor the creditworthiness of these clients, particularly indications of potential inability to pay any of their obligations as and when they become due.

            The above grouping decisions should take into consideration the specific circumstances of clients in the context of the Covid-19 outbreak. Banks and finance companies should perform analyses by incorporating at least the following principles:

            a) Grouping decisions should rely on a mixture of quantitative analysis and a judgmental approach based on the views of clearly identified subject matter experts within banks.
            b) Grouping decisions should be in line with the spirit of IFRS 9 stages; relying on the assessment of credit risk over the lifetime of facilities. Hence the necessary distinction between clients that are impacted over the short term vs. long term.
            c) It is expected that clients will face a range of impact intensity and duration. Therefore, grouping will be achieved by establishing cut-offs based on expert judgment. Industries and sectors could be used as a commonly accepted starting point for segmentation.
            d) For clients to which banks and finance companies have a material exposure, analyses are expected to be performed on a case-by-case basis. For clients with less material exposures, analyses should be performed on a portfolio basis and be based on credit risk drivers, typically industry, tenor and rating. It may be useful to set appropriate materiality thresholds for the purpose of client segregation. For example, in this context, a client could be considered material if it belongs to the top 50 clients ranked by the size of exposure at default (“EAD”) or contributes to the cumulative top 30% of the total wholesale portfolio EAD. Banks and finance companies with less than 50 clients would therefore treat their entire portfolio on a case-by-case basis, for the purpose of this exercise.
            e) For the purpose of establishing priorities in this grouping exercise, banks and finance companies are expected to organize their portfolio by materiality and susceptibility to the crisis, and start with the most material/susceptible segments. It is expected that the assessment will be more reliable at an individual account/obligor level rather than at a portfolio level.
            f) Ultimately, banks and finance companies should assess if their clients have put in place appropriate measures to cope with the crisis, in particular, decisions related to the management of their cash position, inventories, fixed costs and financial costs.
            g) Considerations related to parent/government guarantee and collateral should also be included in the grouping decision, as such decision should consider potential credit enhancement.

            Return to stage 1: For wholesale clients classified in Group 2 during the crisis, banks and finance companies may consider migrating them back to stage 1 once there is clear evidence that customers are no longer impacted by the Covid-19 crisis. The analysis of staging upgrade must be performed at least at the same granularity employed for staging downgrade. For those clients that migrated to stage 2, a return back to stage 1 needs to be supported by three consecutive monthly payments or one payment if the payment intervals are longer than two months (typically quarterly), provided that there is reasonable evidence supporting an improvement in creditworthiness. For TESS clients in particular, such payments qualify only when clients are no longer supported by the TESS scheme.

          • 2.2.2. Retail Clients

            For clients not benefitting from payment deferrals, the SICR mechanisms in place would continue to be applied. As judgmental overrides are practically challenging to implement for retail portfolios, other solutions should be envisaged to manage the unwarranted consequences of an automatic stage migration as follows:

            • Banks and finance companies are encouraged to take pre-emptive initiatives towards clients to help them anticipate financial difficulties and potentially avoid deterioration of credit risk and consequential trigger of stage migrations. For instance, this can be achieved by clear communication to clients about payment deferral schemes (as part of TESS or not) and a process for them to report difficulties.
            • Banks and finance companies are also encouraged to undertake regular analysis by segments in order to identify spikes in migrations, which can subsequently be used to inform necessary updates of accounting policy.

            For clients benefitting from payment deferrals (all TESS clients and some non-TESS clients), instead of relying on the mechanistic SICR triggers in place, banks and finance companies should separate these clients into two groups based on dedicated analyses.

            • Group 1: clients that are temporarily and mildly impacted by Covid-19. These clients will remain in their current stage; and
            • Group 2: clients that are expected to be significantly impacted by Covid-19 in the long term. These clients will migrate to stage 2. Migration to stage 3 will normally not occur for the duration of the program, unless motivated by specific circumstances.

            The grouping decisions should take into consideration the specific circumstances of clients in the context of the Covid-19 outbreak, including at least the following principles:

            a) Case-by-case analyses may be practically challenging for retail clients. Instead, portfolio and/or product analyses might be more appropriate.
            b) Grouping decisions should rely on a mixture of quantitative analysis and a judgment-based approach based on the views of clearly identified subject matter experts within banks and finance companies.
            c) When possible, banks and finance companies should assess whether clients’ employment and financial situations are likely to be impacted temporarily or over the longer term. More specifically, banks and finance companies should consider at least (i) the severity of the impact on the sources of income, typically, whether clients are subject to temporary salary reduction or employment loss, (ii) clients’ financial leverage and (iii) residency status.
            d) If possible, the industry/sector associated with retail clients’ employment should be taken into consideration in the grouping analysis. The treatment of industries for retail clients should be consistent with that of wholesale clients.
            e) For the purpose of segregation, it might be necessary to systematically collect additional information from clients entering the TESS scheme and other payment deferral initiatives that banks and finance companies wish to put in place outside TESS.

            Return to stage 1: For retail clients classified in Group 2 during the crisis, banks and finance companies may consider migrating them back to stage 1 once there is clear evidence that customers are no longer impacted by the Covid-19 crisis. The analysis of staging upgrade must be performed at least at the same granularity employed for staging downgrade. For clients benefitting from deferrals during the crisis, that migrated to stage 2, a return back to stage 1 can occur after 6 months of performing payments. For TESS clients in particular, such payments qualify only when clients are no longer supported by the TESS scheme.

      • 3. Exposure And Recovery

        Exposure at Default (“EAD”), which is one of the parameters for the computation of ECL, should be estimated by incorporating the context of the Covid-19 crisis as follows:
        • Firstly, exceptional drawdowns permitted under TESS should be reflected in the calculation of EAD.
        • Secondly, any other realized drawings under loan contracts such as revolving facilities and overdrafts are also expected to impact EAD.
        • Thirdly, the predictions made by statistical EAD models are likely to deviate from realized drawdowns during the crisis. Therefore, banks and finance companies should critically assess the expected exposures under off-balance sheet facilities, in particular across wholesale and retail clients. If necessary, temporary add-ons and overlay can be considered, rather than model recalibration. It is essential that overlays are the subject of high-quality governance, given the unprecedented nature of the current situation.
        The Covid-19 crisis is also expected to impact loss given defaults (“LGD”). Banks and finance companies should take the necessary steps to understand the implication of the crisis on the drivers of LGD, including but not limited to (i) the cash situation of clients, (ii) the value of collateral and (iii) the enforceability of guarantees. In light of the potential illiquidity of certain types of collateral during the crisis, banks and financial companies are encouraged to consider the appropriateness of their valuation methods. Finally, for government guarantees, banks and finance companies should analyze whether such support should be incorporated in the LGD of the facility or considered as a separate reimbursement.
        For the duration of the Covid-19 crisis, we do not expect any re-calibration of the LGD models, unless such re-calibration is necessary to rectify deficiencies identified prior to the Covid-19 crisis.

      • 4. Macroeconomic Overlay

        As per the IFRS 9 accounting rules, ECL should incorporate forward looking information in the form of a macroeconomic overlay. The purpose of this overlay is to adjust the estimation of PD, LGD and EAD, in order to incorporate not only backward looking statistical data, but also forward-looking assessment. This is especially important if future economic developments are expected to be significantly different from past experience. The macroeconomic scenario inputs are expected to impact all clients.
        Under the IFRS 9 framework, banks and finance companies are expected to update the macroeconomic forecasts, in order to reflect the likely change in the economic environments (in both the UAE and abroad). However, the Regulators recognize the high degree of uncertainty surrounding the economic consequences of the Covid-19 crisis and therefore the challenges of constructing meaningful and accurate economic forecasts at this point in time. In addition, the UAE economy is materially dependent on the performance of the global economy, therefore the evolution of Covid-19 related government policies implemented throughout the world will also impact the UAE economic forecasts.
        Consequently, and in order to avoid excessive disparity amongst banks and finance companies’ macroeconomic forecasts, banks and financial companies are not expected to incorporate the updated forecasts into ECL until September 1, 2020. Subsequent to this date, banks and finance companies should follow their existing process for the production of economic scenario forecasts. Furthermore, in light of the exceptional circumstances, banks and finance companies are required to establish dedicated crisis-focused governance, in order to (i) undertake benchmark analyses using relevant sources, (ii) seek the view of economists and subject matter experts, (iii) ensure that key macro factors driving ECL are still relevant for the present circumstances and (iv) adjust the economic forecasts iteratively, as new information becomes available.
        When banks and finance companies are in a position to use economic forecasts to generate PDs and LGDs, they need to be mindful of lags currently employed in their macro models. The modelled lags are likely to be longer than observed in reality during this specific crisis.
        Finally, banks and finance companies also have the option to employ add-ons at portfolio or product level in order to holistically reflect changes in the economic environment, provided that the decision-making process and results are fully documented and disclosed.

      • 5. 5. Disclosures

        The Regulators require transparency across the UAE banking sector during this crisis. It is essential that banks and finance companies provide additional relevant and comprehensive disclosures related to ECL computation in their 2020 Q1 audited financials and subsequent audited reporting until the end of the Covid-19 crisis.
        Banks and finance companies shall report material changes that occurred in their books since December 2019, susceptible to impact of ECL. This disclosure should contain detailed information related to each of the items listed below, and any other items the bank deems relevant:
        • The proportion of TESS clients per portfolio or product, for wholesale and retail clients.
        • When identified, the proportion of Group 1 and Group 2 clients as defined in this Joint Guidance, per portfolio, with their associated exposure, ECL, stage and average PD and LGD. Information on TESS clients shall be disclosed, for instance, in terms of size of counterparts, industry, rating and product types.
        • A breakdown of exposures associated with staging migrations covering TESS and non-TESS clients.
        • The changes in EAD since December 2019 and the expected future changes.
        In addition, banks and finance companies should disclose their approach employed during this exceptional period to assess ECL components and the required grouping of TESS customers. This disclosure should contain detailed discussion related to each of the below items, and any other items the bank deems relevant:
        • The dedicated crisis-focused governance put in place for the purpose of grouping decisions, macroeconomic scenario adjustment and any other management overlay.
        • Quantitative analyses performed with the information available.
        • Assumptions and judgements supporting the estimation of ECL components.
        • Any update made to the macro forecasts.
        • Any judgmental overlay implemented at portfolio of product level.

        • Quantitative information

          • The disclosures should contain information on the proportion of clients benefitting from deferrals per portfolio or product, for wholesale and retail clients.
          • When identified, the proportion of Group 1 and Group 2 clients as defined in this Joint Guidance, per portfolio, with their associated exposures and ECL.
          • The amount of macro overlay added to ECL per portfolio or product as explained in this Joint Guidance.
          • The total changes in EAD since December 2019.
          Stage migrations estimated as EAD by portfolio since December 2019.
          • For wholesale clients, the change of ECL split by industry, since December 2019.
          • For retail clients, the change of ECL split by products, since December 2019.

        • Qualitative information

          In addition, banks and finance companies should disclose the approach employed during this exceptional period to assess ECL components and the required grouping driving stages. This disclosure should at a minimum contain detailed discussion related to each of the below items:

          • The dedicated crisis-focused governance put in place for the purpose of grouping decisions, macroeconomic scenario adjustment and any other management overlays.
          • Analyses performed with the information available at that point in time.
          • Assumptions and judgements supporting the estimation of ECL components.
          • The rationale behind updates made to the macro forecasts.
          • Any judgmental overlays implemented at portfolio or product level.

    • Guidance – Regulation of Digital Securities Activities in ADGM [24 February 2020]

      Click here to view PDF.

    • Guidance – Regulation of Digital Securities Activities in ADGM [24 February 2020]

      • INTRODUCTION

        1) This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority ("FSRA"), the FSRA's Guidance & Policies Manual, its 'Guidance — Regulation of Digital Security Offerings (ICOs) and Virtual Assets under the FSMR' ("ICO Guidance"),1 its 'Guidance — Regulation of Virtual Asset Activities in ADGM' ("Virtual Asset Guidance")2, and its 'Guidance — Regulatory Framework for Private Financing Platforms'.3
        2) This Guidance is applicable to entities considering the use of, or using, 'Digital Securities' within ADGM, including activities undertaken by Recognised Investment Exchanges (RIEs), Multilateral Trading Facilities (MTFs), Issuers, Reporting Entities, Authorised Persons conducting a Regulated Activity in relation to Virtual Assets, and Authorised Persons Providing Custody or Operating a Private Financing Platform ('PFP'), amongst others. The Guidance clarifies the use of Digital Securities within ADGM for both primary market and secondary market contexts. Readers seeking clarity on the licensing requirements for activities in relation to Virtual Assets should refer to the Virtual Asset Guidance.
        3) For the purposes of this Guidance, 'Digital Securities' are defined are types of digital assets that possess the features and characteristics of a Security (as defined in Schedule 1 — Part 3 of Specified Investments of FSMR).4 Digital Securities also include 'tokenised' offerings of Securities.
        4) This Guidance is separated into distinct chapters and is not necessarily best read from front to back. This Guidance may be most useful to a reader who needs to understand a specific aspect of FSRA policy in relation to Digital Securities, and who may therefore wish to better understand FSRA's regulatory treatment in the context of the reader's individual circumstances. Examples of such specific aspects could include (but are not limited to):
        a) a potential Issuer seeking to make an Offer of Digital Securities into ADGM;
        b) Issuers/Reporting Entities seeking to have Digital Securities admitted to the Official List of Securities;
        c) an MTF (using Virtual Assets) wanting to become a Digital Securities trading venue, whether that be as a RIE (refer to paragraphs 6872) or an MTF (refer to paragraphs 6367);
        d) a 'conventional' RIE or MTF wanting to operate a Digital Securities trading venue (refer to paragraphs 4144 for RIEs and paragraphs 4548 for MTFs);
        e) an Authorised Person that is Providing Custody in relation to Virtual Assets (a "Virtual Asset Custodian"), seeking to provide Digital Settlement Facility services (refer to paragraphs 7375);
        f) a 'conventional' intermediary, such as a broker, custodian, advisor, fund manager or asset manager, seeking to provide its services in relation to Digital Securities (refer to paragraphs 8792); or
        g) an Operator of a PFP seeking to market Digital Securities on its electronic platform (refer to paragraphs 9396).
        5) Except as otherwise set out, when interpreting (and demonstrating compliance with) the Rules discussed in this Guidance, readers are to interpret the Rules referenced in this Guidance (for example, in relation to the MIR, MKT, COBS, GEN and AML Rulebooks) in the way those Rules are written. Where this Guidance cross refers to the Virtual Assets Guidance, it is the FSRA'S general expectation that readers apply those relevant aspects of the Virtual Assets Guidance in the context of Digital Securities, with such changes in terminology being read (and understood) as required.
        6) This Guidance is not an exhaustive source of the FSRA's policy on the exercise of its regulatory functions and powers. The FSRA is not bound by the requirements set out in this Guidance and may:
        a) impose additional requirements to address any specific risks posed by Digital Securities; and/or
        b) waive or modify any of the Rules relevant to Digital Securities, at its discretion, where appropriate.
        7) Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in FSMR and the FSRA Glossary Rulebook ("GLO").
        8) For more details on the process for:
        a) conducting Offers of Securities, in or from ADGM, please contact the FSRA at MIP@adgm.com;
        b) recognition as a RIE and/or Recognised Clearing House (RCH), authorisation as an MTF or authorisation as an Authorised Person Providing Custody for services as a Digital Settlement Facility5 ("DSF"), please contact the FSRA at MIP@adgm.com; or
        c) authorisation as an intermediary conducting other Digital Securities-based activities, please contact the FSRA at authorisation@adgm.com.

        1 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-digital-security-offerings-and-virtual-assets-under-financial-services

        2 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-virtual-asset-activities-adgm

        3 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulatory-framework-private-financing-platforms

        4 Securities, as set out in Schedule 1 of FSMR, include the following,: Shares (paragraph 87); Instruments creating of acknowledging indebtedness (paragraph 88); Sukuk (paragraph 89); Government and public Financial Instruments (paragraph 90); Instruments giving entitlements to investments (paragraph 91); Certificates representing certain Financial Instruments (paragraph 92); and Units in a Collective Investment Fund (paragraph 93).

        5 This Guidance interchangeably uses terms relating to Providing Custody (and by extension providing DSF services) and DSF.

      • BACKGROUND

        9) In October 2017, the FSRA published its ICO Guidance, setting out its regulatory position in relation to ICOs, ICOs deemed to be Securities, and Crypto Assets generally. In June 2018, the FSRA formally implemented its Crypto Asset Regulatory Framework, which specifically included the Rules and requirements (including OCAB Guidance) applicable to OCAB Holders. The FSRA released its first update to the OCAB Guidance in May 2019.
        10) On the back of the publication of these regulatory frameworks/positions, the FSRA continues to see substantial interest across the digital assets space, including the related use of distributed ledger technology (DLT) platforms. This interest is spread across a wide spectrum of digital asset based financial services activities, including exchanges, custody, dealing, advising, fund management, payment and other-banking related services.
        11) Equally, in addition to there being interest across various digital asset-based financial services activities, there is also extensive interest spread across the various types of digital asset-related instruments (including Digital Securities, Crypto Assets, fiat tokens, Derivatives and Funds).
        12) This Guidance is intended to provide clarity to those seeking to undertake 'Digital Securities'-related financial services activities within ADGM, including Issuers wanting to make an Offer of Digital Securities and to assist OCAB Holders wanting to extend their digital assets/financial services activities beyond Accepted Crypto Assets. It is also intended to assist entities seeking to utilise new technologies (such as DLT) for the purposes of expanding their activities from the more 'conventional' Securities space into Digital Securities.
        13) In terms of Crypto Assets, the OCAB Regulatory Framework (including the OCAB Guidance) provides clarity in relation to what is needed to undertake Crypto Asset-based financial services activity within ADGM. For readers interested in the OCAB Regulatory Framework, the FSRA suggests you read the OCAB Guidance in the first instance.
        14) The diagram and table on the following pages set out the FSRA's regulatory approach in relation to the different types of digital asset activities within ADGM.



        Category of Digital Assets / Instruments Regulatory Approach
        "Digital Securities"

        (e.g., digital/virtual tokens that have the features and characteristics of a Security under the FSMR (such as Shares, Debentures and Units in a Collective Investment Fund)).
        Deemed to be Securities pursuant to Paragraph 58(2)(b) of FSMR.

        All financial services activities in relation to Digital Securities, such as operating primary / secondary markets, dealing / trading / managing investments in or advising on Digital Securities, are subject to the relevant regulatory requirements under the FSMR.

        Market intermediaries and market operators dealing or managing investments in Digital Securities need to be licenced / approved by FSRA as FSP holders (including as MTFs or Custodians), Recognised Investment Exchanges, or Recognised Clearing Houses, as applicable.
        "Crypto Assets"

        (e.g., non-fiat virtual currencies, crypto 'exchange tokens').
        Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

        Pursuant to the OCAB Framework, however, market intermediaries (e.g., broker dealers, custodians, asset managers) dealing in or managing Crypto Assets, and Crypto Asset Exchanges, need to be licenced / approved by FSRA as OCAB Holders. Only activities in Accepted Crypto Assets will be permitted.

        Capital formation activities are not provided for under the OCAB Framework, and such activities are not envisaged under the Market Rules (MKT).
        Derivatives and Collective Investment Funds of Crypto Assets, Digital Securities and Utility Tokens. Regulated as Specified Investments under the FSMR.

        Market intermediaries and market operators dealing in such Derivatives and Collective Investment Funds will need to be licenced / approved by FSRA as FSP holders, Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
        "Utility Tokens"

        (e.g., tokens which can be redeemed for access to a specific product or service, typically provided using a DLT platform, do not exhibit the features and characteristics of a regulated investment / instrument under the FSMR).
        Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

        Unless such Utility Tokens are caught as Accepted Crypto Assets, spot trading and transactions in Utility Tokens do not constitute Regulated Activities, activities envisaged under a Recognition Order (e.g., those of a Recognised Investment Exchange or Recognised Clearing House), or activities envisaged under MKT.

        'Utility Tokens' are not considered appropriate for use in capital formation activities, and are therefore not envisaged for use under the Market Rules (MKT).
        "Fiat Tokens"

        (e.g., stablecoins whose value are fully backed by underlying fiat currencies).
        Treated as a form of digital representation of Fiat Currency.

        Where used as a payment instrument for the purposes of Money Transmission as defined under the FSMR, the activity will be licenced and regulated as Providing Money Services.

      • Regulatory Treatment Of Digital Securities

        15) As set out in the ICO Guidance, the FSRA's assessment of whether an offering of a digital/virtual token is regulated under FSMR is conducted on a case-by-case basis (in keeping with FSRA's treatment of 'conventional' Securities). If a digital/virtual token being offered is assessed to exhibit the (economic and legal) features and characteristics of a Security, the FSRA will deem the digital/virtual token (being a "Digital Security") as a Security pursuant to Section 58(2)(b)6 of FSMR. This approach has been taken by the FSRA to ensure the protection of investors, noting that while a Digital Security may have the characteristics of a Security, this position is not always clear and accordingly requires review by the FSRA.
        16) To use its powers under Section 58(2)(b), the FSRA expects that an Issuer will provide to it such information as is required to demonstrate that the proposed Digital Security meets the requirements of a "Security" (as defined in FSMR). In circumstances:
        a) requiring the submission of an Approved Prospectus to the FSRA, the FSRA will use the documentation submitted as part of this approval process to determine whether it will deem a Digital Security a Security under Section 58(2)(b) of FSMR; or
        b) relating to an Exempt Offer, the FSRA will review the Exempt Offer documentation for the purposes of being able to make a determination under Section 58(2)(b). The FSRA's review will not be for the purposes of approving the Exempt Offer itself.
        17) In either scenario, the FSRA may also request further supporting documents from an Issuer (e.g., constitutional documents, relevant legal opinions).
        18) For regulatory purposes, Offers of Securities (as defined in Section 258 of FSMR), whether through a DLT platform, digital platform or other means, will be subject to consistent regulatory treatment by the FSRA. As such, similar to the treatment of a conventional Issuer of Securities, Issuers / market participants who seek to raise funds in a regulated, robust and transparent manner using new business models or technologies (such as DLT), are encouraged to engage with the FSRA regarding the proposed Offer as early as possible in the fund-raising process.
        19) Where appropriate, Issuers should consider the appointment of (legal) advisers to assist with the preparation and submission to the FSRA of its relevant diligence materials (as part of any submission to the FSRA pursuant to Section 58(2)(b) of FSMR).
        20) To ensure appropriate safeguards are in place to protect both investors and market integrity, an offer of a 'Utility Token' falls outside the FSRA's regulatory remit and is not permitted under the Markets Rules (MKT).

        6 Section 58(2) of FSMR sets out that the FSRA may, by written notice 'deem any investment which is not a Security to be a Security for the purposes of these Regulations and the Rules made under these Regulations.'

      • MARKETS RULES — Offers Of Securities To The Public

        • Offers of Securities

          21) The requirements for Offers of Securities to the Public are set out in Sections 58 to 71 of FSMR, and Chapter 4 of MKT. These requirements apply to Offers of all types of Securities, including Digital Securities.
          22) Section 58(1) of FSMR prohibits Issuers from making an Offer of Securities to the Public in or from ADGM (or to have Securities admitted to trading on a RIE) from doing so other than in accordance with FSMR, and MKT.
          23) As set out in section 59 of FSMR, an Offer of Securities to the Public is "a communication to any person in any form or by any means presenting information on the Offer and the Securities offered so as to enable an investor to decide to buy or subscribe to those Securities".7
          24) Issuers wishing to make an Offer of Securities to the Public in, or from, ADGM must comply with all applicable requirements, including (unless it is an Exempt Offer) the obligation to publish an Approved Prospectus under Section 61 of FSMR (a "Prospectus Offer"). The requirements for the structure and content of an Approved Prospectus are detailed in MKT Rule 4.5 and described in more detail in paragraphs 28–30 below.
          25) In accordance with MKT Rule 4.6.1, a person intending to make a Prospectus Offer must make an application for approval of a prospectus to the FSRA at least 20 days prior to the intended date of an Offer commencing. The FSRA expects to have discussed an application with the Issuer well in advance of this, including having reviewed draft Prospectus Offer documents, as applicable.
          26) Due to the complexities associated with Offers of Digital Securities (from a technology perspective, and to take into account the relative infancy and resultant risks of the Digital Securities industry itself), the FSRA generally expects that an Issuer intending to make an Offer of Digital Securities is to be incorporated within the ADGM.
          27) An Offer of Securities to the Public (made by way of an Approved Prospectus) can be used for the purposes of having such Securities admitted to trading on a RIE (see paragraph 42). Where such Securities have already been admitted to trading on a RIE, they may also be admitted to trading (on the basis of admission to the first RIE) on a further RIE or MTF.

          7 section 59 of FSMR excludes from an Offer of Securities any:

          (a) communication in connection with the trading of Securities admitted to trading on a RIE;
          (b) communication made for the purposes of complying with the on-going reporting requirements of the FSRA or a RIE; or
          (c) other communication prescribed in Rules as an exempt communication.

        • Prospectus content for an Offer of Digital Securities

          28) The required disclosures to be included in an Approved Prospectus are set out in Appendix 1 of MKT. A Prospectus related to the Offering of Digital Securities is to include all required disclosures set out within MKT Appendix 1, as applicable.
          29) Where an Issuer considers that a specific disclosure requirement is not applicable/not relevant to their intended Offering, the Issuer is required to request from the FSRA a modification/waiver at the time of submission of the (Draft) Approved Prospectus for FSRA approval. Such request should be submitted in full detail to the FSRA.
          30) In the particular context of Digital Securities, further guidance is set out below in relation to several key disclosure requirements for an Approved Prospectus:
          a) Prospectus language: Issuers should ensure that when preparing a Prospectus, it is 'easily analysable and comprehensible' to retail investors. This means that the Prospectus should be written in a style that is appropriate for retail investors, and that the use of defined terms, technical language and market terminology should be restricted to circumstances where their use aids the comprehension of a retail investor, or where their use is necessary to ensure the Prospectus is true, accurate and not misleading.
          b) Risk Factors: Pursuant to MKT Appendix 1.1.1–2.3, proper consideration is to be given to the real risks that face an Issuer, and generic or boilerplate disclosures are to be avoided. If a risk is not relevant to a particular Issuer, or its Digital Securities, then it is expected that no disclosure of that risk be included in the Issuer's Prospectus. Risk factors should be grouped together in a coherent manner and risk factors considered to be of the greatest or most-immediate significance should be disclosed prominently at the beginning of the risk factors section.
          c) Responsibility: As per MKT Rule 4.10, an Issuer or the Person making a Prospectus Offer remains responsible for all disclosures within a Prospectus and ensuring that the disclosures within a Prospectus are clear and not misleading.
          d) General Information: As set out in MKT Appendix 1.1.11.1, the country of incorporation of the Issuer and its incorporation number should be clearly disclosed within the Prospectus. A statement should be included on whether the Issuer has been established as a special purpose vehicle or entity for the purpose of issuing asset backed Securities. In the context of Digital Securities, the FSRA would generally view digital representations (such as tokens) of Debentures or notes backed by financial assets to be considered asset backed for the purpose of this disclosure requirement. Please note that the disclosure requirement in Securities Note — 7.1 also applies.
          e) Actual and proposed business activities: As set out in MKT Appendix 1.1.12.1, a description of the history of the Issuer is to be included, and where an Issuer is newly incorporated, information should be disclosed regarding any preceding entity which conducted similar operations or was controlled by the same parties.
          f) Historical financial information: As set out in MKT Appendix 1.1.1–7.1, where an Issuer has begun operations, its relevant financial information is to be included in the Prospectus, and be appropriately audited. An Issuer's financial statements are to be prepared in compliance with IFRS. As set out in MKT Appendix 1.1.1–9.4, please also note that the requirement for an expert report applies to special categories of Companies.
          g) Securities Note: For the purposes of MKT Appendix 1.2.1 — Section 2 (General information relating to the Securities (b)&(d)), in the case of Digital Securities, the FSRA would normally expect this disclosure requirement to be deemed N/A for the former, and subject to ADGM legislation for the latter.
          h) Securities Note — Other rights: Pursuant to MKT Appendix 1.2.1–2.4, the disclosure of other rights (such as the existence of voting rights) associated with a Digital Security is an important disclosure to allow an investor to make a fully informed investment decision. As such, disclosures of this nature would need to be given due prominence within an Approved Prospectus, and effort needs to be made throughout the document to draw a reader's attention to such disclosures. This may involve cross-referencing or other appropriate signposting.
          31) Please note that the information required to be submitted as part of a Securities Note will be key information reviewed by the FSRA when considering the use of its power to deem a Security (as referred to in paragraph 16). If this information is not available, or has not been completed appropriately, it is most likely that the FSRA will not be in a position to utilise its deeming power (under section 58(2)(b) of FSMR).

        • Exempt Offers

          32) The obligation to issue a Prospectus under Section 61(3) of FSMR does not apply to an Offer of Securities to the Public that constitutes an Exempt Offer. Pursuant to MKT Rule 4.3, the FSRA has defined the types of Offers that constitute an Exempt Offer, including where:
          a) an Offer is directed at Professional Clients other than natural Persons;
          b) an Offer is directed at fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural Persons; or
          c) the total consideration to be paid by a Person to acquire Securities is at least USD 100,000, or an equivalent amount in another currency.
          33) As set out earlier in paragraph 15, an Issuer making an Exempt Offer of a Digital Security is still required to have the Digital Security deemed a Security under Section 58(2)(b) of FSMR. To clarify, the Issuer of the Exempt Offer document is not required to obtain FSRA approval for the Exempt Offer document itself.
          34) An Offer of Securities to the Public (made by way of an Exempt Offer document) can be used for the purposes of having such Securities admitted to trading on an MTF (see paragraph 46).

        • Appointment of Legal Advisers

          35) Issuers seeking to make an Offer of Digital Securities should consider the appointment of suitable legal advisers, with the appropriate skills, knowledge and experience to provide the requisite assistance to the Issuer throughout the Offer process. The FSRA expects that such legal advisers would assist in ensuring an Issuer's compliance with the applicable provisions of FSMR (including having the FSRA deem a Digital Security a Security under FSMR Section 58(2)(b)), and MKT (including in relation to the Listing Rules within MKT). The FSRA would generally expect to have direct engagement with an Issuer's legal advisers throughout this process, particularly in relation to the drafting, and FSRA review, of Offer documentation.

      • MARKETS RULES — Listing Rules

        36) Pursuant to section 50 of FSMR,8 the FSRA is required to maintain the Official List of Securities, and may admit to the Official List such Securities as it considers appropriate. For this purpose, Chapter 2 of MKT sets out the Listing Rules applicable to Listed Entities and to each Issuer seeking admission of its Securities to the Official List of Securities. It is important to note that pursuant to section 50 of FSMR, only the FSRA can maintain an Official List of Securities, and neither RIEs nor any other entity within ADGM are able to maintain their own 'Official List of Securities'.
        37) Due to the infancy of Digital Securities markets globally, and the generally incomplete integration of Digital Securities primary and secondary markets, the FSRA expects that Offers of Digital Securities being made in or from ADGM should also be linked to having such Issuers seek admission of their Securities to trading on a RIE or MTF operating within ADGM as well (see paragraphs 42 and 46–47 relating to admission to trading on RIEs and MTFs respectively). As set out initially in paragraph 2 of this Guidance, the considerations of both a primary market and secondary market context are expected to be fully considered by an Issuer. This should include considerations of where an Issuer should make an Offer (and what type of Offer), as well as which markets within ADGM would adequately meet its particular secondary market requirements (size, investor type, transparency, depth and liquidity).
        38) In relation to 'Primary Listings', due to concerns around different regulatory frameworks, regulatory appetite, and consistency of regulatory oversight/supervision globally, the FSRA does not, at this point in time, envisage allowing listings of Digital Securities within ADGM (on a secondary listing basis) where the primary listing remains outside of the ADGM, and in a jurisdiction that is not yet appropriately understood or deemed suitable by FSRA. Following the publication of this Guidance, the FSRA will continue to engage with its regulatory peers as needed, such that it can work towards identification of potential suitable jurisdictions for the purposes of both cross-border Offers and listings. Issuers intending to make cross-border Offers and listings (within or from ADGM markets) are therefore expected to engage with the FSRA at a very early stage when considering doing so.
        39) As set out earlier in paragraph 5, it is the FSRA's general expectation that its Regulations (FSMR) and Rules be read as written, including in relation to the Listing Rules (Chapter 2 of MKT). In relation to specific Listing Rules:
        a) an Issuer seeking to issue Digital Securities should note that the listing principles set out in MKT Rule 2.2 apply in full;
        b) for the avoidance of doubt, the requirement for a working capital statement per MKT Rule 2.3.3 applies, along with the other general eligibility requirements of MKT Rule 2.3;
        c) pursuant to Chapter 5 of MKT, the FSRA has discretion to require the appointment by an Issuer of a Sponsor, compliance adviser or other expert adviser. Due to the complexities involved and the relative infancy of Digital Securities, the FSRA will generally expect an Issuer of Digital Securities to appoint a Sponsor as required by MKT Rule 5.1.2; and
        d) for Digital Securities in the form of Units of a Fund, Chapter 3 (instead of Chapter 2) of MKT contains the relevant Listing Rules.

        8 Included within Part 6 of FSMR (Official Listing and Offers).

      • Digital Securities & Trading Venues

        40) As set out in this Guidance so far, the FSRA's regulatory framework allows for Digital Securities to be offered, admitted to the Official List (maintained by FSRA) and traded on secondary markets within ADGM. This section of the Guidance will now set out the FSRA's expectations in relation to how ADGM trading venues (RIEs, MTFs and Organised Trading Facilities ("OTFs")) interact with Digital Securities. The FSRA's policy position and expectations in relation to the operation of these different market infrastructures is set out below.

        • Recognised Investment Exchanges (RIEs)

          41) RIEs may operate both primary and secondary markets in Financial Instruments (including Digital Securities). A RIE must demonstrate to the FSRA that it is able to meet the Recognition Requirements as set out in Market Infrastructure Rules (MIR) Chapter 2 (Rules Applicable to All Recognised Bodies) and Chapter 3 (Rules Applicable to RIEs) before a Recognition Order can be granted by the FSRA. Once it has been granted a Recognition Order, a RIE must continue to comply with all Recognition Requirements (contained with MIR Chapters 2 and 3) on an ongoing basis.
          42) Pursuant to section 50(3) of FSMR, a RIE shall not permit trading of Securities on its facilities unless those Securities are admitted to, and not suspended from, the Official List. Section 61(1) of FSMR is linked to section 50(3), such that an Issuer cannot 'have Securities admitted to trading on a RIE, unless there is an Approved Prospectus in relation to the relevant Securities'. An Issuer therefore wanting to have its Securities traded on a RIE needs to have such Securities:9
          a) admitted to the Official List of Securities (maintained by FSRA); and
          b) offered by way of an Approved Prospectus.
          43) Application of MIR Chapter 2: As noted in paragraph 41 above, where an Applicant applies to become a RIE, the entirety of MIR Chapter 2 (Rules Applicable to All Recognised Bodies) will apply. Applicants should also, however, take note of the following:
          a) MIR Rule 2.8 (Membership criteria and access): MIR Rule 2.8.1 requires that a RIE 'must ensure that access to its facilities is subject to criteria designed to protect the orderly functioning of the market and the interests of investors'. Applicants should take into account, where relevant, the guidance provided by FSRA in relation to MIR Rule 2.8 in paragraph 127 of the OCAB Guidance (relating to 'direct client' vs 'membership' models) which should be read in the context of a RIE operating a Digital Securities market;
          b) MIR Rule 2.10 — Custody:10 Considering that the safeguarding and administration of Securities is a key requirement for a RIE, and that Digital Securities custody arrangements and technologies are still being developed globally, the custody of Digital Securities may possess higher inherent risks in comparison to traditional securities custody. The FSRA is therefore of the view that where an Applicant seeks to provide custody services within its Group, this can only occur via a separate legal entity appropriately licenced for such activities (see paragraphs 53 and 59 on RCHs and DSFs respectively);11 and
          c) MIR Rule 3.2.1 — Capital Requirements: Pursuant to this Rule, RIEs operating a market in Digital Securities will generally be required to hold 12 months operating expenses as regulatory capital.12
          44) Application of MIR Chapter 3: As noted in paragraph 41 above, where an Applicant applies to become a RIE, the entirety of MIR Chapter 3 (Rules Applicable to RIEs) will apply. Applicants, however, should also take note of the following:
          a) MIR Rule 3.8 (Settlement and Clearing Services): MIR Rule 3.8 requires a RIE to ensure that "satisfactory arrangements are made for securing the timely discharge (whether by performance, compromise or otherwise), Clearing and settlement of the rights and liabilities of the parties..." The FSRA's policy position in this regard is that clearing and settlement of Digital Securities can be undertaken by either a RCH or a DSF (see paragraphs 55–61). Further guidance on the clearing and settlement obligations of a RCH is set out at paragraph 52 and further guidance in relation to a DSF is outlined at paragraph 56. The FSRA has not yet formed a view as to whether Remote Clearing Houses would be suitable for this purpose. Until such time that the FSRA forms such a view, it will be the general FSRA position that a RIE/MTF seeking to meet MIR Rule 3.8 will only be able to do so by engaging an FSRA-regulated RCH or DSF.
          b) MIR Rules 3.5, 3.6 and 2.5 (normal trading hours): While a RIE's technology may facilitate its market operating for 24 hours, 7 days a week, RIEs (including those operating Digital Securities markets) will be expected to operate on the same basis/market timings as how Securities markets are conducted globally. This is to ensure, amongst other things, that the RIE's continuous disclosure obligations/market requirements /supervisory requirements can be suitably met (by the RIE itself, as well as for the FSRA, relevant Issuers, Reporting Entities and investors).

          9 That cannot rely an exemption provided for under FSMR or MKT.

          10 MIR Rule 2.10 requires that for a Recognised Body 'where its facilities include making provision for the safeguarding and administration of assets belonging to users of those facilities, satisfactory arrangements are made for that purpose with an appropriate custodian or settlement facility'.

          11 This is distinctly different to the view currently taken by FSRA in relation to Crypto Asset Exchanges which are also permitted to operate, subject to suitable internal segregation, as Crypto Asset Custodians.

          12 For further insight on issues relating to FSRA treatment of MIR Rule 3.2.1, please refer to paragraphs 31–36 of the OCAB Guidance.

        • Multilateral Trading Facilities (MTFs)

          45) Applicants wishing to operate as an MTF within ADGM may apply for a Financial Services Permission (FSP) to do so. Where an Applicant seeks to be licenced as an MTF, COBS Chapter 8 and the MIR Rules set out in COBS Rule 8.2 shall apply (being MIR Rules 2.6, 2.7, 2.8, 2.9, 2.11, 3.3, 3.7, 3.8 and 3.10). As an Authorised Person, an MTF also needs to comply with the wider Rulebooks relevant to all Authorised Persons, including COBS, GEN and AML.
          46) MTFs may operate as a primary trading venue for Digital Securities offered and issued by way of an Exempt Offer, provided that membership and trading is limited to non-retail clients only. As set out in paragraphs 16 and 32 of this Guidance, an Issuer wishing to make an Exempt Offer in order to have its Digital Securities admitted to trading on an MTF will need to ensure that it includes all required information in its Exempt Offer document in order to allow FSRA to deem the Digital Securities as Securities pursuant to section 58(2)(b) of FSMR.
          47) In addition, Offers of Securities that have been admitted to the Official List for the purposes of trading on a RIE (as noted in paragraph 42 above) may also be available for trading on the secondary market of an MTF, for both retail clients and professional clients. Retail participation will only be permitted on an MTF where an Approved Prospectus has been registered for the purposes of admission to trading by the RIE (as the primary trading venue). For both professional and retail clients, trading is limited to trading within the market of that MTF. It is important to note therefore that, with the exception of only Exempt Offers being made pursuant to admission to trading on an MTF, MTFs should generally be considered as (secondary market) trading venues rather than (primary market) offering venues.
          48) In the context of MIR Rule 3.8 (Settlement), MTFs have the same obligations as RIEs (see paragraph 44(a)), and specific guidance on the application of MIR Rule 3.8 (Settlement and Clearing Services) in the context of Digital Securities being trading on an MTF is set out in paragraphs 55–57 below. MTFs, however, looking to provide settlement services for Digital Securities directly will not be able to do so.

        • Organised Trading Facilities (OTFs)

          49) The regulatory framework for OTFs is similar to that of MTFs, but with certain differences (as set out in COBS Chapter 8). While OTFs can operate markets for some Securities (primarily Debentures), it is FSRA policy that markets for the trading of Digital Securities should be operated on a non-discretionary basis (RIEs and MTFs) instead of a discretionary basis (OTFs). As a result, the FSRA will not likely allow Digital Securities to be traded on an OTF, and will continue to monitor regulatory developments within this space.

      • Digital Securities Settlement

        50) This section of the Guidance sets out the two broad types of entities that are able to provide Digital Securities settlement facilities to RIEs and MTFs, as allowed for by MIR Rules 3.8 and 4.3. In choosing a RCH or DSF to utilise for custody operations (MIR Rule 2.10) or settlement (MIR Rule 3.3), a RIE or MTF can only use a RCH or DSF when the FSRA has been able to determine that the relevant settlement facility allows the RIE or MTF to meet its MIR obligations. Further discussion regarding the FSRA's policy position and expectations in relation to these entities is set out below.

        • Recognised Clearing Houses (RCHs)

          51) Subject to being granted a Recognition Order, RCHs operating within ADGM are permitted to settle different types of Financial Instruments, including Digital Securities. A RCH must demonstrate to the FSRA that it is able to meet the Recognition Requirements as set out in Market Infrastructure Rules (MIR) Chapter 2 (Rules Applicable to All Recognised Bodies) and Chapter 4 (Rules Applicable to RCHs) before a Recognition Order can be granted by the FSRA. Once it has been granted a Recognition Order, a RCH must continue to comply with the Recognition Requirements (contained within MIR Chapters 2 and 4) on an ongoing basis.
          52) Platforms allowing the trading of Digital Securities (RIEs and MTFs) may engage the services of a RCH operating in the ADGM. Subject to meeting the Recognition Requirements set out in MIR Chapters 2 and 4, the FSRA may allow RCHs to use DLT platforms, or conventional clearing/settlement technologies. The FSRA remains technology agnostic in its approach to the technology used by RCHs.
          53) Within ADGM, RCHs are to be operated independently from a RIE/MTF, requiring a RCH to be incorporated as a stand-alone, independent legal entity for the purposes of providing settlement services.
          54) While acceptable for use for the purposes of MIR Rules 2.10 and 3.8, the FSRA does not anticipate that RCHs will be the prevalent type of entity used for facilitating custody and settlement functions in relation to Digital Securities, given the costs related to establishing/capitalising a RCH and that mechanisms for close to real-time settlement may potentially remove the need for considerable parts of RCH functionality.

        • Digital Settlement Facilities (DSFs)

          55) For the purposes of this Guidance and distinct from RCHs, the FSRA will consider DSFs suitable for the purposes of settlement (MIR Rule 3.8) and custody (MIR Rule 2.10) of Digital Securities. A DSF, holding an FSP for Providing Custody, may provide custody and settlement services in Digital Securities for RIEs and MTFs (as applicable). Therefore, for the purposes of custody and settlement of Digital Securities, the arrangements that a RIE or MTF would normally have in place with a RCH can be replaced with arrangements provided by a DSF, provided that certain requirements, as described in this section, are met.
          56) Pursuant to MIR Rule 3.8.1, RIEs or MTFs are required to have satisfactory arrangements for securing the timely discharge of the rights and liabilities of the parties to transactions taking place on its platform. MIR Rule 3.8.2 normally allows for a RCH or Remote Clearing House (noting the FSRA's position that it will not permit Remote Clearing Houses for this purpose in the context of Digital Securities) to be deemed as sufficient for the purposes of satisfying MIR Rule 3.8.1.
          57) Pursuant to MIR Rule 3.8.3, however, and in the context of Digital Securities, a RIE or MTF must provide the FSRA, in writing, with the details of the satisfactory arrangements made when such RIE or MTF does not engage a RCH (for example, to use in this context, a DSF). To clarify, the FSRA will require that arrangements to use a DSF for settlement purposes will require the DSF to comply with the requirements of MIR Rule 4.3.3 (with the references to a RCH being read as references to a DSF).
          58) Pursuant to MIR Rule 4.3.3, in determining whether there are satisfactory arrangements for securing the timely discharge of the rights and liabilities of the parties to transactions, the FSRA may have regard to the DSF's:
          a) rules and practices relating to clearing and settlement, including its arrangements with another Person for the provision of clearing and settlement services;
          b) arrangements for matching trades and ensuring that the parties are in agreement about trade details;
          c) where relevant, arrangements for making deliveries and payments, in all relevant jurisdictions;
          d) procedures to detect and deal with the failure of a Member (or participants) to settle in accordance with its rules;
          e) arrangements for taking action to settle a trade if a Member (or participant) does not settle in accordance with its rules;
          f) arrangements for monitoring its Members' settlement performance; and
          g) where appropriate, Default Rules and default procedures.
          59) As set out earlier in paragraph 43(b), pursuant to MIR Rule 2.10, a RIE (but not an MTF) may be required to engage a custodian/settlement facility for the purposes of having satisfactory custody arrangements in place.13 A DSF, where engaged by a RIE for this purpose, will be required to have satisfactory arrangements in place in order to meet the full set of requirements set out in MIR Rule 2.10. As part of these services, DSFs may also record changes of ownership, maintain an Issuer's security holder records, cancel and issue Digital Security certificates, and distribute dividends. It is important that DSFs maintain an open channel of communication with Issuers to determine whether Digital Securities need to be issued or redeemed.
          60) In addition, the FSRA reserves the right at any point in time, either during the Authorisation14 process or as part of its supervisory oversight of a DSF, to consider the applicability of other Rules within MIR Chapter 4 (Rules Applicable to RCHs), dependent on the relevance of those Rules to the business model/operations of the DSF.
          61) Entities seeking to operate as DSFs should take note of the following:
          a) Entities providing custody of Digital Securities within ADGM, including DSFs, may also wish, or be required, to operate a CSD. COBS Chapter 10 sets out the requirements relevant to the operation of a CSD, including that as set out in COBS Rule 10.1.3, only an Authorised Person licenced for Providing Custody is permitted to act as a CSD.
          b) For transactions where delayed settlement occurs (e.g., on an end of day or t+n basis), the FSRA may likely require the DSF to integrate specific risk management functions within its operations, as per the requirements of MIR Chapter 4, including in relation to (but not limited to) the scenarios identified in paragraph (c) below.
          c) For transactions with instantaneous delivery versus payment (DvP),15 the FSRA may deem certain aspects relating to default management to not apply. For transactions where end of day, or t+n DvP occurs, there may be scope for the DSF to implement default management provisions commensurate to the length of the settlement time-horizon.
          d) In the case of a DSF performing DvP on a delayed basis, the FSRA may impose certain further obligations on the DSF (as set out within Chapter 4 of MIR) including in relation to the following:
          •   MIR Rule 4.2 (e.g., capital requirements — in relation to credit, counterparty, and market risks);
          •   MIR Rule 4.5 (e.g., default management);
          •   MIR Rule 4.6 (e.g., stress testing);
          •   MIR Rule 4.7 (risk management);
          •   MIR Rule 4.10 (collateral management and margin); and
          •   MIR Rule 4.12 (segregation and portability of Client Assets).

          13 As set out in other parts of this Guidance, such custodian/settlement facility will need to be operated and established as a standalone legal entity.

          14 Whether at the point of In-Principle Approval or at the time of Final Approval.

          15 DvP is considered to be the irrevocable and unconditional transfer of an asset or Financial Instrument, or the discharge of obligations arising under the underlying contract by the parties to the contract (as per the definition contained in MIR Rule 4.11.3).

      • AUTHORISED PERSONS CONDUCTING A REGULATED ACTIVITY IN RELATION TO VIRTUAL ASSETS – EXTENSION INTO DIGITAL SECURITIES ACTIVITIES

        62) This section of the Guidance sets out the FSRA's views as to how Authorised Persons conducting a Regulated Activity (such as Operating an MTF, acting as a Virtual Asset Custodian or other intermediary activities) in relation to Virtual Assets can extend their Regulated Activities by undertaking Digital Securities-related Regulated Activities as well (including across RIEs, MTFs, and DSFs). RIEs, or Authorised Persons conducting a Regulated Activity in relation to Virtual Asset activities, wishing to expand into Digital Securities markets will need to apply to the FSRA for the relevant additional regulatory approvals to do so.

        • MTFs using Virtual Assets – Extension into trading of Digital Securities

          63) MTFs using Virtual Assets ("Virtual Asst MTFs") can apply to the FSRA for additional approval to trade Digital Securities. The MTF would therefore be able to have Digital Securities admitted to trading, where such Digital Securities were directly offered/issued based on an Exempt Offer, or have already been admitted to a RIE (as the primary venue for trading — refer to paragraph 42).
          64) Virtual Asset MTFs seeking to extend their operations to include Digital Securities will be required to demonstrate that they can comply with those requirements applicable to operating a MTF (e.g., COBS, MIR, GEN, AML) in the context of undertaking new Digital Securities-related financial services. While the FSRA anticipates that the technology utilised by an MTF for the purposes of trading of Virtual Assets may be the same, or substantially similar, as that required for the purposes of trading Digital Securities, the MTF will still be required to demonstrate to the FSRA how each of the applicable Authorised Person/MTF requirements are to be met taking into account Digital Securities requirements.
          65) For the purposes of MIR Rule 3.8 (settlement), Virtual Asset MTFs seeking to extend their operations to include Digital Securities will not be permitted to clear and settle transactions within the same legal entity that is conducting MTF-trading activities. In such circumstances, the MTF will be required to separately establish, or make arrangements to use, a separate clearing and settlement entity (refer to the sections above in relation to RCHs or DSFs, in paragraphs 53 or 59 respectively).16
          66) Subject to any differences between the MTF’s operations (particularly from a technology perspective) in relation to the trading of Virtual Assets and the trading of Digital Securities, an extension from the former to the latter may not raise significant technical issues. However, the update/integration of a Virtual Assets MTF’s technology in order to introduce new primary market and secondary market functionalities (offers, issuance and (Member) trading of Digital Securities) may likely impose new regulatory and technical burdens on Virtual Asset MTFs extending into Digital Securities.
          67) Please note that the relief provided by FSRA in May 2019 (to allow Virtual Asset MTFs) to operate a direct client access market has not been extended to allow MTFs to operate on a similar basis in relation to Digital Securities. As such, due to the policy/operational requirements at play, the FSRA suggests that MTFs wanting to operate on a ‘direct client’ basis (in relation to Digital Securities) engage with the FSRA as early as possible.

          16 The requirement to use a separate entity for the (clearing and/or) settlement of Digital Securities differs from the FSRA’s current position relating to settlement of Virtual Asset transactions, where an Authorised Person conducting Regulated Activities in relation to Virtual Assets can operate as both a MTF (using Virtual Assets) and a Virtual Asset Custodian without legal entity (and operational) segregation.

        • Crypto Asset Exchange — Becoming a Digital Securities RIE

          70) OCAB Holders operating a Crypto Asset Exchange wishing to also operate a RIE will be required to relinquish their FSP (in relation to their operation of a Crypto Asset Exchange) upon obtaining a Recognition Order to operate a RIE. Pursuant to MIR Rule 3.4.1A, if licenced by the FSRA to carry out the activities of both a RIE and Crypto Asset Exchange, the Recognition Order granted for the RIE will include a stipulation, including the Crypto Asset Exchange, to that effect.
          71) RIEs can admit to trading Digital Securities that have been admitted to the Official List of Securities (maintained by FSRA) and offered by way of an Approved Prospectus. As set out earlier in paragraph 36, the FSRA is ADGM's Listing Authority, and as such the Issuer/Reporting Entity of the Digital Securities must meet all requirements of the Listing Rules, as outlined in Chapter 2 of the Market Rules (MKT) before an admission to listing and admission to trading on a RIE may occur.
          72) The FSRA is of the view that the migration of a Crypto Asset Exchange to a RIE is more complex than the migration of a Crypto Asset Exchange to an MTF (as dealt with in paragraphs 64–69 above). This is due to a number of factors, including that a RIE is required to meet the full suite of requirements in Chapters 2 and 3 of MIR, and the primary market considerations associated with operating a RIE (e.g., requirement for Approved Prospectuses, admission to the Official List of Securities, and the ongoing technical/operational and regulatory requirements related to Digital Securities being admitted to trading and admitted to the Official List).
          73) For the purposes of MIR Rule 3.8 (settlement), OCAB Holders operating a Crypto Asset Exchange and seeking to extend their operations to include Digital Securities will not be permitted to clear and settle transactions within the same legal entity that is conducting trading activities as a RIE. In such circumstances (and in keeping with the treatment of Digital Securities MTFs (see paragraph 67) the OCAB Holder will be required to separately establish, or make arrangements to use, a separate clearing and settlement entity17 (refer to the sections above in relation to RCHs or DSFs, in paragraphs 53 and 59 respectively).
          74) Please note that the relief provided by FSRA in May 2019 (to allow Crypto Asset Exchanges) to operate a direct client access market has not been extended to allow RIEs to operate on a similar basis. As such, due to the policy/operational requirements at play, the FSRA suggests that entities wanting to operate a RIE on a 'direct client' basis engage with the FSRA as early as possible.

          17 The requirement to use a separate entity for the (clearing and/or) settlement of Digital Securities differs from the FSRA's current position relating to settlement of Crypto Asset transactions, where an OCAB Holder can operate as both a Crypto Asset Exchange and a Crypto Asset Custodian without legal entity segregation.

        • Virtual Asset Custodian – Becoming a DSF

          73) A Virtual Asset Custodian seeking to operate as a DSF may apply to the FSRA to vary its FSP to allow it to expand its Providing Custody operations to do so. Further guidance on the considerations applicable to entities wishing to operate as a DSF are set out in paragraphs 55 – 61 above. Note, however, that with respect to Authorised Persons currently Operating an MTF (in relation to Virtual Assets), the FSRA will require the DSF to be a separate legal/operating entity from those entities it is providing settlement services (MIR Rule 3.8) and/or custody services (MIR Rule 2.10) for. Migration of an independent Virtual Asset Custodian to being a DSF may therefore likely pose less operational/regulatory issues than an entity currently operating as both an MTF (in relation to Virtual Assets) and Virtual Asset Custodian.
          74) Virtual Asset Custodians may expand their custodial offering to Digital Securities by utilising their existing technologies (or implementing new technologies, if required), to allow it to operate as a DSF across custody, clearing (as applicable) and settlement functions for Digital Securities.18 Given the difference in nature between Digital Securities and Virtual Assets, however, it is expected that a Virtual Asset Custodian seeking to migrate to becoming a DSF will be required to meet a significant number of new requirements, including but not limited to those outlined under paragraphs 55–61 of this Guidance.
          75) As noted in paragraph 60, the FSRA reserves the right to impose any of the Rules outlined in MIR Chapter 4 on a Virtual Asset Custodian seeking to operate as a DSF (considering the particular business/operational model of the proposed DSF).

          18 This may require the DSF Applicant to make necessary changes to ensure that it can process all settlement obligations based on the features of particular Digital Securities (including, but not limited to, Dividends and Coupon Payments).

      • CONVENTIONAL MARKET INFRASTRUCTURES & DIGITAL SECURITIES

        76) This section of the Guidance addresses Recognised Bodies or MTFs operating traditional Securities markets that may wish to expand their product offering into Digital Securities. Entities seeking to do so will need to demonstrate to the FSRA how they will meet the Rules applicable to Digital Securities and how either its existing technology infrastructure will be able to meet these requirements or new technology will be implemented.
        77) Given the nature of digital markets, entities can expect particular FSRA focus to be placed on their use of technology and technology governance. Entities should familiarise themselves with the FSRA’s technology governance guidance as set out in paragraphs 51-66, 69-70 and 77-87 of the Virtual Assets Guidance (where Virtual Assets should be read as Digital Securities) which will form part of the basis for FSRA review.

        • RIEs & Digital Securities

          80) A RIE should engage with the FSRA at an early stage and be in a position to outline how they intend to continue to meet their obligations as a Recognised Body in the context of Digital Securities (treated similarly to the introduction of a new asset class). Formal approval from the FSRA will be required before a RIE can facilitate offers of, issuances in and the trading of Digital Securities.
          81) In addition to what is separately set out in this Guidance, a RIE operating within the conventional Securities space seeking to facilitate Digital Securities offers and trading, and proposing to use new technologies such as DLT, should review and consider a number of areas of the OCAB Guidance (as applicable), including the following:
          a) Technology Governance and Controls (paragraphs 45–89);
          b) Accepted Crypto Assets (paragraph 25, including for Security (b) and Type of DLT(e));
          c) Capital requirements (paragraphs 31–36);
          d) Margin Trading (paragraph 118); and
          e) Substance requirements (paragraphs 123–125).
          82) A particular area of focus for the FSRA will be the Applicant's custody and settlement arrangements (pursuant to MIR Rules 2.10 and 3.8 (refer to paragraphs 43(b) and 44(a) respectively).

        • MTFs & Digital Securities

          81) MTFs operating a market for traditional Securities seeking to operate a market in Digital Securities activities should engage with the FSRA at an early stage and be in a position to outline how they intend to continue to meet their obligations as an Authorised Person/MTF. It is important to recall that an MTF can only admit to trading Digital Securities offered by way of an Exempt Offer or that have already been admitted to a RIE (refer to paragraphs 46 and 47 respectively). As noted in paragraph 77 above, for an entity that is already operating as an MTF, one area of FSRA focus when considering an application for expansion into Digital Securities will be on the MTFs use of technology and the governance arrangements around technologies that are to be newly introduced. Further discussion about the FSRA's expectations in this regard is set out at paragraphs 98–100.
          82) Another particular area of focus for the FSRA will be the Applicant's custody and settlement arrangements (pursuant to MIR Rules 2.10 and 3.8 (refer to paragraphs 43(b) and 44(a) respectively).

        • RCHs & Digital Securities

          83) RCHs providing services for the clearing and settlement of traditional Securities seeking to do the same for Digital Securities should engage with the FSRA at an early stage and be in a position to outline how they intend to continue to meet their obligations as a RCH (noting the points raised earlier in this Guidance in relation to the use of technology and governance arrangements of a RCH (as a Recognised Body) (refer to paragraphs 77 and 98-100). Depending on the technology used, a Securities RCH seeking to additionally operate with Digital Securities may potentially use their existing technology (DLT or similar) to enable the settlement of Digital Securities.
          84) In the context of clearing and settlement for Digital Securities, if it is determined that the RCH acts as a central counterparty (CCP) guaranteeing the settlement of transactions, then the RCH is considered to act as a clearing house.
          85) If instead, instantaneous settlement occurs within the RCH, then the RCH does not act as a CCP, as it does not establish / hold positions on either side of a trade prior to settlement taking place, and it is therefore not considered to be a clearing house. Such a scenario may likely occur in the case of settlement for Digital Securities.
          86) RCHs (operating as a clearing house, as set out above) who settle transactions in Digital Securities, are also required to meet obligations in relation to Clearing, where this entails a process of establishing positions, including the calculation of net obligations and ensuring that Digital Securities, cash, or both are available to secure the exposures arising from such positions.

      • DIGITAL SECURITIES — INTERMEDIARIES

        87) This section applies to conventional and virtual asset intermediaries such as brokers, dealers, managers, advisors and arrangers of Digital Securities.

        • Conventional Intermediaries — Digital Securities

          88) A conventional intermediary licenced by the FSRA is able to provide Regulated Activities within the scope of its existing FSP in relation to Specified Investments, including Digital Securities.19 However, should such intermediaries intend to undertake activities in relation to Digital Securities, they must provide prior notification to their FSRA Supervision Relationship Manager of the proposed changes to their business model.
          89) Intermediaries intending to operate solely, in the context of Digital Securities, as a broker or dealer for Clients (including the operation of an OTC broking or dealing desk) are not permitted to structure their broking / dealing service or platform in such a way that would have it be considered as operating a RIE or MTF. The FSRA would consider features such as allowing for price discovery, displaying a public trading order book (accessible to any member of the public, regardless of whether they are Clients), and allowing trades to automatically be matched using an exchange-type matching engine as characteristic of a RIE or MTF, and not activities acceptable for an Digital Securities intermediary to undertake.
          90) A conventional custodian may apply to the FSRA to be a DSF in order to provide custody of Digital Securities. Refer to paragraphs 55 to 61, for further information on the requirements relating to DSFs.

          19 Unless there is a specific restriction on its FSP stating otherwise.

        • Crypto Asset Intermediaries — Extension into Digital Securities

          93) An OCAB intermediary may provide services in respect of both Accepted Crypto Assets and Digital Securities. In order to do so, it must apply to the FSRA to vary its FSP to include the appropriate conventional Regulated Activity/ies, including but not limited to, Dealing in Investments as Principal, Dealing in Investments as Agent, Managing Assets, Arranging Deals in Investments or Advising on Investments or Credit.
          94) Crypto Assets Custodians may apply to the FSRA to be a DSF in order to provide custody of Digital Securities. Refer to paragraphs 75 to 77 for further information on the requirements that will apply.

        • Private Financing Platforms (PFPs)

          93) A PFP (as provided for in Schedule 1, Section 73E of FSMR) includes electronic platforms which facilitate the provision of financing between Issuers and investors in the form of Digital Securities.
          94) The FSRA only allows a financing proposal to be published on a PFP where it qualifies as an Exempt Offer through satisfying any of the criteria set out in MKT Rule 4.3.
          95) A PFP Operator may offer an incidental facility, termed an 'Exit Facility', to permit clients to exit their PFP transactions by allowing them to seek potential "buyers" who are also clients of the PFP Operator in order to transfer their rights and obligations under their investment agreements. The Exit Facility should not allow active (secondary market) trading by clients, and such trading can only be an ancillary service provided by the PFP Operator. The Exit Facility must comply with the requirements in COBS Rule 18.8. In particular, the Exit Facility must not exhibit characteristics of a trading facility, otherwise the PFP Operator will require a separate FSP for Operating an MTF.20
          96) A PFP Operator which facilitates the trading of Digital Securities through its platform will also need to consider, among other things, the relevant technology governance requirements set out in paragraphs 47 to 87 of the Virtual Assets Guidance.

          20 See paragraph 49 for the FSRA's policy position on OTFs with regard to Digital Securities.

      • DIGITAL SECURITIES — SPECIFIC REGULATORY CONSIDERATIONS

        97) This section of the Guidance, rather than address specific requirements relating to the operation of activities undertaken by Authorised Persons or Recognised Bodies, sets out specific FSRA policy positions in relation to specific regulatory considerations relevant to Digital Securities.

        • Technology Governance and Controls

          98) While the FSRA adopts a technology-neutral approach to the regulation of Digital Securities markets, there is considerable industry appetite to use and deploy DLT, and related technologies. The development, and usage, of such technologies, however, is still widely considered to be in its early years of development and usage at scale. While it does not seek to regulate specific technologies such as DLT directly, the FSRA expects users of such technology to meet particular requirements in terms of their technology systems, governance and controls.
          99) All Authorised Persons and holders of Recognition Orders (in relation to Digital Securities) will need to take into account considerations relating to technology governance and controls, for the purposes of compliance with primarily, in the case of a RIE, MIR Rules 2.5 and 2.6, and in the case of an MTF, GEN Rule 3.3. The FSRA would further recommend that when Applicants are seeking to comply with these requirements, they take into account paragraphs 51-66, 69-70 and 77-87 of of the Virtual Assets Guidance in relation to their technology governance (with Virtual Assets being read as Digital Securities for the purposes of that Guidance).
          100) The FSRA acknowledges that non-DLT technologies may be used for the secure custody, clearing and settlement of Digital Securities. Where this is the case, the relevant licence holders are still required to meet MIR Rules 2.6 and 2.10, as applicable, at all times.

        • DLT Access Implications — Offers, Issuance & Trading

          101) The FSRA expects that the particular use, and surrounding controls related to the use, of DLT will have implications for how Digital Securities are offered, issued, traded and ultimately settled. On issuance, for example, the FSRA expects that Offers of Digital Securities to be limited/linked to an initial venue (e.g., MTF or RIE), due to the likelihood that permissioned access to a DLT will be limited due to commercial or technology compatibility issues. The implication therefore is that where an MTF or RIE, for example, controls access to a distributed ledger there may be a limit/restriction on an investor to transfer Digital Securities to another investor. This is in contrast to Virtual Assets (for example, Bitcoin), where access to the Bitcoin distributed ledger is not permissioned.
          102) Access to DLT may alternatively be controlled by a DSF/RCH, or the Issuer of a Digital Security itself. Whatever the model of access/permission, the FSRA would expect any costs for the transfer of a Digital Security to be clearly disclosed and be undertaken on a reasonable commercial basis.

        • Subscriptions to an Offer of Digital Securities

          103) Pursuant to various requirements set out in MKT, an Offer of Securities should be denominated and priced in fiat currency. It is recognised, however, that subscriptions/payments for an Offer of Digital Securities could be made via fiat currencies and/or Accepted Virtual Assets. Subscription amounts collected in Accepted Virtual Assets, therefore, are subject to the prevailing exchange rate between the (denominated) fiat currency and the relevant Accepted Virtual Asset at the time of payment.
          104) Accordingly, an ADGM-licensed intermediary will also need to ensure that its FSP permits it to offer subscription services, or alternatively may engage the services of an Authorised Person with such permission.

        • Market Abuse, Transaction Reporting and Misleading Impressions (FSMR)

          105) The Market Abuse Provisions in Part 8 of FSMR specifically cover Market Abuse Behaviour in relation to Securities (including Digital Securities) admitted to trading on a RIE or an MTF.
          106) FSMR Section 149 sets out the reporting obligations imposed on RIEs and MTFs which are required to report details of transactions in Securities (including Digital Securities) traded on their platforms. Consistent with its treatment of all RIEs and MTFs, the FSRA expects RIEs and MTFs (providing markets in Digital Securities) to report order/trading data to the FSRA on both a real-time and batch basis.
          107) In addition, the FSMR provisions on Misleading Statements apply to Securities (including Digital Securities). The FSRA expects that all communications (including advertising or investment materials or other publications) made by a RIE or an MTF will be made in an appropriate manner and those infrastructures will implement suitable policies and procedures to comply with the relevant requirements of FSMR.

        • Substance requirements

          108) In order to operate effectively within ADGM, Authorised Persons and holders of Recognition Orders for the operation of market infrastructures (including for all RIEs, MTFs, RCHs and DSFs) must commit resources of a nature allowing them to be operating in substance within ADGM. The FSRA expects to see substantive resources committed within ADGM across all lines of activity, including, but not limited to, commercial, governance, compliance/surveillance, operations, technical, IT and HR functions. In particular, the FSRA expects 'mind and management' to be located within ADGM.

        • Third party audit obligations

          109) All Authorised Persons and Recognised Bodies carrying out Digital Securities activities should have independent third party verification or checks carried out at least annually to verify that the amount and value of Digital Securities (and Client Money (e.g., fiat) held on custody on behalf of Clients) is correct and matches what is supposed to be held.

        • Third party outsourcing

          110) FSRA's policy position on outsourcing is set out paragraphs 82–87 of the Virtual Assets Guidance, and applies equally to entities engaged in Digital Securities activities. In addition, FSRA expects that any outsourcing arrangements will meet international regulatory guidelines applicable to outsourcing arrangements, including in relation to its contractual arrangements.

        • Anti-Money Laundering and Countering Financing of Terrorism

          111) As is required of all Authorised Persons and Recognised Bodies operating within the ADGM, those entities seeking to undertake Digital Securities-based financial services activities are required to comply with the FSRA's Anti Money Laundering and Countering Financing of Terrorism "AML/CFT" framework including, among other things:
          a) UAE AML/CFT Federal Laws, including the UAE Cabinet Resolution No. (10) of 2019 Concerning the Executive Regulation of the Federal Law No. 20 of 2018 concerning Anti-Money Laundering and Combating Terrorism Financing;
          b) UAE Cabinet Resolution 20 of 2019 concerning the procedures of dealing with those listed under the UN sanctions list and UAE/local terrorist lists issued by the Cabinet, including the FSRA AML and Sanctions Rules and Guidance (“AML Rules”) or such other AML rules as may be applicable in ADGM from time to time; and
          c) the FSRA AML and Sanctions Rules and Guidance ("AML Rules") or such other AML rules as may be applicable in ADGM from time to time; and
          d) the adoption of international best practices (including FATF Recommendations).
          112) For a further understanding of the FSRA's policy position in relation to AML, the FSRA recommends readers consider, as applicable, paragraphs 37–45 of the Virtual Assets Guidance, particularly as it relates to Digital Securities and the FATF Recommendations.

          • Principle 1: Risk Based Approach

            a) FATF expects countries, regulators, financial institutions and other concerned parties to adopt a ‘Risk Based Approach’ (“RBA”). Authorised Persons are expected to understand the risks associated with their activities and allocate proper resources to mitigate those risks. A RBA can only be achieved if it is embedded into the compliance culture of the Authorised Person, which enables the Authorised Person to make decisions and allocate appropriate resources in the most efficient and effective way.
            b) Authorised Persons should, on a periodic basis, carry out a proper risk based assessment of their processes and activities. In order to implement the RBA, Authorised Persons are expected to have processes in place to identify, assess, monitor, manage and mitigate ML risks. The general principle is that in circumstances where there are higher risks of ML, Authorised Persons are required to implement enhanced measures to manage and mitigate those risks.
            c) One of the most challenging risks facing financial institutions is how the on-boarding of an Authorised Person may affect its relationship with foreign correspondent financial institutions, as well as the views of the regulator of those foreign correspondent financial institutions. In essence, a foreign correspondent financial institution relationship is built on the effectiveness of a financial institution’s ML compliance program and ongoing monitoring capabilities.
            d) With the use of cryptology and block chain technologies at a nascent stage within financial services, any financial institution banking an Authorised Person must not only satisfy itself, but also its foreign correspondent financial institution(s), that the Authorised Person is well regulated and has appropriate systems and controls in place to address ML, TF and sanctions risks. These systems and controls should include robust processes to carry out CDD on Clients and beneficial owners, to monitor transactions for these risks, and the willingness and ability of the Authorised Person to provide complete transparency to its financial institution(s) and foreign correspondent financial institution(s) if and when required.

        • International Tax Reporting Obligations

          113) All entities seeking to engage in Digital Securities-based financial services activities must consider and, if applicable, adhere to their tax reporting obligations including, as applicable, under the Foreign Account Tax Compliance Act ("FATCA") and the ADGM Common Reporting Standard Regulations 2017.

        • Data protection obligations for Issuers

          114) Issuers, and other holders of client data, should familiarise themselves with the data protection obligations applying within ADGM. Further information regarding the ADGM's data protection requirements is addressed at paragraphs 113–118 of the Virtual Assets Guidance.

        • Margin trading

          115) Entities wishing to provide margin trading to its Clients will need to submit for approval details of the terms upon which it proposes to do so (for an Applicant, in its Application; for an Authorised Person or Recognition Order holder, as part of ongoing supervisory arrangements). As a general position, the FSRA would only consider allowing entities with a relevant proven track record to provide margin trading. Particular focus will be placed on the proposed leverage ratio.
          116) Entities that are not proposing, or permitted, to carry out margin trading will likely have a restriction from doing so placed on their FSP or Recognition Order.

        • Islamic Finance Rules

          117) FSRA's Islamic Finance Rules (IFR) apply to a number of entities that can operate within ADGM, including Authorised Persons and a Person making an Offer of Securities. As IFR is linked to the use of 'Specified Investments', including (Digital) Securities, IFR can apply to Authorised Persons Conducting Islamic Financial Business or offering/distributing Shari'a-compliant Securities.

      • STABLECOINS

        118) The FSRA recognises that the use of Digital Securities in ADGM may likely coincide with the use of fiat tokens. Further clarity on FSRA’s regulatory position in relation to stablecoins is set out in paragraphs 162 – 166 of the Virtual Assets Guidance. For RIEs or MTFs trading in Digital Securities, the FSRA’s expectation is that paragraph 166d of the Virtual Assets Guidance (where an infrastructure is using its own fiat tokens as a payment/transaction mechanism solely within its own platform/ecosystem) is likely to be the only scenario for the use of stablecoins by a RIE or MTF trading in Digital Securities. Where Applicants consider that there are other business use cases for stablecoins (particularly when used by a RIE, MTF or DSF), these would need to be raised (in writing, and for discussion) with the FSRA.

      • APPLICATION PROCESS

        119) In the context of Digital Securities, engagement with the FSRA in relation to approvals required under MKT (Offers of Securities and/or Admissions to the Official List) will be via the FSRA Listing Authority.
        120) Separately, Applicants seeking approvals to operate as a RIE, MTF, DSF or RCH must be prepared to engage heavily with the FSRA throughout the relevant application process. The Application process is broadly broken down into five stages, as follows:
        a) Due Diligence & Discussions with FSRA team(s);
        b) Submission of Formal Application;
        c) Granting of In Principle Approval;
        d) Granting of Final Approval; and
        e) 'Operational Launch' Testing

        • Due diligence and Discussions with FSRA team(s)

          121) Prior to the submission of an Application, all Applicants are expected to provide the FSRA with a clear explanation of their proposed business model and to demonstrate how the Applicant will meet all applicable FSRA Rules and requirements. These sessions will also involve the Applicants providing a number of in-depth technology demonstrations, across all aspects of its proposed Digital Securities activities. The FSRA generally expects these meetings, where possible, to take place between the Applicant and the FSRA in person. In addition, the FSRA further expects that a number of meetings will need to be held between an Applicant and the FSRA before the Applicant will be in a position to submit a draft, then formal, application.

        • Submission of Formal Application

          122) Following discussions with the FSRA, and upon the FSRA having reasonable comfort that the Applicant's proposed business processes, technologies and capabilities are at a sufficiently advanced stage, the Applicant will be required to submit a completed Application Form, and supporting documents, to the FSRA. Payment of the fees applicable to the Application, as set out in paragraphs 128–139, must also be made at the time of submission. The FSRA will only consider an Application as having been formally submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.

        • Granting of In Principle Approval (IPA)

          123) The FSRA will undertake an in-depth review of the Application, and supporting documents, submitted by an Applicant. The FSRA will only consider granting an IPA for those Applicants that are considered able to adequately meet all applicable Rules and requirements. An Applicant will be required to meet all conditions applicable to the IPA prior to being granted with final approval, and an FSP or Recognition Order (as applicable).

        • Granting of Final Approval (Financial Services Permission/Recognition Order)

          124) Subject to being satisfied that the Applicant has met all conditions applicable to the IPA, the FSRA will grant the Applicant with final approval for an FSP or Recognition Order (as applicable). Final approval will be conditional upon the FSRA being further satisfied in relation to the Applicant's operational testing and capabilities, and completion of a third-party verification of the Applicant's systems where applicable.

        • 'Operational Launch' Testing

          125) An Applicant operating a RIE, MTF, DSF or RCH will only be permitted to progress to operational launch when it has completed its operational launch testing to the FSRA's satisfaction, including completion of third party verification of the Applicant's systems, where applicable.
          126) Noting the public nature of these entities and the consumer protection considerations associated with significant client participation, these licence holders, like many others regulated by FSRA, will be closely supervised by the FSRA once licenced. Entities should expect to meet frequently with the FSRA, be subject to ongoing assessments, and be prepared to undergo thematic reviews from time to time (particularly considering the nascent stage of Digital Securities markets globally).
          127) Authorised Persons seeking FSP variations, other than MTFs, will follow the variation process as set out in sections 2.9.6 and 2.9.7 of the Guidance & Policies Manual (GPM) and are encouraged to discuss their variation proposals with their Supervision Relationship Managers as early as possible.

      • Fees

        • Authorisation and supervision fees

          128) The applicable fees for entities seeking to carry out Digital Securities activities within ADGM are set out in the FEES Rulebook. Examples of the application of these fees to particular scenarios are set out in the paragraphs below.
          129) As it is not proposed that there be an immediate change to the fee structure in relation to Digital Securities, the FSRA will continue to monitor its position in relation to these fees as part of the wider Securities-regulatory framework.
          130) As noted in paragraph 122 above, the FSRA will only consider an Application as having been submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.

        • Authorisation fees

          131) For Digital Securities activities by new entrants applying to operate in ADGM: For Applicants seeking to carry on Digital Securities activities within ADGM, with no existing ADGM licenced business operations, the Authorisation fees are the same as those already provided in the applicable Rulebook for the relevant activity, subject to paragraph 133 below. In summary:
          a) the applicable fees for a Recognition Order as an RIE or an RCH are set out in FEES Rule 3.7.1(a);
          b) the fees for a FSP for an Authorised Person (other than a DSF) are set out in FEES Rules 2.2.1(a) and 3.5; and
          c) the fees for a DSF are as set out in paragraph 133 below.
          132) For Digital Securities activities to be conducted by existing ADGM licenced intermediaries or MTFs:
          a) For Authorised Persons seeking to expand their activities to include Digital Securities activities in relation to a different Regulated Activity, an application for an amendment to the scope to their existing FSP will need to be submitted. The applicable fees will be as set out in FEES Rule 3.8; and
          b) For an Authorised Person intending to provide Regulated Activities in relation to Digital Securities within the scope of their existing FSP, no fees will apply, subject to paragraph (a) and paragraph 133 below, but firms are required to discuss this with their FSRA Supervision Relationship Manager as early as possible (as there may be wider fee or other supervisory implications).
          133) For entities seeking to be authorised for Providing Custody (and by extension as a DSF): For these entities, the authorisation fee will be US$20,000, comprising a fee of US$5,000 for Providing Custody and a US$15,000 supplementary fee in accordance with FEES Rule 1.2.6, reflective of the regulatory burden imposed on FSRA to ensure compliance with the applicable Rules and requirements for conducting DSF related activities.
          134) RIEs or RCHs with Recognitions Orders seeking to expand their activities to include Digital Securities activities: No additional fees will apply.
          135) For MTFs (using Virtual Assets) upgrading to a Digital Securities RIE: For Authorised Persons operating an MTF and seeking to further operate as a Digital Securities RIE, it is unlikely that the FSRA would seek to impose the full RIE Recognition Order fee (being US $125,000), on the assumption that there is likely to be significant overlap in the systems, controls and technology used by the entity across both activities. The FSRA may instead impose a fee in the region of US$40,000 (dependent on the Applicant's business model and any overlap/similarities in its technology, systems and controls).

        • Supervision fees

          138) Annual supervision fees applicable to Authorised Persons and Recognised Bodies carrying on Digital Securities activities within ADGM are as set out in the FEES Rulebook, in particular:
          a) for Authorised Persons (excluding those outlined in paragraph 139 below), in FEES Rules 2.2.2, 2.2.3 and 3.5.3; and
          b) for Recognised Bodies, in FEES Rules 3.7.1 (b) and 3.7.2(b).
          139) Annual supervision fees applicable to Authorised Persons who are Providing Custody (and by extension meeting the obligations of a DSF) within the ADGM, are US$15,000 (which will be imposed as a condition to the granting of an FSP).

        • Fees — Prospectus Offers and Admission to Official List

          140) The fees for Offers and Listings of Digital Securities are as set out in Rules 3.10 (Funds), 4.1.1(a) (Digital Securities Prospectus) and 4.1.1(b) (Debenture Prospectus) of the FEES Rulebook.
          141) The listing fee for an admission of Digital Securities to the Official List of Securities is US$3,000 as set out in FEES Rule 3.9.1.

    • Guidance — Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations [24 February 2020]

      Click here to view PDF.

    • Guidance — Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations [24 February 2020]

      • 1. Introduction

        1.1 This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“FSRA”), the Guidance & Policies Manual of FSRA, the ‘Guidance – Regulation of Virtual Asset Activities in ADGM’1 and the ‘Guidance – Regulation of Digital Securities Activity in ADGM’ (“Digital Securities Guidance”). 2
        1.2 This Guidance is applicable to those considering the use of initial coin or token offerings (“ICOs”, also known as a Coin or Token Sale) to raise funds. The Guidance is also applicable to those considering transacting in, and the general use of, virtual tokens and Virtual Assets (as defined below).
        1.3 The Guidance sets out FSRA’s approach to digital security issuers seeking to raise funds through ICOs, and market intermediaries or operators dealing in or offering services in digital securities and Virtual Assets.
        1.4 This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its regulatory mandate, and the FSRA may impose other, specific conditions to address any specific risks posed by the proposed activities set out herein.
        1.5 The FSRA is not bound by the requirements set out in this Guidance and may waive or modify this Guidance at its discretion where appropriate.
        1.6 Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (GLO).

        1 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-virtual-asset-activities-adgm
        2 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-digital-securities-activities-adgm

      • 2. Background

        2.1 Globally, the use of virtual tokens and Virtual Assets to raise funding and facilitate economic transactions has been on the rise in recent years. A number of financial services regulators have issued comments or consumer alerts setting out their regulatory position on virtual tokens and/or Virtual Assets. This is especially relevant since the use of virtual tokens and Virtual Assets can be subject to risks arising from fraud, money-laundering and terrorist financing, as well as the observed volatility of the “value” of Virtual Assets.
        2.2 The FSRA adopts a technology-neutral approach to regulation, where regulatory requirements are applied to the conduct of Regulated Activities or activities envisaged under a Recognition Order3, as opposed to the technological means to conduct a Regulated Activity. To the extent that virtual tokens are used as a mechanism to enable or facilitate a Regulated Activity to be carried out, they are generally permitted. For example, subject to fit and proper safeguards, an authorised money remittance house may receive fiat currencies from Clients and use virtual tokens to securely remit an equivalent value overseas directly to a regulated foreign counterparty via the internet in real-time; the foreign counterparty can then pay out in fiat currencies to the intended end-clients.
        2.3 Given the evolving developments in the space of virtual tokens and Virtual Assets, FSRA will continue to closely monitor industry developments. FSRA may issue further Guidance as necessary, to ensure the regulatory framework is updated and risk-appropriate in order to facilitate the sound development and deployment of promising financial technology innovations.

        3 Pursuant to Section 124 of the FSMR, these include activities of Recognised Investment Exchanges and Recognised Clearing Houses.

         

      • 3. 3. Initial Coin Offerings

        3.1 ICOs can take many forms, but all of them utilise Distributed Ledger Technology (“DLT”). Investors will typically give Virtual Assets to an ICO issuer in exchange for a proprietary digital medium of exchange on the DLT platform, being termed a “coin” or “token” (where the latter term will be used hereafter). In some cases the proprietary tokens will not represent an underlying financial asset; for example, a DLT token may represent a digital identity record, a voting right, or simply access to software running on a DLT platform.
        3.2 Alternatively, an emerging method of fund-raising uses DLT with the tokens representing a “traditional” regulated issuance, such as Shares, Debentures or Units in a Collective Investment Fund. In these instances, a DLT platform may also comprise a share or bond register. We are aware that there are many companies seeking to raise money through such traditional and regulated means using a DLT-enabled platform.

        • Innovation

          3.8 In our engagement with innovative firms in the financial services sector, we have been made aware of business models using a DLT platform to facilitate the issuance of Securities on a private placement basis. These business models may include a high level of disclosure and transparency with investors, and a robust reconciliation and reporting mechanism. These types of business models may benefit from the Exempt Offers regime set out above.
          3.9 We are also aware of firms seeking to build investment funds using DLT platforms for the purposes of investor reporting and funds management. In such cases, the Digital Securities issued as a result of the ICO may be Units in a Collective Investment Fund as defined in Section 106 of FSMR. This may fall within our FUNDS Rules, and again we encourage firms considering such DLT-enabled business models to engage with us as early as possible.
           

      • Regulatory treatment of tokens deemed to be Securities

        3.3 Whether an ICO is to be regulated under FSMR will be assessed by FSRA on a case-by-case basis. To this end, if the tokens in an ICO are assessed to exhibit the characteristics of a Security, FSRA may deem the tokens as a Security pursuant to Section 58(2)(b)4 of FSMR, hereinafter referred to as “Digital Securities”. Consequently, an issuer seeking to launch an ICO in or from ADGM should approach FSRA at the earliest opportunity.
        3.4 For regulatory purposes, issuances of Securities (as defined in Section 258 of FSMR), whether through a DLT platform or other means, will see no difference in their treatment under our regulatory framework. Those issuers/market actors who seek to raise funds in a regulated, robust and transparent manner using new business models or technologies such as DLT are encouraged to engage with us as early as possible in the fund-raising process.
        3.5 The requirements for Offers of Securities fall under Sections 58 to 71 of FSMR and Chapter 4 of the Markets Rules (“MKT”). When an Issuer wishes to make an Offer of Securities to the Public in or from ADGM, these requirements include, for example, the obligation to publish a Prospectus under Section 61 of FSMR.
        3.6 Offers of Securities may benefit from an exemption under the Exempt Offers regime set out in Rule 4.3 of MKT. In the circumstances specified in that Rule, it should be noted that a Person may make an Offer of Securities to the Public without a Prospectus where any one of the following conditions, amongst other conditions in that Rule, is met:
        (i) an Offer is directed at Professional Clients other than natural Persons;
        (ii) fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural persons; or
        (iii) where the consideration to be paid by a Person to acquire Securities is at least USD100,000.
        3.7 Additionally, any market intermediaries (e.g., broker-dealers, investment managers, custodians) and primary / secondary market operators dealing in Digital Securities and/or their Derivatives with or on behalf of Clients, will need to be approved by FSRA as Financial Services Permission (“FSP”) holders, Recognised Investment Exchanges or Recognised Clearing Houses (collectively referred to as “Regulated Firms”).

        4 Section 58(2) of FSMR sets out that FSRA may, by written notice ‘deem any investment which is not a Security to be a Security for the purposes of these Regulations and the Rules made under these Regulations’.

      • Tokens not deemed to be Digital Securities

        3.10 It should also be noted that not all ICOs constitute an Offer of Securities under the FSMR or MKT. Where tokens do not have the features and characteristics of Securities such as Shares, Debentures or Units in a Fund, the offer of such tokens is unlikely to be an Offer of Securities, nor is the trading of such tokens likely to constitute a Regulated Activity under FSMR.
        3.11 In unregulated ICOs, investors do not benefit from any of the safeguards that accompany a regulated Offer of Securities. Reliable information regarding the issuer, and what it plans to do with the funds raised may be lacking. The risk of fraud and loss of capital is therefore significantly higher. This is particularly likely to be the case where a token issuer promises extremely high investment returns that are disproportionately high relative to those generally available in the market. We advise potential investors in unregulated ICOs to exercise extreme caution before committing any funds.
        3.12 However, there are instances of such unregulated ICOs being used to raise money for legitimate companies and development efforts. In such cases, while these do not fulfil the same requirements as a regulated Offer of Securities, issuers of the ICO may disclose detailed information on their products / tokens and business plan. We welcome engagement from the industry, in particular from trade bodies, in developing voluntary best-practice standards in relation to the use of such unregulated ICOs as a legitimate method for raising funds.

      • 4. 4. Virtual Assets

        4.1 As set out in the FSMR, a Virtual Asset is defined as:
        A digital representation of value that can be digitally traded and functions as (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status in any jurisdiction. A Virtual Asset is -
        (a) neither issued nor guaranteed by any jurisdiction, and fulfils the above functions only by agreement within the community of users of the Virtual Asset; and
        (b) distinguished from Fiat Currency5 and E-money6.”
        4.2 Although not legal tender, Virtual Assets (such as bitcoin) have “value” in that they can be exchanged for other things of value, with that value being dependent on considerations of supply and demand. In this respect, Virtual Assets have much in common with physical commodities such as precious metals, fuels and agricultural produce. Therefore from a regulatory policy perspective, Virtual Assets are treated as commodities, instead of Specified Investments as defined under the FSMR.
        4.3 Under FSRA’s regulatory framework for Virtual Assets, any market operator, custodian or intermediary dealing in Virtual Assets is required to be approved by FSRA as an FSP holder in relation to the applicable Regulated Activity. Details of FSRA’s approach to the regulation of spot Virtual Asset activities are set out in FSRA’s ‘Guidance – Regulation of Virtual Asset Activities in ADGM’.
        4.4 Where a Regulated Firm uses Virtual Assets in an ancillary manner (e.g. as a means to enable or facilitate the carrying on of any financial services businesses), it does not necessary mean that the Regulated Firm needs to seek approvals from the FSRA in order to use Virtual Assets as part of its Regulated Activities. As illustrated in paragraph 2.2, an authorised money remittance house does not need to apply for specific approvals from the FSRA to use Virtual Assets if it merely uses Virtual Assets as a medium of exchange to facilitate the remittance of fiat currencies on behalf of Clients across jurisdictions. The Regulated Firm will, however, have to demonstrate that the use of the Virtual Asset, used in such ancillary manner, is fit for purpose, e.g., putting in place control requirements to address technology and security risks associated with the use of the Virtual Asset. On the other hand, for example, if the Regulated Firm offers its Clients services to exchange Virtual Assets for fiat currencies, the Regulated Firm will need to apply to, and be authorised by, the FSRA to use Virtual Assets as part of its Regulated Activities.

        5 “Fiat Currency” means government issued currency that is designated as legal tender in its country of issuance through government decree, regulation or law.
        6 “E-money” means a digital representation of Fiat Currency used to electronically transfer value denominated in Fiat Currency.

        • Derivatives of Virtual Assets

          4.5 In line with the policy treatment of Virtual Assets as commodities, Derivatives of Virtual Assets are regulated as Commodity Derivatives and hence, a type of Specified Investment under the FSMR. Consequently, any market operators or market intermediaries dealing or managing investments in Derivatives of Virtual Assets will be subject to the appropriate regulations and rules applicable under FSMR.
          4.6 Notwithstanding that certain Virtual Asset activities are subject to regulations under the FSMR, the FSRA does not take a view on the merits of transacting or investing in Virtual Assets. Given the volatility of Virtual Assets, they constitute high-risk investments. FSRA therefore advises consumers and companies to consider the risks of investing in Virtual Assets or any related Derivatives carefully before committing any funds.
          4.7 For avoidance of doubt, where a Virtual Asset has the features and characteristics of a Digital Security, it will additionally be subject to the applicable regulatory requirements as explained in section 3 above.

      • 5. SUMMARY

        5.1 A summary of the regulatory treatment of Digital Assets is shown in the table below.

        Category of Digital Assets / Instruments Regulatory Approach
        “Digital Securities”

        (e.g., digital/virtual tokens that have the features and characteristics of a Security under the FSMR (such as Shares, Debentures and Units in a Collective Investment Fund)).
        Deemed to be Securities pursuant to Paragraph 58(2)(b) of FSMR.

        All financial services activities in relation to Digital Securities, such as operating primary / secondary markets, dealing / trading / managing investments in or advising on Digital Securities, are subject to the relevant regulatory requirements under the FSMR.

        Market intermediaries and market operators dealing or managing investments in Digital Securities need to be licensed / approved by FSRA as FSP holders (including as Multilateral Trading Facilities), Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
        “Virtual Assets”

        (e.g., non-fiat virtual currencies, virtual asset ‘exchange tokens’).
        Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

        Market intermediaries (e.g., broker dealers, custodians, asset managers) dealing in or managing Virtual Assets, and Multilateral Trading Facilities using Virtual Assets, need to be licensed / approved by FSRA. Only activities in Accepted Virtual Assets will be permitted.

        Capital formation activities are not provided for under the Virtual Asset Framework, and such activities are not envisaged under the Market Rules (MKT).
        Derivatives and Collective Investment Funds of Virtual Assets, Digital Securities and Utility Tokens Regulated as Specified Investments under the FSMR.

        Market intermediaries and market operators dealing in such Derivatives and Collective Investment Funds will need to be licensed / approved by FSRA as FSP holders, Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
        “Utility Tokens”

        (e.g., tokens which can be redeemed for access to a specific product or service, typically provided using a DLT platform, do not exhibit the features and characteristics of a regulated investment / instrument under the FSMR).
        Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

        Unless such Utility Tokens are caught as Accepted Virtual Assets, spot trading and transactions in Utility Tokens do not constitute Regulated Activities, activities envisaged under a Recognition Order (e.g., those of a Recognised Investment Exchange or Recognised Clearing House), or activities envisaged under MKT.
        “Fiat Tokens”

        (e.g. stablecoins whose value are fully backed by underlying fiat currencies)
        Treated as a form of digital representation of Fiat Currency.

        Where used as a payment instrument for the purposes of Money Transmission as defined under the FSMR, the activity will be licensed and regulated as Providing Money Services.

        5.2 A schematic representation of the FSRA’s regulatory ambit under the FSMR is shown within the blue dotted box.

         

         

    • Guidance — Regulation of Virtual Asset Activities in ADGM [24 February 2020]

      • INTRODUCTION

        1) This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“FSRA”), the FSRA’s Guidance & Policies Manual, its ‘Guidance – Regulation of Digital Security Offerings and Virtual Assets under the FSMR’ (“ICO Guidance”)1 and its ‘Guidance – Regulation of Digital Securities Activity in ADGM’ (“Digital Securities Guidance”).2
        2) This Guidance is applicable to the following Persons:
        a) an Applicant for a Financial Services Permission (“FSP”) to carry on a Regulated Activity in relation to Virtual Assets in or from the Abu Dhabi Global Market (“ADGM”);
        b) an Authorised Person conducting a Regulated Activity in relation to Virtual Assets;
        c) a Recognised Investment Exchange with a stipulation on its Recognition Order permitting it to carry on the Regulated Activity of Operating a Multilateral Trading Facility (in relation to Virtual Assets) within ADGM; or
        d) an Applicant/Authorised Person in respect of the use of stablecoins in or from ADGM.3
        3) This Guidance sets out the FSRA’s approach to the regulation of the use of Virtual Assets in ADGM, including activities conducted by Multilateral Trading Facilities, Authorised Persons that are Providing Custody (“Virtual Asset Custodians”) and intermediary-type Authorised Persons. This Guidance, together with the applicable ADGM Regulations and FSRA Rules governing the use of Virtual Assets, is collectively referred to as the “Virtual Asset Framework”.
        4) This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its regulatory functions and powers. The FSRA is not bound by the requirements set out in this Guidance and may –
        a) impose additional requirements to address any specific risks posed in relation to the use of Virtual Assets;
        b) waive or modify any of the Rules relevant to the Virtual Asset Framework, at its discretion, where appropriate.
        5) Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in the FSMR and the FSRA Glossary Rulebook (“GLO”).
        6) For the purposes of this Guidance, an Authorised Person permitted to carry on a Regulated Activity in relation to Virtual Assets, or a Recognised Investment Exchange holding a stipulation on its Recognition Order permitting it to operate a Multilateral Trading Facility (in relation to Virtual Assets) (as set out in paragraph 135) is referred to as an Authorised Person.4
        7) For more details on the process for authorisation as a Multilateral Trading Facility, please contact the FSRA at MIP@adgm.com. For more details on the process for authorisation for any other Virtual Asset business activities, please contact the FSRA at authorisation@adgm.com.

        1 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-digital-security-offerings-and-virtual-assets-under-financial-services
        2 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-digital-securities-activities-adgm
        3 Refer to the section on stablecoins, starting at paragraph 162.
        4 Including in the context of a Recognised Body who has a stipulation for other Regulated Activities set out in its Recognition Order.

      • BACKGROUND

      • OBJECTIVES OF THE VIRTUAL ASSET FRAMEWORK

        12) Fiat currencies are created and issued by sovereign governments, and stored and transferred by banks and other regulated financial institutions on behalf of users. In contrast, the virtual asset ecosystem can enable users to create, store and transfer Virtual Assets without the need for any third party. This creates a set of unique challenges for regulators worldwide. Without regulated entities controlling the creation and use of Virtual Assets, the system is open to significant Financial Crime and other risks.
        13) The Virtual Asset Framework is comprehensive in order to effectively address the key risks that the trading of Virtual Assets poses. FSRA’s view is that regulation of AML/CFT risks alone will not sufficiently mitigate certain wider Virtual Asset related risks. Given the increased use of Virtual Assets as a medium for financial transactions, and their connectivity to the mainstream financial system through Virtual Asset and Derivative exchanges and intermediaries, there is the increased potential of contagion risks impacting the stability of the financial sector. There is also no current safety net that ensures that users will be able to recover their Virtual Assets in case of loss or theft.
        14) Accordingly, the FSRA has addressed issues around consumer protection, safe custody, technology governance, disclosure/transparency, Market Abuse and the regulation of Multilateral Trading Facilities using Virtual Assets in a manner similar to the regulatory approach taken in relation to securities/derivatives exchanges globally.

      • FEATURES OF THE SPOT CRYPTO ASSET FRAMEWORK

        • Regulated Activities in relation to Virtual Assets

          15) In accordance with section 30 of FSMR, Applicants that qualify for authorisation to carry on a Regulated Activity will be granted an FSP to carry on the relevant Regulated Activity. Separately, an Authorised Person may, as applicable, be required to also receive approval from the FSRA as to whether it can also use (certain) Specified Investments, Financial Instruments and Virtual Assets as part of its Regulated Activities.
          16) To be authorised to conduct a Regulated Activity in relation to Virtual Assets, an Applicant must satisfy FSRA that all applicable requirements of FSMR and the relevant FSRA Rulebooks have been, and will continue to be, complied with. Upon being granted an FSP, the Applicant will be an Authorised Person for the purposes of the FSMR and the FSRA Rulebook, and will have the same regulatory status within ADGM as any other Authorised Person.
          17) The principal Rules for Authorised Persons conducting a Regulated Activity in relation to Virtual Assets are set out in Chapter 17 of the FSRA Conduct of Business Rulebook (“COBS”). These product specific Rules apply in addition to any other Rules applicable to the Regulated Activity being conducted by Authorised Person (e.g., Operating a Multilateral Trading Facility, Providing Custody or Dealing). Though the requirements set out in COBS Rule 17.1.2 already apply to Authorised Persons generally, COBS Rule 17.1.2 operates as a ‘sign-post’ Rule designed to draw the attention of Authorised Persons conducting a Regulated Activity in relation to Virtual Assets to the fact that they must comply with all Rules applicable to Authorised Persons, including:
          a) all other relevant chapters of COBS;
          b) the FSRA General Rulebook (“GEN”);
          c) the FSRA Anti-Money Laundering and Sanctions Rules and Guidance (“AML”); and
          d) the FSRA Rules of Market Conduct (“RMC”).
          18) The table below sets out the main risk areas, and the related mitigations for each of these risks areas, under the Virtual Asset Framework.
            RISK MITIGANT
          1. AML/CFT/TAX The AML Rulebook applies in full to all Authorised Persons.
          Authorised Persons also need to consider their reporting obligations in relation to FATCA and the Common Reporting Standards.
          2. CONSUMER
          PROTECTION
          All material risks associated with Virtual Assets generally, Accepted Virtual Assets and an Authorised Persons’ products, services and activities must be appropriately disclosed, and monitored and updated on an ongoing basis.
          3. TECHNOLOGY
          GOVERNANCE
          Systems and controls must be in place in relation to:
          • Virtual Asset wallets;
          • Private keys;
          • Origin and destination of Virtual Asset funds;
          • Security; and
          • Risk management and systems recovery.
          4. ‘EXCHANGE-TYPE’
          ACTIVITIES
          Multilateral Trading Facilities (MTFs) using Virtual Assets are required to have in place, among other things, the following:
          • Market surveillance;
          • Fair and orderly trading;
          • Settlement processes;
          • Transaction recording;
          • A rulebook(s);
          • Transparency & public disclosure mechanisms; and
          • Exchange-like operational systems and controls.
          5. CUSTODY Authorised Persons that are Providing Custody that hold or control either Accepted Virtual Assets and / or Client Money (e.g., fiat currencies) under custody on behalf of Clients are subject to the Safe Custody and / or Client Money Provisions respectively under FSMR and COBS. Frequent reconciliations and reporting of Accepted Virtual Assets and Client Money, as well as appropriate internal controls to safeguard them, are required.
          19) COBS Rule 17.1.3 operates such that ‘Client Investments’ in GEN and ‘Financial Instruments’ in RMC are read to include Virtual Assets. This means that the various Rules using these terms throughout the FRSA Rulebooks are expanded to capture Virtual Assets, including in particular the Rules contained in Chapters 3 and 6 of COBS.

        • Combination of Regulated Activities

          20) Applicants approved by the FSRA as an Authorised Person and permitted to conduct a Regulated Activity in relation to Virtual Assets will be granted an FSP for the relevant Regulated Activity being conducted by that Authorised Person. The activities of the Authorised Person when conducting its Regulated Activity will be limited such that it is only permitted to the engage in activities in relation to the use of Virtual Assets, unless it has been otherwise authorised by the FSRA. An Applicant seeking to be permitted to conduct activities in relation to Specified Investments / Financial Instruments, in addition to Virtual Assets, will need to apply to the FSRA to be able to do so, and will need to comply with the requirements of the FSRA in relation to those Specified Investments / Financial Instruments (including in relation to fees).7
          21) For example, a person wishing to operate as a broker, dealer or custodian in the conventional space will need to apply for and receive FSRA approvals applicable to those conventional Specified Investments / Financial Instruments, in addition to seeking approval to conduct a Regulated Activity in relation to Virtual Assets.
          22) FSP holders carrying on a Regulated Activity that incidentally involves the use of Virtual Assets may still be subject to relevant Rules in Chapter 17 of COBS (e.g., in relation to Accepted Virtual Assets, technology governance, disclosure requirements) to ensure that appropriate activity is undertaken as part of their Regulated Activities.

          7 Subject to paragraph 135 which notes that Authorised Persons Operating a Multilateral Trading Facility who also wish to be authorised as a Recognised Investment Exchange (‘RIE’) must relinquish their FSP in order to obtain a Recognition Order with a stipulation allowing the RIE to Operate a Multilateral Trading Facility.

      • REGULATORY REQUIREMENTS FOR AUTHORISED PERSONS ENGAGED IN REGULATED ACTIVITIES IN RELATION TO VIRTUAL ASSETS

        • Conducting a Regulated Activity in relation to Virtual Assets

          23) Chapter 17 of COBS applies to all Authorised Persons conducting a Regulated Activity in relation to Virtual Assets, requiring compliance with all requirements set out in COBS Rules 17.1 – 17.6. Authorised Persons that are Operating a Multilateral Trading Facility or Providing Custody in relation to Virtual Assets are also required to comply with the additional requirements set out in COBS Rules 17.7 or 17.8 respectively.

        • Accepted Virtual Assets

          24) COBS Rule 17.2.1 permits an Authorised Person to conduct a Regulated Activity in relation to Accepted Virtual Assets only. The FSRA has a general power to determine each Accepted Virtual Asset that will be permitted to be used by an Authorised Person within ADGM, in order to prevent potential higher-risk activities relating to illiquid or ‘immature’ Virtual Assets.
          25) A Virtual Asset that meets the FSRA’s requirements, as demonstrated by an individual Authorised Person, will constitute an Accepted Virtual Asset for that individual Authorised Person only. COBS Rule 17.2.2 states that for the purpose of determining whether, in its opinion, a Virtual Asset meets the requirements of being an Accepted Virtual Asset, the FSRA will consider those factors it considers relevant, which at the date of this Guidance include seven key factors as set out below: 8
          a) Maturity / market capitalisation: the market capitalisation9 of the Virtual Asset, the sufficiency, depth and breadth of Client demand, the proportion of the Virtual Asset that is in free float, and the controls/processes to manage volatility of a particular Virtual Asset;
          b) Security: consideration of whether a specific Virtual Asset is able to withstand, adapt, respond to, and improve on its specific risks and vulnerabilities, including relevant factors/risks relating to the on-boarding or use of new Virtual Assets (including size, testing, maturity, and ability to allow the appropriate safeguarding of secure private keys);10
          c) Traceability / monitoring: whether Authorised Persons are able to demonstrate the origin and destination of the specific Virtual Asset, if the Virtual Asset enables the identification of counterparties to each transaction, and if on-chain transactions in the Virtual Asset can be adequately monitored;
          d) Exchange connectivity: whether there are (other) exchanges that support the Virtual Asset; the jurisdictions of these exchanges and whether these exchanges are suitably regulated;
          e) Type of Distributed Ledger (DLT): whether there are issues relating to the security and/or usability of a DLT used for the purposes of a Virtual Asset; whether the Virtual Asset leverages an existing DLT for network and other synergies; whether a new DLT has been demonstrably stress tested;
          f) Innovation / efficiency: whether, for example, the Virtual Asset helps to solve a fundamental problem, addresses an unmet market need or creates value for network participants; and
          g) Practical application/functionality: whether the Virtual Asset possesses real world, quantifiable, functionality.
          26) Though these factors may change from time to time, the FSRA will, in all cases, have regard to its objectives as a regulator, and the principles as set out in Section 1 of FSMR.
          27) An Applicant applying for an FSP will need to submit the details of each Accepted Virtual Asset that they propose to use, setting out separately for each proposed Virtual Asset how it meets the tests set out in paragraph 25 above. The use of each Accepted Virtual Asset will be approved by the FSRA as part of the formal FSP application process.
          28) An Accepted Virtual Asset may be deemed suitable for use by more than one Authorised Person, subject to each Authorised Person satisfying the FSRA that it can meet the regulatory requirements in respect of the specific Accepted Virtual Asset. For example, an MTF using Virtual Assets is required by COBS Rule 17.7.411 to notify the FSRA of any new Accepted Virtual Asset proposed to be admitted to trading on its facilities. Though the MTF may propose to admit to trading a commonly used and traded Virtual Asset, the MTF’s controls, for example, relating to identity/transaction monitoring of a certain distributed ledger may not yet be fully developed. In such circumstances, the FSRA may require the MTF to delay the commencement of trading until such time that suitable controls have been developed and implemented.
          29) An Authorised Person wishing to use a Virtual Asset(s) additional to the Accepted Virtual Asset(s) originally approved as part of its application process, must first seek the FSRA’s approval before offering it to Clients. This application should be made in writing and include all relevant information relating to the use of the Virtual Asset, including the relevant controls the Authorised Person has in place (or if not already in place, that it proposes to implement), in order to manage any risks specific to the Virtual Asset. In forming a view on the suitability of the proposed Virtual Asset(s), the FSRA will take into account whether the proposed Virtual Asset meets the requirements to be an Accepted Virtual Asset, as set out in COBS Rule 17.2.2 and paragraph 25 of this Guidance. The FSRA will notify the Authorised Person of its determination.
          30) Due to Accepted Virtual Assets being determined for use on the basis of each individual Authorised Person, the FSRA will not maintain a ‘public’ list of Accepted Virtual Assets.

          8 Factor (a) relates to COBS Rule 17.2.2(a), with factors (b)-(g) relating to COBS Rule 17.2.2(b).
          9 The FSRA does not prescribe the source for calculating the market capitalisation of a Virtual Asset and will consider certain recognised sources, as may be available from time to time.
          10 Authorised Persons will be required to undertake third party verification to demonstrate that the Virtual Assets it is proposing to use meet the security requirements applicable to being deemed an Accepted Virtual Asset. A similar verification requirement will also apply to any stablecoins/fiat tokens proposed to be used by an Applicant/Authorised Person – see paragraph 166.
          11 Which requires notification to the FSRA under MIR Rule 5.4.1 (Item 26).

        • Capital Requirements

          31) Given the nature of, and the risks associated with Virtual Assets, COBS Rule 17.3 requires an Authorised Person to hold regulatory capital in a manner consistent with MIR Rule 3.2.1 (being the requirements that a Recognised Investment Exchange must meet). Pursuant to these Rules, regulatory capital held by an Authorised Person must be in fiat form.
          32) When applying COBS Rule 17.3 / MIR Rule 3.2.1 to an Authorised Person, the FSRA will apply proportionality in considering whether any additional capital buffer must be held, based on the size, scope, complexity and nature of the activities and operations of the Authorised Person and, if so, the appropriate amount of regulatory capital required as an additional buffer. An Authorised Person that the FSRA considers to be high risk may attract higher regulatory capital requirements.
          33) Subject to the above paragraph, in general:
          a) an Authorised Person Operating a Multilateral Trading Facility using Virtual Assets is required to hold regulatory capital equivalent to 12 months’ operational expenses; and
          b) all other Authorised Persons conducting a Regulated Activity in relation to Virtual Assets are required to hold regulatory capital equivalent to 6 months’ operational expenses.
          34) Operational expenses, as set out in MIR Rule 3.2.1, broadly includes all of the overhead, non-discretionary costs (variable and exceptional items can be excluded) incurred (or forecast to be incurred) by an Authorised Person in its operations over the course of a twelve-month period. Technology-related operational expenses, such as the use of IT servers and technology platforms, storage and usage of IT equipment and technology services required for the overall operability of the Authorised Person’s platform, are to be included. Development costs, such as research and intellectual property patenting can be excluded.
          35) Where an Authorised Person also carries on one or more Regulated Activities that are not in relation to Virtual Assets (e.g., Dealing in Investments, Providing Credit or Providing Custody), the FSRA will apply a capital requirement that is the higher of the regulatory capital requirements applicable to:
          a) the Regulated Activities undertaken in relation to Virtual Assets; or
          b) the other Regulated Activities under the FSRA Prudential – Investment, Insurance Intermediation and Banking Rules (“PRU”).
          36) In addition, where an Authorised Person is part of a wider financial Group that is subject to consolidated supervision by the FSRA, a holistic view of regulatory capital treatment will apply across the businesses of the Group pursuant to Chapter 8 of PRU. The resulting level of regulatory capital for the consolidated Group will also be subject to review under the Supervisory Review and Evaluation Process (as outlined in Chapter 10 of PRU), whereby the FSRA will retain the ability to impose additional capital requirements, above and beyond that reflected in the ‘higher of’ approach to reflect any part of the higher risk profile of the Group that is not adequately captured in Chapter 8 of PRU.

        • Anti-Money Laundering and Countering Financing of Terrorism

          • Key considerations for AML/CFT compliance

            45) When considering the FATF Recommendations, in combination with the application of the AML Rules, the FSRA notes the following key principles that an Authorised Person conducting a Regulated Activity in relation to Virtual Assets should consider:

          • Principle 2: Business Risk Assessment

            e) Chapter 6 of the AML Rules requires Relevant Persons to take appropriate steps to identify and assess the ML risks to which their businesses are exposed, taking into consideration the nature, size and complexity of their activities. When identifying and assessing these risks, several factors should be considered, including an assessment of the use of new technologies. Importantly, in the context of Virtual Assets, FATF Recommendation (15) states that:
            “Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks.”
            f) Another aspect of assessing the business risk relevant to Authorised Persons is gaining familiarity with the characteristics and terminology17 of the Virtual Asset industry. Additionally, Authorised Persons, and their management and staff, should be aware of the possible misuse of Virtual Assets in criminal activities, as well as the technical and complicated nature of Virtual Assets (and the platforms they operate on).
            g) When making its assessment, an Authorised Person must give consideration to all business risks. For example, while an issue may be identified in relation to cyber security (e.g., when dealing with hot wallets or using cloud computing to store data – being a ‘technology’ risk), the FSRA expects Authorised Persons to consider these risks from all perspectives to establish whether the risk triggers other issues for consideration (including ML/TF risks, technology governance and consumer protection). An Authorised Person must then use the identified risks to develop and maintain its AML/CTF policies, procedures, systems and controls and take all reasonable steps to eliminate or manage such risks.

            17 Examples of Digital Asset/Virtual Asset relevant terminology include: cold, warm or hot wallets/storage, on/off ramps, tainted wallets, public key, private key and forks.

          • Principle 3: Customer Risk Assessment and Customer Due Diligence

            h) The FSRA expects all Authorised Persons to have fully compliant Client on-boarding processes. Virtual Assets have been criticised by regulatory bodies globally due to their (pseudo-)anonymity features, which makes tracking Client records and transactions more challenging for compliance officers and money laundering reporting officers.
            i) Customer Risk Assessment and ‘Customer Due Diligence’ (“CDD”) policies and procedures are required to be implemented by all Authorised Persons. Authorised Persons should have a process to assess and rate all their Clients according to that Client’s risk profile (and taking into consideration the Authorised Persons’ RBA). This risk-based assessment is required to be undertaken for each Client prior to transacting any business on behalf of the Client. Authorised Persons must undertake CDD for each Client and comply in full with Chapter 8 of the AML Rules noting that the FSRA does not consider it appropriate for Authorised Persons to use simplified CDD when conducting a Regulated Activity in relation to Virtual Assets, largely due to issues surrounding the (pseudo-) anonymity of Clients and transactions associated with Virtual Assets.
            j) In the case of non-face-to-face Client on-boarding and ongoing due diligence, the FSRA expects that Authorised Persons will take the necessary action, and develop appropriate policies, to ensure correct identification of a Client as a natural person. This may include obtaining a “selfie”, together with two currently valid forms of the Client’s facial ID; one must be the Client’s passport with all details clear and visible, the second should be a copy (front and back) of an official government issued document, such as a national ID or driver’s license.
            k) The FSRA understands that Authorised Persons may need to use new technology to improve Client on-boarding processes for the purpose of assessing and managing ML and TF risks. For example, in order for Authorised Persons to conduct non-face-to-face on-boarding they will need to implement facial recognition software to validate the “selfie” against the other uploaded documentation, or other suitable biometric technology.
            l) The FSRA further understands that the proper use of such technologies (e.g., fingerprinting, retinal/eye scans, use of real-time video conference facilities to enable facial recognition) can assist with mitigation of the ML/TF risks associated with the use of Virtual Assets. Technological features, such as secure digital signatures that allow the verification of a Client’s identity through a signed document, may also be acceptable to the FSRA. In all cases, an Authorised Person should ensure that the use of these technologies will not lead to a simplified process where the required Customer Risk Assessment and CDD requirements are not appropriately undertaken by an Authorised Person.
            m) The FSRA recommends that Authorised Persons obtain a signed self-certification from their Clients identifying the details of all passports issued and held in their name(s). Authorised Persons may also use this as an opportunity to capture all tax related details in order to meet their international tax reporting obligations. Self-certification should not prevent Authorised Persons from conducting proper CDD.

          • Principle 4: Governance, Systems and Controls

            n) Authorised Persons are required to implement an appropriate governance structure, especially in relation to Information Technology governance18, and provide for the development and maintenance of all necessary systems and controls to ensure appropriate ML and TF compliance.
            o) The FSRA expects that Authorised Persons may seek to utilise (their own or third-party) technologies and solutions to meet their regulatory obligations (e.g., customer risk assessment, detection of fraud, and transaction identification, monitoring and reporting) and risk management requirements (e.g., margin limits, large exposure monitoring).
            p) The FSRA expects Authorised Persons to develop, implement and maintain effective transactional monitoring systems to determine the origin of a Virtual Asset and to monitor its destination, and to apply strong “know your transaction” measures which enable Authorised Persons to have complete granular data centric information about the transactions done by a Client.
            q) The FSRA expects Authorised Persons to act responsibly and always be vigilant in ensuring that their activities are not subject to any misuse by participants transacting with Virtual Assets that may have been tainted in any way from an illegal activity. The FSRA expects that an Authorised Person’s internal processes establish the types of ‘indicators’ or activities that could be used to identify when Accepted Virtual Assets may have been used in an illegal manner. An Authorised Person should have a process for the management of when such ‘indicators’ (for example, certain Client or use of “mixer” and “tumbler” services) are triggered.
            r) While the FSRA cannot recommend particular vendors or providers, all technology solutions must be fit for purpose and Authorised Persons should consider using those with an established track record, and undertake their own due diligence/risk assessment to ensure competency and capability. The FSRA recognises that many of the (technology) solutions appropriate for mitigating Virtual Asset risks are continuing to be developed within the Virtual Asset industry itself.
            s) The FSRA expects Authorised Persons to develop, implement and adhere to a “Virtual Asset Compliance Policy”, tailored to meet specific Virtual Asset business compliance requirements, and reflecting a clear comprehension of the Authorised Person’s understanding of its compliance responsibilities. The FSRA expects this policy to be well defined, comprehensive, robust and as specific to an individual Authorised Person’s activities as possible. The policy can be separate or part of other compliance policies/manuals.
            t) Following the development of the Virtual Asset Compliance Policy, Authorised Persons’ compliance officers are expected to establish a “Virtual Asset compliance monitoring program”, requiring internal reviews to be conducted in an efficient way, and on a periodic basis.
            u) Authorised Persons must appoint a Money Laundering Reporting Officer (“MLRO”) who will be responsible for the implementation and oversight of the Authorised Person’s compliance with the AML Rules. Consistent with the FSRA’s expectation in relation to all other Authorised Persons, an MLRO should have an appropriate level of seniority and independence in order to be effective in the role.

            18 Please also refer to the section on Technology Governance and Controls in this Guidance (page 26).

          • Principle 5: Suspicious Activity Reporting obligations

            v) Authorised Persons should familiarise themselves with their reporting obligations under the AML Rules, in particular in relation to the reporting of suspicious activities/transactions.
            w) Prior to commencing operations, the FSRA expects Authorised Persons to establish online connectivity with the UAE’s Financial Intelligence Unit for the purposes of submitting Suspicious Activity Reports (“SARs”). Instructions on how to do this can be found on the FSRA’s FCPU webpage.
            x) Authorised Persons are required to establish sophisticated transaction monitoring systems to detect possible ML and TF activities. Systems should also be implemented to effectively identify any attempt to breach domestic and international sanctions. Such systems may rely on new technological solutions (including monitoring algorithms or Artificial Intelligence (“AI”)).

          • Principle 6: Record keeping

            y) As proper documentation is one of the main pillars of ensuring AML/CFT compliance, Authorised Persons are required to have policies and procedures in place to ensure proper record keeping practices. It is expected that ane Authorised Person will maintain up to date records in accordance with the CDD obligations applicable to it and be prepared to provide the records upon request from the FSRA.
            z) The FSRA understands that the transaction recording of many Virtual Asset transactions is linked to, or based on, DLT. This requires an Authorised Person to implement specific arrangements to ensure that, at a minimum, the Authorised Person and the FSRA have access to all relevant information as necessary. An Authorised Person may use a distributed ledger to store its data, provided it is able to provide this data, in an easily accessible format, to the FSRA when required.
            aa) The FSRA views Virtual Asset activities that are linked to cash transactions as posing higher ML and TF risks, due to the source of funding being significantly more difficult to determine. Authorised Persons wishing to conduct cash transactions will be required to implement enhanced controls to mitigate the inherent risks of such transactions. Such controls may include, among other things, setting appropriate limits on cash deposits (e.g., daily, monthly, yearly limits), a prohibition on receiving cash directly, prohibitions on the receipt of cash other than from bank accounts, and prohibitions on receiving funds from third parties. In all cases, Authorised Persons will need to clearly demonstrate to the FSRA how their controls suitably mitigate the risks of cash transactions within their operations. Considering the wider consumer protection implications, the FSRA also considers it unlikely to be appropriate for Authorised Persons to accept deposits by way of credit card or credit facilities/credit lines.
            bb) FSRA expects all Authorised Persons to exercise due care, to the utmost extent possible, in their day-to-day operations and when dealing with Clients or potential Clients. An Authorised Person’s activities are expected to be in compliance with the AML Rules, ensuring that their activities do not pose a regulatory risk or reputational damage to the ADGM Financial System.

          • International Tax Reporting Obligations

            46) COBS Rule 17.4 requires Authorised Persons to consider and, if applicable, adhere to their tax reporting obligations including, as applicable, under the Foreign Account Tax Compliance Act (“FATCA”) and the ADGM Common Reporting Standard Regulations 2017.

      • Technology Governance and Controls

        • Maintenance and development of systems

          51) Authorised Persons are expected to have a well-defined, documented and deliberate approach for the implementation and upgrade of systems and software.
          52) Authorised Persons should also have well-established policies and procedures for the regular and thorough testing of any system currently implemented or being considered for use (e.g., upgrades to a matching engine or opening of a new Application Programming Interface (“API”) internally or with a third party).
          53) The updated system should be tested for technical, operational and security vulnerabilities including but not limited to functional, penetration and stress testing. The outcome of the testing should be well structured and documented and signed off by the responsible (technology-focused) executives of the Authorised Person.
          54) All changes made to the codebase in use are to be tracked and recorded, with a clear audit trail for appropriate internal checks and sign-off. The use of a version control system which allows for the accurate timestamping and identification of the user responsible for relevant changes should be considered.
          55) Authorised Persons should maintain a clear and comprehensive audit trail for system issues internally, including security issues and those with third parties, their resolution and implementation of fixes.
          56) Authorised Persons should conduct at least annual third-party verification/audit of core systems being used (including, if relevant, verification / audit of custody arrangements and verification of the amount of their purported holdings of Virtual Assets and Client Money). MTFs using Virtual Assets and Virtual Asset Custodians should have an annual review of their infrastructure undertaken by reputable third party cyber security consultants, producing a list of recommendations and areas of concern.

        • Security measures and procedures

          57) Authorised Persons should have measures and procedures in place which comply with network security industry best practices (e.g., the implementation of firewalls, strong passwords, password management procedures, multifactor authentication and encryption of data in transit and at rest).
          58) Updates and patches to all systems, particularly security systems, should be performed as soon as safely feasible after such updates and patches have been released, whether these systems have been developed internally or developed by a third-party.
          59) An Authorised Person’s IT infrastructures (particularly for MTFs using Virtual Assets and Virtual Asset Custodians) are expected to provide strong layered security and seek the elimination of “single points of failure”. IT infrastructure security policies are required to be maintained, describing in particular how strong layered security is provided and how “single points of failure” are eliminated. This includes, but should not be limited to, systems and procedures to limit the access of a single user to the use of private and confidential information of Clients.
          60) IT infrastructures should be strong enough to resist, without significant loss to Clients, a number of scenarios, including but not limited to: accidental destruction or breach of data, collusion or leakage of information by employees/former employees, successful hack of a cryptographic and hardware security module or server, or access by hackers of any single set of encryption/decryption keys that could result in a complete system breach.
          61) Authorised Persons should have in place policies and procedures that address information security for all personnel. The security policy should set the security tone for the whole entity and inform personnel what is expected of them. All personnel should be aware of the sensitivity of data and their responsibilities for protecting it. To mitigate “key person risk”, Authorised Persons are to ensure that there is no single individual that holds privileged or sensitive information that is critical to the operation of the Authorised Person.
          62) The strong encryption of data, both at rest and in transit, should be included in the security policy. In particular, encryption and decryption of Virtual Asset private keys should utilise strong encryption protocols and algorithms that have broad acceptance with cyber security professionals. Critical cryptographic functions such as encryption, decryption, generation of private keys, and the use of digital signatures should only be performed within cryptographic modules complying with the highest, and internationally recognised, applicable security standards.
          63) All security incidents and breaches should be logged and documented in detail as soon as practicable and the resolution and implementation details should subsequently be added to the log.
          64) The use of open source software should be governed by clear, well documented and transparent rules and procedures governing the software’s stability, security and fitness for purpose. Any open source software, whether it is a compiled distribution or code, should be thoroughly tested for security and operational vulnerabilities. This testing should be signed off by the responsible executives of the Authorised Person before being used for the processing or storing of operational and Client information.
          65) All APIs that are internal or external facing should be secured by strict access management procedures and systems, including encryption of the information (e.g., SSL certificates). All API access activity should be logged and scanned for security breaches on an ongoing basis.
          66) All access management and credential changes (for employees, third-party service providers and Clients) should be governed and monitored by strict and well documented rules and procedures. This should include, but not be limited to, enforcing strong passwords and the monitoring of IP geo-location, use of VPN, TOR or unencrypted web connections.

        • Cryptographic Keys and wallet storage

          67) The ability to send and receive Virtual Assets by recording new transactions on a distributed ledger is usually dependent on cryptographic keys – a public key and one or more private keys. The public key allows other users on a distributed ledger to send Virtual Assets to an address associated with that public key. The private key(s) provides full control of the Virtual Assets associated with the public key. As such, Authorised Persons need to have robust procedures and protective measures to ensure the secure offline generation, storage, backup and destruction of both public and private keys for their own wallet operations and where they offer wallet services to Clients.
          68) Whether private keys are held on network attached devices or devices that are offline, Authorised Persons must have policies and procedures to ensure that they are not compromised by malicious actors.

        • Password protection and encryption

          69) Authorised Persons should consider the use of multi-signature wallets (e.g., where multiple private keys are associated with a given public key and a subset of these private keys, sometimes held by different parties, are required to authorise transactions). Where a multi-signature solution is not feasible due to the underlying structure of the Virtual Asset, a similar mechanism or procedure should be in place (e.g., a multi-user authentication prior to enacting on-chain changes to the Virtual Asset holdings).
          70) Authorised Persons should have clear policies and procedures that detail procedures for recovery in the event that a Client loses access credentials. These policies and procedures should also cover the recovery or re-generation of lost private keys (e.g., using a seed phrase if applicable).
          71) Authorised Persons must have policies and procedures in place that set out actions and responsibilities in the event of a breach of private and public keys, as well as Client user access credentials.

        • Origin and destination of Virtual Asset funds

          72) Virtual Asset transactions between public addresses take place on public DLT. Although it is normally possible to identify the public addresses of the parties to a transaction, it is often very difficult to establish the owner (whether natural or legal) of these addresses. This makes Virtual Assets attractive to money launderers, terrorist financers and other criminals.
          73) The US Office of Foreign Asset Control (OFAC) has issued a statement requiring wallet addresses known to belong to individuals listed on the Specially Designated Nationals And Blocked Persons sanctions (“SDN”) list to be reported. Further information is available on the OFAC website.19 Additionally, there are companies collecting “tainted” wallet addresses that have been used in hacks, “dark web” transactions and other criminal activities.
          74) An Authorised Person must have clear policies and procedures, consistent with the AML Rules applicable to it, to identify the source of funds and to ensure its compliance with COBS Rules 17.5(c) (Origin and destination of Virtual Asset funds) and 17.5(e) (Risk Management). These policies and procedures should cover due diligence on the deposits and withdrawals by legal persons that represent further multiple deposit-holders or withdrawal recipients of the Virtual Assets. For such deposits and withdrawals, Authorised Persons should be able to assess the ultimate beneficiaries’ wallet addresses and their source or destination of funds as appropriate.
          75) It is crucial that Authorised Persons perform due diligence on their Clients before opening an account so that wallet addresses can be identified as belonging to a specific user. If a transaction is detected that originates from or is sent to a “tainted” wallet address belonging to a known user, that user should be reported. Authorised Persons should maintain lists of tainted wallet addresses and, if not in possession of their own services, utilise third party services to help identify such addresses.
          76) Currently, there are technology solutions developed in-house and available from third party service providers which enable the tracking of Virtual Assets through multiple transactions to more accurately identify the source and destination of these Virtual Assets. It is expected that Authorised Persons may need to consider the use of such solutions and other systems to adequately meet their anti-money laundering, financial crime and know-your-customer obligations under the Virtual Asset Framework.20

          19 https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx
          20 For full details on these obligations, please refer to the earlier section of AML/CFT.

        • Planned and Unplanned system outages

          77) Authorised Persons should have a programme of planned systems outages to provide for adequate opportunities to perform updates and testing. Authorised Persons should also have multiple communication channels to ensure that its Clients are informed, ahead of time, of any outages which may affect them.
          78) Authorised Persons should have clear, publicly available, procedures articulating the process in the event of an unplanned outage. During an unplanned outage, Authorised Persons should be able to rapidly disseminate key information and updates on a frequent basis.

        • Management of personnel and decision making

          79) Authorised Persons should implement processes and procedures concerning decision making and access to sensitive information and security systems.
          80) A clear audit log of decision making should be kept. Staff with decision-making responsibilities should have the adequate expertise, particularly from a technological standpoint, to make such decisions.
          81) Protective measures should be implemented to restrict access to critical and/or sensitive data to key personnel only. This includes both digital and physical access. Authorised Persons should have processes and procedures to track and monitor access to all network resources. Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimising the impact of a data compromise. The maintenance of logs allows thorough tracking, alerting, and analysis when issues occur.

        • Third party outsourcing

          82) Authorised Persons may use third party services for their systems. However, when doing so, an Authorised Person (pursuant to GEN Rule 3.3.31) retains full responsibility from a regulatory perspective for any issues that may result from the outsourcing including the failure of any third party to meet its obligations. The FSRA requires that certain core systems (for example, the matching engine of an MTF using Virtual Assets) are maintained by the Authorised Person itself and will not generally permit these to be outsourced.
          83) In its assessment of a potential third party service provider, an Authorised Person must satisfy itself that the service provider maintains robust processes and procedures regarding the relevant service (including, for example, in relation to the testing and security required in this section on Technology Governance).
          84) In all circumstances, including in relation to business activities that are outsourced, an Authorised Person is expected to maintain a strong understanding of the third party service being provided and, for critical services, have redundancy measures in place where appropriate.
          85) Public and private cloud service providers should be subject to thorough screening. A set of well-defined and documented access management procedures should be in place. All service level agreements should be reviewed annually for serviceability and security of the systems and related operations as per the IT policies of the Authorised Person. A ‘clear roles and responsibilities matrix’ should be in place to delineate operations of a service provider from those of an Authorised Person. Physical access to systems should be limited to the relevant personnel and access should be monitored by the Authorised Person on an ongoing basis.
          86) Authorised Persons are required to retain and be in the position to retrieve the data held on a cloud platform for such duration as they are required to under ADGM/FSRA record keeping purposes, and submit the data held on a cloud platform to the FSRA, as and when directed to do so, with immediate effect.
          87) Authorised Persons who employ cloud based data storage services for the purpose of recording personal data must also take into consideration ADGM data protection regulations. Consideration must be given to the jurisdiction within which the cloud storage service provider is located, or alternatively other arrangements which may facilitate compliance with applicable data protection requirements.

        • Forks

          88) Authorised Persons should ensure that changes in the underlying protocol of a Virtual Asset that result in a fork are managed and tested proactively. This includes temporary forks which should be managed for reverse compatibility for as long as required.
          89) Authorised Persons should ensure that their Clients are able to deposit and withdraw Accepted Virtual Assets in and out of an Authorised Person’s infrastructure as and when requested before and after a fork (except during go-live). Clients should be notified well in advance of any periods of time when deposits and withdrawals are not feasible.
          90) Where the underlying protocol of a Virtual Asset (e.g., the native token of that protocol) is changed, and the new version of that Virtual Asset is backwards-compatible with the old version (soft fork), Authorised Persons should ensure that the new and old versions of the Virtual Asset continue to satisfy the relevant Accepted Virtual Asset requirements.
          91) Where the underlying protocol of an Accepted Virtual Asset is changed, and the older version of the Accepted Virtual Asset is no longer compatible with the new version and/or there is an entirely new and separate version of the Virtual Asset (hard fork), Authorised Persons should ensure that client balances on the old version are reconciled with the new version of the Virtual Asset. Authorised Persons should also maintain transparent lines of communication with their Clients on how Authorised Persons are managing Clients’ Virtual Asset holdings in such a scenario.
          92) In the case of a hard fork, Authorised Persons should proactively manage any discrepancy between the balances recorded on the previous version versus the new version by engaging with the community which is responsible for updating and supporting the underlying protocol of the relevant Virtual Asset. Additionally, Authorised Persons should ensure that, where they seek to offer services in relation to the Virtual Asset associated with the new version of the underlying protocol, this new Virtual Asset meets the requirements for an Accepted Virtual Asset and that they notify the FSRA well in advance of offering the Virtual Asset as part of its activities.

      • Virtual Asset Risk Disclosures

        93) Given the significant risks to Clients transacting in Virtual Assets, Authorised Persons are required to have processes in place that enable them to disclose, prior to entering into an initial transaction, all material risks to their Clients in a manner that is clear, fair and not misleading.
        94) COBS Rule 17.6 sets out a non-exhaustive list of risks that are required to be disclosed to Clients. The FSRA is of the view that merely restating this non-exhaustive list of risks, either in its application or in the risk disclosures to its Clients, does not satisfy an Authorised Person’s risk disclosure requirements. Instead, Authorised Persons are expected to undertake a detailed analysis of the risks, and to make all necessary disclosures to their Clients. As this disclosure obligation is ongoing, and given the rapidly developing market for Virtual Assets, Authorised Persons are required to continually update this analysis and the resultant disclosures to its Clients to reflect any updated risks relating to:
        a) the Authorised Person’s products, services and activities;21
        b) Virtual Assets generally; and
        c) the specific Accepted Virtual Asset.
        95) For the purposes of interpreting the reference to “initial Transaction” in COBS Rule 17.6, Authorised Persons can meet the obligation in this Rule at any time prior to the ‘initial Transaction’. For example, the introduction of a new Accepted Virtual Asset to trading on an MTF may require a further specific risk disclosure being made to Clients of the MTF in relation to the risks of trading in that new Accepted Virtual Asset (as assessed by the MTF).
        96) The FSRA will need to understand the process by which an Authorised Person will communicate the risks outlined in COBS Rule 17.6.2, as well as any other relevant material risks to its Clients. Where the Clients of an Authorised Person are required to enter into a Client Agreement, the Authorised Person may make its first such risk disclosure in that Client Agreement.
        97) Considering the heightened inherent risks associated with investing in Virtual Assets and the FSRA’s objective of providing a regulatory regime that offers adequate consumer protection, the FSRA is of the view that all Authorised Persons should, prior to on-boarding a Client, ensure that the services, or new services, proposed to be provided to a Client are appropriate, taking into account such matters as the Client’s relevant knowledge, experience and investment objectives. Where a conflict between the inherent risks and the appropriateness for a Client is identified, the Authorised Person should take all reasonable steps to resolve such a conflict.

        21 These disclosures should cover any specific arrangements, or lack of arrangements, for any product, service and activity of an Authorised Person. For example, in relation to custody of Client’s Virtual Assets, where an Authorised Person allows/requires Clients to self-custodise their Virtual Assets, this must be fully disclosed to Clients upfront, and Clients must be informed that the Authorised Person is not responsible for custody and protection of Clients’ Virtual Assets. Where an Authorised Person is outsourcing part or all of the custody arrangements to a third party, this should also be disclosed to Clients.

      • Market Abuse, Transaction Reporting and Misleading Impressions (FSMR)

        98) As the Virtual Asset Framework does not treat Virtual Assets as Financial Instruments / Specified Investments, certain FSMR provisions have been expanded to specifically capture the use of Virtual Assets within ADGM.
        99) Importantly, the Market Abuse Provisions in Part 8 of FSMR specifically cover Market Abuse Behaviour in relation to Accepted Virtual Assets admitted to trading on an MTF. In this regard, the FSRA imposes the same high regulatory standards to Accepted Virtual Assets traded on MTFs as it does to Financial Instruments traded on Recognised Investment Exchanges, MTFs or OTFs in ADGM.
        100) Similar to the reporting requirements imposed on Recognised Investment Exchanges and MTFs in relation to Financial Instruments, MTFs (pursuant to FSMR Section 149) are required to report details of transactions in Accepted Virtual Assets traded on their platforms.22 The FSRA expects MTFs using Virtual Assets to report to the FSRA on both a real-time and batch basis.
        101) In addition, the FSMR provisions on Misleading Statements apply to Accepted Virtual Assets. The FSRA expects that all communications (including advertising or investment materials or other publications) made by an Authorised Person will be made in an appropriate manner and that an Authorised Person conducting a Regulated Activity in relation to Virtual Assets will implement suitable policies and procedures to comply with the requirements of FSMR.
        102) The FSRA continues to consider developments to its regulatory perimeter in the context of its Market Abuse provisions, including for the purposes of any future determination of whether the provisions ought to be extended to further capture Virtual Asset trading activity that is not specifically linked to trading on an MTF. In this context, and particularly in the case of intermediary-type Authorised Persons, the FSRA reminds such Authorised Persons of their wider responsibilities under the Virtual Asset Framework in relation to the use of Virtual Assets, including in relation to client risk disclosures, suitability and best execution (see paragraphs 93-97, 103(a) and (b) and 109).23

        22 The additional obligation of an MTF using Virtual Assets to undertake its own market surveillance is set out later in paragraph 131(d) of this Guidance.
        23 This is particularly relevant when intermediary-type Authorised Persons trade into other unregulated/lightly regulated markets globally. FSRA expects Authorised Persons to have suitable controls (including client protection controls and disclosure mechanisms) in place for such activity.

      • SPECIFIC FSRA GUIDANCE ON THE VIRTUAL ASSET FRAMEWORK

      • Application of particular Rules in COBS

        103) For the purposes of the Virtual Asset Framework and Authorised Persons, the Rules referenced in COBS Rule 17.1.4 apply to all transactions undertaken by an Authorised Person conducting a Regulated Activity in relation to Virtual Assets. The Rules referenced in COBS Rule 17.1.4 are as follows:
        a) COBS Rule 3.4 (Suitability);
        b) COBS Rule 6.5 (Best Execution);
        c) COBS Rule 6.7 (Aggregation and Allocation);
        d) COBS Rule 6.10 (Confirmation Notes);
        e) COBS Rule 6.11 (Periodic Statements); and
        f) COBS Chapter 12 (Key Information and Client Agreement)).
        104) These requirements are relevant to the concept of ‘Investment Business’ within COBS and can be considered more relevant to certain Authorised Persons, particularly those that are ‘dealing’ in Accepted Virtual Assets. The FSRA understands that some of these obligations may not apply to all Authorised Persons (particularly MTFs using Virtual Assets).
        105) For the avoidance of doubt all Authorised Persons that hold or control:-
        a) Client Money (e.g., fiat currencies) on behalf of Clients are required to comply with all relevant Client Money rules in Chapter 14 of COBS (read together with COBS Rule 17.8) at all times; and
        b) Accepted Virtual Assets are required to comply with all relevant Safe Custody rules in Chapter 15 of COBS (read together with COBS Rule 17.8) at all times.

         

      • Substance requirements of Authorised Persons

        106) In order to operate effectively as an Authorised Person within ADGM, an Authorised Person conducting a Regulated Activity in relation to Virtual Assets must commit resources of a nature allowing it to be operating in substance within ADGM. Depending on the relevant Regulated Activities being undertaken, the FSRA expects to see substantive resources committed within ADGM across all lines of the Authorised Person’s activity, including, but not limited to, commercial, governance, compliance/surveillance, operations, technical, IT and HR functions. The FSRA expects the ‘mind and management’ of an Authorised Person to be located within ADGM. Further discussion on substance in relation to MTFs using Virtual Assets is set out at paragraph 126.

      • Virtual Asset Brokers or Dealers

        107) Authorised Persons intending to operate solely as a broker or dealer for Clients (including the operation of an OTC broking or dealing desk) are not permitted to structure their broking / dealing service or platform in such a way that would have it be considered as operating a market / MTF using Virtual Assets. The FSRA would consider features such as allowing for price discovery, displaying a public trading order book (accessible to any member of the public, regardless of whether they are Clients), and allowing trades to automatically be matched using an exchange-type matching engine as characteristic of an MTF using Virtual Assets, and not activities acceptable for an intermediary-type Authorised Person to undertake.
        108) An Authorised Person (conducting a Regulated Activity in relation to Virtual Assets) that only has an FSP to operate as a broker / dealer and not as an MTF is required to design and structure its operations, user interface, website, marketing materials and any public or client-facing information such that it does not create the impression that it is running an MTF.24 In practice, this may include not displaying any publicly-accessible information that may appear like a trading order book, not providing for any price discovery, and not giving actual or potential Clients the impression that they are interacting with an MTF.
        109) Virtual Asset brokers / dealers are required to comply with the best execution requirements in COBS Rule 6.5 at all times.
        110) Virtual Asset brokers / dealers are required to disclose the following information to clients:
        a) how they execute and route Client’s orders and source liquidity (e.g., whether they pass or route orders to other brokers, dealers or exchanges to execute). Where a broker / dealer routes Client orders to a single liquidity source such as an MTF for execution, it must also disclose this to all Clients;
        b) whether it may carry out proprietary trading on its own account, and if so, whether it may trade against Clients’ positions;25
        c) the fees it charges Clients; and
        d) how it determines the prices of the Accepted Virtual Assets it quotes to Clients.

        24 Unless they also hold an FSP that allows them to operate as an MTF.
        25 The FSRA would not allow Virtual Asset brokers / dealers to “front run” or trade ahead of Clients’ trades, or trade on a proprietary basis alongside Clients’ trades.

      • Appointment of advisers

        111) Applicants should consider the appointment of compliance advisers, with the appropriate skills, knowledge and experience (taking into account the activities that the Applicant is proposing to undertake), to provide the requisite assistance to the Applicant throughout the Application process. The FSRA expects that Applicants should engage its compliance advisers by no later than when it begins to prepare its Application, and should retain them up until the date of operational launch.

      • Certain class order modifications / waivers

        112) The FSRA appreciates that some Rules, in particular within MIR and parts of COBS, may not apply to certain Authorised Persons and the FSRA may grant class order modification and waiver relief in relation to these Rules.26 To the extent that an Applicant or Authorised Person considers that any other Rules do not apply to it by virtue of its business model or otherwise, the FSRA expects that an application for modification or relief be submitted either as part of its Application or at such later date as the relief may be required.

        26 Any such relief, and the terms on which it is based, is located at https://en.adgm.thomsonreuters.com/rulebook/waivers-and-modifications-0

      • Data protection obligations for Authorised Persons

        113) ADGM’s data protection regime protects individuals’ right to privacy by controlling how personal information is used by organisations and businesses registered in ADGM. All entities registered in ADGM that hold or process the personal data of an individual must protect personal data in compliance with the ADGM Data Protection Regulations 2015 (the “Data Protection Regulations”). Specifically, an Authorised Person, as a data controller, will be responsible for determining the purposes for which, and the manner in which, personal data is processed in compliance with the Data Protection Regulations. Failure to do so risks enforcement action and compensation claims from individuals, each of which are considered data subjects under the Data Protection Regulations.
        114) Data controllers must ensure that personal data which they process is:
        a) processed fairly, lawfully and securely;
        b) processed for specified, explicit and legitimate purposes in accordance with the data subject's rights and not further processed in a way incompatible with those purposes or rights;
        c) adequate, relevant and not excessive in relation to the purposes for which they are collected or further processed;
        d) accurate and, where necessary, kept up to date; and
        e) kept in a form, which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected or for which they are further processed.
        115) Data controllers must, on request, provide individuals with access to any personal information they hold.
        116) The registration of all data controllers with the ADGM’s Registration Authority27 is mandatory. A data controller must maintain records of all personal data processing operations undertaken by it or on its behalf and must notify the Registration Authority upon becoming aware of any security breach involving personal data as soon as possible.
        117) Personal data must not be transferred to a country or territory outside ADGM unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The Registration Authority has designated certain jurisdictions as providing an adequate level of protection; a current list is maintained by the Registration Authority upon its website, which may be updated from time to time.
        118) If an Authorised Person intends to transfer personal data to a recipient, including by way of storage of personal information upon a cloud based service or remote server, located in a jurisdiction other than those considered by the Registration Authority to be possessing adequate safeguards, such transfer is only possible under certain conditions, including, but not limited to, circumstances where the:
        a) individual has consented to the proposed transfer;
        b) proposed transfer is necessary for the performance of the service for which the data controller was engaged by the individual; and
        c) data controller and data processor have entered into an approved form of agreement concerning the protection of personal data, or the Registration Authority has granted a permit consenting to the proposed transfer.

        27 Detailed information concerning data protection obligations under the ADGM data protection regime, including registration forms, fee information and specific guidance is available on the Registration Authority website.

      • Transactions with unknown counterparties

        119) Authorised Persons should avoid a transactional interaction with any infrastructure or services where a counterparty is unknown or anonymous (e.g., via certain peer to peer or decentralised exchanges) at any stage of the process within and outside of the Authorised Persons’ core operations. This is to ensure that Authorised Persons remain compliant with FSRA Rules at all times and do not unnecessarily expose their activities to risks emanating from tainted sources / destination of funds.
        120) Authorised Persons should also avoid inclusion of liquidity, pricing and settlement data from such entities in their day to day operations. Any interaction (whether deliberate or not) with such entities should be notified to the FSRA as soon as practicable.

      • Margin trading

        121) An Applicant/Authorised Person wishing to provide margin trading to its Clients will need to submit for approval details of the terms upon which it proposes to do so (for an Applicant, in its Application – for an Authorised Person as part of ongoing supervisory arrangements). As a general position, the FSRA would only consider allowing Applicants/Authorised Persons with a relevant proven track record to provide margin trading.
        122) Particular focus will be placed on an Applicant or Authorised Person’s proposed leverage ratio. The FSRA is aware that some of the significant Virtual Asset markets around the world operate margin ratios of between 2-4 times, and it is likely that FSRA consideration of leverage ratios will be in reference to this position.
        123) Applicants that are not proposing, or permitted, to carry out margin trading will have a restriction from doing so placed on their FSP.

      • Insurance

        124) The FSRA recognises the growing interest/interplay between Virtual Asset activities and the provision of insurance to such activities. While recognising this, the FSRA does not require Authorised Persons to maintain insurance in relation to their Virtual Asset activities, as the provision of insurance is considered a second line of defence. As a first line of defence, the FSRA expects all Authorised Persons to ensure the proper structuring of their business operations and to implement robust mechanisms for the mitigation of actual and potential areas of risk.

      • CRYPTO ASSET EXCHANGES

        • Background

          125) While multiple Regulated Activities can be conducted in relation Virtual Assets, and regulated by the FSRA, within ADGM, the FSRA considers Operating a Multilateral Trading Facility to be a key Virtual Asset activity in ADGM.

        • Substance requirements for MTFs

          126) Consistent with the treatment of all Authorised Persons (see paragraph 106), the FSRA requires MTFs to be based in substance within ADGM. In addition to the substantial commitment of resources required of an MTF Operator, this also means that the FSRA’s regulatory oversight of an MTF extends to its order book, matching engine, rulebook(s), ensuring fair and orderly markets, settlement, and for the purposes of preventing/monitoring for Market Abuse, amongst the relevant requirements set out in the Market Infrastructure Rules (“MIR”) and COBS Chapter 8.
          127) In practical terms, this means that for a start-up MTF, its entire order book and the functionality of its matching engine will be subject to FSRA oversight. For existing operational virtual asset exchanges that already have their order book / matching engine outside ADGM prior to making an application, a determination of which parts (if not all) of its order book (and how its matching engine) will come under FSRA regulatory oversight needs to be made by the Applicant,28 to allow it to apply to become authorised as an MTF.
          128) The FSRA is of the view that only MTFs can operate markets within ADGM that allow for the matching of orders, or for the purposes of price discovery, of Accepted Virtual Assets. For this reason, and the reasons set out above, the application of FSRA’s regulatory oversight may, therefore, be distinctly different from other regulators globally.

          28 In situations where an entity establishes an Authorised Person that routes orders to a virtual asset exchange outside ADGM (even as part of a Group that may be operating globally) instead of having orders matched within an MTF’s order book within ADGM, that entity cannot obtain an MTF Exchange license within ADGM and can only be licensed as an intermediary-type Authorised Person within ADGM.

        • Trading Pairs

          129) The FSRA’s expectation is that an MTF’s trading pairs can only comprise of the following:
          a) Fiat Currency (or other value) into Accepted Virtual Assets;
          b) Accepted Virtual Assets into Fiat Currency (or other value); or
          c) One Accepted Virtual Asset into another Accepted Virtual Asset.

        • Guidance in relation to Applicable Rules

          130) In addition to the MTF Rules set out in COBS Chapter 8, MTFs are also required to meet the requirements set out in COBS Rules 17.1 to 17.6, and the additional Rules set out in COBS 17.7.29
          131) Chapter 8 of COBS incorporates Rules from various other FSRA Rulebooks that must be complied with, including certain sections of MIR. COBS Rule 8.2.1 sets out various Rules in MIR that MTFs (using Virtual Assets) are required to comply with to the satisfaction of the FSRA, with the applicable Rules set out as follows:
          a) MIR Rule 2.6 (Operational systems and controls): MIR Rule 2.6.1 requires an MTF to ‘establish a robust operational risk management framework with appropriate systems and controls to identify, monitor and manage operational risks that key participants, other [MTFs], service providers (including outsourcees) and utility providers might pose to itself.
          i. In relation to systems and controls, the FSRA has provided guidance on what it expects in relation to technology governance controls in paragraphs 47 to 92 of this Guidance. The FSRA therefore requires an MTF to undertake its ‘MTF’ activities in compliance with these operational system and control requirements, in combination with the technology governance controls outlined earlier in this Guidance.
          ii. The FSRA expects an MTF to undertake extensive due diligence and testing of its operational systems and controls, with the relevant reports of such testing capable of being provided to the FSRA for review. Such testing should be undertaken by an officer of the MTF possessing appropriate skills and experience. The testing reports need to confirm the robustness of the MTF’s systems and address any potential areas of failure. Testing should include the settlement processes for the movement of Virtual Assets between wallets, and the general connectivity of the MTF’s systems with other parties. Testing should be ongoing, building in processes for the introduction of new Accepted Virtual Assets.
          iii. An MTF will need to provide policies and procedures that clearly evidence how it will effectively address a failure of its systems. Failures must be rectified as soon as practicable, with an MTF’s business continuity plan including detailed and realistic response timeframes for failures or disruptions.
          b) MIR Rules 2.7.1 and 2.7.2 (Transaction recording): FSRA expects that the primary ledger technology systems and controls of an MTF (whether they be DLT or multiple-ledger technologies) will be such that transaction recording and reporting is easily facilitated, and that all FSRA requirements can be effectively complied with. Where reconciliations are required to be undertaken, for example, between a DLT based ledger and an internal ledger maintained by an MTF for the purposes of transactions and/or settlement, the FSRA will need to be satisfied that the reconciliation process is robust, timely and efficient.
          c) MIR Rule 2.8 (Membership criteria and access): MIR Rule 2.8.1 requires that an MTF ‘must ensure that access to its facilities is subject to criteria designed to protect the orderly functioning of the market and the interests of investors’.

          29 Chapter 8 of COBS also contains the requirements for the operation of an Organised Trading Facility (OTFs). The application of OTF Rules, however, are not relevant to the operation of Virtual Assets.

        • Access Requirements

          i. MIR Rules 2.8.2, 2.8.3, 2.8.5 and 2.8.6 support the operation of MIR Rule 2.8.1, and the FSRA expects that MTFs consider the application of the requirements across these Rules - for example, MIR Rule 2.8.5 contains substantive provisions that should apply, regardless of what model of ‘access’ an MTF (using Virtual Assets) utilises.
          ii. The FSRA recognises, however, that MTFs (using Virtual Assets) generally operate an ‘access’ model that does not include Members30 (e.g., access is granted directly to (retail and institutional) Clients of the MTF). An MTF operating in this manner will, therefore, need to ensure that it has appropriate processes, controls and rules to ‘protect the orderly functioning’ of its market, its facilities and the interests of its investors.
          iii. By not adopting a ‘Member-access’ model and allowing direct ‘Client-access’, MTFs lose one layer of regulatory/supervisory defense that Recognised Investment Exchanges and Member-access MTFs have, in that they do not have Members assisting them in the undertaking of the necessary due diligence and compliance reviews of investors being on-boarded into their market. The FSRA, in these circumstances, requires MTFs to undertake their own CDD reviews for every client accessing (trading on) their market (something which traditionally a Recognised Investment Exchange or Member-access MTF can rely on its Members to do). Resultant AML/CFT obligations therefore fall more directly on a Client-access MTF as well.
          iv. The FSRA expects that the controls (and resultant resourcing needs) of an MTF be appropriately budgeted and accounted for, including specific controls for when it has Clients that are institutional Clients (as the current conventional Member/institutional client global regulatory model may not properly account for, and mitigate, the risks relevant to operating such model within the Virtual Asset space). For example, where an MTF has institutional Clients that are regulated as Authorised Persons (for example, an Authorised Person that is a broker / dealer) within ADGM, the MTF may take comfort from the fact that its Clients are appropriately regulated (including for AML purposes). An MTF may not, however, take such comfort when its institutional Clients may come from unregulated/less regulated jurisdictions. MTFs with an institutional Client base will therefore need to demonstrate how the MTF will adequately comply with the requirements of the AML Rulebook where its institutional Clients are trading on behalf of further clients.
          v. Given the current lack of global regulation of Virtual Asset intermediaries, those MTFs operating a ‘membership model’ will need to assess whether their members are adequately regulated in their home jurisdiction, such that the MTF can suitably rely on their Members, for example, to undertake CDD/AML checks. Where members are not properly regulated, the FSRA expects that MTFs will centralise the relevant compliance activities internally (and not be able to rely on their ‘members’ for such purposes).
          vi. Depending on the model, controls and criteria to be adopted by an MTF, the class order modification or waiver relief granted by the FSRA to Authorised Persons conducting Regulated Activities using Virtual Assets as referred to in paragraph 112 of the Guidance may apply.

          30 To clarify, ‘Members’ are not the same as ‘Institutional Clients’.

        • Rulebook(s)

          vii. Further to MIR Rule 2.8, the FSRA expects an MTF to have a rulebook(s) in place. This rulebook should be clearly labelled as such and be publicly available on the website of the MTF.
          viii. Supporting documents such as participation agreements, terms of business, product lists, user guides and technical specifications are also a key part of the operation of an MTF, and should be consistent with its rulebook. The FSRA does not consider that the existence of these documents alone meet the requirement of having a transparent and effective rulebook. The FSRA considers it good practice that these supporting documents are available and transparent, alongside the published rulebook, to the extent possible.
          ix. The content of a rulebook31 should enable an MTF to demonstrate how it is complying with MIR Rule 2.8, be supported by procedures that are complete and clear, and all in support of an MTF seeking to ensure that behaviour within its market is fair and orderly.
          x. The FSRA expects MTFs to require explicit acknowledgement via a user agreement, that participants have read, understood and will abide by the rulebook at all times.
          xi. The FSRA expects an MTF to undertake regular reviews of its rulebook to ensure it is consistent with relevant regulatory and legislative requirements. Best practice may see such activity undertaken no less than every twelve-months.
          d) MIR Rule 2.9 (Financial crime and market abuse): MTFs are required to operate an effective market surveillance program to identify, monitor, detect and prevent conduct amounting to market misconduct and/or Financial Crime. Given the significant risks, and the nascent nature and constant pace of development of the Virtual Asset industry, an MTF’s surveillance system will need to be robust, and regularly reviewed and enhanced.
          i. The FSRA recognises that an MTF outside ADGM may not be subject to a similar regulatory standard as that which applies within ADGM. The FSRA recommends, therefore, that MTFs spend the time to consider the application of MIR Rules 2.9.1 to 2.9.3, which technology, systems and controls they propose to use for these purposes, and the associated resourcing needs required to undertake these functions appropriately. For this reason, among others set out in this Guidance, the FSRA is of the view that it is not appropriate for an MTF to outsource its compliance / market surveillance functions.
          ii. The FSRA further reminds MTFs, and investors trading on an MTF, of the Market Abuse provisions applicable to the trading of Accepted Virtual Assets on an MTF.32
          e) MIR Rule 2.11 (Rules and consultation): To meet MIR Rules 2.11.1 to 2.11.11, an MTF must ensure that it has appropriate procedures in place for it to make rules, for keeping its rules under review, for consulting and for amending its rules. MIR Rule 2.11.2 requires proposed rule changes be subject to FSRA approval.
          f) MIR Rule 3.3 (Fair and orderly trading): MIR Rules 3.3.1 to 3.3.4 establish the requirements an MTF must meet for providing fair and orderly trading across its market, and for having objective criteria for the efficient execution of orders. The FSRA considers these requirements to be fundamental to the operation of an MTF.
          g) COBS Rule 8.3.1 & MIR Rule 3.7 (Public disclosure):
          i. Any arrangements of an MTF used to make information public (including trading information required to be disclosed under COBS Rule 8.3.1) must satisfy a number of conditions, including that it is reliable, monitored continuously, and made available to the public on a non-discriminatory basis. While an MTF can choose the format structure to be used for dissemination, MIR Rule 3.7.4 requires it to conform to a consistent and structured format.
          ii. In terms of the timing of disclosure of MTF trading information, the FSRA recognises that current virtual asset industry practice is for such trading information to be released on a real-time basis (in alignment with current practice for trading within spot commodity markets, but different to the current industry/regulatory practice of delayed data within certain securities/derivatives markets). The FSRA is not proposing any additional specific requirements at this stage (to those already applicable in COBS Rule 8.3.1 and MIR Rule 3.7), but will continue to monitor industry practice.
          h) MIR Rule 3.8 (Settlement and Clearing Services): An MTF will need to have clear processes in place for the settlement (and if applicable, the clearing) of all Accepted Virtual Asset transactions. As noted in the AML and Technology Governance sections of this Guidance, extensive stress testing on capabilities to connect successfully with third parties, and in relation to the movement of Accepted Virtual Assets between wallets, will be required to be undertaken to the FSRA’s satisfaction. The FSRA will not necessarily require a connection to a separate Recognised (or Remote) Clearing House where the MTF can demonstrate that it has in place ‘satisfactory arrangements for the timely discharge, Clearing and settlement of the rights and liabilities of the parties to transactions effected’ on the MTF, including where it is utilising the services of a Virtual Asset Custodian.
          i) MIR Rule 3.10 (Default Rules): Depending on whether an MTF operates a ‘Member-access’ model or it allows direct ‘Client-access’ will determine the full, or partial, application of MIR Rules 3.10.1 to 3.10.3. The FSRA, at a minimum, expects MTFs to have in place both rules and a process to suspend or terminate access to its markets in circumstances where a Client/Member is unable to meet its obligations in respect of transactions relating to Accepted Virtual Assets.
          i. The FSRA suggests that an Applicant/Authorised Person consider different scenarios/circumstances where it may need to utilise the powers provided to it under its Default Rules, and take appropriate action as required. Scenario testing of this kind could relate to when there is a financial and/or technical ‘default’ in relation to, for example, its custody, fiat token or wider banking arrangements. Due to a prevalence of pre-funding of (client) positions within Virtual Asset markets, the impact of a ‘default’ in such a scenario may not necessarily be on a per-transaction basis, but could be structural in nature, in limiting the ability of Clients to fund their positions (and therefore the ability of the MTF to operate on a fair and orderly basis).
          ii. To prepare for the event of a loss/default, the FSRA expects an MTF to have, within its policies, a clear process for the management of such loss (e.g., what is the exposure of individual Clients, counterparties, its Custodian and itself, as applicable).
          132) COBS Rule 17.7.4 specifies that certain notification requirements applicable to Recognised Investment Exchanges under MIR Rules 5.1, 5.3 and certain information requirements under MIR Rule 5.4.1 apply to MTFs (using Virtual Assets). These are additional requirements applicable to MTFs using Virtual Assets. MTFs using Virtual Assets will also need to comply with any other applicable notification requirements, including those set out in paragraph 29 of this Guidance in relation to the use of additional Accepted Virtual Assets.
          133) It is recognised that MTFs may take varying approaches in relation to the custody of fiat currencies and Virtual Assets. An MTF may use third party custodians but still be holding itself out to its Clients as being responsible for custody of their fiat currencies and Accepted Virtual Assets. Alternatively, an MTF may provide custody of Clients’ fiat currencies and Accepted Virtual Assets wholly itself, done “in-house” without the use of any third party custodians. An MTF whose custody arrangements fall into either of these two scenarios will also be considered to be Providing Custody of Virtual Assets for the purposes of the Virtual Asset Framework, and will be required to comply with COBS Chapters 14, 15 and 16, and take guidance from the sections below on “Authorised Persons Providing Custody of Virtual Assets”.
          134) As further set out in paragraphs 154 and 155, in circumstances where an MTF is also Providing Custody, the FSRA expects appropriate segregation of responsibilities, staff, technology and, as appropriate, financial resources, between the operations of the MTF and the Virtual Asset Custodian.

          31 A non-exhaustive list of sections that the FSRA consider key for inclusion in a rulebook include:
          • participant eligibility criteria;
          • participant obligations;
          • Accepted Virtual Asset eligibility criteria;
          • Virtual Asset fork protocols;
          • fair and orderly trading rules;
          • AML and source of fund requirements;
          • market abuse prohibition rules;
          • measures to prevent a disorderly market;
          • disciplinary procedures;
          • pre- and post-trade obligations;
          • settlement obligations;
          • certain wallet and custody provisions;
          • default provisions;
          • compliance;
          • monitoring & enforcement;
          • definitions / glossary of terms;
          • co-operation with regulators; and
          • powers to amend rules and consultation procedures.
          32 Refer to paragraphs 98 to 102 of this Guidance.

        • Recognised Investment Exchanges Operating an MTF using Virtual Assets

          135) Pursuant to MIR Rule 3.4.1, a Recognised Investment Exchange may operate an MTF, provided that its Recognition Order includes a stipulation permitting it to do so. MIR Rule 3.4.2 requires that where such a stipulation is granted to a Recognised Investment Exchange, the Recognised Investment Exchange must meet the requirements of the Virtual Asset Framework in relation to operation of an MTF (using Virtual Assets) while the remainder of its operations must be operated in compliance with the MIR Rules.
          136) This means that a Recognised Investment Exchange (in addition to operating markets relating to the trading of Financial Instruments (including Digital Securities) can, where permitted by the FSRA and subject to MIR Rule 3.4.2, operate a separate MTF, OTF and/or MTF using Virtual Assets under its Recognition Order.
          137) Authorised Persons that are operating an MTF wishing to also operate a Recognised Investment Exchange will be required to relinquish their FSP upon obtaining a Recognition Order (to operate a Recognised Investment Exchange). If licensed by the FSRA to carry out both activities (e.g., operating an MTF and operating a Recognised Investment Exchange), the relevant Recognition Order will include a stipulation to that effect pursuant to MIR Rule 3.4.1 - see paragraph 135 above).
          138) The FSRA appreciates that Applicants, Authorised Persons and Recognised Bodies may wish to build out their Regulated Activities in ADGM on a staggered basis. For example, an entity may wish to start out in ADGM as an MTF (using Virtual Assets) and migrate to other exchange/market infrastructure activities in due course. Equally, a Recognised Investment Exchange may wish to start out in the area of Derivatives or Digital Securities, and then introduce Virtual Asset activities (as an MTF) in due course. The FSRA suggests that in such circumstances an Applicant reach out to discuss the steps for doing so as early as possible.

      • AUTHORISED PERSONS PROVIDING CUSTODY OF VIRTUAL ASSETS

        139) Authorised Persons Providing Custody in relation to Virtual Assets (“Virtual Asset Custodians”) provide the service of helping Clients safeguard their Accepted Virtual Assets. Some Virtual Asset Custodians may also, in addition, help Clients safeguard their fiat currencies (referred to as “Client Money”).33 Virtual Asset Custodians include firms that solely offer the custody of Virtual Assets and / or Client Money for Clients, as well as MTFs and other intermediaries who additionally provide the service of custodising Accepted Virtual Assets or Client Money on behalf of Clients.
        140) Similar to the approach taken in relation to activities undertaken by MTFs in relation to Virtual Assets, the FSRA considers the activities undertaken by Virtual Asset Custodians to be a key Virtual Asset activity within ADGM. Accordingly, the Virtual Asset Framework contains specific additional requirements applicable to Virtual Asset Custodians.
        141) In addition to having to meet the requirements set out in COBS Rules 17.1 to 17.6, Virtual Asset Custodians are required to meet the additional Rules set out in COBS Rule 17.8. COBS Rule 17.8.2 requires that the existing definitions of “Client Assets” and “Client Investments” be read to include “Virtual Assets”. This approach has been taken by the FSRA to ensure that Accepted Virtual Assets are afforded the same protections as other similar products and activities under FSMR and the FSRA Rulebook.

        33 Virtual Asset Custodians that custodise fiat currencies for clients would be expected to hold the fiat currency with a regulated bank in a Client Money Account operated under the instructions of the Virtual Asset Custodian.

        • Protection of Client Money

          142) As noted earlier in paragraph 105, Chapter 14 of COBS sets out various requirements that Authorised Persons must comply with to ensure that they properly protect and safeguard any Client Money that they are holding or controlling on behalf of their Clients. COBS Rule 17.8 further clarifies these requirements in relation to Virtual Asset Custodians that are holding or controlling Client Money.
          143) “Client Money” refers to money (e.g., fiat) of any currency which an Authorised Person holds on behalf of a Client or which an Authorised Person treats as Client Money, subject to the exclusions in COBS Rule 14.2.6. In carrying out their Regulated Activities, Authorised Persons may at certain junctures be holding or controlling Client Money when providing Virtual Asset-related products and services to their Clients.
          144) The following are examples of situations where an Authorised Person would be considered to be holding or controlling Client Money:
          a) Example 1: To fund their trading account at an MTF, a Client of the MTF transfers US dollars (in fiat) from their bank account to their account at the MTF. These US dollars held by the MTF for the Client - before they are used to purchase any Accepted Virtual Assets - would be considered Client Money.
          b) Example 2: A Client of an MTF holds bitcoins in their wallet at an MTF. They use the MTF to sell their bitcoins in exchange for US dollars (in fiat). The US dollars are then credited to their account at the MTF and held by the MTF for them. These US dollars held in their account with the MTF would be considered Client Money.
          c) Example 3: A fully fiat-backed stablecoin34 issuer accepts fiat from Clients in exchange for giving them stablecoins. The fiat currency held by the issuer would be considered as Client Money (and which can be redeemed by Clients on presentation of the stablecoin), and the fiat-backed stablecoin issuer would need to comply with the Client Money provisions in COBS.
          145) A Virtual Asset Custodian that holds or controls Client Money must comply with all the relevant Client Money rules in Chapter 14 of COBS (read together with COBS Rule 17.8) at all times. 35 In particular, such Virtual Asset Custodians are required to carry out reconciliations of Client Money in Client Accounts as follows:
          a) Reconciliations with respect to COBS Rule 14.2.12(a) shall be carried out at least every week; and
          b) Reconciliations with respect to COBS Rule 14.2.12(d) shall be carried out within 5 days of the date to which the reconciliation relates.

          34 For further details on the FSRA’s treatment of stablecoins, please refer to paragraph 162 of this Guidance.
          35 As noted in paragraph 141, all Authorised Persons holding or controlling Client Money need to comply with Chapter 14 of COBS (read together with COBS Rule 17.8) at all times.

        • Safe Custody of Clients' Crypto Assets

        • Governance Arrangements for Virtual Asset Custodians

          154) From a governance perspective, an Authorised Person Providing Custody in relation to Virtual Assets should have proper governance structures in place to avoid or mitigate actual or potential conflicts of interest between its custody functions and any other activities or functions within itself or with other Group entities. Such governance arrangements may include having a separate team, which does not have other conflicting responsibilities within the firm, handling custody.
          155) To assist with ring-fencing and to reduce potential conflicts of interest, an Applicant that wishes to Provide Custody in relation to Virtual Assets and concurrently provide other Regulated Activities should consider the merit of establishing a separate, standalone legal entity for its Virtual Asset Custodian activities.40 If so established, this standalone entity would need to apply to the FSRA for its own FSP to carry on the Regulated Activity of Providing Custody.

          40 For example, a Virtual Asset Exchange may decide to offer a dedicated Accepted Virtual Asset custody service to certain Clients.

        • Other Requirements Pertaining to the Provision of Custody of Virtual Assets

        • Governance

          156) Authorised Persons operating as Virtual Asset Custodians must not, at any time, permit arrangements whereby just a sole party or signatory is able to completely authorise the movement, transfer or withdrawal of Accepted Virtual Assets or Client Money held under custody on behalf of Clients. In particular, Authorised Persons must not have custody arrangements whereby only a sole person can fully access the private key or keys for the Accepted Virtual Assets held under custody by the Authorised Person. Preventing such arrangements can help reduce potential key person risk such as theft, fraud, unwillingness or inability of the sole party to grant access to private keys.
          157) Authorised Persons are also required to mitigate the risk of collusion between all authorised parties or signatories who are able to authorise the movement, transfer or withdrawal of Accepted Virtual Assets or Client Money held under custody. Authorised Persons are required to provide information on these mitigating controls to the FSRA.
          158) Authorised Persons are required to maintain, at all times, an updated list of all past and present authorised persons who were / are able to view, initiate, authorise, sign, approve or complete the transfer or withdrawal of Accepted Virtual Assets or Client Money held under custody on behalf of Clients. In addition, Authorised Persons are to have clearly defined policies and procedures to enable or revoke the authority granted to these persons.
          159) Authorised Persons are required to have policies and procedures in place that clearly describe the process that will be adopted in the event that it knows or suspects that the Accepted Virtual Assets or Client Money it is holding under custody on behalf for Clients has been compromised, such as in the event of a hacking attack, theft or fraud. Such policies and procedures should detail the specific steps the firm will take to protect Clients’ Accepted Virtual Assets and Client Money in the event of such incidents. Authorised Persons should also have the ability to immediately halt all further transactions with regard to the Accepted Virtual Assets and Client Money.

        • Obligations in relation to outsourcing

          160) Where an Authorised Person that seeks to operate as a Virtual Asset Custodian wishes to outsource part or all of the custody function to a third party, the Authorised Person is required to perform its due diligence and background checks on the third party, and ensure that the third party meets all the FSRA’s requirements applicable to Virtual Asset Custodians. Such Authorised Persons are required to make full disclosures to their Clients and to the FSRA regarding such outsourced custody arrangements. The Authorised Person retains full responsibility from a regulatory perspective for any issues that may result from such outsourcing, including the failure of any third party to meet its Virtual Asset Custody obligations.

        • Third party audit obligations

          161) Authorised Persons should have independent third party verification or checks carried out at least annually to verify that the amount and value of Accepted Virtual Assets and Client Money (e.g., fiat) held on custody on behalf of Clients is correct and matches what the Virtual Asset Custodian is supposed to hold.

      • STABLECOINS

        162) A stablecoin is a blockchain-based token that is valued by reference to an underlying fiat currency or basket of assets. A key feature of a stablecoin is that it purports to have less volatility than other Virtual Assets, allowing it to operate as a transfer of value within the Virtual Asset ecosystem, including as one leg of a trading pair on an MTF (using Virtual Assets). Demand continues to grow for effective stablecoins within Virtual Asset markets as many participants seek a safe store of value (in terms of reconciliation and to protect from manipulation). Demand has also increased as a result of the general inability to liquidate Virtual Assets into fiat currencies. Additionally, some stablecoins are aimed more as operating as a ‘digital currency’ within the digital economy.
        163) Various stablecoin issuers have entered the Virtual Asset ecosystem, with a variety of models used in order to try and stabilise the price of their particular stablecoin. Models include one or a combination of one of the following:
        a) Fiat token: the issuer holds fiat currency41 equal to a portion of the total sum of tokens in issuance.
        b) Diversification/Basket: Purchasing or tracking the price of a basket of assets including Virtual Assets, commodities, fiat currency, shares, debentures, derivatives and real estate42.
        c) Algorithm: the issuance of the quantity of tokens (inflation) is controlled by a proprietary algorithm in consideration of various market and risk factors. These issuers attempt to mimic a central bank’s monetary policy. Others incorporate additional layers of game-theoretic incentives to encourage self-interested user behavior that would be instrumental in sustaining a ‘peg’.
        164) The rights of purchasers/issuers of stablecoins vary significantly. Some issuers retain rights to freeze client accounts for any reason, re-hypothecate monies/assets at will, and provide no right of guarantee in relation to the returning of monies to clients.

        41 Refer to footnote 2.
        42 A basket of assets of such nature may meet the FSRA definition of ‘Structured Product’.

      • FSRA position in relation to stablecoins

        165) The FSRA position in relation to stablecoins is as follows:
        a) Permit only those stablecoins which constitute a fully backed 1:1 fiat token (as referred to in paragraph 163(a) above), backed only by the same fiat currency it purports to be tokenising;
        b) Fiat tokens are to be treated as a mechanism for storing value (e.g., e-money);
        c) Issuers of fiat tokens for the purposes of facilitating or effecting payments are treated as money services businesses.43 In addition, to the need to hold a FSP for the Regulated Activity of Providing Money Services (see paragraph 166(a) below), the issuer will additionally be subject to relevant parts of this Guidance, including only allowing stablecoins where they meet the same requirements as those of Accepted Virtual Assets (particularly including the seven factors used to validate a Virtual Asset as an Accepted Virtual Asset as set out in paragraph 25), and that they meet wider applicable requirements as set out in this Guidance (including Technology Governance (see paragraphs 47 – 92, as applicable);
        d) Require Authorised Persons to consider the wider requirements within this Guidance, and how these requirements may specially apply to the use of stablecoins, including for example, what particular risk disclosures may be relevant (see paragraphs 93-97); and
        e) Continue to apply the Client Money rules in COBS to holders of Client Money (tokenised or not).

        43 Captured under the ‘Money Transmission’ definition (b) pursuant to Section 258 of the FSMR - selling or issuing stored value.

      • Application of FSRA’s stablecoin position to the conduct of Regulated Activities within ADGM

        166) A number of possible scenarios for the use of stablecoins within ADGM, and the proposed regulatory approach for each, are set out below:
        a) Issuer of fiat tokens:44 for use in the Virtual Asset ecosystem and/or as a means of payment, an Issuer (where it is located in ADGM):
        i. Must seek an FSP for Providing Money Services pursuant to Schedule 1, Section 52 of FSMR;
        ii. Is not required to hold additional permissions within its FSP in relation to its Virtual Assets activities, but is required to comply with certain aspects of the Virtual Asset Framework, namely the:
        1. COB Client Money rules, and must additionally be able to show that the fiat token is backed 1:1 through weekly reconciliation; and
        2. The Virtual Asset Custodian sections of this Guidance, including that the fiat token must meet the requirements applicable to Accepted Virtual Assets, Technology Governance, reconciliation and reporting (for the latter, refer to paragraph 153), and
        iii. If the Issuer wishes to conduct any other Virtual Asset activities within ADGM in addition to the issuance of a fiat token, it will need to obtain approval as an Authorised Person conducting a Regulated Activity in relation to Virtual Assets.
        b) Virtual Asset Custodian: that wants to hold custody over both Accepted Virtual Assets and fiat tokens:
        i. The Authorised Person must be authorised by the FSRA for the Regulated Activity of Providing Custody (including in relation to Virtual Assets). No additional FSP is required to allow for the custody of fiat tokens (including for the underlying fiat currency itself). The FSRA therefore relies on the Authorised Person meeting the:
        1. Virtual Asset Framework capital requirements (see paragraphs 31-36);
        2. Virtual Asset Client Money rules (see paragraphs 142 - 145); and
        3. requirements of this Guidance in the context of both its Accepted Virtual Asset and fiat token activities, particularly in the context of ensuring that the methods by which the Authorised Person meets the requirements applicable to Accepted Virtual Assets and Technology Governance, and
        ii. No issuance of a fiat token is permitted.
        c) Custodian providing custody/escrow services solely of a fiat currency and the related fiat token (“Fiat Custodian”):
        i. Must obtain an FSP for the Regulated Activity of Providing Custody.
        ii. Is required to comply with certain aspects of the Virtual Asset Framework, namely:
        1. Being able to demonstrate that the fiat token is backed 1:1 through more frequent (weekly) reconciliations45; and that
        2. Being able to demonstrate that the Accepted Virtual Asset and Technology Governance requirements are met in relation to the related fiat token.
        iii. In relation to the issuance of the related fiat token, in circumstances where the issuer is not authorised under paragraph 166(a) above, it is expected that the Fiat Custodian undertake the same due diligence as that would normally apply for an Authorised Person to determine the Accepted Virtual Assets it proposes to use (focusing on Technology Governance requirements, the seven factors used to determine an Accepted Virtual Asset, and requirements relating to reporting and reconciliation).
        d) MTF (using Virtual Assets): using its own fiat tokens as a payment/transaction mechanism solely within its own platform/ecosystem:
        i. No additional FSP is required to allow for use of fiat tokens within the MTF’s platform.
        ii. The fiat token cannot be transferred/transacted outside its own platform/ecosystem.
        iii. The Authorised Person must meet the requirements of this Guidance in the context of both its Accepted Virtual Asset and fiat token activities, particularly in the context of ensuring that the methods by which the Authorised Person meets the requirements applicable to Accepted Virtual Assets and Technology Governance, and
        iv. The Authorised Person must additionally be able to show that the token is backed 1:1 through weekly reconciliation.
        e) MTF (using Virtual Assets): using third-party issued fiat tokens as a payment/transaction mechanism:
        i. In the context of using third party fiat tokens, the Authorised Person must directly meet the requirements of the Accepted Virtual Assets, Technology Governance and AML/CFT sections of this Guidance.
        ii. For the related fiat currency custody activities, FSRA preference is to have the MTF utilise a Virtual Asset/Fiat Custodian authorised on the basis of paragraphs 139 - 145 or 166(b) above.
        iii. In relation to the issuance of the related fiat token, in circumstances where the issuer is not authorised under paragraph 166(a) above, it is expected that the Authorised Person undertake the same due diligence as that it would apply for the purposes of determining Accepted Virtual Assets (focusing on Technology Governance requirements, the seven factors used to determine an Accepted Virtual Asset, and requirements relating to reporting and reconciliation).

        44 Regardless of legal personality of issuer.
        45 COBS Rule 17.8.3

      • Application Process

        167) Applicants seeking to become an Authorised Person conducting a Regulated Activity in relation to Virtual Assets must be prepared to engage heavily with the FSRA throughout the application process. The Application process is broadly broken down into five stages, as follows:
        a) Due Diligence & Discussions with FSRA team(s);
        b) Submission of Formal Application;
        c) Granting of In Principle Approval;
        d) Granting of Final Approval; and
        e) ‘Operational Launch’ Testing

      • Due diligence and Discussions with FSRA team(s)

        168) Prior to the submission of an Application, all Applicants are expected to provide the FSRA with a clear explanation of their proposed business model and to demonstrate how the Applicant will meet all applicable FSRA Rules and requirements. These sessions will also involve the Applicants providing a number of in-depth technology demonstrations, across all aspects of its proposed Virtual Asset activities. The FSRA generally expects these meetings, where possible, to take place between the Applicant and the FSRA in person. Given the complexity of the activities associated with the Virtual Asset Framework, it is likely that a number of meetings will need to be held between an Applicant and the FSRA before the Applicant will be in a position to submit a draft, then formal, application.

      • Submission of Formal Application

        169) Following discussions with the FSRA, and upon the FSRA having reasonable comfort that the Applicant’s proposed business processes, technologies and capabilities are at a sufficiently advanced stage, the Applicant will be required to submit a completed Virtual Asset Application Form, and supporting documents, to the FSRA46. Payment of the fees applicable to the Application, as set out in paragraphs 175 - 183, must also be made at the time of submission. The FSRA will only consider an Application as having been formally submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.

        46 The FSRA will make available to the Applicant an editable version of the Virtual Asset Application Form at the appropriate time. Other ancillary forms to be submitted include the Approved Person Status form (for appointing Controlled Functions such as the SEO and Licensed Directors) and the Recognised Person Status form (for appointing Recognised Functions such as the Compliance Officer, MLRO and Finance Officer).

      • Granting of In Principle Approval (IPA)

        170) The FSRA will undertake an in depth review of the Application, and supporting documents, submitted by an Applicant. The FSRA will only consider granting an IPA for a FSP to those Applicants that are considered able to adequately meet all applicable Rules and requirements. An Applicant will be required to meet all conditions applicable to the IPA prior to being granted with final approval and an FSP for the relevant Regulated Activity.

      • Fees

        • Authorisation and supervision fees

          175) The Fees applicable to Authorised Persons conducting a Regulated Activity in relation to Virtual Assets have been established in consideration of the risks involved in relation to Virtual Asset activities and the supervisory requirements placed on the FSRA to suitably regulate these Authorised Persons and Virtual Asset activities in ADGM.
          176) Pursuant to FEES Rule 3.14.1, an Applicant for an FSP to conduct a Regulated Activity in relation to Virtual Assets must pay, at the time of submission of its Application, an initial authorisation fee of (as applicable):
          a) $20,000; or
          b) $125,000 if the Applicant is seeking to operate an MTF (in relation to Virtual Assets).
          177) As set out earlier in paragraph 169, the FSRA will only consider an Application as having been formally submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.
          178) Pursuant to FEES Rule 3.14.2, annual supervision fees for an Authorised Person conducting a Regulated Activity in relation to Virtual Assets, payable in accordance with paragraph 1 of the FEES Rulebook, are set as follows:
          a) $15,000; or
          b) $60,000 if the Applicant is seeking to operate an MTF (in relation to Virtual Assets).

        • Cumulative application of Fees

          179) Subject to paragraph 181 below, if an Applicant/Authorised Person will be conducting multiple Regulated Activities in relation to Virtual Assets as part of its FSP, the fees (authorisation and supervision) payable by that Authorised Person will be cumulative, and considered across the following:
          a) Authorised Person intermediary-type activities (being “Non-Custody Intermediary Activities”);
          b) activities as a Virtual Asset Custodian (Providing Custody); and
          c) activities as an MTF.
          180) In practice, and to further clarify, this results in several scenarios for FEES in relation to Virtual Asset activities, being:
          a) Non-Custody Intermediary Activities only = Application Fee of $20,000 and annual supervision fee of $15,000 (irrespective of the number of Non-Custody Intermediary Activities proposed to be undertaken).
          b) Virtual Asset Custodian and Non-Custody Intermediary Activities = Application fee of $40,000 and annual supervision fee of $30,000.
          c) MTF = Application fee of $125,000 and annual supervision fee of $60,000.
          d) MTF and Virtual Asset Custodian = Application fee of $145,000 and annual supervision fee of $75,000.
          181) Noting the above paragraph, if an Applicant/Authorised Person will be undertaking a Regulated Activity involving conventional assets (e.g. securities or derivatives) in addition to Virtual Assets, as noted in paragraphs 20 to 21, it will need to seek approval from the FSRA to carry out its Regulated Activity in relation to both asset types (conventional and Virtual Asset). The fees attributable to that Authorised Person for its Regulated Activities (conventional and Virtual Asset-related), will likely not be cumulative (considering the high fees already imposed on Applicants/Authorised Persons conducting a Regulated Activity in relation to Virtual Assets, subject to the considerations set out in paragraph 183 below). The FSRA recommends that that Applicants discuss any questions relating to FEES with the FSRA as early as practicable.
          182) Pursuant to FEES Rule 3.14.3, an MTF using Virtual Assets must pay to the FSRA a trading levy on a sliding scale basis (as set out in the table below), payable monthly in USD. Unless otherwise determined by an MTF (and agreed to by the FSRA), the FSRA expects that the calculation of average daily value should occur at 12am Abu Dhabi time (+4hr GMT).
          Average Daily Value
          (ADV) ($USD)
          Levy
          ADV ≤ 10m 0.0015%
          10m < ADV ≤ 50m 0.0012%
          50m < ADV ≤ 250m 0.0009%
          ADV > 250m 0.0006%
          183) Pursuant to FEES Rule 1.2.6(a), the FSRA reserves its right to impose additional fees in circumstances where a ‘substantial additional’ regulatory burden is imposed on FSRA. In such circumstances, including the migration of an MTF to become a conventional ‘Securities’ Recognised Investment Exchange, the FSRA recommends that the Applicant/Authorised Person discuss FEE implications with the FSRA as early as practicable.

           

      • Granting of Final Approval (Financial Services Permission)

        171) Subject to being satisfied that the Applicant has met all conditions applicable to the IPA, the FSRA will grant the Applicant with final approval for an FSP for the relevant Regulated Activity. Final approval will be conditional upon the FSRA being further satisfied in relation to the Applicant’s operational testing and capabilities, and completion of a third party verification of the Applicant’s systems where applicable.

      • ‘Operational Launch’ Testing

        172) An Applicant (particularly an MTF (seeking to use Virtual Assets) and/or Virtual Asset Custodian) will only be permitted to progress to operational launch when it has completed its operational launch testing to the FSRA’s satisfaction, including completion of third party verification of the Applicant’s systems, where applicable.
        173) Noting the heightened risks associated with activities related to Virtual Assets, Authorised Persons will be closely supervised by the FSRA once licensed. Authorised Persons will be expected to meet frequently with the FSRA, will be subject to ongoing assessments and should be prepared to undergo thematic reviews from time to time.

      • Opening a bank account

        174) Given the associated risks within the Virtual Asset space, the global banking sector is focusing on account opening requests from entities associated with Virtual Assets with increased scrutiny. The FSRA has engaged in extensive discussions with local and international banks for the purposes of providing an overview of the Virtual Asset Framework and the stringent authorisation requirements imposed on Applicants when applying to become an Authorised Person. It is intended that those banks with a risk appetite to bank Virtual Asset players will glean comfort from the regulatory oversight of the FSRA and the issuance of an IPA to entities demonstrating that they have a clear roadmap of development of their business towards final approval and issuance of an FSP. The process for approval for the opening of a bank account with local or international banks will typically include a full explanation and review of an Applicant’s AML and Client on-boarding processes and procedures, as well as its ability to monitor the source and destination of funds, amongst other areas of its Virtual Asset activities.

      • Guidance — Regulation Of Crypto Asset Activities in ADGM (Explanatory Draft — comparison of 1st and 2nd editions of Guidance)

        Click herehere to view PDF

    • Guidance — Regulation of Virtual Asset Activities in ADGM [24 February 2020]

      Click here to view PDF

    • Guidance & Policies Manual (GPM) [03 February 2020]

      • 1. 1. Introduction

        • 1.1 1.1 General

          • 1.1.1

            This document is called the Guidance and Policies Manual ("GPM"). The GPM is for information purposes only and explains how we may regulate and supervise financial services firms and markets that operate in ADGM. The GPM has purposely been written in plain English. The GPM contains guidance on:

            (a) our regulatory policies;
            (b) our risk-based approach to authorisation, supervision and enforcement; and
            (c) what we consider and take into account when exercising our powers.

          • 1.1.2

            The GPM is meant to assist persons operating or intending to operate financial services or a market in the ADGM and should be read in conjunction with the Financial Services and Markets Regulations ("FSMR") and the ADGM Rulebooks.

          • 1.1.3

            The GPM is not meant to be all of our guidance and policies on how we will operate and exercise our powers and we are not bound to follow it on all occasions. It is merely an informative document, which sets how we may act when exercising our powers.

        • 1.2 1.2 Defined terms

          • 1.2.1

            Where we have used a defined term in the GPM, these are identified by the capitalisation of the word or a phrase capitalised. You can find meanings of these defined terms in the Glossary module ("GLO") of the ADGM Rulebook. There are also defined terms in the FSMR. If there is no capitalisation of the initial letter, the word or phrase has its normal common day meaning.

        • 1.3 1.3 Updating the GPM

          • 1.3.1

            We will make amendments to the GPM when we make changes in our policies or processes to ensure it remains current.

        • 1.4 1.4 Our mandate

          • 1.4.1

            We are committed to foster, promote and maintain a fair, efficient and responsive regulatory environment for our market participants and stakeholders.

          • 1.4.2

            We have adopted and apply international standards, such as those set out by the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, the International Organisation of Securities Commissions, the Financial Stability Board and the Financial Action Task Force.

      • 2. 2. Becoming Regulated

        • 2.1 2.1 Our approach to authorisation

          • Introduction

            • 2.1.1

              This chapter outlines our approach when assessing if an applicant or registrant can become:

              (a) an Authorised Firm;
              (b) a Recognised Body;
              (c) a Representative Office;
              (d) an Approved Person; or
              (e) a Principal Representative.

            • 2.1.2

              Before submitting an application, an applicant or registrant should contact our Authorisation Team at authorisation@adgm.com.

          • Prohibition and by way of business

            • 2.1.3

              The FSMR impose a prohibition on all persons who carry on an activity regulated by us in the ADGM "by way of business" unless the person is an Authorised Firm, Recognised Body or an Exempt Person.

            • 2.1.4

              Whether or not an activity is carried on by way of business is a question of fact that takes account several factors, including:

              (a) how often the activity is conducted;
              (b) whether there is a commercial element involved;
              (c) the size and proportion of non-regulated activities carried on by the same person; and
              (d) the nature, context and circumstances of the activity that is carried on.

          • Whether someone is carrying on his or her own business

            • 2.1.5

              Another aspect of the prohibition is that an employee will not breach the prohibition by carrying on an activity on behalf of his employer, as in such cases it is the employer who is carrying on that activity. The employee is simply carrying on the employer's business. This principle potentially also applies to agents and others who assist another to carry on that other's business.

          • General Prohibition and by way of business

            • 2.1.6

              The regulations impose a general prohibition on all persons who carry on a Regulated Activity in the ADGM "by way of business" unless the person is a firm, Recognised Body or an exempt person.

            • 2.1.7

              Whether or not an activity is carried on by way of business is a question of fact that takes account of several factors. These include:

              (a) the degree to which the activity is conducted with continuity, regularity and systemically;
              (b) the existence of a commercial element;
              (c) the scale proportion and impact which the activity bears to other activities carried on by the same Person but which are not regulated; and
              (d) the nature, context and circumstances of the particular activity that is carried on.

          • Regulated Activities and the need for a Financial Service Permission

            • 2.1.8

              Schedule 1 to the Financial Services and Markets Regulations contains a complete list of Regulated Activities. When determining whether an applicant will require a Financial Services Permission to engage in a specific Regulated Activity, the applicant should first, determine that such Regulated Activity will be carried on in or from the ADGM 'by way of business' as described in 2.1.6 and 2.1.7. If they are then the applicant will need to consider whether any of the applicable exclusions apply either (i) specified following the description of the relevant Regulated Activity or (ii) amongst the general exclusions contained in Chapter 18 of Schedule 1.

          • Combinations of Regulated Activities

            • 2.1.9

              Generally, we will rely upon the applicant's written application and discussions when considering which Regulated Activities should be included in any Financial Service Permission granted to the applicant. The Regulator will only include a Regulated Activity within a Financial Service Permission when it reasonably believes such Regulated Activity is required for the applicant to conduct its business. Applicants should consider each Regulated Activity as a distinct activity with a distinct Financial Service Permission.

            • 2.1.10

              While no Regulated Activity will require the Regulator to include a second Regulated Activity within the Financial Service Permission to enable the applicant to engage in the original Regulated Activity, certain Regulated Activities may be combined with other Regulated Activities. For example, where an applicant may be arranging transactions which arise from advice given to a client. This would be acceptable, provided (i) the applicant has requested both Regulated Activities to be included in its Financial Service Permission, (ii) the applicant satisfies the relevant criteria necessary to engage in both Regulated Activities and (iii) no conflicts arise as a consequence of the conduct of both Regulated Activities by a single person (see 2.1.10).

          • Conflicts between Regulated Activities

            • 2.1.11

              By their nature, certain combinations of Regulated Activities may be difficult for a single applicant to undertake without risk of a material conflict of interest. In such circumstances the Regulator will not grant a Financial Service Permission to engage in both Regulated Activities without being satisfied that both activities may be undertaken independently in a manner which addresses potential conflicting duties between clients or conflicts between the interests of the applicant and its clients.

            • 2.1.12

              The Regulator does not provide an exhaustive list of potential conflicting duties and interests and expects that each applicant will have reviewed the scope of those Regulated Activities it wishes to engage in, in order to identify and take steps to mitigate potential conflicts.

        • 2.2 2.2 Assessing the fitness and propriety of applicants

          • 2.2.1

            We expect applicants seeking authorisation/recognition to be fit and proper. This provides us with the assurance that applicants are willing and able to fulfil their obligations under the law. The onus is on each applicant to establish that they are fit and proper.

          • Reputation and standing

            • 2.2.2

              In assessing the reputation and standing of an applicant, we can take into consideration any relevant matters including:

              (a) any matter affecting the propriety of the applicant's conduct, whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of the law, or the institution of legal or disciplinary proceedings of whatever nature;
              (b) whether an applicant has ever been the subject of disciplinary procedures by a government body or agency or any self-regulatory organisation or other professional body;
              (c) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under it or made by a recognised self-regulatory organisation, non-ADGM financial services regulator or regulated exchange or clearing house;
              (d) whether an applicant has been refused, or had a restriction placed on, the right to carry on a trade, business or profession requiring a licence, registration or other permission;
              (e) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against or payment by an applicant;
              (f) whether an applicant has been censured, disciplined, publicly criticised or the subject of a court order at the instigation of any regulatory authority, or any officially appointed inquiry, or any other non-ADGM financial services regulator;
              (g) whether an applicant has been open and truthful in all its dealings with us; and
              (h) any other matter that we consider relevant.

          • Locations of offices

            • 2.2.3

              An applicant should be able to satisfy us that it will establish an office and maintain a presence in the ADGM based on the activities it will carry on.

          • Close Links

            • 2.2.4

              We need to be satisfied, as to who are the applicant's Close Links or where the applicants is closely related to another person (for example a parent or subsidiary company or someone who owns and controls 20% or more of the applicant). This is to make sure we are not prevented from effectively supervising the applicant.

          • Legal status of Firms and Recognised Bodies

            • 2.2.5

              We will only consider an application for authorisation or recognition where the legal status of the proposed ADGM entity is a Body Corporate or a Partnership. Individuals cannot make an application. In respect of the regulated activities of Effecting Contracts of Insurance or Carrying Out Contracts of Insurance as Principal, a firm can only be a Body Corporate.

            • 2.2.6

              In the case of non-ADGM persons other than companies limited by shares, we will consider whether the legal form is appropriate for the activities proposed.

            • 2.2.7

              If the applicant is seeking to branch in to the ADGM, we will take into account where the applicant's head office is located.

          • Ownership and Group

            • 2.2.8

              In relation to the ownership and Group structure of an applicant, we may have regard to:

              (a) the applicant's position within its group, including any other relationships that may exist between the applicant, controllers, associates and other persons that may be considered a close link;
              (b) the financial strength of the Group and its implications for the applicant;
              (c) whether the Group has a structure which makes it possible to:
              (i) exercise effective supervision;
              (ii) exchange information among regulators who supervise group members; and
              (iii) determine the allocation of responsibility among the relevant regulators;
              (d) any information provided by other regulators or third parties in relation to the applicant or any entity within its Group; and
              (e) whether the applicant or its group is subject to any adverse effect or considerations arising from a country or countries of incorporation, establishment and operations of any member of its group. In considering these matters, we may also have regard to the type and level of regulatory oversight in the relevant country or countries of the group members and the regulatory infrastructure and adherence to internationally held conventions.

          • Controllers

            • 2.2.9

              In relation to the controllers of an applicant, we may, taking into account the nature, scale and complexity of the firm's business and organisation, have regard to:

              (a) the background, history and principal activities of the applicant's controllers, including that of the controller's directors, partners or other officers associated with the applicant, and the degree of influence that they are, or may be, able to exert over the applicant and/or its activities;
              (b) where the Controller will exert significant management influence over the applicant, the reputation and experience of the controller or any individual within the controller;
              (c) the financial strength of a controller and its implications for the applicant's ability to ensure the sound and prudent management of its affairs, in particular where a controller agrees to contribute any funds or other financial support such as a guarantee or a debt subordination agreement in favour of the Firm or Recognised Body; and
              (d) whether the applicant is subject to any adverse effect or considerations arising from the country or countries of incorporation, establishment or operations of a controller. In considering such matters, we may have regard to, among other things, the type and level of regulatory oversight, which the controller is subject to in the relevant country or countries and the regulatory infrastructure and adherence to internationally held conventions and standards.

            • 2.2.10

              Where we have any concerns relating to the fitness and propriety of an applicant for a Financial Services Permission stemming from a Controller of such a Person, we may consider imposing conditions on the Financial Services Permission designed to address such concerns. For example, we may impose, in the case of a start-up, a condition that there should be a shareholder agreement that implements an effective shareholder dispute resolution mechanism.

          • Resources, systems and controls

            • 2.2.11

              We will have regard to whether the applicant has sufficient resources, including the appropriate systems and controls, such as:

              (a) the applicant's financial resources and whether it complies, or will comply, with any applicable financial rules, and whether the applicant appears to be in a position to be able to comply with such rules;
              (b) the extent to which the applicant is or may be able to secure additional capital in a form acceptable to us where this appears likely to be necessary at any stage in the future;
              (c) the availability of sufficient competent human resources to conduct and manage the applicant's affairs, in addition to the availability of sufficient Approved Persons to conduct and manage the applicant's activities;
              (d) whether the applicant has sufficient and appropriate systems and procedures in order to support, monitor and manage its affairs, resources and regulatory obligations in a sound and prudent manner;
              (e) whether the applicant has appropriate anti-money laundering procedures and systems designed to ensure full compliance with applicable money laundering and counter terrorism legislation, and relevant UN Security Council and applicable sanctions and resolutions, including arrangements to ensure that all relevant staff are aware of their obligations;
              (f) the impact of other members of the applicant's group on the adequacy of the applicant's resources and, in particular, though not exclusively, the extent to which the applicant is or may be subject to consolidated prudential supervision by us or another non-ADGM financial services regulator;
              (g) whether the applicant is able to provide sufficient evidence about the source of funds available to it, to our satisfaction. This is particularly relevant in the case of a start-up entity; and
              (h) the matters specified in paragraph 2.2.88(c).

          • Firms and Recognised Persons: Collective suitability of individuals or other Persons connected to the firm

            • 2.2.12

              Although individuals performing Controlled and Recognised Functions are required to be Approved Persons and/or Recognised Persons and that a firm is required to appoint certain Approved and Recognised Persons to certain functions, we will also consider:

              (a) the collective suitability of all of the firm's staff taken together, and whether there is a sufficient range of individuals with appropriate knowledge, skills and experience to understand, operate and manage the firm's affairs in a sound and prudent manner;
              (b) the composition of the Governing Body of the firm. The factors that would be taken into account by us in this context include, depending on the nature, scale and complexity of the firm's business and its organisational structure, whether:
              (i) the governing body has a sufficient number of members with relevant knowledge, skills and expertise among them to provide effective leadership, direction and oversight of the firm's business. For this purpose, the members of the governing body should be able to demonstrate that they have, and would continue to maintain, including through training, the necessary skills, knowledge and understanding of the firm's business to be able to fulfil their roles;
              (ii) the individual members of the governing body have the commitment necessary to fulfil their roles, demonstrated, for example, by a sufficient allocation of time to the affairs of the firm and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, we will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the firm and its customers and stakeholders; and
              (iii) there is a sufficient number of independent members on the governing body. We will consider a member of the governing body to be "independent" if he is found, on reasonable grounds by the governing body, to be independent in character and judgement and able to make decisions in a manner that is consistent with the best interests of the Firm;
              (c) the position of the Firm in any Group to which it belongs;
              (d) the individual or collective suitability of any person or persons connected with the firm;
              (e) the extent to which the firm has robust human resources policies designed to ensure high standards of conduct and integrity in the conduct of its activities;
              (f) whether the firm has appointed Auditors, actuaries and advisers with sufficient experience and understanding in relation to the nature of the firm's activities; and
              (g) whether the remuneration structure and strategy adopted by the firm is consistent with the requirements in GEN 3.3.42(1).

          • Recognised Bodies: other considerations

            • 2.2.13

              In determining whether a Recognised Body has satisfied its recognition requirements set out in MIR Chapter 2 and GEN Chapter 3, we will consider:

              (a) its arrangements, policies and resources for fulfilling its obligations under the recognition requirements as set out in MIR 4.2.1;
              (b) its arrangements for managing conflicts and potential conflicts between its commercial interest and applicable regulatory requirements;
              (c) the extent to which its constitution and organisation provide for effective governance;
              (d) the arrangements made to ensure that the Governing Body has effective oversight of its regulatory functions;
              (e) the fitness and propriety of its Approved Persons and the access the approved persons have to the Governing Body;
              (f) the size and composition of the Governing Body including:
              (i) the number of independent members on the Governing Body;
              (ii) the number of members of the Governing Body who represent members of the Recognised Body or other persons and the types of persons whom they represent; and
              (iii) the number and responsibilities of any members of the governing body with executive roles within the Recognised Body;
              (g) the structure and organisation of its Governing Body, including any distribution of responsibilities among its members and committees;
              (h) the integrity, relevant knowledge, skills and expertise of the members of the governing body to provide effective leadership, direction and oversight of the Recognised Body's business. For this purpose, such individuals should be able to demonstrate that they have, and would continue to maintain, including through training, necessary skills, knowledge and understanding of the Recognised Body's business to be able to fulfil their roles;
              (i) the commitment necessary by the members of the governing body to fulfil their roles effectively, demonstrated, for example, by a sufficient allocation of time to the affairs of the Recognised Body and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, the Regulator will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the Recognised Body and its stakeholders;
              (j) the integrity, qualifications and competence of its approved persons;
              (k) its arrangements for ensuring that it employs individuals who are honest and demonstrate integrity;
              (l) the independence of its regulatory departments from its commercial departments; and
              (m) whether the remuneration structure and strategy adopted by the Recognised Body is consistent with the requirements in GEN 3.3.42(1).

            • 2.2.14

              We will consider a Director to be "independent" if the Director is found, on the reasonable determination of the Governing Body, to:

              (a) be independent in character and judgement; and
              (b) have no relationships or circumstances which are likely to affect or could appear to affect the director's judgement in a manner other than in the best interests of the Recognised Body.

            • 2.2.15

              In forming a determination the Governing Body should consider the length of time the director has served as a member of the Governing Body and whether the relevant director:

              (a) has been an employee of the Recognised Body or group within the last five years;
              (b) has or has had, within the last three years, a material business relationship with the Recognised Body, either directly or as a partner, shareholder, director or senior employee of a body that has such a relationship with the Recognised Body;
              (c) receives or has received, in the last three years, additional remuneration or payments from the Recognised Body apart from a director's fee, participates in the Recognised Body's share option, or a performance- related pay scheme, or is a member of the Recognised Body's pension scheme;
              (d) is or has been a director, partner or employee of a firm which is the Recognised Body's auditor;
              (e) has close family ties with any of the Recognised Body's advisors, directors or senior employees;
              (f) holds cross directorships or has significant links with other directors through involvement in other bodies; or
              (g) represents a significant shareholder.

        • 2.3 2.3 Assessing the fitness and propriety of Approved Persons, Recognised Persons and Principal Representatives

          • Introduction

            • 2.3.1

              This section sets out the matters which we take into consideration, and expect the firm or Recognised Body to take into consideration, when assessing the fitness and propriety of:

              (a) In the case of a firm, an Approved Person, Recognised Person under GEN 5.3 and GEN 5.4 and Principal Representative under 9.8;
              (b) In the case of a Recognised Body, an Approved Person under MIR 7.2.

            • 2.3.2

              Applications for approved person status in respect of the controlled functions of Senior Executive Officer, Licensed Director and Licensed Partner shall be made by the firm and approved by us. We may reject an application for an Approved Person status or grant an Approved Person status with or without conditions and restrictions.

            • 2.3.3

              In relation to applications for Recognised Persons status the firm or Recognised Body will approve the Recognised Functions of Finance Officer, Compliance Officer, Senior Manager, Money Laundering Reporting Officer and Responsible Officer, and notify us of such appointments. The onus is on the firm or Recognised Body to carry out proper due diligence to ensure that the person is fit and proper to carry out the function, and to maintain the necessary supporting documentation for its due diligence.

            • 2.3.4

              We expect a firm and Recognised Body to continually ensure that all Approved and Recognised Persons are fit and proper for the controlled and or recognised Functions that they have been appointed to.

            • 2.3.5

              When assessing whether an individual meets the fitness and propriety criteria to be able to perform the role of an Approved Person or Recognised Person, we take the following considerations into account, as set out in paragraphs 2.3.6 to 2.3.8 below.

          • Integrity

            • 2.3.6

              In determining whether an individual has met the fitness and propriety criteria with respect to his/her integrity, the following matters may be taken into account:

              (a) the propriety of an individual's conduct whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of a law or the institution of legal or disciplinary proceedings of whatever nature;
              (b) a conviction or finding of guilt in respect of any offence, other than a minor road traffic offence, by any court of competent jurisdiction;
              (c) whether the individual has ever been the subject of disciplinary proceedings by a government body or agency or any recognised self-regulatory organisation or other professional body;
              (d) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under or by a recognised self-regulatory organisation, Recognised Body, regulated exchange or regulated clearing house or non-ADGM Financial Services Regulator;
              (e) a refusal or restriction of the right to carry on a trade, business or profession requiring a licence, registration or other authority;
              (f) a dismissal or a request to resign from any office or employment;
              (g) whether an individual has been or is currently the subject of or has been concerned with the management of a Body Corporate which has been or is currently the subject of an investigation into an allegation of misconduct or malpractice;
              (h) an adverse finding in a civil proceeding by any court of competent jurisdiction of fraud, misfeasance or other misconduct, whether in connection with the formation or management of a corporation or otherwise;
              (i) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against the individual;
              (j) an order of disqualification as a director or to act in the management or conduct of the affairs of a corporation by a court of competent jurisdiction or regulator;
              (k) whether the individual has been a director, or concerned in the management of, a body corporate which has gone into liquidation or administration whilst that individual was connected with that body corporate or within one year of such a connection;
              (l) whether the individual has been a partner or concerned in the management of a partnership where one or more partners have been made bankrupt whilst that individual was connected with that partnership or within a year of such a connection;
              (m) whether the individual has been the subject of a complaint in connection with a financial service, which relates to his integrity, competence or financial soundness;
              (n) whether the individual has been censured, disciplined, publicly criticised by, or has been the subject of a court order at the instigation of, us or any officially appointed inquiry, or Non-ADGM Financial Services Regulator; and
              (o) whether the individual has been candid and truthful in all his dealings with us.

          • Competence and capability

            • 2.3.7

              We will take into account the individual's qualifications and experience, in determining the fitness and propriety criteria of competence and capability of an individual to perform a role as an Approved Person or Principal Representative.

          • Financial soundness

            • 2.3.8

              With respect to the financial soundness of an individual, we will take into account :

              (a) whether an individual is able to meet his debts as and when they fall due; and
              (b) whether an individual has been declared bankrupt, had a receiver or an administrator appointed, had a bankruptcy petition served on him, had his estate sequestrated, entered into a deed of arrangement (or any contract in relation to a failure to pay due debts) in favour of his creditors, or within the last 10 years, has failed to satisfy a judgement debt under a court order.

        • 2.4 2.4 Waivers during authorisation

          • 2.4.1

            An applicant for authorisation may request a waiver or modification when the application is made and being processed. In some circumstances, the applicant may need to work with us in developing the waiver or modification and may not be required to use the formal application process. However, the written consent to the waiver or modification will be required if the applicant is authorised.

        • 2.5 2.5 Start-up entities in the ADGM

          • What are "Start-up" entities?

            • 2.5.1

              This paragraph serves as a guide to assist Start-up entities that are interested in applying for a Financial Services Permission to conduct Regulated Activities in the ADGM. It sets out the information required to support an application and what criteria that we may consider in the authorisation process. Start-ups, as with any applicants, will be required to satisfy all of our requirements prior to being granted a Financial Services Permission.

            • 2.5.2

              A Start-up entity is:

              (a) any newly set up business entity which is not part of a group that is subject to financial services regulation; or
              (b) part of an existing business entity which it, or whose group is not subject to financial services regulation.

            • 2.5.3

              As a general position, we will not usually accept applications for start-up banks or insurers however each application will be considered on its merits. We will take into account such factors as the applicant's financial position, systems and controls and whether the Start-up entity is managed by persons who have the necessary expertise and knowledge to conduct such activities.

          • Our risk-based approach to Start-ups

            • 2.5.4

              Any consideration of an application for the granting of a Financial Services Permission to carry on a regulated activity is likely to involve an assessment of the risks posed to our objectives by the proposed regulated activity. Whilst the broad categories of risks for all applicants will be the same, the nature of those risks within start-ups can be amplified, as a start-up does not have a regulatory track record to deal with risks and upon which we may place reliance. In the case of a new business, even where senior management has substantial experience and relevant competence in the business sector, this does not necessarily imply an ability to create and sustain an adequate management control environment and compliance culture, particularly when faced with all the other issues of establishing a new business.

            • 2.5.5

              The broad categories of risk and some of the unique elements of those risk categories that apply to start-ups include financial risk, governance risk, business/operational risk and compliance risk.

          • Financial risk

            • 2.5.6

              All applicants are required to demonstrate they have a sound initial capital base and funding and must be able to meet the relevant prudential requirements of the ADGM laws, on an on-going basis. This includes holding enough capital resources to cover expenses even if expected revenue takes time to materialise. Start-ups can encounter greater financial risks as they seek to establish and grow a new business.

            • 2.5.7

              In addition to the risks associated with the financial viability of the start-up, particular attention may be given to the clarity and the verifiable source of the initial capital funding.

          • Governance risk

            • 2.5.8

              All applicants are required to demonstrate robust governance arrangements together with the fitness and integrity of all controllers, directors and senior management. We are aware that management control, in smaller start-ups especially, may lie with one or two dominant individuals who may also be amongst the owners of the firm. In such circumstances, we would expect the key business and control functions (i.e. risk management, compliance and internal audit) to be subject to appropriate oversight arrangements which reflect the size and complexity of the business. Applicants can assist us by describing in detail the ownership structure, high level controls and clear reporting lines which demonstrate an adequate segregation of duties.

            • 2.5.9

              We may request details of the background, history and ownership of the start-up and, where applicable, its Group. Similar details relating to the background, history and other interests of the directors of the start-up may also be required. Where it considers it necessary to do so, we may undertake independent background checks on such material. A higher degree of due diligence will apply to individuals involved in a start-up and there would be an expectation that the start-up itself will have conducted detailed background checks, which may then be verified by us.

          • Business/operational risk

            • 2.5.10

              All applicants are required to establish appropriate systems and controls to demonstrate that the affairs of the firm are managed and controlled effectively. The nature of the systems and controls may depend on the nature, size and complexity of the business. A start-up may wish to consider which additional systems and controls may be appropriate in the initial period of operation following launch, such as increased risk or compliance monitoring. Due to the unproven track record of a startup, we may, for example, impose restrictions on the business activities of the entity or a greater degree and intensity of supervision until such a track record is established.

          • Compliance risk

            • 2.5.11

              The Senior Executive Officer of a firm is expected to take full responsibility for ensuring compliance with the ADGM laws by establishing a strong compliance culture which is fully embedded within the organisation. A start-up will be required to appoint a U.A.E. resident as the senior executive officer as well as the compliance officer and money laundering reporting officer (MLRO) with the requisite skills and relevant experience in compliance and anti-money laundering duties. The individuals fulfilling the compliance and MLRO roles will be expected to demonstrate to us their competence to perform the proposed roles and adequate knowledge of the relevant sections of the ADGM laws and, in the case of the MLRO, the wider anti-money laundering laws.

          • Main information requirements

            • 2.5.12

              The main information requirements are the same for all applicants, including startups, and each application will be assessed on its own merits.

            • 2.5.13

              A key document will be the regulatory business plan submitted in support of the application. It will facilitate the application process if applicants cover the following areas within this submission:

              (a) an introduction and background;
              (b) strategy and rationale for establishing in the ADGM;
              (c) organisational structure;
              (d) management structure;
              (e) proposed resources;
              (f) high level controls;
              (g) risk management;
              (h) operational controls;
              (i) systems overview;
              (j) how the proposed activities are mapped against the Regulated Activities and why particular Regulated Activities are applied for; and
              (k) financial projections.

            • 2.5.14

              Start-up applicants may find it useful to include diagrams illustrating corporate structures, and, where applicable, group relationships, governance arrangements, organisational design, clear reporting lines, business process flows and systems environments.

            • 2.5.15

              Comprehensively addressing these areas and detailing how the key risks will be identified, monitored and controlled may significantly assist us in determining applications from a start-up.

        • 2.6 2.6 Application for carrying out a Regulated Activity with or for a Retail Client

          • 2.6.1

            GEN 5.2.3 outlines the requirements to be met by an applicant intending to carry on a Regulated Activity where the client is a Retail Client.

          • 2.6.2

            When assessing an application of this type we may consider the following:

            (a) the adequacy of an applicant's systems and controls for carrying on Regulated Activities with a Retail Client;
            (b) whether the applicant is able to demonstrate that its systems and controls (including policies and procedures) adequately provide for, among other things, compliance with the requirements specifically dealing with Retail Clients under the Conduct of Business Rulebook (COBS), in particular:
            (i) marketing materials;
            (ii) the content requirements for Client Agreements;
            (iii) the suitability assessment for recommending a financial product;
            (iv) the disclosure of fees and commissions, and any inducements; and
            (v) the segregation of Client Money and/or Client Investments, where relevant;
            (c) whether the applicant has adequate systems and controls to ensure, on an on-going basis, that its Employees remain competent and capable to perform the functions which are assigned to them, including any additional factors that may be relevant if their functions involve interfacing with Retail Clients; and
            (d) the adequacy of the applicant's Complaints handling policies and procedures. An applicant's policies and procedures must provide for fair, consistent and prompt handling of Complaints. In addition to the matters set out in GEN Chapter 7, the policies and procedures should explicitly deal with how the applicant ensures that:
            (i) Employees dealing with Complaints have adequate training and competencies to handle complaints, as well as impartiality and sufficient authority (see GEN 3.3.19, 7.2.7 and 7.2.8);
            (ii) a Retail Client is made aware of the firm's Complaints handling policies and procedures before obtaining its services (see COB 12.1.2(a)(viii)); and
            (iii) the applicant's Complaints handling policies and procedures are freely available to any Retail Client upon request (see GEN 7.2.11).

        • 2.7 2.7 Application to conduct Islamic Financial Business

          • 2.7.1

            A firm wishing to carry on Islamic Financial Business must have a Financial Services Permission authorising it to Conduct Islamic Financial Business either as an Islamic Financial Institution or by operating an Islamic Window.

          • 2.7.2

            A Firm that is granted a Financial Services Permission to operate an Islamic Window may conduct some of its Regulated Activities in a conventional manner while conducting its Islamic Financial Business through the Islamic Window.

          • 2.7.3

            We may grant a Financial Services Permission only if we are satisfied that the applicant has demonstrated that it has the systems and controls in place to undertake Islamic Financial Business. In determining whether to grant such a Financial Services Permission, we may consider, among other things, those matters set out in the IFR module of the ADGM Rulebook.

        • 2.8 2.8 Application to be a Representative Office

          • 2.8.1

            An applicant seeking to become a Representative Office will need to comply with requirements including those set out in GEN Chapter 9.

          • 2.8.2

            In assessing an application for a Representative Office, we will need to be satisfied that:

            (a) the proposed activities are that of marketing, which means providing information on investments or financial services; engaging in promotions of investments or financial services; or making introductions or referrals of investments or financial services. It does not include advising on investments or the receiving or transmitting of orders(see paragraph 67 of Schedule 1 of the FSMR); and
            (b) the applicant is incorporated and regulated by a Non-ADGM Financial Services Regulator and setting up in the ADGM as a branch.

        • 2.9 2.9 Application for a withdrawal of Financial Services Permission

          • 2.9.1

            In considering requests for the withdrawal of a Financial Services Permission, a firm will need to satisfy us that it has made appropriate arrangements with respect to its existing customers, including the receipt of any customers' consent where required and, in particular:

            (a) whether there may be a long period in which the business will be run-off or transferred;
            (b) whether deposits must be returned to customers;
            (c) whether money and other assets belonging to customers must be returned to them; and
            (d) whether there is any other matter which we would reasonably expect to be resolved before granting a request for the withdrawal of a Financial Services Permission.

          • 2.9.2

            In determining a request for the withdrawal of a Financial Services Permission, we may require additional procedures or information as appropriate, including evidence that the firm has ceased to carry on Regulated Activities.

          • 2.9.3

            A firm should submit detailed plans where there may be an extensive period of wind-down. It may not be appropriate for a firm to immediately request a withdrawal of its Financial Services Permission in all circumstances, although it may wish to consider reducing the scope of its Financial Services Permission during this period. Firms should discuss these arrangements with us.

          • 2.9.4

            We may also refuse a request for the withdrawal of a Financial Services Permission where:

            (a) the firm has failed to settle its debts owed to us; or
            (b) it is in the interests of a current or pending investigation by us, or by another regulatory body or a Non-ADGM Financial Services Regulator.

          • 2.9.5

            Some other matters which a firm should be mindful of in relation to the withdrawal of its Financial Services Permission include:

            (a) Where a firm's FSP is withdrawn, the approved status of its Approved Persons will also be withdrawn on the same date. However, this does not remove the obligation on a firm to provide a statement where an approved person has been dismissed or requested to resign (under GEN 8.7.3); and
            (b) Where a Fund Manager or the Trustee makes a request for withdrawal (under GEN 8.4.1), the Fund Manager or the Trustee will need to satisfy us that it has made appropriate arrangements in accordance with the requirements under the FUNDS Rules with respect to the continuing management of the Fund for which it is the Fund Manager or the Trustee, as the case may be.

          • Application for variation of a Financial Services Permission

            • 2.9.6

              Where a firm applies to change the scope of its Financial Services Permission, it should provide the following information:

              (a) a revised business plan as appropriate, describing the basis of, and rationale for, the proposed change;
              (b) details of the extent to which existing documentation, procedures, systems and controls will be amended to take into account any additional activities, and how the firm will be able to comply with any additional regulatory requirements; and
              (c) descriptions of the firm's senior management responsibilities (see GEN Chapter 5) where these have changed from those previously disclosed, including any updated staff organisation charts and internal and external reporting lines;
              (d) details of any transitional arrangements where the firm is reducing its activities and where it has existing customers who may be affected by the cessation of a Regulated Activity;
              (e) the appropriate financial reporting statement where the variation may result in a change to the firm's prudential category or the application of additional or different financial rules. If a capital increase is required in order to demonstrate compliance with additional financial rules but such capital is not paid up or available at the time of application, proposed or forecast figures may be used;
              (f) details of the effect of the proposed variation on the approved persons including, where applicable, submitting any written applications for individuals to perform additional or new controlled functions, or to remove existing controlled functions; and
              (g) revised pro forma financial statements.

            • 2.9.7

              In considering whether a Firm or Recognised Body is fit and proper with respect to a change in the scope of its Financial Services Permission, we may take into account the matters set out in Chapter 2 of this document, which provides guidance on assessing fitness and propriety for firms and Recognised Bodies.

      • 3. 3. Supervision: Being Regulated

        • 3.1 3.1 Our approach to supervision

          • Supervision philosophy

            • 3.1.1

              We adopt a risk-based approach to the regulation and supervision of all regulated firms in order to concentrate our resources on the mitigation of risks to our objectives. We will work with a regulated entity to identify, assess, mitigate and control these risks where appropriate.

            • 3.1.2

              Our supervisory risk-based approach involves:

              (a) establishing the supervisory intensity of a given firm based on the combination of its size and complexity (impact rating) and its risk profile (risk rating), see paragraphs 3.1.8–3.1.11 below). The higher the impact and/or risk profile of the firm, the higher the supervisory intensity and the resources deployed by us;
              (b) continuous risk management cycle, utilising sectoral and firm-specific data, notifications by the firm, risk assessments and the risk and impact ratings;
              (c) using appropriate supervisory tools; and
              (d) where applicable, considering any lead or consolidated supervision which a firm or its Group may be subject to in other jurisdictions, taking into account our relationship with other regulators and the extent to which it or they meet appropriate regulatory criteria and standards.

            • 3.1.3

              We believe a firm's culture and behaviour affects both its overall financial condition and its interaction with individual customers and market counterparties. Our aim is to reduce the risk and impact of a failure or inappropriate conduct by requiring our regulated firms to have sound risk management systems and adequate internal controls.

          • Risk management cycle

            • 3.1.4

              We adopt a structured risk management cycle. This comprises the identification, assessment, prioritisation, mitigation and monitoring of risks. It ensures appropriate action is taken upon the identification and/or materialisation of risks.

            • 3.1.5

              We will identify and collate a comprehensive set of indicators on a regular basis which provides insights into the financial position and business activities of all our regulated entities. This data set allows us to assess the specific risk profile of regulated entities, sectoral risks by types of entities, and systemic risks posed by the firms to other market counterparties and the wider financial system.

            • 3.1.6

              Based on the analysis of this data set, we will prioritise and step up our supervision with respect to certain firms as appropriate, or use thematic reviews to target certain products, services or practices across a set of firms, to mitigate any emerging, specific or systemic risks.

            • 3.1.7

              We will monitor and use this data, amongst other factors, to review the effectiveness of our mitigation plans, and set organisational risk tolerances to allocate our supervisory resources.

          • Impact and risk ratings

            • 3.1.8

              The impact and risk rating is an assessment of the potential adverse consequences that could follow from the failure of, or significant misconduct by, a firm. The potential adverse consequences include not only the direct financial impact on such firm's customers, counterparties and stakeholders, but also the potential for damage to our reputation and objectives.

            • 3.1.9

              In assessing the impact rating, we will consider a variety of factors such as:

              (a) the complexity of the firm's activities and structure, which is dependent on the nature and type of Regulated Activities it conducts. For instance, a firm that holds customers' deposits and assets will be operationally more complex and more difficult to resolve any issues or to supervise into compliance, as opposed to a Regulated Activity that does not involve accepting / holding customers' assets;
              (b) the scale of the firm's activities and its linkages with other financial institutions and the wider financial system.

            • 3.1.10

              The risk rating is an assessment of the firm's level of risk exposure or probability of failure across a wide range of risk factors. It takes into consideration a number of broad risk groups, including:

              (a) Financial Strength
              (b) Liquidity
              (c) Credit Risk
              (d) Market Risk
              (e) AML/CFT and Financial Crime
              (f) Conduct Risk
              (g) Operational Risk
              (h) Corporate Governance
              (i) Internal Control System
              (j) Business Model Risk

            • 3.1.11

              The combination of the risk and the impact will determine the level and intensity of supervision. Firms with higher ratings will be subject to higher supervisory intensity. Our supervisory oversight of these firms will entail more frequent and routine engagements and on-site visits to oversee the activities and developments in the firm. These engagements would typically involve discussions with the board and senior management, business and compliance heads, auditors and risk managers of the firm and, in the case of overseas financial Groups, its head office staff and home country regulators.

          • Risk mitigation

            • 3.1.12

              Whenever appropriate, we may inform the firm of the steps it needs to take in relation to specific risks. We then expect the firm to demonstrate that it has taken appropriate steps to mitigate these risks.

            • 3.1.13

              Where necessary, risk mitigation programmes may be developed for a firm in order to mitigate or remove identified areas of risk.

          • Our relationship with firms

            • 3.1.14

              In order to meet our objectives, we require an open, transparent and co-operative relationship with our regulated firms. We expect to establish and maintain an on-going dialogue with the firm's senior management in order to develop and sustain a thorough understanding of the firm's business, systems and controls and, through this relationship, to be aware of all areas of risk to our objectives.

            • 3.1.15

              We seek to reinforce the responsibilities of senior management for the risk oversight and governance of the firm's activities, to ensure financial soundness, fair dealing and compliance with regulatory standards.

            • 3.1.16

              We seek to maintain an up-to-date knowledge of a firm's business. However, a firm is also required to keep us informed of significant events, or anything related to the firm of which we would reasonably expect to be notified (as set out below).

          • Notifications to us

            • 3.1.17

              GEN 8.10 sets out the requirements on a firm to notify us of specified events, changes or circumstances a firm (other than a Representative Office) may encounter. The list of notifications outlined in GEN 8.10 is not exhaustive and there are other areas of the Rulebooks that also specify additional notification requirements. (See appendix A)

          • Co-operation with other regulators

            • 3.1.18

              We view co-operation with other regulators as an important component of our supervisory activities. Effective co-operation arrangements with other regulators will provide for prompt exchange of information in relation to supervision, investigation and enforcement matters. The information exchange may enhance, for example, our understanding of the operations of a firm's Group and the effect on our firm.

            • 3.1.19

              We may also exercise our powers for the purposes of assisting other regulators or agencies, see sections 215 – 217 of the FSMR.

        • 3.2 3.2 Supervision of Firms

          • Group supervision

            • 3.2.1

              When we authorise a firm, we take into consideration the relationship the firm has within its Group, with related parties or other parties closely linked to it. We may also take into account lead or consolidated supervision to which a firm or its Group may be subject to in another jurisdiction.

            • 3.2.2

              A firm is expected to provide information as required or reasonably requested relating to the Authorised Person and, where applicable, its consolidated or lead regulatory arrangements. This information may include:

              (a) prudential information;
              (b) reports on systems and controls relating to a firm's Group;
              (c) internal and external audit reports;
              (d) details of disciplinary proceedings or any matters which may have financial consequences, reputational impact or pose any significant risk to the ADGM or to the firm; and
              (e) the group-wide corporate governance practices and policies, and the remuneration structure and strategies adopted.

            • 3.2.3

              This information may be taken into account as part of our fit and proper test as set out in Chapter 2.2 0 above and the supervision of the firm. Further Rules and Guidance with regard to obtaining information from a Representative office's lead regulator are set out in GEN 9.15.3.

            • 3.2.4

              We have an interest in the relationship of a firm with other regulators, particularly in order to determine the level of reliance we may place on a regulator in another jurisdiction concerning any lead supervision arrangements. Depending on the legal structure of a firm and our relationship with the regulator in question, we may place appropriate reliance on the supervision undertaken by this regulator.

          • Domestic Firm's Group with ADGM head office

            • 3.2.5

              We will usually be the lead and consolidated regulator of any Group headquartered as a Domestic Firm in the ADGM. Members of the Group, that is, any of the firm's Subsidiaries or Branches, will be either subject to our exclusive supervision or, where members of the Group are located in a jurisdiction outside the ADGM, generally subject to lead or consolidated supervision by us in co-operation with another regulator, provided we are satisfied that it meets appropriate regulatory criteria and standards.

          • Subsidiary of a non-ADGM firm

            • 3.2.6

              We will be the host regulator for the purpose of prudential supervision of a firm which is an ADGM incorporated Subsidiary of a non-ADGM firm.

            • 3.2.7

              Where a firm is a Subsidiary of a regulated non-ADGM parent company, we take into account any consolidated prudential supervision arrangements to which the firm is subject and will liaise with other regulators as necessary to ensure that these are adequately carried out, taking into account the firm's activities. We may place appropriate reliance on the firm's consolidated regulator in another jurisdiction if we are satisfied that it meets appropriate regulatory criteria and standards.

            • 3.2.8

              A firm carrying on Regulated Activities as a Subsidiary of an unregulated non-ADGM parent company may be subject to our consolidated prudential supervision, taking into account the parent's activities.

          • Branch of a non-ADGM firm

            • 3.2.9

              A firm carrying on Regulated Activities through a Branch will be subject to supervision by both us and the regulator in its head office jurisdiction.

            • 3.2.10

              We will have regard to any lead or consolidated prudential supervision arrangements to which a firm is subject. We may place appropriate reliance on a firm's lead regulator in another jurisdiction and, where appropriate, it's consolidated prudential regulator if we are satisfied that it meets appropriate regulatory criteria and standards. Where a firm is subject to lead regulation arrangements with a foreign regulator, we will usually not seek to impose consolidated prudential supervision on the firm's Group.

            • 3.2.11

              In determining the level of regulatory and supervisory oversight required for a specific firm, we will consider:

              (a) the degree of home country regulation and supervision by the home regulator;
              (b) the fitness and propriety of the head office and its Controllers;
              (c) the strength of support, both financial and managerial, which the head office is capable of providing to the branch, taking into account the branch's activities and the adequacy of, among other things, the corporate governance framework and practices at the head office; and
              (d) the risk and control mechanisms within the Branch itself.

            • 3.2.12

              Based on this assessment, we may consider granting a waiver or modification notice in respect of specific prudential or other regulatory requirements relating to a Branch.

          • Periodic returns for Firms

            • 3.2.13

              A firm is required to submit periodic returns. In addition, a firm may be required to submit copies of its Group's annual interim and audited accounts. We may also require a firm to provide copies of Group returns which are sent to any other regulator.

            • 3.2.14

              Collecting this data in a timely and accurate manner is imperative to our risk management cycle.

          • Review of risk management systems

            • 3.2.15

              Under GEN 3.3.4, a firm must ensure that its risk management systems provide the firm with the means to identify, assess, mitigate, monitor and control its risks. In addition to undertaking our own assessment of the firm, we may review the firm's internal risk self-assessment and determine the extent to which each of the firm's risks impacts on our objectives, the likelihood of the risk occurring, and the controls and mitigation programmes the firm has in place.

          • Desktop reviews

            • 3.2.16

              We may undertake desktop analyses to review a firm's business activities and compliance with our laws. A desktop review may involve analysing information provided by the firm through periodic returns, internal management information, ad-hoc questionnaires, published financial information or specially requested information. Through monitoring key indicators and the development of the firm's business, we seek to detect emerging issues for further in-depth reviews through meetings with the firm's management, onsite examinations, or otherwise. Apart from reports such as regular prudential returns, we may from time to time also request from a firm additional supplementary information and documents, including non-financial information such as a firm's internal policies on particular areas of risk and compliance.

          • On-site visits

            • 3.2.17

              On-site visits provide us with an overview of the firm's operations and enable us to form a first-hand view of the personnel, systems and controls and compliance culture within the firm as well as identifying and evaluating the risks to our objectives, taking into account any mitigation by the firm. They enable us to test the soundness of the firm's systems and controls and the extent to which we can continue to rely on them and the firm's senior management to prevent or mitigate risks to our objectives. On-site visits will also assist us to assess the extent of supervision and the use of other supervisory tools required to address certain key risk areas.

          • Periodic communications

            • 3.2.18

              We are committed to open and transparent communication with firms. From time to time, we may issue letters to Senior Executive Officers or equivalent persons across the ADGM. Frequently, these letters will be issued as a means of communicating findings arising from thematic visits, emerging trends and risks in the financial sector, or in response to any major events or developments.

            • 3.2.19

              From time to time, we may consider a particular item of communication to a firm to be of key regulatory importance. For this reason, it may be necessary to issue such communications directly to a senior member of staff at the board level of the ADGM entity copied (where appropriate) to the group's home regulator. For entities established as a Branch in the ADGM, these communications will likely be delivered to the Chairman of the Board at the ADGM Branch entity's head or Parent office. For ADGM incorporated entities, these communications will likely be delivered directly to the Chairman of the firm's board or head office. These communications may include, for example, the findings of our risk assessment visits where a risk mitigation plan has been sent that contains significant matters of concern to our objectives.

          • External Auditor reports, statements and meetings

            • 3.2.20

              An Auditor of a firm is required to provide reports to us addressing the matters outlined in section 191 of the FSMR. As part of an audit, we would expect an Auditor to review any relevant correspondence between us and the firm (e.g. on matters of regulatory concern) and ensure that appropriate follow-up actions have been taken by the firm. We may also require the firm to commission the auditor to conduct a special purpose audit to certify and ensure that any risk mitigation plan has been appropriately implemented. Further, we may from time to time, request tripartite meetings between the firm's senior management, the Auditor, and ourselves.

          • Controllers — Our approval

            • 3.2.21

              A person who proposes to become a Controller of a Domestic Firm or an existing Controller who proposes to increase the level of control which that person has in a domestic firm beyond the threshold of 20%, 30% or 50% is required to obtain our prior approval before doing so. Our assessment of a proposed acquisition or increase in control of a domestic firm is a review of such a firm's continued fitness and propriety and ability to conduct business soundly and prudently, and takes into account considerations set out in para 2.2.8.

            • 3.2.22

              Under GEN Rule 8.8.5(1), a person who proposes either to acquire or increase the level of control in a Domestic Firm must provide written notice to us in such form as we shall set. We may approve of, object to or impose conditions relating to the proposed acquisition or the proposed increase in the level of control of the firm. If the information in the written application lodged with us is incomplete or unclear, we may in writing request further clarification or information. We may do so at any time during the processing of such an application. The period of 90 days within which we will make a decision will not commence until such clarification or additional information is provided to our satisfaction. We may, in our absolute discretion, agree to a shorter period for processing an application where an applicant requests for such a period, provided all the information required is available to us.

            • 3.2.23

              Where we propose to object to or impose conditions relating to a proposed acquisition of or increase in the level of control in a domestic firm, we will first notify the applicant in writing of its proposal to do so and its reasons. We will take into account any representations made by an applicant before making our final decision.

            • 3.2.24

              We may consider whether a person has become an unacceptable Controller as a result of any notification given by a firm, including under GEN Rule 8.8.11(2) or as a result of our own supervisory work. The considerations which we will take into account in assessing whether a person is an acceptable Controller are those set out in paragraphs 3.2.21 above.

            • 3.2.25

              We may request, in writing, any further information required to enable us to complete our assessment of the application no later than the 50th Business Day of the assessment period.

        • 3.3 3.3 Supervision of Representative Offices

          • 3.3.1

            As part of our risk-based approach to supervising firms we may undertake periodic visits to Representative Offices and may also include Representative Offices in our thematic visits.

          • 3.3.2

            Onsite visits to Representative Offices are likely to focus on issues including:

            (a) confirming that activities undertaken by the Representative Office are allowed under its Financial Services Permission;
            (b) reviewing the adequacy of its systems and controls to comply with its responsibilities;
            (c) reviewing the material distributed by the Representative Office to ensure it is clear, fair and not misleading;
            (d) any solvency concerns with the head office or Group; and
            (e) the firm's disclosure of its regulated status.

          • 3.3.3

            The onsite visit is likely to include interviews with the Principal Representative and a review of relevant records.

        • 3.4 3.4 Supervision of Recognised Bodies

          • Introduction

            • 3.4.1

              The FSMR and the Rules establishes a principles-based framework for the recognition and supervision of Recognised Bodies and for taking regulatory action against those recognised institutions. This framework is supplemented by supervisory powers and other requirements in MIR and MKT rulebooks.

          • Group supervision

            • 3.4.2

              When we recognise a Recognised Body, we take into consideration the relationship with any wider group to which the Recognised Body may belong or with other Persons closely linked to it. We will also take into account lead or consolidated supervision to which a Recognised Body or its Group may be subject in another jurisdiction to the extent it is satisfied that it meets appropriate regulatory criteria and standards. This may lead to us placing some reliance on the supervisory arrangements in another jurisdiction or creating and participating in special arrangements for the supervision of the Recognised Body and its Group. The Recognised Body is expected to provide information required or reasonably requested in relation to these consolidated or lead supervisory arrangements before final supervisory arrangements are established.

            • 3.4.3

              Each relationship will be considered on a case by case basis and according to the risks posed by the Recognised Body's activities identified during supervisory arrangements. Such supervisory arrangements may include a process to be agreed by us, the Recognised Body itself and other relevant regulators.

            • 3.4.4

              Effective co-operation with regulators will provide for prompt exchange of information and co-operation in relation to supervision and enforcement between jurisdictions. This may include exchanges of information and co-operation in respect of activities conducted by a Recognised Body. Usually co-operation arrangements will be in the form of memoranda of understanding. The information exchange will enhance our understanding of the operations of the Group and the impact (if any) on the Recognised Body.

          • Application for a change in control

            • 3.4.5

              GEN 8.8 sets out the requirements relating to a change in control. See also paragraphs 3.2.21 to 3.2.25 above.

          • Directions power

            • 3.4.6

              MIR Chapter 6 empowers us to give a Recognised Body certain directions in relation to the Recognised Body's duties under the laws. It also gives us the power to direct a Recognised Body to do specified things, including closing the market, suspending transactions and prohibiting trading in Investments. MIR Chapter 6 also empowers us to exercise the powers contained in the Recognised Body's rules for participants as though it was the Recognised Body where we consider that the Recognised Body has not exercised the powers under those rules.

            • 3.4.7

              In considering whether to exercise such powers, we may take into account the following factors:

              (a) what steps the Recognised Body has taken or is taking in respect of the issue being addressed in the planned direction;
              (b) the impact on our objectives if a direction were not issued; or
              (c) whether it is in the interests of the ADGM.

            • 3.4.8

              The written notice given by us will specify what a Recognised Body is required to do under the exercise of such directions. Though we are not required to do so under MIR, in most cases we will endeavour to contact the Recognised Body prior to issuing such a direction.

            • 3.4.9

              Part 14 of the FSMR and MIR 6.1 allow us to direct a Recognised Body to suspend or delist Securities from its Official List. Such directions may take effect immediately or from a date and time as may be specified in the direction. MKT Chapter 2 contains details in this regard.

      • 4. 4. Supervisory And Enforcement Powers

        • 4.1 4.1 Introduction

          • 4.1.1

            This chapter sets out how we may exercise our supervisory and enforcement powers. We can exercise these powers in respect of any person who has been approved or recognised by us, including persons in senior positions.

          • 4.1.2

            Chapter 5 of this document describes how we will exercise additional powers when conducting enforcement activities.

          • 4.1.3

            The range of powers available to us includes the power to:

            (a) require information or documents (FSMR section 201 and 206);
            (b) require a firm to provide a report from a skilled person (FSMR section 203);
            (c) impose requirements on a firm (FSMR section 35);
            (d) issue a direction to a firm or an Affiliate for prudential purposes (FSMR section 202);
            (e) impose conditions on an Approved Person on our own initiative (FSMR section 48); and
            (f) suspend the Financial Services Permission of a firm (FSMR section 33).

          • 4.1.4

            In exercising a power specified in this Chapter (except when requesting information and/or documents; or a skilled person report), we will generally follow the decision making procedures set out in Chapter 7 of this document.

        • 4.2 4.2 Power to request information and documents

          • 4.2.1

            In order to supervise the conduct and activities of a firm, a Recognised Body, any director, officer, employee or agent of such firm or Recognised Body, we require access to a broad range of information relating to a Person's business. In particular, firms, Recognised Bodies, Approved Persons or Recognised Persons are expected to deal with us in an open and co-operative manner and disclose to us any information of which we would reasonably expect to be notified.

          • 4.2.2

            We may require a person referred to in paragraph 4.2.1 above to give information and produce documents about its business (including reports prepared by external parties such as consultants appointed by the firm or Recognised Body), transactions or employees to us. When we require the giving of information or production of documents, it will give the person a written notice specifying what is required to be given or produced.

          • 4.2.3

            We may exercise this power either within, or outside, the ADGM.

        • 4.3 4.3 Power to require a report

          • 4.3.1

            We may require a firm or Recognised Body to provide it with a report from a skilled person on specified matters, in circumstances where:

            (a) we have concerns about the adequacy of systems and controls (such as compliance, internal audit, anti-money laundering, risk management and record keeping);
            (b) we seek verification of information submitted by it; or
            (c) we require remedial action to ensure the firm or Recognised Body complies with the laws.

          • 4.3.2

            GEN 8.12 sets out various requirements relating to the appointment of a skilled person, including:

            (a) give written notification to the firm or Recognised Body, by us, concerning the purpose of the proposed report, the scope, the timetable for completion and any other relevant matters;
            (b) specify the nature of the concerns, by us, that led to the decision to appoint a skilled person and the uses we may have for the results of any skilled person's report;
            (c) the skilled person must be appointed by the firm or Recognised Body and be nominated or approved by us;
            (d) a firm or Recognised Body is required to ensure it provides all assistance that the skilled person may reasonably require and ensure that the skilled person co-operates with us; and
            (e) a firm or Recognised Body is required to pay for the services of the skilled person.

        • 4.4 4.4 Power to impose requirements on a firm or Recognised Body

          • 4.4.1

            We may impose a requirement on a firm or Recognised Body under FSMR section 35, so as to:

            (a) require a firm or Recognised Body to take action specified by us; or
            (b) require a firm or Recognised Body to refrain from taking action specified by us.

          • 4.4.2

            Examples of requirements that we may consider imposing include, among other things, a requirement:

            (a) not to take on new business;
            (b) not to hold or control Client Money;
            (c) not to trade in certain categories of Specified Investment;
            (d) prohibiting or restricting the disposal of, or other dealing with, any of the firm's or Recognised Body's assets (whether in the ADGM or elsewhere); and
            (e) that all or any of the firm's assets (or all or any assets belonging to investors but held by the firm or Recognised Body) must be transferred to a trustee approved by us.

          • 4.4.3

            We may exercise our power under paragraph 4.4.1 above in certain circumstances, as set out in FSMR section 35(2) and GEN 8.13.1, including where:

            (a) the firm or Recognised Body is failing, or is likely to fail, to satisfy the Threshold Conditions when it was first granted a Financial Services Permission including:
            (i) having adequate and appropriate resources;
            (ii) being fit and proper to carry on a activity regulated by us for which it has an authorisation or recognition;
            (iii) capability of being effectively supervised; and
            (iv) having adequate compliance arrangements to enable it to comply with all applicable legal requirements.
            (b) the firm or Recognised Body has committed a contravention of the FSMR, Rules or other enactments or subordinate legislation administered by us;
            (c) the firm or Recognised Body has failed, during the period of at least 12 months, to carry on an activity regulated by us to which the Financial Services Permission relates; or
            (d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.

          • 4.4.4

            In determining whether to exercise our power under section 35 of the FSMR, we may take into account relevant facts and circumstances including, the following:

            (a) whether we have concerns about the fitness and propriety of the firm or Recognised Body;
            (b) whether the firm's or Recognised Body's resources are adequate for the scale or type of activity which the firm is authorised to undertake;
            (c) whether the firm or Recognised Body has conducted its business in compliance with the FSMR and the Rules;
            (d) whether the firm or Recognised Body has ensured full compliance with applicable money laundering or counter terrorism legislation; and
            (e) whether the firm's or Recognised Body's management is able to address the Regulator's concerns about the firm or Recognised Body, or the way the business is being or has been run.

          • 4.4.5

            When exercising this power, we will have regard to the principle that any restriction imposed on a firm or a Recognised Body should be proportionate to the objectives which we are seeking to achieve.

        • 4.5 4.5 Power to cancel a Financial Services Permission or revoke recognition

          • At the request of a firm

            • 4.5.1

              On application of the firm or Recognised Body (in such firm as we shall prescribe), we may exercise our powers to vary or cancel a firm's Financial Services Permission or a Recognised Body's recognition (See FSMR section 32(2)).

            • 4.5.2

              Depending on the circumstances, we may need to consider whether we should first use our powers to impose requirements on a firm or Recognised Body or to vary a firm's Financial Services Permission or Recognised Body's recognition, before going on to cancel or revoke the Financial Services Permission.

          • On our own initiative

            • 4.5.3

              We may exercise our powers to cancel a Financial Services Permission to carry on one or more Regulated Activities, or to revoke recognition in respect of a Recognised Body (see FSMR sections 33 and 134(2)), respectively where:

              (a) firm or Recognised Body is failing, or is likely to fail, to satisfy the threshold conditions;
              (b) firm or Recognised Body has committed a contravention of the laws administered by us;
              (c) firm or Recognised Body has failed, during the period of at least 12 months, to carry on a Regulated Activity to which the Financial Services Permission or recognition relates; or
              (d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.

            • 4.5.4

              Circumstances when we may exercise our powers to cancel a Financial Services Permission or revoke a recognition include, among other things, where:

              (a) we have serious concerns about the manner in which the business of the firm or Recognised Body has been or is being conducted;
              (b) we consider it necessary to protect regulated entities and customers in the ADGM;
              (c) the firm or Recognised Body has failed to have or maintain adequate financial resources or a failure to comply with regulatory capital requirements;
              (d) the firm or Recognised Body has not submitted regulatory returns in a timely fashion or has provided false information in regulatory returns;
              (e) as a result of withdrawal of authorisation in relation to one or more Regulated Activities, the firm or Recognised Body is no longer authorised to carry on a Regulated Activity;
              (f) whether the firm or Recognised Body no longer satisfies the relevant criteria in respect of the fitness and propriety to carry on a Regulated Activity or hold a Financial Services Permission or recognition order (set out in GEN, Chapter 5 and MIR Chapters 2 and 4);
              (g) the firm or Recognised Body has repeatedly contravened the FSMR or the Rules.

        • 4.6 4.6 Power to impose conditions on the status of an Approved Person

          • 4.6.1

            We may at any time by a written notice to an Approved Person and the relevant firm:

            (a) impose conditions on the grant of Approved Person status (FSMR section 48); and
            (b) vary or withdraw conditions imposed on the grant of such status (FSMR section 46).

          • 4.6.2

            We may exercise this power in circumstances where:

            (a) the Approved Person has not exercised the expected level of skill, care and diligence in carrying out the Controlled Function;
            (b) the conduct of the Approved Person is inconsistent with the requirements and standards expected; or
            (c) we have concerns about the fitness and propriety of the Approved Person (but not such as to warrant the suspension or withdrawal of an Approved Person's status pursuant to section 46 of FSMR).

        • 4.7 4.7 Power to withdraw the status of an Approved Person

          • 4.7.1

            Under section 46 of the FSMR, we may withdraw an individual's Approved Person status given under section 45 of FSMR, if we consider that the Approved Person is no longer fit and proper to perform the Controlled Function in question, including for example, where:

            (a) the individual is in breach of an obligation applicable as a result of their Approved Person status;
            (b) the Financial Services Permission of the relevant firm is withdrawn;
            (c) the individual becomes bankrupt;
            (d) the individual is convicted of an offence that would be considered relevant to his integrity and honesty, or his ability to perform his functions;
            (e) the individual becomes incapable, through mental or physical incapacity, of managing his affairs; or
            (f) the individual or the relevant firm asks us to withdraw the relevant status.

          • 4.7.2

            In determining whether to exercise its power under section 46 of FSMR, we will have regard to all relevant matters including, but not limited to:

            (a) the criteria for assessing the fitness and propriety of an Approved Person as set out in GEN Chapter 5 (GEN 5.2.9) and paragraph 2.3 of this document;
            (b) the commission of any offences involving dishonesty, fraud or a Financial Crime by the Approved Person;
            (c) whether other enforcement action should be taken, or has already been taken, against the Approved Person by us or by other enforcement agencies;
            (d) the particular Controlled Function the Approved Person is or was performing;
            (e) the nature and activities of the firm concerned;
            (f) the markets in which the firm operates; and
            (g) the severity of the risk which the individual poses to consumers and to confidence in the ADGM financial system.

          • Disqualification of Auditors and actuaries under section 233 of the FSMR

            • 4.7.3

              We recognise that the use of our powers to disqualify Auditors and actuaries from being an Auditor of, or acting as an actuary for, a firm will have serious consequences for the Auditors or actuaries concerned and their clients.

            • 4.7.4

              In deciding whether to exercise our power to disqualify an Auditor or actuary under section 233(3) of FSMR, and what the scope of any disqualification will be, we will take into account all the circumstances of the case, including:

              (a) the nature and seriousness of any contravention of the FSMR or Rules and the effect of that contravention;
              (b) whether any contravention of the FSMR or Rules, or any failure to disclose information to us, has resulted in, or is likely to result in:
              (i) loss to customers;
              (ii) damage to the reputation of the ADGM; or
              (iii) an increased risk that an firm, Recognised Body or Reporting Entity may be used for the purposes of Financial Crime;
              (c) any action taken by the Auditor or actuary to remedy the contravention;
              (d) any disciplinary action taken (or to be taken) against the Auditor or actuary by a relevant professional body, and whether that action adequately addresses the particular contravention; and
              (e) the previous compliance record of the Auditor or actuary concerned, and whether the relevant regulatory body or professional body has imposed any previous disciplinary sanctions on the firm, Recognised Body, Reporting Entity or individual concerned.

      • 5. 5. Enforcement

        • 5.1 5.1 Our approach to enforcement

          • Introduction

            • 5.1.1

              This Chapter sets out our approach to enforcement including how we may commence and conduct investigations and exercise our powers to address any misconduct or contravention of the FSMR or Rules. Our approach to imposing a penalty can be found in Chapter 6 of this document.

            • 5.1.2

              The fair and proportionate use of our enforcement powers plays a critical role in fulfilling our objectives as set out in section 1(3) of FSMR.

            • 5.1.3

              There are a number of principles underlying our approach to the exercise of our enforcement powers, including:

              (a) the effectiveness of the regulatory regime depends on the maintenance of an open and co-operative relationship between us and those we regulate;
              (b) we adopt a risk-based approach to regulation, focusing our efforts on those activities that we perceive as posing the greatest risk to the furtherance of our objectives;
              (c) we will act fairly, openly, accountably and proportionally in the exercise of our enforcement powers;
              (d) we will act swiftly and decisively to stop conduct which threatens the integrity of the ADGM or the stability of the financial services industry in the ADGM, minimise its effects, and prevent such conduct re-occurring;
              (e) we aim to:
              (i) deter or reduce the likelihood of future non-compliance;
              (ii) reduce or eliminate any financial gain or benefit from non-compliance; and
              (iii) where appropriate, remedy the harm caused by the non-compliance.

        • 5.2 5.2 Enforcement framework

          • Introduction

            • 5.2.1

              Enforcement is one of a number of regulatory tools available to us. We will take enforcement action in line with our objectives and approach to enforcement and may conduct investigations where there is a suspected contravention.

            • 5.2.2

              As a risk-based regulator, priority will be given to those areas which pose the biggest risk to achieving our objectives.

            • 5.2.3

              The proactive supervision and monitoring of Authorised Persons and an open and cooperative relationship between such Authorised Persons and their supervisors may, in some cases where a contravention of the FSMR or Rules has taken place, lead us to decide against taking formal disciplinary action. In those cases, we would expect the firm or person to act promptly in taking the necessary remedial action agreed with its supervisors to deal with our concerns. If the firm or person does not take such action, we may then proceed to take formal enforcement action.

          • General contravention provisions

            • 5.2.4

              Pursuant to section 218 of FSMR, a person commits a contravention if he:

              (a) does an act or thing that the person is prohibited from doing by or under the FSMR or Rules;
              (b) does not do an act or thing that the person is required or directed to do by or under the FSMR or Rules;
              (c) fails to comply with a requirement or condition imposed by or under the FSMR or the Rules; or
              (d) otherwise contravenes a provision of the FSMR or Rules.

          • Involvement in contravention

            • 5.2.5

              If a person is Knowingly Concerned in a contravention of the FSMR or Rules committed by another person then, under section 220 of FSMR, both persons may be held liable for committing a contravention.

            • 5.2.6

              A person is "Knowingly Concerned" in a contravention if the person:

              (a) has aided, abetted, counselled or procured the contravention;
              (b) has induced, whether by threats or promises or otherwise, the contravention;
              (c) has in any way, by act or omission, directly or indirectly, been knowingly involved in or been party to, the contravention; or
              (d) has conspired with another or others to commit the contravention.

          • Enforcement assessment: Threshold Conditions cases

            • 5.2.7

              We may take enforcement action against an Authorised Person who no longer meets the Threshold Conditions. . We view the Threshold Conditions as being fundamental requirements for a firm operating within the ADGM under a Financial Services Permission.

          • Decision to take action

            • 5.2.8

              We will make an assessment on a case by case basis whether to carry out a formal investigation, having considered all the available information, including:

              (a) elements of suspected contravention of the FSMR or Rules;
              (b) the Authorised Person's willingness to co-operate with us;
              (c) whether confidentiality obligations prevent individuals from providing information unless we compel them to do so by using our formal powers; and
              (d) whether the Authorised Person concerned has undertaken, or offered to undertake, remedial action.

          • Enforcement process

            • 5.2.9

              When taking enforcement action, we will generally adopt the following process:

              (a) Step 1 — Assessment of complaints and referrals (paragraph 5.3);
              (b) Step 2 — Commencement of an investigation (paragraph 5.4);
              (c) Step 3 — Information gathering (paragraph 5.5);
              (d) Step 4 – Analysis of information provided (paragraph 5.7);
              (e) Step 5 — Assessment of remedies (paragraph 5.8); and
              (f) Step 6 — Conclusion of the investigation (paragraph 5.19).

        • 5.3 5.3 Step 1 — Assessment of complaints and referrals

          • 5.3.1

            Assessment of complaints and referrals concerning suspected misconduct or suspected contraventions is a key function of our regulatory remit and enforcement framework. Every complaint and referral, regardless of source, is assessed to determine whether an investigation or other action ought to take place.

          • Sources of complaints and referrals

            • 5.3.2

              We may become aware of suspected misconduct or suspected contraventions from a variety of sources, including:

              (a) members of the public;
              (b) our supervisory activities; and
              (c) other external regulatory authorities or law enforcement agencies.

          • Complaints

            • 5.3.3

              Complaints received by us from members of the public which relate to:

              (a) any conduct of, or dissatisfaction with, any person regulated by us;
              (b) a potential contravention of the FSMR or Rules; or
              (c) any conduct that causes, or may cause, damage to the reputation of the ADGM or the financial services industry in the ADGM;

              are classified as regulatory complaints and are assessed through our complaints management function.

            • 5.3.4

              A person wishing to lodge a regulatory complaint with us should, where possible, do so in writing. A complaint can be lodged:

              (a) by email to: FSRA.Complaints@adgm.com;
              (b) by sending the complaint to Financial Services Regulatory Authority, Abu Dhabi Global Market PO Box 111999, Abu Dhabi, United Arab Emirates; or
              (c) delivering the complaint to us at Financial Services Regulatory Authority, Abu Dhabi Global Market Square, Al Maryah Island Abu Dhabi, United Arab Emirates.

            • 5.3.5

              When a complaint is received, we will send an acknowledgement letter to the complainant which will include the contact details of our complaints management function.

            • 5.3.6

              If, during the assessment of a regulatory complaint, we identify suspected misconduct or a suspected contravention, we will refer the complaint to the relevant staff member. After that, the relevant department assumes responsibility for the complaint and undertakes further consideration of the complaint.

            • 5.3.7

              All complaints lodged with us are held in confidence in accordance with the FSMR. However, in order to assess a complaint properly, we may need to speak to third parties including any person who is the subject of the complaint.

          • Referrals

            • 5.3.8

              There are two types of referrals — internal and external.

              (a) Internal referrals

              Internal referrals originate from our supervisory activities. Our supervisory framework is designed to detect and mitigate risks to the ADGM and the financial services industry in the ADGM.

              An internal referral occurs when our supervision division refers a matter to our enforcement department, when the supervisory department has identified possible contraventions.

              When the enforcement division receives an internal referral, the referring division may continue to be responsible for the on-going supervision of the firm who may be the subject of the referral.
              (b) External referrals

              We may also receive allegations of misconduct through an external referral from other regulatory authorities and law enforcement agencies or any other person.

              Such allegations may be received pursuant to the IOSCO or IAIS Multilateral Memoranda of Understanding (MMoU), or bilateral arrangements for the exchange of information between us and other regulatory and enforcement agencies.

        • 5.4 5.4 Step 2 — Commencement of investigations

          • Introduction

            • 5.4.1

              On receipt of an internal or external referral, the allegation will be assessed to determine if there is a suspicion of a contravention. If a suspicion arises and it is appropriate and expedient, we may start an investigation.

              Section 205 of FSMR empowers us to conduct investigations if we consider there is good reason to do so, including investigations into reasonable suspicions of contraventions of FSMR and Rules.

            • 5.4.2

              In determining whether to commence an investigation, we will consider a number of factors including:

              (a) the nature and seriousness of the suspected contravention;
              (b) whether the suspected contravention is on-going;
              (c) whether the suspected contravention affects, or has the potential to affect, our objectives;
              (d) whether those involved in the suspected contravention are likely to cooperate;
              (e) the disciplinary record and compliance history of the person(s) involved in the suspected contravention;
              (f) whether, if proven, a suitable remedy is available;
              (g) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter;
              (h) the nature of any request for assistance made by another regulator or body under sections 216 or 217of FSMR; and
              (i) whether any party who may have suffered a detriment as a result of the suspected contravention is able to take his own remedial action.

            • 5.4.3

              Whether we "reasonably suspect" a contravention is a question which we will determine on the facts and circumstances available at the time of the determination to commence investigation.

            • 5.4.4

              While we are not bound to disclose to any party that an investigation has commenced or is on-going, or the basis on which an investigation is commenced, we may where necessary or desirable to do so, notify a person who is the subject of an investigation that an investigation has commenced, and the nature of our investigation.

            • 5.4.5

              We will not normally make public the fact that we are investigating a matter. We also expect that the person who is the subject of an investigation will treat the matter as confidential. However, subject to the restrictions on disclosure of confidential information in sections 197 and 198 of the FSMR, this does not stop the person under investigation from seeking professional advice or making their own enquiries into the matter, giving their Auditors appropriate details of the matter or making notifications required by law.

        • 5.5 5.5 Step 3 — Information gathering

          • Introduction

            • 5.5.1

              Once an investigation has commenced, we may exercise our powers to gather information to advance our objectives.

            • 5.5.2

              Our information-gathering powers may only be exercised by the Chief Executive or his delegate(s). The delegation need not be limited to our employees and can extend to other, non FSRA staff who are able to assist the investigation.

          • Power to require documents or information

            • 5.5.3

              During an investigation, the investigator may obtain relevant information and/or documents either: on a compulsory basis, principally through the exercise of its powers under section 206(1)(b) and (c) of FSMR, and/or on a voluntary basis.

            • 5.5.4

              Our compulsory information gathering powers are divided into two broad categories – supervisory and investigative. When we require the giving of information or production of documents, we will generally give the Person a written notice specifying what is required to be given or produced.

            • 5.5.5

              Under our supervisory powers, we may require a Person to give us information and produce documents about its business under section 201 of the FSMR. The power of section 201 of FSMR permits us to request information and documents from an Authorised Person, Recognised Body, Issuer of Securities admitted to the Official List and any director, officer, employees or agent of such Authorised Person, Recognised Body or Issuer, which we consider is necessary or desirable to meet our objectives.

            • 5.5.6

              Under our investigative powers, we also have the power to require documents or information under section 206(1)(b) and (c) of the FSMR. Unlike the supervisory power under s201, the powers under section 206 may only be used:

              (a) for the purposes of an investigation; and
              (b) in circumstances where the investigator considers that a person is or may be able to give information or produce a document which is or may be relevant to an investigation.

          • Power to Inspect and copy documents

            • 5.5.7

              The section 206(1)(e) of FSMR permits the investigator to enter the business premises of the person under investigation for the purpose of inspecting and copying documents.

            • 5.5.8

              The investigator will generally not provide prior notice of an inspection in circumstances where the provision of prior notice may prejudice the investigation.

            • 5.5.9

              When exercising this power, the investigator may:

              (a) require any appropriate person to:
              (i) make available any relevant information stored at the business premises for inspection or copying; or
              (ii) convert any relevant information into a physical form capable of being copied; and
              (b) use the facilities of the occupier of the business premises where appropriate and necessary, free of charge, to make copies.

          • Power to require production of information

            • 5.5.10

              Section 206(1)(c) of FSMR empowers the investigator to require a person to give, or procure the giving of, information. The term "information" should be interpreted broadly, in accordance with its ordinary meaning, and may include

              (a) knowledge communicated or received concerning a particular matter, fact or circumstance;
              (b) knowledge gained through work, commerce, study, communication, research or instruction;
              (c) data obtained as output from a computer by means of processing input data with a program or any data at any stage of processing including input, output, storage or transmission data;
              (d) an explanation or statement about a matter;
              (e) the identification of a person, matter or thing; or
              (f) the provision of a response to a question.

          • Power to require production of documents

            • 5.5.11

              Section 206(1)(b) of FSMR empowers the investigator to require a person to produce, or procure the production of, specified documents or documents of a specified description. Specified documents may include, for example, any record of information, including:

              (a) anything on which there is writing;
              (b) anything on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them;
              (c) anything from which sounds, images or writings can be reproduced with or without the aid of anything else; or
              (d) a map, plan, drawing or photograph.

            • 5.5.12

              Section 206(1)(b) of FSMR empowers the investigator to require production of original documents or copies.

            • 5.5.13

              When exercising his powers under section 206(1)(b) of FSMR, the investigator may retain possession of any original document for as long as is necessary for the investigation to which the notice relates. When a person is unable to produce documents in compliance with a requirement made by the investigator, the investigator may require the person to state, to the best of that person's knowledge or belief, where the documents may be found and who last had possession, custody or control of those documents.

          • Time for responding to information and document requirements

            • 5.5.14

              As delays in the provision of information and/or documents can have an adverse impact on the efficient and effective progression of an investigation, we expect persons to respond to information and document requests within the timeframe required by us, in particular where a deadline for submission has been imposed.

          • Power to require a Person to attend an interview

            • 5.5.15

              Section 206(1)(a) of FSMR empowers the investigator has the power to require a person (the interviewee) to attend before us (the interviewer) for an interview to provide oral evidence relevant to an investigation we are conducting.

            • 5.5.16

              A person attending an interview will first be served with a written notice requiring his attendance. Pursuant to section 206(5) of FSMR, an interviewee is not entitled to refuse or fail to answer a question on the basis that his answers may incriminate him, make him liable for a penalty or reveal communications made in confidence (subject to section 209(6) of the FSMR).

            • 5.5.17

              An interview will be conducted in private and the interviewer may give directions to the interviewee regarding:

              (a) who may be present during the interview;
              (b) swearing an oath, or giving an affirmation, that the answers provided will be true;
              (c) what, if any, information may be disclosed by the interviewee or any other person present at the interview to any third party;
              (d) the conduct of any person and the manner in which they will participate during the interview; and
              (e) answering any question which is relevant to the investigation.

            • 5.5.18

              An interviewee is entitled to legal representation during the course of an interview.

          • Power to require a Person to provide assistance

            • 5.5.19

              Section 206(1)(d) of FSMR empowers the investigator to require a person to provide assistance in relation to an investigation, which may include requiring a person to do a physical act or provide information to advance an investigation. For example, it may require a person to assist in the location of specific documents.

            • 5.5.20

              This power can be used independently, or in conjunction with, the exercise of other investigative powers. For example, the investigator can exercise its powers under section 206(1)(a) of FSMR to require a person to attend an interview and under section 206(1)(d) of FSMR, to require the interviewee to provide reasonable assistance during or after the interview. For example, the interviewee may be required, during the interview, to explain the context of a document shown to him, or, after the interview, to locate and later produce a document referred to during the interview.

        • 5.6 5.6 Power to enter the premises for the purposes of an investigation

          • 5.6.1

            For the purposes of an investigation conducted under section 205 of FSMR, we may require any Authorised Person or Recognised Body to allow entry on to the premises (during normal business hours or at any other time as may be agreed) for the purpose of inspecting and copying information or documents (at the relevant person's expense).

          • 5.6.2

            We will provide reasonable notice to an Authorised Person, Recognised Body, or other person when we seek information, documents or access to premises. In exceptional circumstances, such as where any delay may be prejudicial to the interests of the ADGM, we may seek access to premises without the giving of prior notice.

          • Confidentiality

            • 5.6.3

              When carrying out our regulatory functions, we must maintain confidentiality of information, unless disclosure is permitted by section 199 of FSMR. We have issued a separate policy statement on Confidentiality and it is available on our website.

            • 5.6.4

              We may also impose obligations of confidentiality in respect of information and documents provided during the exercise of an investigator's powers under section 206(1) of FSMR.

            • 5.6.5

              The investigator can make directions to protect the confidentiality of information and documents which are part of an interview, in accordance with section 206(4)(b) of FSMR.

            • 5.6.6

              We or our investigator conducting an interview pursuant to section 206(1)(a) of FSMR may direct any person present during the interview from disclosing any information provided to the interviewee or questions asked by the interviewer during the interview.

            • 5.6.7

              Directions under section 206(4) of FSMR are made to ensure that an investigation is not prejudiced by the disclosure of the nature of the information sought or the questions asked during an investigation. In each case, we need to consider whether or not such directions are appropriate in the circumstances of that matter.

          • Protections

            • 5.6.8

              Parties who are required to comply with a requirement made by us during the course of an investigation, and persons who are the subject of an investigation, may benefit from certain protections in the FSMR, including:

              (a) section 198, which provides that confidential information provided to us must not be disclosed except in certain limited circumstances;
              (b) section 207(2), which provides that where a person takes part in an interview, any statements made during the interview cannot be disclosed by the investigator to a law enforcement agency for the purpose of criminal proceedings unless the person consents to the disclosure or the investigator is required by law or court order to disclose the statement; and
              (c) claims of legal professional privilege and other protections (see paragraph 5.6.9 – 5.6.10 below)

          • Claims of privilege and other protections

            • 5.6.9

              As set out in sections 210 and 211 of FSMR, there are a number of limitations on our powers to require documents and information.

            • 5.6.10

              we will recognise a valid claim for Legal Professional Privilege (LPP), made by:

              (a) the privilege holder, or
              (b) a third party seeking to assert the LPP claim on behalf of the privilege holder.

          • Non-compliance with requirements

            • 5.6.11

              Pursuant to section 214 of FSMR, a person must not, without reasonable excuse, engage in conduct that is intended to obstruct us in the exercise of our investigative powers by any means, including:

              (a) the failure to attend at a specified time and place to answer questions;
              (b) the falsification, concealment or destruction of documents;
              (c) the failure to give or produce information or documents specified by us
              (d) the failure to provide assistance in relation to an investigation which the person is able to give.

            • 5.6.12

              We will regard any breach of a requirement under Part 17 of FSMR as serious and take appropriate action where necessary.

          • Return of information and documents

            • 5.6.13

              Where, during the course of an investigation, we have obtained original documents, we will usually return these to the person from whom the documents were received, as soon as practicable after the conclusion of the investigation or related proceedings.

            • 5.6.14

              Where information or documents have been produced to us in the course of an investigation to assist another regulator or agency, we may release the information or documents to that other regulator or agency. The information and documents will usually be returned to the person from whom the information and documents were received, as soon as practicable after receiving them back from the other regulator or agency.

        • 5.7 5.7 Step 4 — Analysis of information provided

          • 5.7.1

            On completion of the information gathering step, we will carefully consider all the relevant facts and circumstances of the matter to determine:-

            (a) whether there has been a contravention of the FSMR or the Rules; and
            (b) if so, if there is a regulatory benefit of pursuing the contravention in question.

          • 5.7.2

            The effective and proportionate use of our powers to enforce the requirements of the FSMR and the Rules will play an important role in our pursuit of our objectives as set out in section 1(3) of the FSMR. Imposing financial penalties, public censures and other disciplinary measures shows that we are upholding regulatory standards and helps to maintain market confidence and deter financial crime.

          • 5.7.3

            However, they are not the only tools available to us, and there will be instances of non-compliance which we consider appropriate to address without the use of such tools. For example, consistent with our risk-based approach to regulation, activities that are not seen as posing a significant risk to the furtherance of our objectives may not attract the same remedies as activities which we are seeking to prioritise.

          • 5.7.4

            At the conclusion of an investigation, we may:

            (a) take no further action;
            (b) commence a settlement negotiation;
            (c) accept a settlement;
            (d) accept an enforceable undertaking;
            (e) refer a matter for determination to a delegated decision-maker, e.g. for the
            (i) imposition of a financial penalty;
            (ii) imposition of a public censure;
            (iii) variation or cancellation of a Financial Services Permission;
            (iv) imposition of conditions on an Approved Person;
            (v) suspension or withdrawal of an Approved Person's Approval; or
            (vi) revocation of recognition of a Recognised Body;
            (f) commence Court proceedings; or
            (g) exercise a power on behalf of another regulator.

        • 5.8 5.8 Step 5 — Assessment of Remedies

          • 5.8.1

            There is a range of remedies which we may pursue to achieve our objectives, including:

            (a) financial penalties;
            (b) public censure;
            (c) private warning; and
            (d) injunctions and other court orders.

          • 5.8.2

            We may, in any matter, pursue more than one remedy.

          • 5.8.3

            We do not have criminal jurisdiction. Should criminal conduct be identified, it will be referred to the appropriate law enforcement agency.

        • 5.9 5.9 Financial penalties

          • 5.9.1

            We may seek to impose a financial penalty under section 232 of FSMR on a person whom we consider has contravened a provision of the FSMR or the Rules. We may impose a financial penalty in any amount considered appropriate, provided such amount is not less than 5,000 UAE Dirhams and not exceeding the higher of 50 million UAE Dirhams or 10% of the value of the relevant transaction.

          • 5.9.2

            In determining whether to impose a financial penalty, and the quantum of the financial penalty, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in Chapter 6 of this document.

          • 5.9.3

            Prior to making a decision, we will follow the procedures set out in Part 21 of the FSMR (see also Chapter 7 of this document for guidance).

        • 5.10 5.10 Public censure

          • 5.10.1

            We may, under section 231 of FSMR, seek to publicly censure a person whom we consider has contravened a provision of the FSMR and Rules.

          • 5.10.2

            In determining whether to publicly censure a person, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in paragraph 6.3 of this document.

        • 5.11 5.11 Private warnings

          • 5.11.1

            In certain cases, despite concerns about a person's behaviour or evidence of a breach of the FSMR or the Rules, we may decide that it is not appropriate, having regard to all the circumstances of the case, to bring formal action for a financial penalty or public censure, or that an alternative regulatory outcome is preferable in light of the circumstances of the case. This is consistent with our risk-based approach to enforcement.

          • 5.11.2

            Private warnings is a non-statutory tool, primarily used by us as an enforcement tool, but they may also be used in other departments. Whilst a private warning is not intended to be a determination by us as to whether the recipient has breached a provision of the FSMR or the Rules, private warnings, together with any comments received in response, will form part of the person's compliance history.

          • Instances where we may issue a private warning

            • 5.11.3

              We may give a private warning rather than take formal action where the matter giving cause for concern is minor, or where the person has taken full and immediate remedial action. In any event, we will take into account all the circumstances of the case before deciding whether a private warning is appropriate.

              Generally, we would expect to use private warnings in the context of Authorised Person, Recognised Bodies and Approved Persons. However, we may also issue private warnings in circumstances where the persons involved may not necessarily be authorised or approved, including, for example, in potential cases of Market Abuse.

        • 5.12 5.12 Injunctions and orders

          • 5.12.1

            We have a broad power to make an application to the ADGM Court for injunctive relief and other orders (see FSMR, sections 236 — 238). The ADGM Court may make one or more of the following orders:

            (a) an order restraining a person that is engaging in conduct that would constitute a contravention;
            (b) an order requiring a person to do an act or thing to remedy a contravention or to minimise loss or damage; or
            (c) any other order as the Court sees fit, including an order restraining the transfer of assets or the departure of individuals from the jurisdiction of the court.

          • 5.12.2

            In deciding whether an application for an injunction is appropriate, we will consider all relevant circumstances including:

            (a) the nature and seriousness of the contravention;
            (b) whether the contravention is on-going;
            (c) whether the contravention affects, or has the potential to affect, our objectives;
            (d) where we consider it necessary to protect regulated entities and clients in the ADGM;
            (e) whether there is a danger of assets being dissipated or removed from the jurisdiction of the Court;
            (f) whether there is a danger that a person or persons may leave the jurisdiction and, if so, the effect that his or their absence may have on the effectiveness of the court's orders;
            (g) costs we would incur in applying for and enforcing an injunction and the likely effectiveness of such an injunction or other order;
            (h) the disciplinary record and compliance history of the person;
            (i) whether the losses suffered are substantial;
            (j) whether the assets at risk are substantial;
            (k) whether the number of clients at risk is significant;
            (l) whether the conduct in question can be adequately addressed by other disciplinary measures;
            (m) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter in question; and
            (n) whether there is a reason to believe that the person who is the subject of the possible application is or has been involved in money laundering, terrorist financing or other form of financial crime or criminal conduct.

        • 5.13 5.13 Actions for damages

          • 5.13.1

            Section 242 of FSMR provides that where a person:

            (a) intentionally, recklessly or negligently commits a breach of duty, requirement, prohibition, obligation or responsibility imposed under the FSMR; or
            (b) commits fraud or other dishonest conduct in connection with the matter arising under the FSMR;

            the person is liable to compensate any other person for any loss or damage caused to that other person as a result of such conduct.

          • 5.13.2

            Section 242 of FSMR gives us, and any aggrieved persons, broad powers to make application for recovery of damages where there has been an identified contravention of the FSMR or Rules administered by us. An aggrieved person may exercise rights provided under section 242 of FSMR independently of, or contemporaneously with, us.

          • 5.13.3

            In determining whether to commence proceedings, we will take into account all relevant circumstances, including:

            (a) the nature and seriousness of the suspected contravention;
            (b) whether the suspected contravention is on-going;
            (c) whether the contravention affects, or has the potential to affect, our objectives;
            (d) whether a party who may have suffered detriment as a result of the alleged contravention is able to take his own remedial action;
            (e) in circumstances where more than one person has suffered loss or damage:
            (i) the number of those that have suffered loss or damage and the amount of loss or damage involved; and
            (ii) whether it is convenient or possible for a class of aggrieved persons to commence a proceeding;
            (f) the cost we would incur in applying for or enforcing any order that it is successful in obtaining;
            (g) whether the conduct in question can be adequately addressed by the use of other regulatory powers;
            (h) whether redress is available elsewhere or through another Non-ADGM Financial Services Regulator;
            (i) whether there is a reason to believe that the person is or has been, involved in money laundering, terrorist financing or other form of financial crime or criminal conduct;
            (j) whether the profits are quantifiable;
            (k) whether the person is solvent; and
            (l) whether we have a reasonable prospect of success in the relevant proceedings.

          • Determining the amount of restitution

            • 5.13.4

              In determining the amount of compensation payable in accordance with section 241 of FSMR, we may obtain information relating to the amount of profits made and/or losses or any other adverse effects resulting from the conduct of Authorised Person, Recognised Bodies or unauthorised persons.

            • 5.13.5

              As well as obtaining information through the use of our information gathering powers, we may consider using our powers under section 203 of FSMR to require an Authorised Person or Recognised Body to provide a report prepared by a Skilled Person, or appoint a Skilled Person ourselves to prepare a report. A Skilled Person's report may be requested to assist us to determine:

              (a) the amount of profits which have been made by the Authorised Person or Recognised Body;
              (b) whether the conduct of the Authorised Person or Recognised Body has caused any losses or other adverse effects to persons and/or the extent of such losses; or
              (c) how any amounts to be paid by the Authorised Person or Recognised Body are to be distributed between persons.

        • 5.14 5.14 The compulsory winding-up of a regulated entity

          • 5.14.1

            We may apply to the ADGM Court for the winding up of a company which is, or has been, an Authorised Person or Recognised Body, or operating in breach of the General Prohibition, where we consider it is just and equitable and in the interests of the ADGM, in accordance with section 244 of FSMR.

          • 5.14.2

            In deciding whether such an application is just and equitable and is in the interests of the ADGM, we will consider all relevant circumstances, including:

            (a) whether the company has operated in accordance with the FSMR and Rules;
            (b) where the company has contravened the FSMR or Rules:
            (i) the nature, scale and seriousness of the contravention;
            (ii) whether the contravention is on-going;
            (iii) whether the contravention affects, or has the potential to affect, our objectives;
            (iv) what other steps the person could take or other orders a court could make to remedy the contravention;
            (c) the need to protect a firm's clients, particularly in cases where an Authorised Person holds or controls Client Assets;
            (d) whether the needs of those operating in the ADGM and the interests of the ADGM are best served by the company ceasing to operate;
            (e) in the case of an Authorised Person, where we consider that our Financial Services Permission should be withdrawn or, where it has been withdrawn, the extent to which there is other business that the firm carries on without authorisation;
            (f) whether there is reason to believe that the firm or person is or has been involved in money laundering, terrorist financing or other form of financial crime or other criminal conduct;
            (g) where there is a significant cross-border or international element to the business being carried on by the company, the impact on the business in other jurisdictions and whether another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter; or
            (h) the extent to which the firm or person company has co-operated with us.

        • 5.15 5.15 Injunctions and restitution orders in cases of market abuse

          • 5.15.1

            Sections 238 and 240 of FSMR provide that the ADGM Court, on application by us, may make one of a range of orders in relation to a person, irrespective of whether a contravention has occurred, if it is satisfied that it is in the interests of the ADGM for such an order to be made.

          • 5.15.2

            We may seek a range of orders from the ADGM Court, including:

            (a) an order requiring that trading in any Investments cease, either permanently or for such period as is specified in the order;
            (b) an order requiring that a disclosure be made to the market;
            (c) an order prohibiting a person from making offers of Securities in or from the ADGM; or
            (d) an order prohibiting a person from being involved in Reporting Entities, Listed Funds or Securities within the ADGM.

          • 5.15.3

            Before we make an application for an order (whether interim, ex parte or final), we must be satisfied that such an order would be in the interests of the ADGM and will take into account all relevant circumstances, including:

            (a) the nature and extent of the conduct or any other matters in question;
            (b) the effect of the conduct on the market and our objectives;
            (c) whether the market is informed of all material information;
            (d) what steps the relevant person has taken in respect of the conduct or any other matters being considered;
            (e) what other form of relief (if any) is available to us; and
            (f) whether the conduct in question could have a significant impact on the integrity of, or confidence in, the ADGM.

        • 5.16 5.16 Intervention power

          • 5.16.1

            We may intervene as a party in any proceeding in the ADGM Court where we consider such intervention appropriate to meet our objectives (section 243 of FSMR). Where we intervene, it shall be subject to any other law, and have all the rights, duties and liabilities of such a party.

          • 5.16.2

            This provision does not affect our ability to seek leave to appear in proceedings as Amicus Curiae (i.e. someone not a party to the case, who volunteers to offer information to assist a court in deciding a matter before it, to make submissions on an issue of significance to the ADGM, or to place material before the Court that may otherwise not be available).

          • 5.16.3

            We will generally only exercise this right of intervention where we form the view that we will not be able to meet our objectives by simply appearing as Amicus Curiae and that, to serve the interests of the ADGM fully, it is necessary to join the proceeding as a party and stay involved in the matter throughout.

        • 5.17 5.17 Settlement guidance

          • 5.17.1

            A settlement is a resolution, between us and a person who is subject to potential enforcement action, to agree an outcome resulting from an investigation. A person who is or may be the subject of any form of enforcement action arising out of, or during the course of, an investigation may enter into settlement discussions with us. The possibility of a settlement does not, however, change the fact that enforcement action is, and continues to be, one of the tools available to us to secure our objectives under section 1(3) of the FSMR.

          • 5.17.2

            We generally consider that early settlement of an investigation advances our objectives in that it may result in, for example, consumers obtaining compensation sooner, the saving of our and industry resources and the promotion of good business and regulatory practices.

          • 5.17.3

            However, we will only consider settlement when we are confident we have sufficient understanding of the nature and gravity of the suspected misconduct to make a reasonable assessment of the appropriate outcome.

          • 5.17.4

            We will conduct all settlement discussions on a "without prejudice" basis; namely, that no party to the discussions may subsequently rely upon any admissions or statements made during the course of the settlement discussion or on any document recording those discussions.

          • 5.17.5

            We will only settle when the agreed terms result in what we consider to be an appropriate and proportionate regulatory outcome.

          • 5.17.6

            In the interests of efficiency and effectiveness, we will set clear and reasonable timetables for settlement discussions to ensure they do not unreasonably delay settlement or a regulatory or enforcement outcome. Where we have concerns that a party to settlement discussions is using negotiations as a means to delay or frustrate us with no genuine intention to settle, we, having made our concerns known to the other party, may bring the settlement discussions to an end and pursue other appropriate enforcement action.

          • 5.17.7

            Settlement in particular circumstances should not be regarded as binding precedent for future settlement discussions. Whilst we recognise the importance of consistency in its decision-making, we recognise that the facts of two enforcement cases are seldom identical. For this reason, and to ensure that we are able to respond to the demands of a changing and principles-based regulatory environment, it is important for us to be able to take a different view to that taken in an earlier case. However, any decision to depart from the earlier approach will only be made after careful consideration of the reasons for doing so.

          • Factors we will consider when contemplating settlement

            • 5.17.8

              In deciding whether a proposed settlement is acceptable, and in accordance with meeting our objectives, we will consider a number of factors, including:

              (a) the nature and seriousness of the conduct or suspected contravention the subject of the proposed settlement;
              (b) whether the suspected contravention is continuing;
              (c) whether the person is prepared to publicly acknowledge our concerns about the conduct or suspected contravention that is the subject of the proposed settlement;
              (d) the necessity for protective or corrective action;
              (e) the prospects for a swift resolution of the matter;
              (f) whether the suspected contravention that is the subject of the proposed settlement was:
              (i) inadvertent; or
              (ii) the result of the conduct of one or more individual officers or employees of the Authorised Person (and their level of seniority);
              (g) whether the person has co-operated with us (e.g. by providing complete information about the conduct or suspected contravention, taking any remedial action);
              (h) whether the settlement will achieve an effective outcome for those who have been adversely affected by the suspected contravention;
              (i) whether the person is likely to comply with the terms of the settlement;
              (j) the person's disciplinary record and compliance history; and
              (k) whether the settlement promotes general deterrence.

          • Form of settlement

            • 5.17.9

              We will generally only settle an enforcement matter on the basis of either:

              (a) a Final Notice setting out the action taken (see paragraph 5.17.10); and/or
              (b) an Enforceable Undertaking (see paragraph 5.17.11).

              A settlement which results in a notice of decision will be documented in the form of a legally enforceable agreement executed by all parties to the settlement.

          • Final Notice

            • 5.17.10

              The outcome of a settlement with us may result in a Final Notice (in accordance with section 251 of FSMR), which promotes consistency of regulatory outcomes and transparency of approach to enforcement decision-making.

          • Enforceable Undertakings

            • 5.17.11

              An Enforceable Undertaking ("EU") is a form of settlement that we may accept, under section 235 of FSMR as an alternative to other remedies available to us to influence behaviour and encourage a culture of compliance.

            • 5.17.12

              An EU involves a written undertaking from a person against whom action could be taken under the FSMR or any Rules made under the FSMR, to do or refrain from doing a specified act or acts. It may, amongst other things, include remedial actions that are not otherwise available under a notice of decision.

            • 5.17.13

              An EU may be offered by a person and accepted by us at any time, either before, during or after an investigation, the making of a decision or the commencement of proceedings in the court. Entry into an EU is voluntary. We do not have the power to require a person to enter into an EU, nor can a person compel us to accept an EU.

            • 5.17.14

              We will generally only consider accepting an EU that we consider to be necessary or desirable in pursuit of our objectives and where the EU contains:

              (a) an admission or acknowledgement of any contraventions or our concerns;
              (b) undertakings addressing our concerns; and
              (c) an agreement to make the EU public, and
              (d) an agreement not to make public statements conflicting with the spirit of the EU.

            • 5.17.15

              A person offering us an EU may also undertake in the EU to pay a pecuniary penalty and/or our costs, including any costs associated with compliance with the EU.

          • Variation or withdrawal

            • 5.17.16

              Once accepted by us, an EU can only be withdrawn or varied with our consent in writing. We will only consider a request to vary an undertaking if:

              (a) the variation will not alter the spirit of the original undertaking;
              (b) compliance with any one or more terms of the undertaking is subsequently found to be impractical or impossible; or
              (c) there has been a material change in the circumstances which led to the undertaking being given.

          • Compliance with an EU or decision

            • 5.17.17

              If we consider that a person has not complied with a term of the EU or a decision, we may:

              (a) apply to the ADGM Court for appropriate orders;
              (b) publish the fact of the application to the ADGM Court and any subsequent orders of the court; and
              (c) seek the costs of the application.

        • 5.18 5.18 Costs

          • Litigation Costs

            • 5.18.1

              We will generally seek litigation costs orders from the ADGM Court where we have commenced a proceeding and been successful in achieving all or part of the outcome sought.

          • Costs in proceedings before the ADGM Appeals Panel

            • 5.18.2

              The ADGM Appeals Panel, on conclusion of any proceedings before it, may make an order (under section 229(2)€ of the FSMR) requiring a party to the appeal to pay a specified amount, being all or part of the costs of the proceedings, including those of any party to the proceedings.

          • Investigation Costs

            • 5.18.3

              Where a person is found by the Court to have contravened the FSMR or Rules, the ADGM Court may order that person to pay or reimburse us in respect of the whole or a specified part of the costs and expenses of the investigation, including the remuneration of a Person involved in the investigation.

        • 5.19 5.19 Step 5 — Conclusion of an investigation

          • 5.19.1

            We will conclude an investigation when:

            (a) we have decided to take no further action in response to the suspected contraventions which are the subject of the investigation (due to, for example, insufficiency of evidence); or
            (b) all remedies and obligations resulting from an investigation are concluded and fulfilled.

        • 5.20 5.20 Publicity

          • Publicity of enforcement actions

            • 5.20.1

              We will generally publish, in a manner we consider appropriate and proportionate, information and statements relating to enforcement actions, including public censures and any other relevant matters. The publication of enforcement outcomes is consistent with our commitment to open and transparent processes and our objectives.

            • 5.20.2

              In all cases we retain the discretion to take a different course of action, where it furthers our ability to achieve our objectives or is otherwise in the public interest to do so. For example, if we issue a private warning, rather than taking formal action, we may decide not to publish this if it furthers our ability to achieve our objectives. Please refer to paragraph 5.11 for further details about how we use private warnings.

          • Commencement and conclusion of investigations

            • 5.20.3

              We will generally not publish information about the commencement, conduct or conclusion of the investigative phase of our enforcement actions.

            • 5.20.4

              Where we do publish the fact that we are conducting an investigation and no enforcement action results, we may issue a press release confirming the conclusion of the investigation and that no action is to be taken.

          • Commencement of proceedings

            • 5.20.5

              We expect to publish information about the commencement or hearing of enforcement proceedings, unless otherwise required not to by the relevant body or it is not in the public interest to do so and would not achieve our objectives.

        • Disclosure of decisions

          • 5.21 5.21 Executive Decisions

            • 5.21.1

              We will generally make public any enforcement administrative decision made by our Executive and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Regulatory Committee has expired or appeal process has come to an end, unless it is not in the public interest to do so and would not achieve our objectives.

            • The Regulatory Committee's Decisions

              • 5.21.2

                We will generally make public any decision made by the ADGM Regulatory Committee and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Appeals Panel has expired or appeal process has come to an end, unless otherwise required not to by the ADGM Regulatory Committee, or it is not in the public interest to do so and would not achieve our objectives.

            • Appeals Panel or Court Decisions

              • 5.21.3

                FSMR requires all ADGM Appeals Panel hearings to be heard in public unless the Appeals Panel orders otherwise or its rules of procedure provide otherwise. The Appeals Panel may exercise its discretion not to make public any decisions it may make. Where it does determine to publish a decision or interim decision, the Appeals Panel will publish these on its website.

              • 5.21.4

                Following hearings and decisions by the ADGM Appeals Panel, we expect to make timely public disclosure of the Appeals Panel's decisions, including any interim decisions, unless otherwise ordered.

              • 5.21.5

                Decisions made by the ADGM Courts will be publicised by us in a timely manner, unless ordered otherwise.

              • 5.21.6

                This approach is adopted on the basis that any delay in disclosure may hinder and unfairly prejudice us in achieving some of our primary objectives. For example, non-disclosure may potentially prejudice users and prospective users of financial services in the ADGM if they are acting unaware of facts known in the enforcement action.

            • Disclosure of settled enforcement actions

              • 5.21.7

                We expect to disclose publicly the outcome of any settlement of an enforcement action, including the notice of decision or EU, to ensure all stakeholders and the general public are clearly informed of the outcome.

              • 5.21.8

                Settlement agreements which result in a Final Notice or an EU will result in the publication of the relevant notice of decision or EU on our website as well as an associated press release.

              • 5.21.9

                We may be ordered, or required by law, not to publish information regarding a settlement. For example, disclosure may not occur if a third party has commenced proceedings in the courts in respect of the same conduct and the publication of the undertaking or settlement may prejudice that party's case in the courts. However, simply because a third party has commenced proceedings does not preclude us from publishing our settlements, including the notice of decision or EU.

            • Content and mode of publication

              • 5.21.10

                Where appropriate, we may comment publicly on investigations, enforcement actions and other formal regulatory decisions publishing final notices of regulatory decision, EUs or other enforcement actions. In doing so, we will take into account:

                (a) any privileged or sensitive information when considering the content of our publications; and
                (b) the possibility that any publication may potentially affect the rights of a third party and, if so, will endeavour to give that third party notification of the publication and an opportunity to make representations on the publication.

              • 5.21.11

                Publication may take any one or more forms including a media release, a statement on our website or any other forums as determined suitable by us.

      • 6. 6. Penalty Guidance

        • 6.1 6.1 Approach to imposing a penalty

          • 6.1.1

            This chapter sets out the matters that will be taken into account by us when determining a "penalty", which includes a financial penalty, public censure or any other enforcement action.

          • 6.1.2

            We may also refer to matters described in this chapter when determining an appropriate penalty in settlement agreements, including an EU.

        • 6.2 6.2 Deciding to take action

          • 6.2.1

            When determining a penalty, we will consider all relevant facts and circumstances, including the factors listed below that may be relevant for this purpose:

            (a) our objectives;
            (b) the deterrent effect of the penalty on:
            (i) persons that have committed or may commit the contraventions; and
            (ii) other persons that have committed or may commit similar contraventions;
            (c) the nature, seriousness, duration and impact of the contravention, including:
            (i) whether the contravention was deliberate or reckless;
            (ii) the duration and frequency of the contravention;
            (iii) whether the contravention reveals serious or systemic weaknesses of the management systems or internal controls relating to all or part of a person's business;
            (iv) the impact (actual or potential) of the contravention on the orderliness of markets, including whether confidence in those markets has been damaged or put at risk;
            (d) if the contravention involved a number of persons, the degree of involvement and specific role of each Person;
            (e) the benefit gained (whether direct or indirect, pecuniary or non-pecuniary) or loss avoided as a result of the contravention;
            (f) the conduct of the person after the contravention, including:
            (i) how quickly, effectively and completely the person brought the contravention to our attention;
            (ii) the degree of cooperation the person showed during the investigation of the contravention;
            (iii) any remedial steps the person has taken in respect of the contravention;
            (iv) the likelihood that the same type of contravention (whether on the part of the person or others) will recur if no action is taken;
            (v) the nature and extent of any false or inaccurate information given by the person and whether the information appears to have been given in an attempt to knowingly mislead us;
            (g) the difficulty in detecting and investigating the contravention that is the subject of the penalty;
            (h) whether the person committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
            (i) the disciplinary record and compliance history of the person on whom the penalty is imposed, including whether we have taken any previous disciplinary action against the person;
            (j) where the person reasonably believed that their behaviour did not amount to a contravention and whether they undertook reasonable precautions and diligence to avoid committing such a contravention;
            (k) whether the person acted in accordance with our guidance and other published materials;
            (l) action taken by us in previous similar cases; and
            (m) action taken by other domestic or international regulatory authorities. Where other regulatory authorities propose to take action in respect of the contravention which is under consideration by us, or one similar to it, we will consider whether the other authority's action would be adequate to address our concerns, or whether it would be appropriate for us to take our own action.

          • Actions against Approved Persons and Recognised Persons

            • 6.2.2

              In addition to the general factors listed in paragraph 6.2.1, there are some additional considerations that may be relevant when we decide whether to take action against an Approved or Recognised Person. The list is not exhaustive; not all of these factors may be applicable in a particular case, and there may be other factors, not listed that are relevant. The factors include:

              (a) the approved or recognised person's position and responsibilities. We may take into account the responsibility of those exercising important functions in the firm. The more senior the person responsible for the misconduct, the more seriously we are likely to view the misconduct, and the more likely it is to take action against the Approved or Recognised Person;
              (b) whether disciplinary action against the firm rather than the person would be a more appropriate regulatory response; and
              (c) whether disciplinary action would be a proportionate response to the nature and seriousness of the contravention by the person.

        • 6.3 6.3 Financial penalty, public censure or other enforcement action

          • 6.3.1

            We will consider all the relevant circumstances of the case when deciding whether to impose a financial penalty, or other enforcement action. As such, the factors set out in paragraph 6.2 are not exhaustive. Not all of the factors may be relevant in a particular case and there may be other factors, not listed, that are relevant.

          • 6.3.2

            The criteria for determining whether it is appropriate to issue a public censure or other enforcement action (rather than impose a financial penalty) include those factors that we will consider in determining the amount of a financial penalty, as set out in paragraphs 6.5 to 6.7. In particular, considerations that may be relevant when we determine the penalty are:

            (a) whether deterrence may be effectively achieved by issuing a public censure;
            (b) whether the person has brought the contravention to our attention;
            (c) whether the person has admitted the contravention and provides full and immediate co-operation to us, and takes steps to ensure that those who have suffered loss due to the contravention are fully compensated for those losses; and
            (d) our approach to previous similar cases — we will aim for a consistent approach.

          • 6.3.3

            Some particular considerations that may be relevant when we determine whether to issue a financial penalty rather than impose a public censure or other enforcement action are:

            (a) if the person has made a profit or avoided a loss as a result of the contravention, on the basis that a person should not be permitted to benefit from its contravention;
            (b) if the contravention is more serious in nature or degree, on the basis that the sanction should reflect the seriousness of the contravention; other things being equal, the more serious the contravention, the more likely we are to impose a financial penalty; and
            (c) if the person has a poor disciplinary record or compliance history, on the basis that it may be particularly important to deter future cases.

        • 6.4 6.4 Determining the appropriate level of financial penalty

          • 6.4.1

            Our penalty-setting regime is based on three principles:

            (a) disgorgement: a firm or individual should not benefit from any contravention;
            (b) sanction: a firm or individual should be penalised for wrongdoing; and
            (c) deterrence: any penalty imposed should deter the firm or individual who committed the contravention, and others, from committing further or similar contraventions.

          • 6.4.2

            The total amount payable by a person subject to enforcement action may be made up of two elements:

            (a) disgorgement of the benefit received as a result of the contravention; and
            (b) a financial penalty reflecting the seriousness of the contravention.

          • 6.4.3

            These elements are incorporated in a five-step framework, which can be summarised as follows:

            (a) Step 1: the removal of any economic benefit derived from a contravention;
            (b) Step 2: the determination of a figure which reflects the seriousness of the contravention;
            (c) Step 3: an adjustment made to the step 2 figure to take account of any aggravating and mitigating circumstances;
            (d) Step 4: an adjustment made to the step 3 figure, where appropriate, to ensure that the penalty has an appropriate deterrent effect; and
            (e) Step 5: if applicable, an adjustment for cooperation/early settlement may be made.

          • 6.4.4

            These steps will apply in all cases, although the details of Steps 1 to 4 will differ for cases against firms (paragraph 6.5), and cases against individuals (paragraph 6.6).

          • 6.4.5

            The lists of factors and circumstances in paragraphs 6.5 and 6.6 are not exhaustive. Not all of the factors or circumstances listed will necessarily be relevant in a particular case and there may be other factors or circumstances not listed which are relevant.

          • 6.4.6

            We will not, in determining our policy with respect to the amount of penalties, take account of expenses which we incur, or expect to incur, in discharging its functions.

        • 6.5 6.5 Financial penalties imposed on a firm

          • Step 1: Disgorgement

            • 6.5.1

              We will seek to deprive a firm of the economic benefits derived from a contravention (which may include the profit made or loss avoided) where it is practicable to quantify this.

          • Step 2: The seriousness of the contravention

            • 6.5.2

              We will determine a financial penalty figure that reflects the seriousness of the contravention, taking into the following factors:

              (a) factors relating to the impact of a contravention;
              (b) factors relating to the nature of a contravention;
              (c) factors tending to show whether a contravention was deliberate; and
              (d) factors tending to show whether a contravention was reckless.

            • 6.5.3

              Factors relating to the impact of a contravention committed by a firm include:

              (a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the firm from the contravention;
              (b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;
              (c) the loss or risk of loss caused to individual clients, investors or other market users;
              (d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;
              (e) the distress or inconvenience caused to clients; and
              (f) whether the contravention had an adverse effect on the orderliness of, or confidence in, markets and, if so, how serious that effect was.

            • 6.5.4

              Factors relating to the nature of a contravention by a firm include:

              (a) the nature of the FSMR or Rules contravened;
              (b) the frequency of the contravention;
              (c) whether the contravention revealed serious or systemic weaknesses in the firm's procedures or in the management systems or internal controls relating to all or part of the firm's business;
              (d) whether the firm's senior management were aware of the contravention;
              (e) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;
              (f) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;
              (g) whether the firm failed to conduct its business with integrity; and
              (h) whether the firm, in committing the contravention, took any steps to comply with the FSMR and Rules, and the adequacy of those steps.

            • 6.5.5

              Factors tending to show the contravention was deliberate include:

              (a) the contravention was intentional, in that the firm's senior management, or a responsible individual, intended, could reasonably have foreseen, or foresaw that the likely or actual consequences of their actions or inaction would result in a contravention;
              (b) the firm's senior management, or a responsible individual, knew that their actions were not in accordance with the firm's internal procedures;
              (c) the firm's senior management, or a responsible individual, sought to conceal their misconduct;
              (d) the firm's senior management, or a responsible individual, committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
              (e) the firm's senior management, or a responsible individual, were influenced to commit the contravention by the belief that it would be difficult to detect; and
              (f) the contravention was repeated.

            • 6.5.6

              Factors tending to show the contravention was reckless include:

              (a) the firm's senior management, or a responsible individual, appreciated that there was a risk that their actions or inaction could result in a contravention and failed to adequately mitigate that risk; and
              (b) the firm's senior management, or a responsible individual, were aware that there was a risk that their actions or inaction could result in a contravention but failed to check if they were acting in accordance with the firm's internal procedures.

          • Step 3: Mitigating and aggravating factors

            • 6.5.7

              We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

            • 6.5.8

              The following list of factors may have the effect of aggravating or mitigating the contravention:

              (a) the conduct of the firm in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);
              (b) the degree of cooperation the firm showed during the investigation of the contravention to us, or any other regulatory authority allowed to share information with us;
              (c) where the firm's senior management were aware of the contravention or of the potential for a contravention, whether they took any steps to stop the contravention, and when these steps were taken;
              (d) the nature, timeliness and adequacy of the firm's responses to any supervisory interventions by us and any remedial actions proposed or required by us;
              (e) whether the firm has arranged its resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;
              (f) whether the firm had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;
              (g) whether the firm had previously undertaken not to perform a particular act or engage in particular behaviour;
              (h) whether the firm concerned has complied with any requirements or rulings of another regulatory authority relating to the contravention;
              (i) the previous disciplinary record and general compliance history of the firm;
              (j) action taken against the firm by other domestic or international regulatory authorities that is relevant to the contravention in question;
              (k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials; and
              (l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention.

          • Step 4: Adjustment for deterrence

            • 6.5.9

              If we consider the figure arrived at after Step 3 is insufficient to deter the firm or person who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:

              (a) where we consider the absolute value of the financial penalty too low in relation to the contravention to meet our objective of credible deterrence;
              (b) where our previous action in respect of similar contravention has failed to improve industry standards;
              (c) where we consider it is likely that similar contraventions will be committed by the firm or by others in the future in the absence of such an increase to the financial penalty; and
              (d) where we considers that the likelihood of the detection of such a contravention is low.

          • Step 5: Adjustment for cooperation/early settlement

            • 6.5.10

              We and the firm upon whom a financial penalty is to be imposed may seek to agree the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the firm's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the firm concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.

        • 6.6 6.6 Financial penalties imposed on an individual

          • Step 1: Disgorgement

            • 6.6.1

              We will seek to deprive an individual of the economic benefits derived from the contravention (which may include the profit made or loss avoided) where it is possible to quantify this. We will ordinarily also charge interest on the benefit.

          • Step 2: The seriousness of the contravention

            • 6.6.2

              We will determine a financial penalty figure that reflects the seriousness of the contravention. In determining such a figure, we will take into account the following factors relating to:

              (a) the impact of the contravention;
              (b) the nature of the contravention;
              (c) whether the contravention was deliberate; and
              (d) whether the contravention was reckless.

            • 6.6.3

              Factors relating to the impact of a contravention committed by an individual include:

              (a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the individual from the contravention;
              (b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;
              (c) the loss or risk of loss caused to individual clients, investors or other market users;
              (d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;
              (e) the distress or inconvenience caused to clients; and
              (f) whether the contravention had an adverse effect on orderliness of, or confidence in, markets and, if so, how serious that effect was.

            • 6.6.4

              Factors relating to the nature of a contravention by an individual include:

              (a) the nature of the FSMR or Rules contravened;
              (b) the frequency of the contravention;
              (c) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;
              (d) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;
              (e) whether the individual failed to act with integrity or abused a position of trust;
              (f) whether the individual committed a contravention of any professional code of conduct;
              (g) whether the individual caused or encouraged other individuals to commit contraventions;
              (h) whether the individual held a prominent position within the industry;
              (i) whether the individual is an experienced industry professional;
              (j) whether the individual held a senior position with the firm;
              (k) the extent of the responsibility of the individual for the product or business areas affected by the contravention, and for the particular matter that was the subject of the contravention;
              (l) whether the individual acted under duress; and
              (m) whether the individual took any steps to comply with Regulatory rules, and the adequacy of those steps.

            • 6.6.5

              Factors tending to show the contravention was deliberate include:

              (a) the contravention was intentional, in that the individual intended, could reasonably have foreseen or foresaw that the likely or actual consequences of his actions or inaction would result in a contravention;
              (b) the individual intended to benefit financially from the contravention, either directly or indirectly;
              (c) the individual knew that his actions were not in accordance with his firm's internal procedures;
              (d) the individual sought to conceal his misconduct;
              (e) the individual committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
              (f) the individual was influenced to commit the contravention by the belief that it would be difficult to detect;
              (g) the individual knowingly took decisions relating to the contravention beyond his field of competence; and
              (h) the individual's actions were repeated.

            • 6.6.6

              Factors tending to show the contravention was reckless include:

              (a) the individual appreciated there was a risk that his actions or inaction could result in a contravention and failed to adequately mitigate that risk; and
              (b) the individual was aware there was a risk that his actions or inaction could result in a contravention but failed to check if he was acting in accordance with the firm's internal procedures.

          • Step 3: Mitigating and aggravating factors

            • 6.6.7

              We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

            • 6.6.8

              The following list of factors may have the effect of aggravating or mitigating the contravention:

              (a) the conduct of the individual in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);
              (b) the degree of co-operation the individual showed during the investigation of the contravention by us, or any other regulatory authority allowed to share information with us;
              (c) whether the individual took any steps to stop the contravention, and when these steps were taken;
              (d) any remedial steps taken since the contravention was identified, including whether these were taken on the individual's own initiative or that by us or another regulatory authority;
              (e) whether the individual has arranged his resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;
              (f) whether the individual had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;
              (g) whether the individual had previously undertaken not to perform a particular act or engage in particular behaviour;
              (h) whether the individual has complied with any requirements or rulings of another regulatory authority relating to the contravention;
              (i) the previous disciplinary record and general compliance history of the individual;
              (j) action taken against the individual by other domestic or international regulatory authorities that is relevant to the contravention in question;
              (k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials;
              (l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention; and
              (m) whether the individual agreed to undertake training subsequent to the contravention.

          • Step 4: Adjustment for deterrence

            • 6.6.9

              If we consider the figure arrived at after Step 3 is insufficient to deter the individual who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:

              (a) where we considers the absolute value of the penalty too small in relation to the contravention to meet our objective of credible deterrence;
              (b) where our previous action in respect of similar contraventions has failed to improve industry standards. This may include similar contraventions relating to different products;
              (c) where we consider it is likely that similar contraventions will be committed by the individual or by other individuals in the future; and
              (d) where we consider that the likelihood of the detection of such a contravention is low.

          • Step 5: Adjustment for cooperation/ early settlement

            • 6.6.10

              We and the individual on whom a penalty is to be imposed may seek to agree on the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the individual's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the individual concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.

        • 6.7 6.7 Serious financial hardship

          • 6.7.1

            Our approach to determining financial penalties described in paragraphs 6.5 and 6.6 is intended to ensure that financial penalties are proportionate to the contravention. We recognise that financial penalties may affect Persons differently, and that we should consider whether a reduction in the proposed financial penalty is appropriate, including if such penalty would cause the subject of enforcement action serious financial hardship.

          • 6.7.2

            Where an individual or firm claims that payment of the financial penalty proposed by us will cause them serious financial hardship, we will consider whether to reduce the proposed financial penalty only if:

            (a) the individual or firm provides verifiable evidence that payment of the financial penalty will cause them serious financial hardship;
            (b) the individual or firm provides full, frank and timely disclosure of the verifiable evidence, and co-operates fully in answering any questions asked by us about their financial position; and
            (c) the onus is on the individual or firm to satisfy us that payment of the financial penalty will cause them serious financial hardship.

          • Individuals

            • 6.7.3

              In assessing whether a financial penalty would cause an individual serious financial hardship, we will consider the individual's ability to pay the financial penalty over a reasonable period, including agreeing to payment of the financial penalty by instalments where the individual requires time to realise his assets, for example, by waiting for payment of a salary or by selling property.

          • Firms

            • 6.7.4

              We will consider reducing the amount of a financial penalty if a firm will suffer serious financial hardship as a result of having to pay the entire financial penalty. In deciding whether it is appropriate to reduce the financial penalty, we will take into consideration the firm's financial circumstances, including whether the financial penalty would render the firm insolvent or threaten the firm's solvency. We will also take into account our statutory objectives, for example, in situations where clients would be harmed or market confidence would suffer. We may also consider if it is appropriate to reduce a financial penalty in order to allow a firm to continue in business and/or pay redress.

            • 6.7.5

              There may be cases where, even though the individual or firm has satisfied us that payment of the financial penalty would cause serious financial hardship, we consider the contravention to be so serious that it is not appropriate to reduce the financial penalty. We will consider all the circumstances of the case in determining whether this course of action is appropriate, including whether:

              (a) the individual or firm directly or indirectly derived an economic benefit from the contravention and, if so, the extent of that economic benefit;
              (b) the individual or firm acted fraudulently or dishonestly with a view to personal gain;
              (c) previous action by us in respect of similar contraventions has failed to improve industry standards; or
              (d) the individual or firm has spent money or dissipated assets in anticipation of enforcement action with a view to frustrating or limiting the impact of action taken by us or other authorities.

          • Withdrawal of authorisation or registration

            • 6.7.6

              We may withdraw a firm's Financial Services Permission, or the status of an Approved or Recognised Person or Principal Representative, as well as impose a financial penalty. Such action by us does not affect our assessment of the appropriate financial penalty in relation to a contravention.

            • 6.7.7

              However, the fact that we have withdrawn such Financial Services Permission or registration, as a result of which the firm or individual may have less earning potential, may be relevant in assessing whether the financial penalty will cause the firm or individual serious financial hardship.

        • 6.8 6.8 Adjustment for cooperation/early settlement

          • 6.8.1

            It is our policy to encourage and recognise cooperation. A cooperative approach to dealing with us will be taken into consideration when assessing what type of enforcement action to pursue and/or what remedy we will seek. Cooperation can take many forms, including but not limited to:

            (a) self-reporting any misconduct to us and disclosing all the relevant information;
            (b) assisting us voluntarily during the investigation;
            (c) admitting any misconduct that the person or firm had committed or was involved in committing.

          • 6.8.2

            For the avoidance of doubt, merely fulfilling the person's or firms legal obligations will not be considered as cooperation for the purpose of assessing any adjustment to the financial penalties imposed on a firm or an individual.

          • 6.8.3

            Subject to enforcement action, we may be prepared to agree on the amount of any financial penalty, and other conditions which we seek to impose by way of such action, for example, the amount or mechanism for the payment of compensation to consumers. We recognise the benefits of such agreements, in that they offer the potential for securing earlier redress or protection for clients and the saving of cost to the Person concerned, and us, in contesting the financial penalty. The financial penalty that might otherwise be payable, in respect of a contravention by the person concerned, may, therefore, be reduced to reflect the timing of any settlement agreement.

          • 6.8.4

            In appropriate cases our approach may be to negotiate with the person concerned to agree in principle on the amount of a financial penalty having regard to our policy as set out in Chapter 5 of this document. Where part of a proposed financial penalty specifically equates to the disgorgement of profit accrued or loss avoided, then the percentage reduction will not apply to that part of the financial penalty.

      • 7. 7. Decision Making

        • 7.1 7.1 Introduction

          • 7.1.1

            This chapter sets out our general approach to making decisions when exercising our discretionary powers.

        • 7.2 7.2 Who can exercise our powers?

          • 7.2.1

            Our powers can be exercised by the Chief Executive or any delegate of the Chief Executive, including:

            (a) to any employee to whom the Chief Executive has delegated his powers ("Regulatory officer"); and
            (b) to any panel or committee established by the Chief Executive for the purpose of making decisions; or
            (c) to any other delegated person.

        • 7.3 7.3 Our general approach to decision-making

          • Natural Justice and Procedural fairness principles

            • 7.3.1

              Our approach to decision-making is based on observance of natural justice and the procedural fairness principles, by:

              (a) acting without bias or conflict of interest;
              (b) giving the Person an opportunity to present his case; and
              (c) taking into account only those considerations which are relevant to the matter to be decided upon.

          • Acting without bias or conflict of interest

            • 7.3.2

              A decision maker called upon to make a decision is expected to act impartially in doing so. If the decision maker has a vested financial or personal interest in the matter, a conflict of interest may arise that prevents an impartial or unbiased decision being made. A decision maker who does have a financial or other personal interest in the matter is required to disclose this interest and, if the interest is material, would not be the decision maker in relation to that matter.

            • 7.3.3

              We may refer an executive decision to the ADGM Regulatory Committee for determination under section 225(5) of the FSMR in order to avoid the risk of bias or conflict of interest affecting any such decision.

          • Relevant considerations

            • 7.3.4

              The decision maker is expected to take into account all and only those considerations which are relevant to the matter to be decided upon. This requires the decision maker to:

              (a) ensure that it has all the material information that is necessary to be able to make the relevant decision (and, if necessary, obtain further information, including from any third party sources);
              (b) disregard any irrelevant information; and
              (c) have the relevant power to make the decision.

            • 7.3.5

              To meet its procedural fairness obligations, the key elements to our approach to decision-making include:

              (a) having adequate systems and controls to ensure that those making decisions on our behalf are impartial and not affected by conflicts of interests that may affect their decisions;
              (b) giving a person in respect of whom we propose to make a decision (in this Chapter, the "affected person") advance notice about our proposed action (with the exception of cases when we may take immediate action because any delay resulting from advance notice would be prejudicial to the interests of direct or indirect users of financial services in the ADGM or otherwise prejudicial to the interests of the ADGM);
              (c) giving the affected person clear reasons why we propose to take the relevant action;
              (d) giving the affected person a suitable opportunity to make representations (in person and in writing) with regard to the our proposed action;
              (e) taking into account any representations made by, or on behalf of, the affected person before making a final decision, i.e. making any consequential changes to the proposed action given the representations made or other additional material available to us, as appropriate;
              (f) taking into account only those considerations which are relevant to the matter to be decided upon;
              (g) giving, without undue delay, the affected person a clear statement in writing of our final decision, the reasons for that decision and the effective date;
              (h) informing the affected person what rights of review that person has in respect of our decision, and within what period those rights of review must be exercised; and
              (i) having in place adequate mechanisms to enable the affected person to have our decision properly and impartially reviewed.

            • 7.3.6

              In certain circumstances, including:

              (a) the issuing of a stop order under section 71 of FSMR; and
              (b) suspension of a Listed Entity's Securities from the Official List under section 180 of FSMR,

              We do not have to give an affected person advance notice of our proposed action and a right for that person to make prior representations before we make our final decision.

              In such circumstances, we are still obliged to give the affected person a right of representation within 14 days (or other longer period as may be agreed) from the date on which the decision is made and communicated to the affected person. We are obliged to consider any representations made by, or on behalf of, the affected person during that period.

            • 7.3.7

              Where a right to make representations is exercised by an affected person, we will communicate to the affected person whether we confirm our original decision, or otherwise we vary or withdraw that decision, given the representations made.

            • 7.3.8

              Where no representations are made by, or on behalf of, the affected person during the relevant period, our original decision will remain in effect and will be confirmed.

          • Categories of decisions

            • 7.3.9

              The decisions which are made by us fall into three broad categories:

              (a) decisions which are subject to the procedures in Part 21 of the FSMR ("Part 21 Decisions") e.g. a decision to cancel the Financial Services Permission of an Authorised Person or to revoke the recognition of a Recognised Body;
              (b) decisions which are not subject to the procedures set out in Part 21 of the FSMR ("Non Part 21 Decisions") e.g. the rejection of a new Controller of an Authorised Person; and
              (c) routine operational decisions that do not affect the rights, interests and liabilities of a person ("Operational Decisions") e.g. a decision to commence an investigation against a person.

        • 7.4 7.4 Part 21 Decisions

          • 7.4.1

            Where, on our own initiative, we propose to:

            (a) impose a public censure or financial penalty;
            (b) cancel the Financial Services Permission of an Authorised Person firm;
            (c) revoke the recognition of a Recognised Body; or
            (d) withdraw the approval of an Approved Person,

            the procedures must be exercised according to what is set out in Part 21 of the FSMR.

          • 7.4.2

            To facilitate a consistent approach to decision-making, Part 21 of the FSMR sets out the steps we are required to follow in relation to Part 21 Decisions.

          • 7.4.3

            The procedures set out in Part 21 are designed to ensure procedural fairness by giving:

            (a) advance notice of our proposed decision (the Warning Notice), except in the cases referred to in paragraph 7.5 and 7.6 and the reasons for proposing to make such a decision;
            (b) an opportunity to make representations relating to the proposed decision;
            (c) our final decision (the Decision Notice) and the reasons for that decision, including any changes made to the preliminary decision, taking into account any representations made for, or on behalf of, the affected person; and
            (d) notice of the affected person's right to have our decision reviewed by the Regulatory Committee, including the period within which that right can be exercised.

          • 7.4.4

            Prior to any issue of a Warning Notice, we will notify the person concerned and provide an opportunity to present enquiries and make representations, provided this would not result in a tip-off, prejudice the exercise of our powers or otherwise jeopardise our objectives.

            Figure 1: the Regulator's Decision Making Process for Part 21 Decisions

        • 7.5 7.5 Non Part 21 Decisions

          • 7.5.1

            Certain decisions are not subject to the procedures set out in Part 21 of the FSMR — for example our powers relating to Controllers of regulated firms and the power to approve or reject the Business Rules of a Recognised Body.

        • 7.6 7.6 Operational decisions

          • 7.6.1

            The remaining decisions, such as decisions made as part of our day-to-day supervision of regulated firms, do not invoke the procedures in Part 21 of the FSMR. Examples of these operational decisions include decisions to:

            (a) obtain additional information from an Authorised Person;
            (b) disclose information about an Authorised Person to a Non-ADGM Financial Services Regulator;
            (c) issue a risk mitigation plan stemming from any supervisory concerns identified in the course of firm visit; or
            (d) commence an investigation.

          • 7.6.2

            Operational decisions are generally not reviewable by the ADGM Regulatory Committee. In making these decisions, we are still subject to overarching administrative law principles of acting in good faith and acting in a proportionate and reasonable manner.

        • 7.7 7.7 The Regulatory Committee

          • 7.7.1

            Section 225(1) of FSMR provides that all of our decisions that may affect the rights or liabilities of a person or otherwise adversely affect the interests of a person (except operational decisions) may be referred to the ADGM Regulatory Committee for review. Upon a referral, the Regulatory Committee (which is independent of us) is required to conduct a full merits review of our decision.

          • 7.7.2

            To enable an affected person to exercise properly and effectively his right to have our original decision referred to the Regulatory Committee, we will provide to such a person a Decision Notice specifying:

            (a) our decision and the reasons for making that decision;
            (b) the date on which the decision is to take effect; and
            (c) the person's right to seek a review of the decision by the Regulatory Committee; and
            (d) by when the right referred to in paragraph (c) has to be exercised.

        • 7.8 7.8 The Appeals Panel

          • 7.8.1

            Any decision, order or direction made by the Regulatory Committee may in turn be referred to the Appeals Panel for review by the person in respect of whom the decision was made or by us, in accordance with section 228(1) of FSMR. A second full merits review may then be conducted by the Appeals Panel.

          • 7.8.2

            Decisions of the Appeals Panel may only be reviewed on judicial review basis. An application for judicial review of a decision of the Appeals Panel may be made to the ADGM Court on the grounds that the decision is wrong in law or is in excess of the Appeal Panel's jurisdiction.

      • 8. 8. Waivers And Modification

        • 8.1 8.1 Introduction

          • 8.1.1

            Part 2 chapter 2 of FSMR provides for the modification or waiver of Rules by us.

          • 8.1.2

            This chapter outlines our approach to evaluating applications to grant relief from the requirements imposed by the Rules, by either waiving or modifying the application of one or more Rules. Our powers to waive or modify the requirements imposed by ADGM legislation do not extend to regulations such as the FSMR.

          • 8.1.2

            To waive the application of a Rule is to give relief to a Person from the entire obligation contained in that Rule. A modification can either modify the way in which a Person can comply with an obligation in a Rule or can give relief from part of the obligation in a Rule. A detailed description of the process to seek a waiver or modification of the Rules may be found in Rule 8.2 of the GEN Rules.

        • 8.2 8.2 Power to issue relief

          • 8.2.1

            We may, on the application or with the consent of a Authorised Person or Recognised Body, direct that a Rule:

            (a) does not apply to a person; or
            (b) does apply to a person but with such modifications as are set out in a notice issued by us for this purpose.

          • 8.2.2

            Waivers and modifications may only be sought by an Authorised Person or Recognised Body, or an applicant seeking such status.

          • 8.2.3

            If an application is successful, we will issue its decision by means of written Direction provided to the applicant.

        • 8.3 8.3 Making an application

          • 8.3.1

            Prior to submitting an application to us, the applicant should contact their assigned supervisory contact to discuss the application.

          • 8.3.2

            If the applicant is not regulated by us at the time of application, contact should be made through our Supervision Division.

          • 8.3.3

            Before making an application, we expect that the applicant will carry out appropriate research on:

            (a) the intention behind the Rule in question and the regulatory outcomes that the Rule aims to achieve;
            (b) whether there are any precedents where we have previously granted relief, or not granted relief, from the Rule in question, including any conditions which may have been imposed; and
            (c) if relief has been granted in the past, the similarities and differences between the cases where relief has previously been granted and the applicant's case.

          • 8.3.4

            All applications for waivers or modifications should be made in such form as we shall prescribe.

          • 8.3.5

            The applicant will need to in its application form address the following:

            (a) set out the reasons for requesting the granting of a waiver or a modification;
            (b) explain the impact of the application of the provisions as it stands on the applicant;
            (c) attach any precedent relief supporting the application which may have been issued;
            (d) identify any risks associated with the relief being sought and how the applicant plans to mitigate such risks; and
            (e) in the case of an application to modify a Rule, propose wording for the modified Rule.

          • 8.3.6

            It is for the applicant to demonstrate a compelling case for granting relief, we do not make decisions lightly. The granting of a waiver or modification, including the specific wording of any modification and any conditions attached to the relief granted, is at our discretion and it will generally only grant relief where there is shown to be an appropriate and necessary reason for doing so.

          • 8.3.7

            On occasion, we may believe that the relief being sought by an applicant may be relevant to, and should be applied to, a number of persons (or a class of persons) similarly affected by the Rule in question. In these circumstances, instead of requiring the affected persons to individually apply for the same relief, we will publish a notice on our website and invite the relevant Persons to "consent" to the "class Waiver" or "class Modification". This is simply done by notifying us that they wish the class Waiver or class Modification apply in relation to their activities.

        • 8.4 8.4 Considering an application

          • 8.4.1

            We will acknowledge receipt of an application for relief and may request further information, potentially including meeting with the applicant to discuss the need for the relief sought. The time taken by us to determine the application will depend upon the complexity of the issues it raises.

          • 8.4.2

            When considering each application, we assess the net regulatory benefit or detriment which would result from granting the relief sought on the conditions proposed and any risks posed by such relief. We will generally grant relief where:

            (a) it has formed the opinion that there is a net regulatory benefit; or
            (b) the regulatory detriment is minimal as the relief sought does not conflict with the policy intent of the Rule and the applicant has demonstrated that the associated risks would be adequately mitigated if relief was granted.

          • 8.4.3

            Relief will be given to overcome the disproportionate effects of Rules in exceptional cases, the anomalous effects of Rules in unique cases for which they were not created, and the unforeseen side effects of Rules.

            For example, changes in international standards may result in unforeseen differences between the Rules and the new standards. While the Rules would ordinarily adapt over time to reflect such changes, an Authorised Person or Recognised Body may seek a waiver or modification of a specific Rule to accommodate the evolution of the international standard. This may also represent a scenario where we may publish a notice to be made available to other affected persons within the ADGM upon their consent. Similarly, where material changes to a Rule may make it impractical for Authorised Persons or a Recognised Body to comply immediately, a request for a temporary waiver or modification may be granted.

          • 8.4.4

            We may impose such conditions on relief as it may see fit, and a notice may specify that the relevant waiver or modification may be available for only a specified period of time, after which time it will cease to apply.

          • 8.4.5

            If we decide not to grant relief, it will give reasons for the decision. An applicant may withdraw its application for relief at any time up until notification of our decision has been given to the applicant. In doing so, the applicant should give reasons for the withdrawal of the application.

        • 8.5 8.5 Publication of waivers and modifications

          • 8.5.1

            We will publish all Directions concerning waivers and modifications unless we are satisfied that it is inappropriate or unnecessary to do so.

          • 8.5.2

            We will publish all Directions concerning waivers and modifications in such a way that we consider appropriate for bringing the notice to the attention of:

            (a) those likely to be affected by it, such as clients of the applicant; and
            (b) others who may be likely to be affected by the same Rule and may seek a similar waiver or modification.

          • 8.5.3

            The principal method of publication of waivers and modifications Directions is by publication on our webpage. The fundamental principle behind publication is transparency. This allows any person dealing with the applicant, for example, its clients and competitors, to know to what extent the relevant provisions apply to the applicant.

          • 8.5.4

            If an applicant believes that it is inappropriate or unnecessary for us to publish the relief, or to publish it after a delay, or without disclosing the identity of the applicant, it should make this clear in its application. Decisions not to grant relief will not be published by us.

        • 8.6 8.6 Withdrawal or variation of waivers and modifications

          • 8.6.1

            Under section 9(5) of the FSMR, we may:

            (a) revoke a Direction; or
            (b) on the application of, or with the consent of, the Person to whom it applies, vary a Direction.

        • 8.7 8.7 Enforcement of waivers and modifications

          • 8.7.1

            If a Direction under section 9 of the FSMR states that a Rule is to apply to the applicant with modifications, then a contravention of the modified provision could lead to us taking enforcement action.

          • 8.7.2

            If relief is given subject to a condition, the relief will not apply to activities conducted in breach of the condition. Further, those activities, if in breach of the original provision, could lead to enforcement action.

        • 8.8 8.8 Expiry and extension of current waivers and modifications

          • 8.8.1

            Where relief has been granted for a limited period of time (see paragraph 9.4.4) it is the responsibility of the Person to whom the notice applies to monitor any expiry date.

          • 8.8.2

            There is no automatic renewal process for any relief granted by us for a limited period of time.

          • 8.8.3

            It is the responsibility of the person to whom a time-limited Direction applies to notify us within a reasonable period in advance of the expiry of the Direction of their intention to apply for an extension of the relief or explain how they intend to comply with the original Rule.

          • 8.8.4

            Notification should be made through the same contact point as described above, namely either the assigned supervisory contact, the dedicated contact portal or the Supervisory Division.

          • 8.8.5

            We will consider every application for extension of the term of the Direction in the same manner as an initial application and will not necessarily grant extensions as a matter of course.

    • Guidance & Policies Manual (GPM)

      Click herehere to view PDF

    • Guidance —Developing and using APIs in ADGM [14 October 2019]

      Click herehere to view PDF

      • INTRODUCTION

        1) This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“the Regulator”), and the Guidance & Policies Manual of the Regulator.
        2) This Guidance is applicable to those considering developing or using “Application Programming Interfaces (APIs)”, including applicants for a Financial Services Permission in ADGM, financial services firms located outside ADGM, and participants in FinTech, RegTech, SupTech1, amongst others.
        3) ADGM encourages Financial Service firms to adopt and promote the use of standardised, “interoperable”2 and trusted Application Programming Interfaces (APIs) in order to create the means to adapt and update in the context of an increasingly complex and changing business environment, and the rapidly evolving needs of customers.
        4) The FSRA encourages a standardised approach to creating, maintaining and governing APIs that will allow the development of innovative financial products and approaches in ADGM that will benefit customers and financial institutions throughout the UAE, the region and further afield. It is the intention of the FSRA to promote experimentation, accelerate implementation of cutting-edge technologies, and speed up industry adoption of customer-focused disruptive ideas, in order to help drive financial inclusion and realise the API economy.
        5) Organisations that create APIs will be able to pivot, adopt new ideas and discard old ones quickly. They will be able to iterate their products to keep up with changes in customer behaviour in a timely manner. Investing in the agile development mind-set, and therefore APIs, can give an organisation a competitive edge. Organisations who commit to building a marketplace to trade and settle discrete, understandable, and valuable APIs will be able to accelerate their realisation of the API economy’s dividends.
        6) To that end this Guidance takes a high level overview of the fundamental elements, standards and considerations that the FSRA deems necessary in providing safe and robust APIs. This Guidance should not restrict the use of APIs; rather, it is there to promote standardised approaches to building and providing APIs, which will be promoted in the ADGM Digital Sandbox.
        7) This Guidance is not an exhaustive source of the Regulator’s policy on the exercise of its statutory powers and discretions. The FSRA is not bound by the requirements set out in this Guidance and may impose additional requirements to address any specific risks posed by APIs/ API developers. The Regulator is not bound by the requirements set out in this Guidance and may modify this Guidance at its discretion where appropriate.
        8) Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (GLO).
        9) For more information please contact the FSRA at FinTech@adgm.com

        1 These terms are used in various ways in the financial services industry. “FinTech” at its broadest incorporates all financial technology. “RegTech” includes those technologies that facilitate compliance with regulations. “SupTech” includes those technologies that facilitate supervision of financial markets and actors.
        2 The API is able to exchange and use information with other APIs, different systems, devices, applications or products to connect and communicate in a coordinated way.

      • BACKGROUND

        10) Advances in new technologies, and maturity of others, have provided opportunities for significant change and disruption to financial services and other related activities globally. Powering this innovation are APIs. APIs can fuel internal innovation, reach new customers, extend products and create vibrant partner ecosystems. APIs by their very nature allow for rapid prototyping, agile development and a fail fast, learn quick culture. They provide a way to share, move and access information previously ring fenced within isolated systems.
        11) “Big Tech” companies3 are opening up access to vast resources and computing power providing access to cutting edge technology, such as machine learning neural networks, blockchain development tools and even quantum computing, that were previously unavailable to the wider market. Additionally, in recent years there has been wide adoption of open-sourced technologies, giving developers suites of tools to create new programmes, systems and networks.
        12) Combined with the ever growing surge of the use of smart phones, consumers are now expecting seamless digital interactions tailored to their own specific needs. Which in turn is giving rise to the ‘Challenger’ or ‘Neo’ banks who are focused on providing customers with personalised ‘experiences’ rather than standard financial products.
        13) These new business models represent a fundamental step in the evolution of the financial services industry and have already disrupted more traditional ways of offering financial services. For example, ‘marketplace banking’ business models, i.e. exposing internal digital business assets or services in the form of APIs to external counterparties, is creating an entirely new ecosystem of banking services predicated on intelligent data management and agility in developing new products. The creation of and broadening of access to new data assets are in turn creating many new opportunities for both incumbent and start-up organisations. Fundamental to the development of this new paradigm is the “API economy4” which facilitates efficient and secure access to data and processes held at different actors within the financial services sector.
        14) However in order to realise an efficient API economy, APIs must be able to ‘talk’ the same language. In recognition of this, several open banking initiatives such as in the UK5, the EU6, Singapore7, Hong Kong8, Australia9 and New Zealand have taken this one step further to maximise interoperability and collaboration, by mandating certain Financial Institutions (FIs) to make data available (in the banking sector, often termed “Open Banking” or “Open Data” in a broader context) according to strict standards, predicated upon API usage.
        15) While the FSRA does not propose that Open Data or APIs are made mandatory it does see them as an integral part of any FIs digital strategy and as such will look to align with international best practices so as to maintain a safe and trusted digital environment.

        3 These include some of the world’s largest multinational technology corporations, e.g. Google, Apple, Facebook and Amazon.

        • Objectives of the API Guidance

          The high level objectives of the API guidance are to promote:
          a. Interoperability - to promote the adoption of globally recognised and accepted standards, to ensure the sustainable growth of the digital economy, interoperability across sectors and connectivity to global markets
          b. Security & Trust – to promote the use of internationally recognised security and governance practices in order to safeguard consumers and the financial services market.
          c. Innovation - to drive and encourage a culture of innovation and competitiveness.
          d. Collaboration - to advance and foster collaboration amongst the financial services and technology ecosystems.

        • What is an API

          16) An API can be seen as a user interface just with different users in mind. Rather than an individual interacting with an application on their smart phone, it is a computer application interacting with another, over the internet or within a private network, using predefined rules described in the API.
          17) Some APIs are designed to enable the query or update of a database, other APIs simply enable a process that has been exposed by one system to be initiated by another. In each API interaction there are the ‘providers’ of the API and the ‘consumers’ of the API:
          •   ‘API Provider’ refers to an organisation that exposes their data or services through APIs;
          •   ‘API Consumer’ refers to any organisation or person who uses an exposed API to access and consume the data or information.
          18) In order for a successful interaction between the API Provider and API Consumer, the terms of their engagement (protocols) have to be pre-defined. Once both parties have agreed this so-called ‘API Contract’, thereby establishing the relevant permissions to connect, then interactions and interoperability can be instantaneous and potentially limitless.

        • The types of APIs

          19) APIs can be classified into to the following three types (although many methodologies for classification exist):
          •   Private APIs – used within an organisation to provide interoperability between internal applications in order to help automation and provide flexibility.
          •   Partner APIs - used to integrate software between a company and its partner, often for a very specific purpose like providing a product or service.
          •   Open APIs - an interface that has been designed to be easily accessible by the wider population where a business relationship is not necessary.
          20) In terms of design and governing rules there are currently two widely-used types of API methodologies in the financial services industry (although as of the date of this Guidance, newer approaches such as GraphQL are emerging and should be considered if they are relevant):
          •   Representational State Transfer (REST); and
          •   Simple Object Access Protocol (SOAP).
          To connect different systems and networks, both approaches can leverage the Hypertext Transfer Protocol (HTTP10), which defines how messages are formatted and transmitted over the internet, and encryption techniques so that the information being passed cannot be read by anyone other than the originator and the intended recipient. However, the two types differ in terms of structure and approach and as such have different applications in mind.
          22) REST is a framework which provides a specific methodology for how to design, build and operate an API which allows an application to use certain commonly-used and standard HTTP operations11. These operations enable one application to retrieve, send, update and remove data from another application12. RESTful APIs can output data in various different formats. These attributes make RESTful APIs easy to adopt, and flexible in connecting systems of different types.
          23) SOAP is another methodology and differs from REST especially in that it only uses one format, XML. SOAP also allows an application to programme another application directly using a wide degree of functions. Given these attributes, and the wide use of the XML standard in financial services, SOAP is like REST a commonly-used API methodology in the industry.
          24) SOAP is often used for transactional operations such as in payment gateways. It was developed in order to enable the API Provider to expose business logic to approved API Consumers so that they could interact safely over any communication protocol being used, usually the internet, in order to initiate a specific automated process.
          25) REST is often used in situations where rapid, wide-scale adoption is a goal, for example mobile apps for social networks or web chat services. It was developed in order to facilitate simpler information sharing in a fast and efficient manner over HTTP only.
          26) The most appropriate type of API style to use will depend on the environment, the project scope, the processes required and the type of information being shared.
          27) A more detailed comparison between the two API design styles can be found in Appendix A.

          11 APIs that use the REST methodology are called “RESTful” APIs
          12 These functions corresponds to the GET, POST, PUT and DELETE commands respectively.

      • REGULATORY REQUIREMENTS

        28) Due to the very nature of collaboration and innovation that an API economy encourages amongst the financial services sector and others, the FSRA’s expectations regarding API Consumers and Providers and maintaining a safe, sound and trusted financial services ecosystem are set out in this Guidance.

        • Anti-Money Laundering

          29) Money Laundering (ML) and Terrorist Financing (TF) are two major risks that threaten economic growth and social stability through the illicit flow of funds and illegal activities. ML and TF pose significant negative impacts on the financial system.
          30) As such the FSRA expects organisations providing or consuming APIs to adhere to the FSRA’s Anti Money Laundering and Countering Financing of Terrorism “AML/CFT” framework at all times and put the appropriate measures in place to mitigate these risks, as well as:
          a) UAE AML/CFT Federal Laws, including the UAE Cabinet Resolution No. (38) of 2014 Concerning the Executive Regulation of the Federal Law No. 4 of 2002 concerning Anti-Money Laundering and Combating Terrorism Financing;
          b) the FSRA AML and Sanctions Rules and Guidance (“AML Rules”) or such other AML rules as may be applicable in ADGM from time to time;
          c) the adoption of international best practices (including FATF Recommendations); and
          d) monitoring national and international sanctions lists.

        • Data Protection

          31) Protecting confidentiality and security of customer data is vital for the stability and reputation of any financial services institution and should not be compromised. As such, organisations are required to comply with the ADGM Data Protection Regime13 and to apply best-practice safeguards for the security and protection of sensitive customer data during transit, processing and storage.
          32) There are also a number of secure hosting standards, e.g. ISO27001, which organisations should adhere to. This standard aids organisations in securing their information and helps implementation of an information security framework that is appropriate to the scale and maturity of the relevant organisation, the services they provide, and the third party suppliers they contract with.
          33) For a list of technical standards that should be considered when providing and consuming APIs, please see Appendices B and C.

        • Third Party Outsourcing

          34) For organisations regulated by the FSRA any issues that may result from the outsourcing including the failure of any third party to meet its obligations are the responsibility of the regulated organisation (GEN 3.3.31, PRU 6.8).
          35) In its assessment of a potential third party service provider, the regulated firm must therefore satisfy itself that the service provider maintains robust processes and procedures regarding the relevant service (including, for example, in relation to the testing and security required in this section on Technology Governance).

      • API REQUIREMENTS

        36) This section is intended to provide guidance on industry best practices around the design, security, maintenance and use of APIs in order to ensure interoperability, resilience and scalability of the API economy that we wish to encourage in ADGM and with other international API implementations.
        37) It is recommended that an organisation should first identify why it wants to develop and provide (or consume) an API, who the stakeholders within the organisation are, who the audience for the API will be, the systems and business processes involved and the actors/system that the API will interact with or replace.

        • Design

          38) All APIs should:
          a. Have platform independence – any web or mobile client should be able to call and interact with the API, regardless of how the API has been implemented internally.
          b. Allow for unhindered API evolution – APIs should flexibly evolve and be able to add functionality independently from other applications using them. As the APIs evolve, the existing applications using them should be unaffected and can continue to function without having to update to the latest version of the API.
          c. Use appropriate data standards – APIs should be using the most relevant data standard that are applicable for the type of data being transacted and the use case it is being applied to. Where there is no fit within an existing data standard organisations may decide their own data specification. However, it should publish the associated definitions using a ‘data dictionary’ in line with industry practices such as those outlined in the Open API Specification or Web Service Definition Language.
          d. Have good data security - It is important to have stringent information security, cyber security and other data related policies/guidelines.
          e. Be complete and concise – an API should be easy to understand and work with, as should be the API contract. Implementing and integrating with it should be a straight forward process.

        • API Documentation

          39) The API documentation (or ‘contract’) describes all aspects of the API in order to enable successful interaction between the API provider and API consumer. As such it should be a concise reference manual containing all the information required to work with the API, with details about the functions, classes, return types, and arguments. The API contract should, where relevant, be supported by tutorials and examples.
          40) At a high level the fundamentals that need to be documented in the API contract in order for both parties to be able to interact are:
          a. The business rules and service agreed between the API Providers and Consumers.
          b. The rules around how each party authenticates themselves before gaining access to the API.
          c. The standards that the API is adhering to including the change management and version control information that the consumer must be aware of.
          d. The design of the API i.e. its structure, the resources (data) that it provides access to and how to interact with the API to obtain them.
          e. The certification, on-boarding and acceptance of the API consumer from the API.
          41) As such the API contract should also include the following content (but not be limited to):
          •   sampling code and example responses
          •   rules on information handling, incident management and risk management
          •   method of authentication (and how it impacts service interoperability, single sign-on, and rate-limiting)
          •   design changes (recent and planned) and versioning information
          •   availability, latency, ownership, depreciation policies and status capability
          •   approach to backwards compatibility
          •   guidance on configuring the API to make sure any relevant governance frameworks are followed
          •   the open data standards used
          •   security information
          •   cost of use of the APIs, if applicable
          •   support that will be provided to the consumer of the API

        • Security

          42) Most important of all the considerations for organisations providing and consuming APIs is the security measures that are deployed, which must comply with network security best practices. Updates and patches to all systems, particularly security systems, should be performed as soon as safely feasible after such updates and patches have been released. The following sections set out the main risk areas and mitigations for these that, in the opinion of the FSRA, need to be taken into account.
          43) As a general rule organisations providing and using APIs should also ensure that all parties that they are engaging with:
          •   Use access tokens to establish trusted identities and control access to the services and resources.
          •   Encryption and signatures are employed as standard.
          •   Quotas and throttling are in place that determine how often APIs can be called. For example, more calls on an API may indicate that there is a Denial-of-Service attack. Or it could also be a programming mistake such as calling the API in an endless loop.
          •   API traffic is enforced using an API gateway that allows authentication as well as control.
          44) For more detailed technology standards that should be employed please see Appendix B.

          • Cyber security

            45) As APIs are another entry or exit point for an attack on an organisation, the API security strategy must include the following cybersecurity mitigations (but not be limited to):
            •   Strong firewall defences
            •   Vulnerability and threat management
            •   Antivirus and malware protection
            •   Denial of Service (DoS) or Distributed Denial of Service (DDoS) protection
            •   Patch management
            •   Email filtering
            •   Web filtering
            •   Administration privileges
            •   Access control
            •   Intelligence and information sharing

          • Encryption

            46) The encryption of data, both at rest and in transit, should be included in the security policy. In particular, encryption and decryption of private keys should utilise encryption protocols, or use alternative algorithms that have broad acceptance with cyber security professionals. Critical cryptographic functions such as encryption, decryption, generation of private keys, and the use of digital signatures should only be performed within cryptographic modules complying with the highest, and ideally internationally recognised, applicable security standards.

          • Two-factor authentication

            47) As well as ensuring that architecture supporting the API and the API itself is secure, organisations should also consider the use of two-factor authentication (2FA) when APIs are initiated by a consumer accessing online service. 2FA is an extra layer of security designed to ensure that the only person who can access an account is the individual who owns it, even if the individual’s password has been compromised. The process involves the user providing two different authentication factors to verify themselves.
            48) However, it is worth noting that whilst this reduces the chance of being hacked, 2FA is not completely secure and still relies on the vigilance of the individual. For example, phishing attacks purportedly coming from trusted services login page can result in users giving away their credentials. In some extreme cases, hackers have been able to negate 2FA by spoofing an individual’s SIM card and intercepting the unencrypted message as it is sent over the network.

          • Penetration testing

            49) It is recommended that all systems and infrastructure should be regularly tested for vulnerabilities by an external penetration testing expert who is professionally accredited (such as CREST, IISP, TIGER scheme or OSCP Offensive Security).

          • Credentials management

            50) Authentication, authorisation and encryption are fundamental to the security of APIs. In terms of authentication, as far as possible, API providers should have a well-defined process to help ensure that individuals or organisations are robustly authenticated.
            51) Authorisation should only allow the authorised/accredited organisations and people to have access to the right API resources.
            52) Organisations must therefore ensure that they have the appropriate infrastructure in place for secure storage and management of relevant access credentials. These credentials include (but not limited to):
            •   Identity keys
            •   Signing keys
            •   OAuth client IDs and secrets
            •   Usernames and passwords
            •   Access tokens
            53) Where authentication processes are handed off or redirected to other sites or apps, the technical processes should avoid the potential for disclosure or interception of the credentials. The organisation should also maintain the ability for the user to verify the authenticity of the site into which they are entering their credentials such as displaying the relevant URL and lock icon that they are interacting with.

          • Monitor API activity

            54) The security of an API is only as good as the organisation’s day-to-day security processes. All APIs should be monitored for unusual behaviour such as changes in IP addresses or users using APIs at unusual times of the day.
            55) It is recommended that the ability to write audit logs before and after security related events is in place as this increases the potential to monitor and detect attacks.
            56) Larger organisations should also look to create a Security Operations Centre (SOC) dedicated to monitoring, assessing and defending enterprise information systems such as APIs, web sites, applications, data servers, networks, hardware and software.

          • Error handling

            57) All responses to errors should use the commonly used HTTP codes and should not reveal details of the failure unnecessarily as this may provide unintended attack vectors for bad actors.

        • Data

          To enable the interoperability of APIs at all levels (whether among systems, sectors, or geographies), the adoption of common data standards is necessary. Open data standards and ontologies provide a reference point that enables two parties to share data and information in a way that ensures understanding is preserved and the meaning can be conveyed.
          58) To that end organisations should adopt international open data standards and ontologies when providing an API in order to ensure maximum interoperability.
          59) For more detailed information on appropriate data standards please see Appendix D.

        • API Governance

          60) Business failures have often arisen as a result of the lack of adequate technology-related procedures, including, for example, lack of security measures, systems development methodologies, limited system penetration testing for operating a robust business, and lack of technical leadership and management. The FSRA has therefore included specific Guidance regarding expected controls and processes to help mitigate these issues.

          • Version control

            61) Versioning and change control is very important and needs to be managed effectively. As such, organisations should have formalised policies and procedures in respect of the following where relevant:
            -   release numbers for all major and minor releases
            -   backwards compatibility for all API changes
            -   support for technology developers for major API versions for a specified period
            -   escalation path for when vulnerabilities come to light
            -   make a new endpoint available for significant changes
            62) If, however, for some reason the change is not backwards compatible, then the organisation must consider:
               •   Incrementing a version number in the URL (start with /v1/ and increment with whole numbers).
               •   Supporting both old and new endpoints in parallel for a suitable time period before discontinuing the old one.

          • Depreciation policies

            63) Clear API depreciation policies should be in place so old client applications are not unnecessarily supported.
            64) The time by which users/consumers have to upgrade, and how they will be notified of these deadlines should be clearly stated.

      • APPENDIX

        • Appendix A: API Design Comparison

          65) The following table describes the main differences between the SOAP and REST API design styles.
          SOAP REST
          SOAP is function driven and focuses on exporting pieces of application ‘logic’ rather than data. It relies exclusively on XML to provide messaging services.
           
          REST is data driven and is focused on accessing named ‘resources’ (which represent data or an object) through a single consistent interface.
           
          SOAP uses a Web Service Definition Language (WSDL) that describes the functionality offered by a web service for communication between the consumer and provider.
           

          Most Web services using REST can obtain the needed information using a URL.

          REST uses four standard HTTP operations (GET, POST, PUT, and DELETE) to perform tasks on the resources.

          SOAP only permits output in XML. REST can output data in many different data formats e.g. XML, Comma Separated Values (CSV and JavaScript Object Notation (JSON).
          SOAP has successful/retry logic built in. There is no inbuilt ‘re-try’; the client has to re-try if the process fails, as REST is stateless.
          SOAP is good for:
          •   Enterprise services
          •   High reliability and security
          •   Asynchronous processing
          •   Large data sets
          •   Interacting with legacy systems
          REST is good for:
          •   Web services
          •   Limited bandwidth (smaller messaging sizes)
          •   Limited resources (no XML parsing required)
          •   Exposing data over the internet
          •   Combining content from many different sources
          Common use cases:
          •   Financial services
          •   Payment gateways
          •   Telecommunication services
          Common use cases:
          •   Social media services
          •   Social networks
          •   Web chat services
          •   Mobile service

           

        • Appendix B: API Standards

          66) The following describes the standards that should be applied when building APIs.
          Area/Subject Standard
          Publishing of technical, engagement details and data dictionary At a high level the API provider should provide the API documentation and a data dictionary. Code samples, tutorials and a software development kit (SDKs) should also be provided. Documentation and definitions should be in line with industry practices outlined in the Open API Specification (Swagger), the RESTful API Modelling Language specifications (RAML), or the Web Service Definition Language (WSDL) for SOAP APIs.
           
          API architecture/Communication Protocols (i.e. the code to call the API) RESTful (Representational State Transfer) or SOAP (Simple Object Access Protocol) depending on the use case. Firms should provide for conversion of SOAP to REST or vice versa if relevant.
           
          Message/Data format (i.e. how the API response/payload will be provided)
          JSON (JavaScript Object Notation) or XML (eXtensible Markup Language) depending on the use case.
          With field names based on ISO 20022 where relevant.
           
          Transmission of data HTTPS & TLS v1.2 (Transport Layer Security)
           
          Onboarding of customer onto service username/password and two-factor authentication where appropriate
           
          Authorisation
          OAuth 2.0
          N.B RESTful API calls with the HTTPS protocol should use a session-based authentication using OAuth 2.0 and JSON web tokens (JWT)
           
          Authentication SAML 2.0 or OpenID
           
          Encryption AES, RS, SHA 256-bit where relevant depending on the use case
           

           

        • Appendix C: Technology Standards

          67) The following is a list of European and International standards, where available, that should be considered when building APIs.

        • Appendix D: Data Standards

          68) The following describes some of the international data standards that should be applied where relevant for APIs in order to ensure interoperability.
           
          Open data standard/Ontology
           
          Area/Use
           
          Financial Industry Business Ontology (FIBO) https://www.omg.org/hot-topics/finance.htm Defines financial industry terms, definitions and synonyms using semantic web principles such as OWL/RDF and widely adopted OMG modeling standards such as UML. Providing a means for integrating disparate technical systems and message formats, and aid in regulatory reporting by providing clear and unambiguous meaning of data from authoritative sources.
           
          Financial Industry Regulatory Ontology (FIRO) https://github.com/GRCTC/FIRO FIRO is a series of interlinked Ontologies based on industry standards to capture regulatory imperatives and rules in formal semantics. It will enable efficient access to, and smarter consumption of, the wide and complex spectrum of financial services industry regulations.
           
          Financial Regulatory Data Format (FIRE) https://github.com/SuadeLabs/fire

          The Financial Regulatory data format defines a common specification for the transmission of granular data between regulatory systems (in finance)
           

          International Financial Reporting Standards (IFRS) https://www.ifrs.org/ Provide a common global language for business affairs so that company accounts are understandable and comparable across international boundaries.
           

          ISO20022

          https://www.iso20022.org/

          Standard for electronic data interchange between financial institutions. It describes a metadata repository containing descriptions of messages and business processes, and a maintenance process for the repository content. The standard covers financial information transferred between financial institutions that includes payment transactions, securities trading and settlement information, credit and debit card transactions and other financial information.
           
          eXtensible Business Reporting Language (xBRL) https://www.xbrl.org Business documents, such as financial statements, performance reports, or compliance reports. The standard formats allow the documents to be transmitted and parsed between entities easily
           
          Statistical Data and Metadata eXchange (SDMX) https://sdmx.org Designed to describe statistical data and metadata, normalise their exchange, and improve their efficient sharing across statistical and similar organisations.
           
          Open Financial Exchange (OFX) http://www.ofx.net Open Financial Exchange is a reference data standard used for exchanging financial data, and performing transactions between financial institutions and underlying applications.

          Association for Cooperative Operations Research and Development (ACORD)

          https://www.acord.org/standards-architecture/acord-data-standards

          ACORD is the global standards-setting body for the insurance and related financial services industries.
          Financial products Markup Language (FpML) http://www.fpml.org FpML is a standard based on XML and used for data exchange for electronic dealing and processing of derivatives instruments like interest rate derivatives, inflation swaps, dividend derivatives and other structured products.
          Financial Information eXchange (FIX) http://www.fixtradingcommunity.org FIX is the standard used for pre-trade and trade messaging across Financial Markets globally. It describes trade-related messages, and used for automated trading of securities, derivative, and other financial instruments.
          Market Data Definition Language (MDDL) http://xml.coverpages.org/mddl.html MDDL enables the exchange of information necessary to account, analyse, and trade financial instruments.

    • Supplementary Guidance — Authorisation of Digital Investment Management ("Robo-advisory") Activities [16 July 2019]

      Click herehere to view PDF

      • 1. 1. Introduction

        • 1.1

          This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the Rulebook of the Financial Services Regulatory Authority (“FSRA”) and the Guidance & Policies Manual (“GPM”) of the FSRA.

        • 1.2

          It is relevant to an applicant for a Financial Services Permission (“FSP”) to carry on one or more Regulated Activities, as defined in section 19 of FSMR, where the applicant undertakes “digital investment management”, as outlined in Paragraph 2.1 of this Guidance, and is termed a “Digital Investment Manager”. It explains the requirements that applicants must satisfy to be authorised and operate as Digital Investment Managers.

        • 1.3

          This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its statutory powers and discretions. In discharging its regulatory mandate, the FSRA may impose additional, specific conditions to address other risks posed by the proposed activities of a Digital Investment Manager, above and beyond those in the Rulebook.

        • 1.4

          The FSRA is not bound by this Guidance and may modify the Guidance at its discretion where appropriate.

        • 1.5

          Unless otherwise defined, or the context otherwise requires, capitalised terms in this Guidance have the same meanings as defined in FSMR and the Glossary (“GLO”).

      • 2. 2. Objectives

        • 2.1

          For the purposes of this Guidance, digital investment management refers to the provision of investment management services using algorithm-based tools that require limited/optional human interaction between clients and the provider of digital investment management services. It does not include asset management or advisory activities that rely on algorithm-based tools solely for the purposes of back-office support services. The term, Digital Investment Manager, refers to the entity that provides digital investment management services.

        • 2.2

          The digitisation of the financial services industry has provided wealth managers with a cost-effective and scalable way of providing tailored investment management services to mass-affluent clients. These clients are generally comfortable with services delivered through digital channels, which also influences their preferences in engaging with service providers, including investment managers.

        • 2.3

          The wealth management industry has seen a steady rise in assets under the management of Digital Investment Managers that utilise algorithms to provide automated investment management services including suitability assessments, portfolio modelling and account re-balancing. The business models of Digital Investment Managers in the GCC region typically tend to fall within the following categories.

          a. Fully digital model: little or no human interaction with clients, with the exception of technical support services.
          b. Hybrid model: clients have the option to interact with a human financial adviser to discuss the automated digital investment advice generated by algorithm-based tools.

        • 2.4

          Additionally, a number of firms operating in the GCC region have developed digital investment management technology to white-label or sell to wealth management firms. Firms that operate solely as technology providers are not considered to be Digital Investment Managers and do not require an FSP.1


          1 These firms may be eligible to apply for the Registration Authority’s Tech Start-Up Commercial Licence.

        • 2.5

          The scope of this Guidance covers Digital Investment Managers that may be fully digital or hybrid and that provide advice, discretionary investment management, arrange deals in investments, or any combination of these services.

        • 2.6

          While digital investment management models are scalable and offer greater access to investment management services, they also present different risks than those inherent in traditional investment management business models. The differences are most pronounced in the investment process, use of technology, compliance with suitability requirements and disclosure of key risks. In light of these considerations, this guidance clarifies how the FSRA applies regulatory safeguards to Digital Investment Managers in a manner that is commensurate with the risks they pose, both to clients and to the FSRA’s objectives.

      • 3. 3. Permissions required for Digital Investment Management

        • 3.1

          This section of the Guidance outlines the permissions that may be required to conduct digital investment management in or from ADGM. It also describes the relief available to Digital Investment Managers whose business models meet conditions that serve to reduce the risks they pose.

        • Financial Services Permissions requirements

          • 3.2

            Digital Investment Managers operating in ADGM will require an FSP to undertake any Regulated Activity as part of their business model. The FSRA has observed that the core services provided by a Digital Investment Manager typically involve the provision of one or more of the following Regulated Activities.

            a. Advising on Investments or Credit: for example, recommending that a client invest in a portfolio of Financial Instruments, or recommending that a client buy or sell particular Financial Instruments in order to rebalance the client’s portfolio.
            b. Arranging Deals in Investments: for example, after recommending that a client invest in a portfolio of Financial Instruments and, with the consent of the client, passing instructions to a broker to buy those Financial Instruments on the client’s behalf.
            c. Managing Assets: for example, exercising discretion to rebalance a client’s portfolio by passing instructions to a broker to either buy or sell particular Financial Instruments on the client’s behalf.

        • Ancillary activities

          • 3.3

            In order to facilitate the investment process, a Digital Investment Manager may choose to hold Client Assets directly (i.e. in a Client Account in the Digital Investment Manager’s name that is held with a Third Party Agent as banker or custodian), or may instead arrange for its clients to establish a direct relationship with a regulated Custodian to hold Client Assets. In the latter case, the Digital Investment Manager may require an FSP to carry on the Regulated Activity of Arranging Custody, unless it meets the exclusion criteria2 set out in Paragraph 47 of Schedule 1 of FSMR.


            2 The exclusion criteria sets out that a person (the “introducer”) does not Arrange Custody by introducing a person to another person ("the custodian") who is authorised by the FSRA or a Non-Abu Dhabi Global Market Regulator to carry on the activity of Providing Custody, if the introducer is not connected with the custodian. An introducer is considered to be connected to a custodian if (a) the custodian is a member of the same Group as the introducer or (b) the introducer is remunerated by the custodian or a member of the custodian's Group for making the introduction.

          • 3.4

            A Digital Investment Manager holding an FSP to carry on the Regulated Activity of Managing Assets will not require separate permissions for Advising on Investments or Credit and/or Arranging Deals in Investments if it only undertakes those Regulated Activities incidentally, as part of its investment management activities.3


            3 If the Digital Investment Manager operates advisory accounts or arranges deals in investments that are separate from, or not incidental to, its discretionary investment management activities, it will have to apply for permission to carry on one or both of the Regulated Activities of Arranging Deals in Investments and/or Advising on Investments or Credit as applicable.

        • Prudential capital requirements

          • 3.5

            Each of the Regulated Activities mentioned in paragraphs 3.2 and 3.3 has associated regulatory obligations, including in respect of prudential capital requirements.

            Table 1: Prudential capital requirements4
            Prudential Category Maximum of:
            Base Capital Expenditure Based Capital Minimum
            Requirement
            Managing Assets
            3C $250,000 •Holding Client Assets: 18/52nds of Annual Audited Expenditure
            •Otherwise: 13/52nds of Annual Audited Expenditure
            Advising on Investments or Credit
            Arranging Deals in Investments
            Arranging Custody
            4 $10,000 •6/52nds of Annual Audited Expenditure

            4 Note that the applicable Capital Requirement is the higher of the Base Capital Requirement and Expenditure Based Capital Minimum. Where a Digital Investment Manager undertakes a combination of activities, the highest prudential category will apply.

        • Relief for Digital Investment Managers engaged in Managing Assets

          • Relief For Digital Investment Managers Utilising Regulatory Technology

            • 3.6 3.6

              Paragraphs 3.7 to 3.13 of this Guidance outline the prudential capital relief available to Digital Investment Managers that undertake the Regulated Activity of Managing Assets, subject to meeting all of the conditions detailed below.

              • 3.14

                Where any Digital Investment Manager makes use of technology that enables the FSRA to better supervise the Manager’s activities, manage business risks or achieve better regulatory outcomes, the FSRA may also consider modifying or waiving prudential and other regulatory requirements. Applications for modifications or waivers will be assessed on a case-by-case basis and granted at the FSRA’s discretion.

              • 3.7

                The higher prudential capital requirement for Digital Investment Managers engaged in Managing Assets, compared with those that are only engaged in Advising on Investments or Credit and/or Arranging Deals in Investments, is primarily a function of:
                a. the risks inherent in an investment process whereby an investment manager has discretion to make investment decisions for the client without first obtaining the client’s approval; and
                b. the increased operational complexity involved in holding Client Assets as part of the discretionary asset management process.

              • 3.8

                The FSRA recognises that many Digital Investment Managers engaged in Managing Assets only exercise discretion in the investment management process when ‘rebalancing’ a client’s portfolio, in order to ensure that the asset allocation remains suitable in light of the client’s investment objectives and parameters.5 This approach is typical of Digital Investment Managers that apply passive investment strategies that track the performance of an index or benchmark by investing in products such as exchange traded funds (“ETFs”) and index trackers.


                5 Typically, the initial decision to invest in a portfolio of Financial Instruments is taken with the client’s consent. Thereafter, the decision to rebalance a client’s portfolio by buying or selling Financial Instruments is taken by the Digital Investment Manager without first obtaining the client’s consent for the specific transaction to go ahead.

              • 3.9

                These products are generally well-diversified, causing them to be less volatile relative to Financial Instruments that are commonly traded in active investment strategies (such as shares in a particular company, for example). A consequence of lower volatility is that the Digital Investment Manager has less cause for trading, including to adjust for market movements that would cause the portfolio to become unbalanced relative to the allocation agreed with the client.6 Digital Investment Managers that operate in this way present less risk than traditional investment managers who may have greater discretion to buy and sell a broader set of Financial Instruments for their clients on a more frequent basis as part of an active investment strategy.


                6 That is, the initial decision to invest in a portfolio of Financial Instruments is not discretionary but subject to the client’s agreement.

              • 3.10

                Similarly, some Digital Investment Managers engaged in Managing Assets do not hold Client Assets, arranging instead for Client Assets to be held by an independent third-party financial institution under an agreement between the financial institution and the client. Digital Investment Managers who adopt this approach are less complex from an operational perspective. They take less time to wind down in the event of insolvency because Client Assets are easily identifiable, being held by a business that remains a going concern, has a direct relationship with the investor-client, and are protected from the claims of the Digital Investment Manager’s creditors. As such, less capital needs to be set aside to ensure that an insolvency practitioner can effect an orderly wind down of the Digital Investment Manager’s business.

              • 3.11

                In light of these considerations, the FSRA will lower the prudential capital requirements applicable to Digital Investment Managers that are engaged in Managing Assets with a business model that meets all of the following conditions.
                a. Financial Instruments: the product offering is limited to passive investment products such as ETFs and index trackers. The Digital Investment Manager must satisfy the FSRA that the passive investment products are sufficiently liquid, non-complex and diversified.
                b. Discretionary Management: the discretionary investment management activities are limited to portfolio rebalancing. Such rebalancing must not involve the purchase of new investment products that were not included in the portfolio agreed to by the client.
                c. Client Assets: the Digital Investment Manager does not hold Client Assets. Instead, clients have a direct contractual relationship with an independent third-party financial institution to hold Client Assets.

              • 3.12

                Details of the lowered prudential capital requirements for Digital Investment Managers who meet the criteria in Paragraph 3.11 are set out in the table below.

                Prudential Category Base Capital Requirement Expenditure Based Capital Minimum
                Managing Assets
                 
                3C $10,000 •6/52 of Annual Audited Expenditure

              • 3.13

                The lowered prudential capital requirements will be made available via a class modification. Digital Investment Managers wishing to avail of the class modification are required to approach and satisfy the FSRA that each of the conditions in paragraph 3.11 are met.

      • 4. 4. Key controls for Digital Investment Managers

        • 4.1

          This section of the Guidance describes how the FSRA applies particular requirements of the FSRA Rulebook to all Digital Investment Managers, regardless of whether they are eligible for the prudential capital relief outlined in section 3, above. It is not exhaustive, and should be read in conjunction with the Rulebook itself, as well as:

          a. chapter 2 of the GPM, which outlines the FSRA’s approach to authorisation for all FSP applicants; and
          b. Supplementary Guidance - Authorisation of Investment Management Activities.7

        • 4.2

          A critical component of the digital investment management business model is the use of algorithms to automate the investment process. Accordingly, the FSRA sees a need to ensure that Digital Investment Managers have adequate algorithm and technology governance policies and processes in place to address the specific risks arising from such a technology-driven business model. The limited human interaction between Digital Investment Managers and their clients necessitates consideration of how suitability assessments are performed and the disclosures that are made to clients.

        • 4.3

          Additionally, given their heavy dependence on collecting and processing client data and the risks of cyberattacks to their automated and largely digital mode of operations, Digital Investment Managers must also put in place robust data security policies and systems to ensure compliance with all relevant data protection regulations, including the ADGM’s Data Protection Regulations and, as appropriate, PRU 6.6 – 6.9.8


          8 These sections of PRU pertain to information technology systems, information security, outsourcing, and business continuity.

        • Algorithm governance

          • 4.4

            Algorithms are at the core of the service offered by Digital Investment Managers. They are used to undertake critical components of the investment management process such as risk profiling, portfolio allocation and rebalancing. Accordingly, the FSRA expects that Digital Investment Managers will establish internal governance structures that enable its Board and Senior Management to have robust oversight and control over the design, performance, deployment and security of algorithms.9 The roles and responsibilities of all personnel who oversee the design, performance and integrity of algorithms must be clearly defined.10


            9 Refer to GEN 2.2.3 and 2.2.11.
            10 Refer to GEN 3.3.2(1).

          • 4.5

            In assessing the adequacy of the oversight and controls that the Digital Investment Manager establishes in relation to the development and deployment of its algorithms, the FSRA will take into account the following considerations.11
            a. Qualifications and competency of staff: the Digital Investment Manager must ensure that it has qualified and competent staff to ensure the proper functioning and supervision of the algorithm model (the “Model”) on an ongoing basis. The Digital Investment Manager must have adequate training and documented manuals in place to address any key-man and business continuity risks.12
            b. Developing and testing the Model: the Digital Investment Manager must maintain proper documentation explaining the decision tree or logic of the algorithm to ensure that the outcomes produced by the Model are explainable, traceable and repeatable. The Digital Investment Manager must also ensure the relevance of any data or assumptions upon which the Model is based, and that any client questionnaire it uses takes into account potential behavioural biases that may lower the accuracy of client responses. The Digital Investment Manager must carry out sufficient testing to demonstrate that its Model meets these principles. Where appropriate (e.g. in the case of a complex Model), the FSRA may require a third-party audit to validate the performance outcomes of the Model as purported.
            c. Managing and maintaining the Model: the Digital Investment Manager must establish safeguards, including with respect to access controls and security, to protect the integrity of the Model (including algorithm source code). The Digital Investment Manager should maintain the ability and relevant resources to modify the Model in the event that there is a need to stop the algorithm or make changes to it. The FSRA will also require the Digital Investment Manager to demonstrate that it has a clear process for detecting and reporting programming errors and unexpected outcomes. In the event of failure or outage of the Model, the Digital Investment Manager must have contingency plans to ensure that its services to clients are not adversely affected and that the clients’ interests are safeguarded.13
            d. Ongoing monitoring and reviews: the Digital Investment Manager must conduct ongoing monitoring and reviews to assess whether the Model effectively achieves its intended objectives and outcomes, and to manage the risks of inaccuracy, bias or exception. The Board and Senior Management must also periodically review the Digital Investment Manager’s internal governance structure and measures to ensure that they remain appropriate and effective.

            11 Sub paragraphs (b), (c) and (d) follow from GEN 2.2.2.
            12 Refer to GEN 3.3.33 and PRU 6.9.
            13 Refer to GEN 3.3.33 and PRU 6.9.

        • Technology governance

          • 4.6

            The Digital Investment Manager must ensure that its systems and controls are adequate and appropriate for the scale, nature and complexity of its business.14 This applies in particular to systems and controls concerning:
            a. the transmission and storage of information;
            b. the assessment, mitigation and management of risks relating to the provision of digital investment management services, including data security;
            c. the effecting and monitoring of transactions by the Digital Investment Manager;
            d. the technical operations of the Digital Investment Manager, including contingency arrangements for disruption to its facilities;
            e. the operation of its functions relating to the safeguards and protections to investors; and
            f. outsourcing.

            14 Refer to GEN 2.2.3 and chapter 3.3, PRU 6.6 and 6.7, and other requirements in the Rulebook as applicable.

          • 4.7

            In assessing whether the systems and controls used by the Digital Investment Manager are adequate and appropriate for the scale and nature of its business, the FSRA may have regard to the following:
            a. the distribution of duties and responsibilities among its key individuals;
            b. the staffing and resources of the Digital Investment Manager;
            c. the arrangements made to enable key individuals to supervise the operations of the Digital Investment Manager; and
            d. the arrangements for internal and external audit, including technology audits.

        • Suitability Requirements

          • 4.8

            Digital Investment Managers must comply with the rules relating to suitability in the FSRA’s Conduct of Business Rulebook (“COBS”).15 These rules require Digital Investment Managers to have a reasonable basis for considering that any Specified Investments they recommend, or Transactions they execute on a discretionary basis, are suitable for the client.16 In making this determination of suitability, Digital Investment Managers must:
            a. undertake an appropriate assessment of the particular client's needs, objectives, financial situation and also, to the extent relevant, their risk tolerance, knowledge, experience and understanding of the risks involved; and
            b. take into account any other relevant requirements and circumstances of the client of which the Authorised Person is, or ought reasonably to be, aware.17

            15 Digital Investment Managers are also subject to the Principles for Authorised Persons in GEN 2.2. Principle 8 requires Authorised Persons to take reasonable care to ensure the suitability of their Advice and discretionary decisions for clients who are entitled to rely upon their judgment: GEN 2.2.8.
            16 COBS 3.4.2(a).
            17 COBS 3.4.2(a). Pursuant to COBS 3.4.2(b) and (e), Digital Investment Managers may limit the extent to which they will consider suitability for Professional Clients.

          • 4.9

            Given the nature of their business models, Digital Investment Managers typically rely heavily on an online questionnaire to collect the information needed to perform suitability assessments (“Risk Profile Questionnaire”). When designing a Risk Profile Questionnaire, the FSRA expects that Digital Investment Managers will ensure that the following requirements are met.
            a. The information obtained to assess suitability is proportionate with the complexity and risk of the Specified Investments recommended or transacted through the platform. Digital Investment Managers that offer Specified Investments that are relatively high risk or have complex features will need to undertake more extensive due diligence to form a reasonable basis for assessing that these products are suitable for the client.
            b. There is a mechanism to exclude clients for whom the Digital Investment Manager’s services would not be suitable, or who require advice that goes beyond the scope of what the Digital Investment Manager can provide. These mechanisms may take the form of ‘knock out’ questions that, for example, reject prospective clients whose investment horizon, liquidity needs or other circumstances are misaligned with the Specified Investments offered through the platform.
            c. Inconsistencies in the information provided by prospective clients are addressed through follow up questions or engagement with a human advisor who can explain the context of the questions and their purpose.
            d. Where a client selects a portfolio that is not recommended, information is provided to the client explaining why the recommended portfolio (as opposed to the portfolio selected by the client) is considered suitable in light of the client’s personal circumstances as understood from the client’s responses to the Risk Profile Questionnaire.

          • 4.10

            Digital Investment Managers must take reasonable steps to ensure that the client information they hold is accurate, complete and up to date.18 In order to comply with this requirement, the FSRA expects that Digital Investment Managers will periodically prompt clients to update their information. This may be achieved by requiring clients to recomplete the Risk Profile Questionnaire, or by posing a more targeted set of questions to identify any changes in the client’s personal circumstances which may impact the suitability of the clients’ portfolios.


            18 COBS 3.4.3.

        • Disclosure

          • 4.11

            Digital Investment Managers must comply with the disclosure requirements in COBS.19 The information that must be provided to a client differs according to the particular services provided20 and whether the client is a Retail Client or Professional Client. In all cases, communication between a Digital Investment Manager and a client must be clear, fair and not misleading.21


            19 The majority of these requirements are contained in Chapter 12 of COBS.
            20 Refer to COBS 12.1.3 for the disclosures required for Investment Business and COSB 12.1.4 for the disclosures required for an Investment Manager.
            21 GEN 2.2.6, COBS 3.2.1.

          • 4.12

            In the case of Retail Clients, Digital Investment Managers must provide sufficient details of the service that they will provide.22 In discharging this obligation, the FSRA considers that Digital Investment Managers will need to disclose, among other things, the following information to clients.
            a. The nature and scope of the services it offers, including the types of products and how it determines whether these products are suitable to meet the investment objective(s) of the client;
            b. Details of how the Model is relied upon in the investment process;
            c. The key assumptions and limitations of the Model used by the Digital Investment Manager;
            d. Circumstances where the Model may fail to perform as intended or where the Digital Investment Manager may halt (for instance due to volatile markets) or make material adjustments to the algorithm, and how these would impact clients;
            e. The degree of human involvement and oversight of the investment process; and
            f. The inherent, material risks arising from the Digital Investment Manager’s business model, such as the risks arising from automated portfolio rebalancing.

            22 COBS 12.1.2(a)(v).

          • 4.13

            Digital Investment Managers are also subject to a number of other disclosure requirements including, but not limited to, the following.
            a. Circumstances where the Digital Investment Manager expects clients to update the information they have provided in their Risk Profile Questionnaire.23
            b. Details of any conflicts of interest.24
            c. Details of the arrangements put in place by the Digital Investment Manager regarding Client Assets.25 The Digital Investment Manager should also describe the specific risks faced by clients where Client Assets are held by:
            i. a regulated financial institution within the UAE; or
            ii. a regulated financial institution outside the UAE, which could complicate the process of recovering Client Assets in the event of the financial institution defaulting or becoming insolvent.
            d. In the case of Retail Clients:
            i. key particulars of the Digital Investment Manager’s complaints handling procedures;26
            ii. details of fees, costs and other charges and the basis upon the Digital Investment Manager will impose them;27 and
            iii. the content and frequency of the periodic reporting statements that the Digital Investment Manager will issue.28

            23 COBS 3.4.3.
            24 COBS 3.5.4 and, in the case of Retail Clients, 12.1.2(vi).
            25 Refer to COBS 14.2.10 and 15.7 as applicable.
            26 COBS 12.1.2(viii).
            27 COBS 12.1.2(a)(iv).
            28 COBS 12.1.3(e).

          • 4.14

            In addition to the content of the disclosures, Digital investment Managers should also consider when and how best to make the disclosures in order to ensure that they are read and understood by clients (in particular, Retail Clients).

    • FSRA Confidentiality Policy [18 April 2019]

      • 1. 1. Dealing With Confidential Information

        • 1.1 1.1 Introduction

          • 1.1.1

            This Confidentiality Policy provides guidance concerning the obligations and requirements on the Financial Services Regulatory Authority (the "Regulator") when using and disclosing non-public information provided by third parties in the course of regulating financial services in the Abu Dhabi Global Market ("ADGM"). Unless expressly provided in this Confidentiality Policy, definitions for capitalized terms may be found in the Financial Services Markets Regulations (2015) (the "FSMR").

        • 1.2 1.2 Regulatory Approach

          • 1.2.1

            When dealing with Confidential Information, the Regulator employs best practice, consistent with international standards set by organisations such as the Basel Committee on Banking Supervision ("BCBS"), the International Organisation of Securities Commissions ("IOSCO"), the Financial Action Task Force ("FATF") and the Islamic Financial Services Board ("IFSB").

          • 1.2.2

            With the application of international best practice standards, the Regulator is obligated to:

            (a) ensure compliance with and enforce applicable financial services legislation, consistent with the Basel Core Principles for Effective Banking Supervision, the IOSCO Objectives and Principles of Securities Regulation and the FATF Recommendations on combating money laundering, the financing of terrorism and proliferation of weapons of mass destruction;
            (b) assist financial services regulators in other jurisdictions to the best possible extent regarding co-operation and the exchange of Confidential Information consistent with the obligations contained and in the manner prescribed in the IOSCO Multilateral Memorandum of Understanding;
            (c) use all reasonable efforts to ensure that neither ADGM regulations nor foreign laws relating to confidentiality and secrecy prevent the Regulator from gathering, protecting or disclosing Confidential Information where required for lawful regulatory purposes;
            (d) limit the disclosure of Confidential Information to other financial services regulators and enforcement agencies to the extent required for ensuring compliance with, and enforcement of, applicable financial services and criminal legislation;
            (e) to adopt and implement internal control systems and procedures for the handling, storing, processing and securing of Confidential Information that meet international best practices; and
            (f) to comply with all applicable laws and ADGM regulations which govern the Regulator's collection and dissemination of Confidential Information.

        • 1.3 1.3 Applicable legislation

          • 1.3.1

            The main legislative provisions governing the use of Confidential Information by the Regulator are set out in Abu Dhabi Law No. (4) of 2013, Part 16 of the FSMR, the Data Protection Regulations (2015) and the UAE Penal Code (Federal Law No. (3) of 1987).

      • 2. 2. Regulatory Powers To Obtain Confidential Information

        • 2.1 2.1 Background

          • 2.1.1

            The Regulator may be provided with information which is confidential in two ways:

            (a) voluntarily (that is, information obtained on a voluntary basis); and
            (b) under compulsion, including through:
            i. the exercise of the Regulator's supervisory and investigative powers (see section 2.2 below); and
            ii. the exercise of the Regulator's information gathering powers at the request, and on behalf, of Non-ADGM Regulators (see section 2.3 below).

        • 2.2 2.2 Regulator's Supervisory and Investigative Powers

          • 2.2.1

            The Regulator has comprehensive powers under the FSMR to carry out its duties and responsibilities. These include the power to require reports, conduct on-site inspections of business premises of authorised entities within the ADGM, interview individuals, as well as compel the production of documents, testimony and other information — see, for example, sections 201 and 206 of the FSMR.

          • 2.2.2

            The Regulator has in place internal procedures to monitor and manage access to and the use of Confidential Information and documents obtained during the course of its regulatory activities. These procedures include the use of manual and electronic document storage and retrieval systems.

            For example, the Regulator limits access to confidential documents obtained to those members of the Regulator's staff engaged with the relevant matter to which the documents are related by use of secure filing of physical documents and restricted computer drives containing confidential documents in electronic form.

          • 2.2.3

            The Regulator may obtain information relating to regulated entities from third parties including intermediaries and companies that perform outsourced functions for regulated entities.

          • 2.2.4

            As the Regulator's mandate is to regulate all financial services provided in and from the ADGM, the Regulator has broad access to compel the disclosure of Confidential Information from individuals and firms participating in or connected to the provision of financial services in or from the ADGM. This includes, without limitation, all market participants, listed companies, reporting entities and their respective officers and directors.

            For example, an ADGM-based fund manager which manages a fund organized in and sold to investors in a foreign jurisdiction will be subject to the jurisdiction of the Regulator and all books and records relating to the fund and its unitholders will be subject to examination by the Regulator upon request.

        • 2.3 2.3 Powers to cooperate with, assist and support Non-ADGM Regulators

          • 2.3.1

            The Regulator may also exercise its information gathering powers at the request, and on behalf, of regulators and authorities in other jurisdictions, solely to assist them in performing their regulatory or enforcement functions.

            Amended on (18 April, 2019).

          • 2.3.2

            The following sections of the FSMR give the Regulator specific authority to exercise some of its specific powers on behalf of other authorities:

            (a) section 215 enables the Regulator to co-operate with other persons (in ADGM or elsewhere) who have functions (i) similar to those of the Regulator or (ii) in relation to the prevention or detection of Financial Crime. Co-operation may include the sharing of information which the Regulator is not prevented from lawfully disclosing;
            (b) section 216 gives the Regulator specific authority to exercise its Own-Initiative Powers at the request, or on behalf, of Non-ADGM Regulators; and
            (c) section 217 gives the Regulator specific authority to exercise its Investigative Powers at the request of Non-ADGM Regulators. In deciding whether or not to exercise its Investigative Powers, section 217(2) sets out a non-exhaustive list of factors that the Regulator may take into account.

          • 2.3.3

            If the Regulator decides to exercise its powers at the request, or on behalf, of a Non-ADGM Regulator, Confidential Information gathered as result of the Regulator exercising its powers under sections 215, 216 or 217 can only be disclosed to that Non-ADGM Regulator in accordance with the provisions of sections 198 or section 199 of the FSMR.

            Amended on (18 April, 2019).

      • 3. 3. Regulator's Obligation Of Confidentiality

        • 3.1 3.1 Background

          • 3.1.1

            The Regulator's powers to obtain, use and disclose Confidential Information in order to discharge its functions and powers are subject to statutory limitations. These protections exist to protect individual privacy and to assure regulated firms and individuals that any Confidential Information they provide to the Regulator will be dealt with in confidence and used only for lawful purposes.

            Amended on (18 April, 2019).

        • 3.2 3.2 Overriding Duty of Confidentiality

          • 3.2.1

            The Regulator must keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, subject to the exceptions set out in section 3.3 below.

          • Abu Dhabi Law No. (4) of 2013

            • 3.2.2

              This duty of confidentiality is set out in Article 12 of Abu Dhabi Law No. (4) of 2013 and requires the Regulator to keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, unless disclosure is permitted in accordance with ADGM regulations.

            • 3.2.3

              The relevant ADGM regulations impacting on the Regulator's duty of confidentiality are the FSMR and the Data Protection Regulations 2015.

          • FSMR

            • 3.2.4

              Similarly to the duty of confidentiality in Abu Dhabi Law No. (4) of 2013, section 198 of the FSMR also prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of it, subject to exceptions set out in section 3.3 below.

              Amended on (18 April, 2019).

          • Data Protection Regulations 2015

            • 3.2.5

              Certain duties and obligations contained within the Data Protection Regulations 2015 apply to the Regulator when dealing with personal data, concerning accuracy and the duty to ensure security of processing when personal data is being collected and maintained.

            • 3.2.6

              The Regulator is excused from certain obligations set out in the Data Protection Regulations in circumstances where compliance with such duties would be likely to prejudice the proper discharge of the Regulator's powers or functions to protect the public from financial loss due to improper conduct, unfitness or incompetence of persons engaging in offering financial services.

          • The UAE Penal Code (Federal Law No. (3) of 1987)

            • 3.2.7

              As the UAE criminal laws apply in the ADGM, Article 379 of the UAE Penal Code provides for criminal penalties for disclosure of Confidential Information in cases other than those lawfully permitted. Public officials, or those persons in charge of a public service, are subject to more severe penalties than the general persons for unlawful disclosure of Confidential Information — namely, imprisonment of up to five (5) years.

          • Regulator's internal practices and procedures

            • 3.2.8

              The above-mentioned statutory obligations requiring all Regulator's employees, agents and independent contractors to keep all Confidential Information confidential is further reinforced by requiring all Regulator's employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause.

        • 3.3 3.3 Exceptions to the Duty of Confidentiality

          • With prior consent under section 198(1) of FSMR

            Amended on (18 April, 2019).

            • 3.3.1

              Section 198(1) prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of Confidential Information unless they have the prior consent of—

              (a) the person from whom the Confidential Information was obtained; and,
              (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)).
              Amended on (18 April, 2019).

          • The exceptions under section 199(1) of FSMR

            • 3.3.2

              Section 199 of the FSMR provides certain exceptions from the overriding restriction on disclosure of Confidential Information in section 198. Specifically, subsection 199(1) enables the Regulator to disclose Confidential Information for the purpose of facilitating the carrying out of a Public Function, subject to section 199(2), if the disclosure is —

              (a) permitted or required under any enactment applicable to the Regulator, including, for the avoidance of doubt, any applicable international obligations; or
              (b) made to —
              (i) the ADGM Registrar of Companies;
              (ii) a Non-Abu Dhabi Global Market Regulator;
              (iii) a governmental or regulatory authority exercising powers and performing functions relating to anti-money laundering, counter-terrorist financing or sanctions compliance, whether in the ADGM or otherwise;
              (iv) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services, whether in the ADGM or otherwise;
              (v) a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings;
              (v) a civil law enforcement agency or body, whether in the Abu Dhabi Global Market, U.A.E or otherwise;
              for the purpose of assisting the performance by any such person of its functions and powers; or
              (c) made in good faith for the purposes of the exercise of the functions and powers of the Regulator or in order to further the Regulator's objectives.
              Amended on (18 April, 2019).

            • 3.3.3

              The provisions in section 199(2) relate specifically to Confidential Information originating in another governmental or regulatory authority, or Confidential Information that is CRD Information, and provide for and are consistent with the exchange of information and professional secrecy requirements in the European Union's Capital Requirements Directive. For the purposes of section 199(2):

              (a) 'CRD Information' is defined as Confidential Information received or obtained by the Regulator from the EEA Competent Authority by virtue of the Capital Requirements Directive; and
              (b) 'EEA Competent Authority' means a public authority or body officially recognised by national law of a jurisdiction within the EEA and empowered by that national law to supervise institutions as part of the supervisory system.
              Added on (18 April, 2019).

            • 3.3.4

              Section 199(2) provides that paragraphs 198(1)b)(i), (ii), (iii), (iv), (vi) and 1(c) do not permit the Regulator to disclose this Confidential Information unless—

              (a) the governmental or regulatory authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
              (b) where the Confidential Information is CRD Information:
              (i) the EEA Competent Authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
              (ii) if such consent was given for a particular purpose, the disclosure by the Regulator is solely for that purpose.
              Added on (18 April, 2019).

          • Disclosure to a criminal law enforcement agency

            • 3.3.5

              Importantly, disclosure of Confidential Information by the Regulator to a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings under paragraph 199(1)(b)(v) is not subject to the requirements under section 199(2).

              Added on (18 April, 2019).

        • 3.4 3.4 Admissibility of compelled testimony in criminal proceedings

          • 3.4.1

            In addition to the overriding duty of confidentiality set out in section 198, section 207(2) of the FSMR prohibits the Regulator from disclosing a statement made by a person to an investigator at an interview conducted pursuant to section 206(1)(a) to any law enforcement agency for the purpose of criminal proceedings against that person unless:

            (a) the person consents to the disclosure; or
            (b) the Regulator is required by law or court order to disclose the statement.

        • 3.5 3.5 The effect of foreign secrecy laws

          • 3.5.1

            Foreign banking secrecy laws lack extraterritorial effect and thus do not apply in the ADGM; entities regulated by the Regulator and their clients are not prevented from complying with obligations to disclose information related to financial services activities conducted in or from the ADGM.

          • 3.5.2

            Similarly, a request from the Regulator for disclosure of confidential client account information (if the client's business is booked, held, serviced and managed exclusively in a foreign jurisdiction) shall be governed by and be subject to the secrecy laws, if any, of that jurisdiction.

        • 3.6 3.6 Criminal prosecutions in the UAE Courts [Deleted]

          • 3.6.1 [Deleted]

        • 3.7 3.7 The effect of foreign secrecy laws [Deleted]

          • 3.7.1 [Deleted]

          • 3.7.2 [Deleted]

      • 4. 4. Disclosure Of Confidential Information

        • 4.1 4.1 Making a request for disclosure of Confidential Information

          • 4.1.1

            Every request to disclose Confidential Information, will be assessed by the Regulator on a case-by-case basis, whether this information was obtained voluntarily, in the course of the Regulator exercising its own functions and powers or exercising its powers on behalf of other authorities.

            Amended on (18 April, 2019).

          • 4.1.2

            In deciding whether to comply with a request to disclose Confidential Information, the Regulator would satisfy itself that there are legitimate reasons for the request and that the authority requesting the information has the appropriate policies and procedures in place for dealing with Confidential Information.

            Amended on (18 April, 2019).

          • 4.1.3

            Section 199(3) of the FSMR enables the Regulator to, among other things:

            (a) impose conditions on the information disclosed, which may relate to, among other things, the obtaining of consents or, where appropriate, subjecting information received to restrictions on disclosure that are at least equivalent to those set out in section 198, per paragraph 199(3)(a); and
            (b) restrict the uses to which the Confidential Information disclosed may be put.
            Added on (18 April, 2019).

          • 4.1.4

            Where the disclosure by the Regulator is made subject to conditions, the person to whom the Confidential Information has been disclosed may not use the Confidential Information in breach of any such condition, as set out in section 199(4) of the FSMR.

            Added on (18 April, 2019).

        • 4.2 4.2 Disclosure to governmental and regulatory authorities in section 199 of the FSMR

          Amended on (18 April, 2019).

          • 4.2.1

            Section 199(1)(b) gives the Regulator specific authority to disclose Confidential Information to the authorities listed therein so that they may properly carry out their function, subject to section 199(2).

            Amended on (18 April, 2019).

          • 4.2.2

            Where the Confidential Information (in whole or in part) originates in another governmental or regulatory authority, the Regulator may only disclose that Confidential Information in accordance with section 199(2), as set out in paragraphs 3.3.3 – 3.3.4 above, subject to paragraph 3.3.5.

            Amended on (18 April, 2019).

          • 4.2.3

            As set out in paragraphs 4.1.3 and 4.1.4 above, in disclosing any Confidential Information under section 199(1), the Regulator may require the requesting authority to comply with certain conditions or agree to restrict the uses to which the Confidential Information may be put, insofar as the Regulator considers appropriate.

            Amended on (18 April, 2019).

          • 4.2.4

            In addition, should a memorandum of understanding be in place between the Regulator and a Non-ADGM Regulator concerning the sharing of Confidential Information, subject to the limitations contained in the FSMR, the Regulator will conduct itself in accordance with section 199(2) and the terms of such memorandum of understanding. For example, the Regulator may include a provision that each party's consent is required to be obtained prior to disclosing any Confidential Information to a third party (unless the information is required for the purpose of a criminal investigation or criminal proceedings, as discussed in paragraph 3.3.5).

            For example, on receipt of a legitimate request for Confidential Information in possession of the Regulator from a Non-ADGM Regulator ("the requestor"), made for the purpose of facilitating the carrying out of a Public Function, the Regulator:

            a) may disclose the Confidential Information to the requestor subject to conditions, including that:—
            i. the requestor may only use the Confidential Information for their own lawful purpose as identified in the request;
            ii. the requestor may not voluntarily disclose the Confidential Information to a third party (including other regulatory entities in their home jurisdiction) without the further consent of the Regulator; and
            iii. if the requestor is compelled to disclose the Confidential Information by court order or subpoena, it must give notice to the Regulator prior to disclosure unless such notice would violate applicable laws.
            b) will generally not notify affected parties of the request for Confidential Information. Notice to the affected party/parties will only be considered where such notification would not be contrary to the public interest and would not frustrate or prejudice the purpose of the disclosure to the requestor.
            Amended on (18 April, 2019).

          • 4.2.5

            When the Regulator receives a request from an authority to disclose Confidential Information (other than compelled testimony – see paragraph 4.5), the Regulator will generally comply with such request if made in good faith for the specific purpose of fulfilling the performance of the requesting party's functions and powers, as contemplated by section 199(1).

            Added on (18 April, 2019).

        • 4.3 4.3 Disclosure for use in civil litigation

          • 4.3.1

            In other circumstances, such as where Confidential Information is sought by a party other than a governmental or regulatory authority, such as, for example, as evidence for use in civil litigation, the Regulator will require prior consent of—

            (a) the person from whom the Confidential Information was obtained; and,
            (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)),
            consistent with its general duty of confidentiality, as contemplated by section 198(1) of the FSMR.

            Amended on (18 April, 2019).

          • 4.3.2

            The Regulator will, to the extent permitted by applicable law, provide the person whose interests are likely to be adversely affected by the proposed disclosure with the information necessary to enable the person to make submissions to the Regulator. These may include the following:

            (a) whether the factual and legal conditions justifying the disclosure are met;
            (b) the scope of the disclosure of Confidential Information; and
            (c) whether any conditions should apply to the disclosure.

          • 4.3.3

            If a person would be adversely affected by the proposed disclosure of Confidential Information and the purpose for the request is to use the information in civil proceedings in the ADGM Court, the person requesting the Confidential Information would be required to obtain an order of the ADGM Court compelling the Regulator to disclose the Confidential Information.

          • 4.3.4

            Upon receipt of such an order, the Regulator would generally notify the person adversely affected by the proposed disclosure of Confidential Information of this so that the person has an opportunity to challenge the request according to the rules of the Court.

          • 4.3.5 [Deleted]

        • 4.4 4.4 Disclosure to a court

          • Civil proceedings in the ADGM Court

            • 4.4.1

              The ADGM Court's enabling legislation, Abu Dhabi Law No. (4) of 2013, gives it exclusive judicial jurisdiction in the ADGM and over ADGM bodies, including the Regulator. Therefore, the Regulator may be obliged to disclose Confidential Information if it is compelled to do so under an order from the ADGM Court.

            • 4.4.2

              If the Regulator is required to disclose Confidential Information received from a government or Regulatory Authority (for example, information received under a Memorandum of Understanding), the Regulator will ordinarily:

              (a) notify the Regulatory Authority that provided the Confidential Information of the receipt of the legally enforceable demand, in accordance with section 199(2); and
              (b) where appropriate, assert any legal rights or privileges to protect the Confidential Information (for example, Public Interest Immunity — see paragraph 4.6 below).

          • Criminal prosecutions in the UAE Courts

            • 4.4.3

              All activities in the ADGM remain subject to UAE criminal laws by virtue of the Federal Law No. 8 of 2004 concerning Financial Free Zones. Accordingly, the Regulator is obliged, under Article 78, Part 2 of the UAE Penal Procedures Law (Federal Law No. 35) of 1992, to comply with any legally enforceable demand or order from a competent authority responsible for administering the criminal laws of the UAE. This includes orders or demands to disclose Confidential Information.

            • 4.4.4

              As in the case of legally enforceable demands in civil or commercial matters discussed at paragraph 4.4.2 above, the Regulator will, where appropriate, assert any legal rights or privileges to protect the Confidential Information and resist disclosure (for example, Public Interest Immunity – see paragraph 4.6 below).

        • 4.5 4.5 Compelled testimony in criminal proceedings

          • 4.5.1

            If the Regulator receives a request from a law enforcement agency for a person's answers in an interview conducted under section 206(1)(a) of the FSMR for the purpose of criminal proceedings against the person, the Regulator will, in accordance with section 207(2) of the FSMR, generally notify the person concerned of such request (so that the person has an opportunity to either consent to the disclosure or challenge the request), unless the Regulator is required by law or court order to disclose the statement.

        • 4.6 4.6 Public Interest Immunity

          • 4.6.1

            Public Interest Immunity ("PII") is an immunity from the production of documents or information where their disclosure would be against the public interest. PII is a common law doctrine, developed to allow the courts to reconcile any potential conflict between the following two public interests—

            (a) the interest in the administration of justice which demands that relevant material is available to the parties to litigation; and
            (b) the interest in maintaining the confidentiality of certain documents whose disclosure would be damaging to the public interest.

          • 4.6.2

            When a PII claim is asserted, a court would be required to balance between whether the public interest in disclosing certain information is outweighed by the public interest in preserving the confidentiality of that information.

          • 4.6.3

            A claim of PII, for example, may be appropriate in the circumstances where disclosure would prejudice or otherwise unduly interfere with the Regulator's ability to perform its functions and exercise its powers (including if the disclosure would adversely affect its ability to cooperate with and receive Confidential Information from other Regulatory Authorities).

    • FSRA Confidentiality Policy

      Click herehere to view PDF

    • Guidance — Regulatory Framework for Private Financing Platforms [10 September 2018]

      Click herehere to view PDF

      • 1. 1. Introduction

        • 1.1

          This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“FSRA”) and the Guidance & Policies Manual (“GPM”) of the FSRA.

        • 1.2

          It is applicable to an applicant for a Financial Services Permission (“FSP”) to carry on the Regulated Activity of Operating a Private Financing Platform, as defined in Schedule 1, Chapter 17C, Section 73E of FSMR, and Authorised Persons having received an FSP to do so.

        • 1.3

          This Guidance includes the authorisation criteria that applicants must satisfy to be authorised to undertake the Regulated Activity of Operating a Private Financing Platform (a “PFP Operator”) in addition to their ongoing regulatory requirements.

        • 1.4

          This Guidance, together with the applicable Abu Dhabi Global Market (“ADGM”) Regulations and FSRA Rules governing PFP Operators, is collectively referred to as the “PFP Framework”.

        • 1.5

          This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the FSRA may impose other conditions to address any specific risks posed by the proposed activities of a PFP Operator.

        • 1.6

          The FSRA is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

        • 1.7

          The term “client” is used in this paper to denote the lenders and investors on the buyside of a transaction facilitated through a PFP (a “PFP Transaction”); the PFP Operator will have duties in respect of those clients.

        • 1.8

          Unless otherwise defined or the context requires otherwise, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (“GLO”).

      • 2. 2. Objectives Of The Private Financing Platform Framework

        • 2.1

          Private Financing Platforms (“PFPs”) are online platforms that allow private companies, such as start-ups and small and medium enterprises (“SMEs”) from early to pre-IPO stage, to source financing from private and institutional investors to launch and scale their businesses.

        • 2.2

          PFPs can play an important role in improving access to alternative financing for startups and SMEs, which are key engines of economic growth and diversification in the MENA region. PFPs may include equity funding, private placement and invoice financing platforms that leverage data and technology to unlock new ways of raising money for small businesses from professional investors such as high net worth individuals, private equity, venture capital, family offices, accelerators / incubators and angel investors.

        • 2.3

          Notwithstanding the benefits of a PFP Framework to the financing ecosystem for startups and SMEs, there are risks associated with PFP Transactions that include, but are not limited to, the following:

          (a) Loss of capital: PFPs will mainly attract start-ups and SMEs that have no or very little established track record, for which the observed failure rate is generally high.
          (b) Lack of liquidity: In the absence of a ready secondary market for PFP Transactions, clients face the risk of not being able to exit their PFP Transactions or having to transfer them at a significant discount.
          (c) Lack of information: There may not be sufficient information on the start-ups and SMEs (“PFP Prospects”) seeking financing through the PFP to enable clients to conduct proper due diligence and make fully informed investment decisions.
          (d) Platform failure: Clients of a PFP may not be able to readily recover their assets in the event that a PFP Operator that handles Client Assets fails and becomes insolvent.
          (e) Conflicts of interest between the PFP Operator and clients: The remuneration of a PFP Operator is typically linked to the amount of funds raised so the interests of a PFP Operator may be more aligned with those of the PFP Prospect than those of its client providing financing.

        • 2.4

          In light of these considerations, the FSRA has developed a proportionate, risk-based PFP Framework that facilitates access by start-ups and SMEs to alternate sources of funding, rather than traditional channels, while applying the necessary regulatory safeguards to ensure they operate in a safe and sound manner to protect their clients.

      • 3. 3. Key Features Of The Private Financing Platform Framework

        • 3.1 Definition of Regulated Activity

          The Regulated Activity of Operating a Private Financing Platform is defined in Schedule 1, Chapter 17C, Section 73E of FSMR and captures a number of alternative financing arrangements.

        • 3.2 Clients

          As retail investors, in general, may not fully appreciate the high risks associated with the transactions facilitated through a PFP, the FSRA intends to restrict the accessibility to PFPs under the PFP Framework to primarily Professional Clients.

          PFP Operators generally do not provide financial advisory services to clients. Under these circumstances, the onus is on clients to seek independent financial advice or to make their own evaluation of the risks associated with any potential loan or investment. Professional Clients are considered to be more sophisticated and have more resources and capacity to make informed decisions on prospective debt and equity instruments offered through a PFP after considering the inherent risks.

          There may be instances where a PFP Operator would like to offer its services to potential, sophisticated clients who do not meet the current financial criteria to be classified as a Professional Client. The FSRA may consider allowing the participation of these clients where the FSRA considers them able to adequately understand the risks associated with PFP Transactions, based on their knowledge, skills and experience. In such circumstances, the FSRA may impose other appropriate conditions or safeguards upon the PFP Operator. Further, the PFP Operator’s FSP must permit it to deal with Retail Clients.

          All clients must be pre-screened and on-boarded by the PFP Operator, in accordance with COBS Chapter 2, before being given access to the PFP.

        • 3.3 PFP Prospects

          A PFP Prospect must be a Body Corporate. The FSRA is of the view that a PFP would be an inappropriate forum for use by natural persons seeking financing for a business venture for a number of reasons, including:

          (a) the inappropriateness of a PFP for the formation of partnerships between individuals; and
          (b) the undesirability of posting personal information enabling the clients of a PFP to ascertain the creditworthiness of an individual.

          The FSRA is additionally of the view that a PFP would be inappropriate for capitalising ventures at the pre-incorporation stage of their development, given the lack of track record and the limited scope of potential due diligence that may be undertaken.

        • 3.4 Exempt Offers

          A Security being offered to the public within the ADGM must be accompanied by a Prospectus under Section 61 of FSMR, unless it qualifies as an Exempt Offer. Accordingly, the FSRA will only allow a financing proposal to be published on a PFP where it qualifies as an Exempt Offer through satisfying any of the criteria set out in Markets (“MKT”) Rule 4.3.1, also bearing in mind Rules 4.3.2 and 4.3.3, which are included in Appendix 1 of this Guidance.

        • 3.5 Client Assets

          As best practice, a PFP Operator should appoint an Eligible Custodian to safeguard Client Assets. However, alternative arrangements may be permitted by the FSRA where appropriate safeguards are implemented.

          In the case that a PFP Operator does not appoint an Eligible Custodian, it must comply with:

          (a) the higher capital requirements set out in Prudential – Investment, Insurance Intermediation and Banking (“PRU”) Chapter 3 and Section 4.3(f) of this Guidance; and
          (b) where applicable, the following Conduct of Business (“COBS”) Rules:
          (i) Chapter 14 – Client Money Rules (if holding or controlling Client Money, Providing Custody or Arranging Custody);
          (ii) Chapter 15 – Safe Custody Rules (if holding or controlling Client Investments, Providing Custody or Arranging Custody); and
          (iii) Chapter 16 – Recovery & Resolution Planning for Client Money & Safe Custody Assets (if holding Client Money or Client Investments).

      • 4. 4. Authorisation Criteria For PFP Operators

        • 4.1

          When reviewing an FSP application from a proposed PFP Operator (a “PFP Applicant”), the FSRA will consider the Threshold Conditions set out in FSMR and Chapter 5 of the General (“GEN”) Rulebook and the matters set out in Chapter 2 of the GPM.

        • 4.2

          The Threshold Conditions set out in GEN Rule 5.2.7, require a PFP Applicant to demonstrate to the satisfaction of the FSRA that it:

          (a) has adequate and appropriate resources, including financial resources;
          (b) is fit and proper;
          (c) is capable of being effectively supervised; and
          (d) has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

        • 4.3

          Chapter 2 of the GPM sets out in detail the FSRA’s approach to assessing whether an applicant for an FSP meets the Threshold Conditions above. Some key considerations for PFP Applicants are the following.

           

          (a) Business Model
          The FSRA will consider the PFP Applicant’s proposed business model and assess any potential risks it poses. In particular, the FSRA will consider:
          (i) the nature and structure of the products offered on the PFP;
          (ii) the PFP Applicant’s target clients;
          (iii) the roles and responsibilities of the PFP Applicant;
          (iv) whether the PFP Applicant might have any perceived conflicts of interest when authorised and how these might be managed;
          (v) any proposed outsourcing arrangements with third party service providers;
          (vi) whether the PFP Applicant is proposing to carry out any other Regulated Activities; and
          (vii) the safekeeping arrangements for Client Assets if the PFP Applicant intends to hold these.


          In the case that a PFP Applicant proposes to carry out other Regulated Activities such as Advising on Investments or Credit, Managing Assets or Managing a Collective Investment Fund, the PFP Applicant would need to demonstrate how it would manage any potential conflicts of interest that these activities may pose.

          (b) Track Record
          A PFP Applicant should demonstrate that it or its Group has an established track record in corporate finance or a related business, of a minimum of five years, in a jurisdiction that has a legislative and regulatory framework that is of comparable standard to that of the FSRA. The PFP Applicant or its Group, where applicable, should also be subject to proper supervision by a competent regulatory authority.
          Alternatively, where a PFP Applicant does not have an established track-record of at least five years or meet the regulatory status requirement, the FSRA may take into account (i) the track record of the PFP Applicant’s Controllers/substantial shareholders and (ii) the experience and qualifications of the PFP Applicant’s key individuals, when assessing the application.
          (c) Governing Body
          (i) Licensed Directors – A PFP Applicant which is a Body Corporate incorporated in the ADGM, must register all its Directors with the FSRA in accordance with GEN Rule 5.5.4.
          (ii) Licensed Partners – A PFP Applicant which is Partnership established in the ADGM, must register all its Partners with the FSRA in accordance with GEN Rule 5.5.5.


          These appointments are not required for PFP Applicants that are branches of legal entities domiciled outside the ADGM.

          The PFP Applicant must demonstrate that its Governing Body has sufficient collective skills and experience in corporate finance or related fields to oversee the firm’s operations.

          (d) Mandatory Appointments
          A PFP Applicant must also appoint the following individuals in accordance with GEN Rule 5.5.1:
          (i) Senior Executive Officer (“SEO”) – an SEO who is ultimately responsible for the day-to-day operation, supervision and control of the firm’s operation. The SEO must possess a minimum of five years’ relevant and demonstrable experience and qualifications.
          (ii) Finance Officer (“FO”) – a Finance Officer with the relevant expertise to prepare and oversee its financial reporting.
          (iii) Compliance Officer (“CO”) – a suitably experienced and qualified Compliance Officer who is independent of the firm’s operations and oversees the compliance function.
          (iv) Money Laundering Reporting Officer (“MLRO”) – a suitably experienced and qualified MLRO who is independent of the firm’s operations and responsible for the implementation of the firm’s anti-money laundering controls and the day-to-day oversight of its compliance with the Anti- Money Laundering and Sanctions (“AML”) Rules and Guidance.
          Other considerations for PFP Applicants:
          • The SEO, CO and MLRO must all be resident in the UAE;
          • The CO and MLRO functions may be carried out by the same individual; and
          • The FO, CO and MLRO may be carried out in-house or outsourced to another Group entity or service provider.
          The FSRA will consider the collective suitability of all of the PFP Applicant’s proposed staff and whether there is a sufficient range of individuals with appropriate knowledge, skills and experience to understand, operate and manage the firm's affairs in a sound and prudent manner.
          (e) Systems and Controls
          The FSRA will assess the following governance and control requirements in relation to the PFP Applicant.
          Requirement Rule(s) Note
          Risk
          Management
          GEN 3.3.4 –
          3.3.6
          A PFP Operator must establish and maintain risk management systems and controls to enable it to identify, assess, mitigate, control and monitor its risks.

          This framework should include measures to minimise technology risks associated with the PFP. In particular, a PFP Operator should have measures in place to ensure data integrity and the protection of its technology from fraud, impairment, tampering, misuse or unauthorised access.
          Compliance
          Arrangements
          GEN 3.3.7 –
          3.3.12
          A PFP Operator must establish and maintain compliance arrangements, including processes and procedures that ensure and evidence, as far as reasonably practicable, that it complies with all Regulations and Rules.

          While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with PFP Operator’s SEO and Governing Body.
          Internal audit GEN 3.3.13 –
          3.3.15
          A PFP Operator’s internal audit arrangements should be appropriate to the scale, nature and complexity of its operations.

          The internal audit may be conducted by the internal audit function within the PFP Operator, its Group’s internal audit function or outsourced to a third party service provider.
          Conflicts of
          Interest
          GEN 2.2.7 &
          3.3.21 –
          3.3.24
          A PFP Operator must have arrangements in place to ensure that conflicts of interest between itself and its Customers, between its Employees and Customers and between one Customer and another are identified and prevented or managed, or disclosed, in such a way that the interests of a Customer are not adversely affected.
          (f) Capital Requirements
          A PFP Operator will fall within Prudential Category 4. As set out in PRU Chapter 3, a PFP Operator must maintain at all times Capital Resources in excess of its Capital Requirement, which is the higher of its Base Capital Requirement or Expenditure-Based Capital Minimum.
          The table below sets out the Capital Requirement for PFP Operators:
          Client Asset Arrangements Base Capital
          Requirement
          (USD)
          Expenditure
          Based Capital
          Minimum
          PFP Operator does not hold or control
          Client Assets
          10,000 6/52 x AAE1
          PFP Operator holds or controls Clients
          Assets
          150,000 18/52 X AAE
          (g) Professional Indemnity Insurance (“PII”)
          In accordance with PRU Rule 6.12, a PFP Operator must maintain PII cover appropriate to the nature, size and risk profile of its business.

        • 4.4

          Prior to issuing an FSP, the FSRA may require the technology utilised by a PFP to be at a suitably advanced staged in order for the PFP Applicant to demonstrate the functionality of the platform and its compliance with the PFP Framework.

        • 4.5

          For more details on the process for authorisation as a PFP Operator, please contact the FSRA at: authorisation@adgm.com.

      • 5. 5. Ongoing Requirements For PFP Operations

        • 5.1

          Upon authorisation, a PFP Operator, as a holder of an FSP, must comply at all times with the relevant requirements in FSMR and the FSRA Rulebooks, including GEN, COBS, PRU and AML.

        • 5.2

          The principal conduct rules that apply to PFP Operators are set out in COBS Chapter 18, and are outlined below:

          (a) Risk Warning
          A PFP Operator must publish a prominent risk warning on the PFP which identifies the risks involved in participating in a PFP Transaction. As a minimum the risk warning should address the risks set out in section 2.3 of this Guidance.
          Prior to registering a Client to access the PFP, a PFP Operator must obtain their acknowledgement that they fully understand the risks set out in the risk warning.
          (b) Due Diligence
          The PFP Operator is required to undertake appropriate and proportionate due diligence on a PFP Prospect covering the matters set out in COBS Section 18.4, as a minimum. Where reasonable and prudent, the due diligence review of a PFP Prospect may require independent verification.
          A PFP Operator is not required to disclose its due diligence assessments to clients, although it may choose to do so. However, it is required to disclose and explain in a clear way its selection and acceptance criteria for a PFP Transaction to be offered on its platform. It must also disclose its due diligence methodology for each of its criterion including where the due diligence is undertaken by a third party.
          A PFP Operator must keep records of the due diligence undertaken on all PFP Prospects for the FSRA’s review.
          A PFP Operator must also form a reasonable basis for believing that the PFP Prospect has adequately set out relevant information regarding its proposal in a clear, fair and not misleading manner for clients to make an informed decision including, but not limited to:
          (i) general information about the PFP Prospect including details of its incorporation, commercial licence, directorships, major shareholders, beneficial holders;
          (ii) the business proposal and business model;
          (iii) financial information about the PFP Prospect;
          (iv) criteria by which the PFP Transaction would be regarded as being in default;
          (v) a wind-down plan, including information on the return of Client Assets, in the event of business default/failure of the PFP Prospect;
          (vi) features, structures, and subscription classes of the PFP Transaction;
          (vii) basis of subscription class and allotment to each client;
          (viii) treatment, voting / contractual rights and claims of clients of the PFP Transaction in any particular subscription class;
          (ix) pricing and valuation basis of the PFP Transaction;
          (x) risks specific to the PFP Prospect and PFP Transaction;
          (xi) parties involved in the PFP Transaction and any conflicts of interest, including any financial or other interests that the PFP Operator, its key officers, Employees and Associates have in the PFP Prospect or PFP Transaction;
          (xii) procedures and obligations for clients in any administrative / corporate actions;
          (xiii) whether the PFP Prospect is seeking funding from other sources at the same time;
          (xiv) intended use of funds;
          (xv) treatment of oversubscriptions and maximum amount accepted, if applicable;
          (xvi) any cancellation rights;
          (xvii) format / frequency of performance reporting to clients; and
          (xviii) format / frequency of ongoing disclosure of applicable information in relation to the PFP Transaction and PFP Prospect.
          Any material changes to the information disclosed in the proposal to clients must be updated and notified to clients within a reasonable timeframe and at least ten business days prior to closing of the PFP Transaction.
          (c) Forums / Message Boards
          A PFP Operator is not required to comply with the above disclosure requirements where it is merely gauging the interest of clients on a potential PFP Transaction where the related start-up or SME is not identified.
          In such instances, the PFP Operator should monitor the forum or message board used to gauge client interest to remove any potentially misleading or fraudulent posts.
          (d) Marketing
          As access to PFPs is restricted to registered clients only, mass solicitation, advertising or canvassing is not permitted.
          However, a PFP Operator may promote its platform to the general public. Such communication may include general information about the PFP Operator, its business model, performance and the PFP Prospects accepted on its platform. Such communication must not include any information on specific offers, research or recommendations relating to a PFP Prospect or a PFP transaction.
          (e) Disclosure
          A PFP Operator must disclose the following information to its clients, either in written form or electronically through the PFP, to enable them to make an informed decision on whether to participate in a transaction on the PFP:
          (i) how the PFP operates (e.g. whether it offers loan or investment based financing opportunities, the process for participating in a financing opportunity; how Client Assets are held, how transactions through the PFP may be structured);
          (ii) the PFP Operator’s remuneration model (e.g. whether the PFP Operator is remunerated entirely by PFP Prospects by a percentage of funds raised or on a transaction basis by its clients);
          (iii) the PFP Operator’s roles and obligations (including to clients in any administrative / corporate actions in relation to the PFP Transactions). Where the PFP Operator and clients relationship is non-advisory in nature, the PFP Operator must clearly disclose the fact and that the information presented does not constitute personal advice or a recommendation);
          (iv) the recourse available to clients in the event of the failure of the PFP Operator or the PFP Prospect;
          (v) in the event that there is a material adverse change in the circumstances of PFP Transaction or the PFP Prospect defaults, the PFP Operator’s roles and obligations, including any arrangements in relation to the recovery of the Client Assets; and
          (vi) the general disclosure obligations set out in COBS (e.g. where applicable, the client agreement content in Rule 3.3.2 and potential conflicts of interest in Rule 3.5.4).
          (f) Exit Facility
          A PFP Operator may offer an incidental facility (termed an “Exit Facility”) to permit clients to exit their PFP transactions by allowing them to seek potential “buyers” who are also clients of the PFP Operator in order to transfer their rights and obligations under their loan or investment agreements.
          The Exit Facility should not allow active trading by clients and should be solely an ancillary service provided by the PFP Operator. The Exit Facility must comply with the requirements set out in COBS Section 18.8. In particular, the PFP Operator should not be remunerated for any transaction made through this facility nor should it provide advice to or make arrangements on behalf of clients using this facility.
          Where an Exit Facility exhibits characteristics of a trading facility, the PFP Operator may require a separate FSP for Operating a Multilateral Trading Facility or Operating an Organised Trading Facility2.
          Any investment-based offer made through the Exit Facility must continue to comply with the Exempt Offer criteria set out in Appendix A of this Guidance.
          (g) Intermediate entities
          Where a PFP Operator structures a PFP Transaction using a special purpose vehicle, that vehicle must be incorporated in the ADGM to ensure the ease of administration and greater regulatory oversight in the event of the failure of the PFP Operator.

        • 5.3

          A PFP Operator will also need to consider the applicability of other ADGM Regulations including, but not limited to, the Companies Regulations 2015, Insolvency Regulations 2015, Data Protection Regulations 2015 and the Common Reporting Standard Regulations 2017; as well as other international regulations including the Foreign Account Tax Compliance Act.

        • 5.4

          Chapter 3 of the GPM sets out in detail the FSRA’s risk-based approach to the supervision of Authorised Persons.

      • 6. 6. Other Considerations For PFP Operations

        • 6.1 Fees

          Pursuant to the Fees Rules, a PFP Operator will be required to pay the following fees:

          Initial Authorisation
          Fee
          $5,000 for the Regulated Activity of Operating a Private Financing Platform. An additional $5,000 would apply for each Regulated Activity for which it also seeks an FSP.
          Approved Person
          Application Fee
          $500 for each Approved Person for whom it is seeking
          authorisation.
          Annual Supervision
          Fee
          $5,000 for the Regulated Activity of Operating a Private Financing Platform. An additional $5,000 would apply for each Regulated Activity for which it has an FSP.

           

        • 6.2 Islamic Financial Business

          The Islamic Finance Rules (“IFR”) apply to:

          (a) every Authorised Person, including a PFP Operator, who carries on, or holds itself out as carrying on, an Islamic Financial Business in the ADGM whether as an Islamic Financial Institution or through an Islamic Window; and
          (b) an Authorised Person, including a PFP Operator, making an Offer in the ADGM relating to a Security which is, or is held out as being, a Shari'a-compliant Security.

          Accordingly, should a PFP Operator itself wish to promote a Specified Investment as being Shari’a compliant, it must hold the requisite Islamic Financial Business qualification on its FSP.

      • APPENDIX A APPENDIX A: EXEMPT OFFER CRITERIA

        • Guidance

          This section prescribes the type of Offer that is an Exempt Offer. The prohibition in section 58(1) of the FSMR does not apply to such Offers. Accordingly, a Person may make an Offer of Securities to the Public in the circumstances specified in this Rule without a Prospectus.

        • 4.3.1

          For the purposes of section 61(3)(a) of the FSMR the Regulator hereby prescribes the circumstances in which an Offer is an Exempt Offer:

          (1) an Offer made to or directed at only Professional Clients other than natural Persons;
          (2) an Offer in or from the ADGM which is directed at fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural persons;
          (3) an Offer where the total consideration to be paid by a Person to acquire the Securities is at least $100,000, or an equivalent amount in another currency;
          (4) an Offer where the Securities are denominated in amounts of at least $100,000, or an equivalent amount in another currency;
          (5) an Offer where the total aggregate consideration for the Securities offered is less than $100,000, or an equivalent amount in another currency, calculated over a period of 12 months;
          (6) an Offer where Shares are issued in substitution for Shares of the same class as already issued, where the issue of the new Shares does not involve any increase in the issued Share capital;
          (7) an Offer where the Securities are Convertibles issued under a Prospectus to existing members or creditors of the Issuer or a member of its Group and there is no additional consideration to be paid;
          (8) an Offer where the Securities are offered in connection with a Takeover and a document is made available containing information which is considered by the Regulator as being equivalent to that of a Prospectus;
          (9) an Offer where the Securities are offered, allotted or to be allotted in connection with a merger if a document is available containing information which is regarded by the Regulator as being equivalent to that of a Prospectus;
          (10) an Offer where the Securities are offered, allotted or to be allotted in connection with a rights issue where:
          a. the Securities are of a class subject to Reporting Entity disclosure; and
          b. a document is made available containing information on the number and nature of the Securities including rights attaching to those Securities and the reasons for and details of the Offer;
          (11) an Offer where the Shares are offered, allotted or to be allotted to existing Shareholders free of charge or dividends paid out in the form of Shares of the same class as the Shares in respect of which the dividends are paid, and a document is made available containing information on the number and nature of the Shares and the reasons for and details of the Offer;
          (12) an Offer where the Securities are offered, allotted or to be allotted to an existing or former Director or Employee, or any Close Relative of such a Director or Employee, of the Issuer or a member of the same Group as the Issuer and
          a. the Issuer or the member of the Group already has its Securities admitted to trading on a Regulated Exchange; and
          b. a document is made available to the offerees containing information on the number and nature of the Securities and the reasons for and details of the Offer.

        • 4.3.2

          Where any Securities, which were previously the subject of an Exempt Offer, are subsequently offered to the public, such a subsequent Offer will be regarded, for the purposes of Part 6 of the FSMR and the Rules made for the purposes of that Part, as a separate and new Offer of Securities to the Public, unless that Offer meets one of the criteria in Rule 4.3.1.

        • 4.3.3

          An Offer of Securities remains an Exempt Offer even if the Offer falls in whole or part within more than one of the circumstances specified in Rule 4.3.1, as long as all of the Offer falls within at least one of those circumstances.

    • Supplementary Guidance — Authorisation for Investment Management Activities [10 April 2017]

      • 1. 1. Purpose

        • 1.1

          This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the ADGM Rulebooks.

        • 1.2

          The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Managing Assets or Managing a Collective Investment Fund (collectively referred to as "Investment Management Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant. The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

        • 1.3

          Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

      • 2. 2. Consideration and Assessment of Applications

        • 2.1

          As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:

          (a) has adequate and appropriate resources, including financial resources;
          (b)is fit and proper;
          (c) is capable of being effectively supervised; and
          (d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

        • 2.2

          In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without investment management track record may seek authorisation to conduct Investment Management Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.


          1 A "Start-up" entity is:

          (a) any newly set up business entity which is not part of a Group subject to financial services regulation; or
          (b) any existing business entity which, or whose Group is not subject to financial services regulation.

        • 2.3

          The Regulator will apply a risk-based assessment according to the categories of investment management companies ("Manager") as set out in Table 1 below.

          Table 1 — Categories of Managers

          Category Permissible Activities
          Retail Manager Carrying on business in investment management activities with all types of Clients, including Retail Clients.
          Restricted Manager Carrying on business in investment management activities with Professional Clients only, without restriction on the number of Professional Clients.
          Start-up Manager Carrying on business in investment management with no more than 30 Professional Clients (which may be in the form of funds or other investment vehicles) and the total value of the assets under management ("AUM")2 does not exceed US$250 million.

          2 In determining the value of the AUM:

          (a) Moneys committed by investors but not drawn down should be excluded from the Manager's AUM.
          (b) AUM should be based on the net value of the assets being managed. Any leverage to which the managed assets are exposed should be excluded from the Manager's AUM.

        • 2.4

          For the purpose of the clientele restrictions, a "look through" approach is adopted. For instance, an investment vehicle that is not wholly owned by Professional Clients or in which not all the beneficiaries are Professional Clients will not qualify as a Professional Client. Restricted and Start-up Managers should not target Retail Clients through the use of investment structures that circumvent clientele class restrictions.

      • 3. 3. Minimum Criteria for Authorisation

        • 3.1

          Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the investment management or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.

        • 3.2

          To be a Retail Manager, the applicant should have a total Group AUM of at least US$1 billion.

        • 3.3

          Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.

        • 3.4

          Competency of Key Individuals — A Manager should ensure that the minimum competency criteria, set out in Appendix 1, are met.

        • 3.5

          Capital Requirements — As set out in section 3 of the PRU Rulebook, a Manager must satisfy a Base Capital Requirement or Expenditure-Based Capital Minimum, whichever is higher.

          The table below sets out the Base Capital Requirement for the different categories of Managers.

          Regulated Activity Base Capital Requirement
          Managing Assets US$250,000
          Managing a Public Fund US$150,000
          Managing an Exempt Fund or Qualified Investment Fund US$50,000

          The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.

          Use of shareholders' loans to meet Capital Requirements. Under current rules, the Capital Requirement of a Manager can only be met by certain forms of capital instruments. Recognising that Managers in general have relatively simple capital structures, the Regulator may consider granting a waiver to allow Managers who do not hold client money to use shareholders' loans as eligible capital resources to meet Capital Requirement exceeding the BCR, subject to appropriate ring-fencing conditions.

        • 3.6

          Compliance Arrangements — A Manager shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Manager's Senior Executive Officer ("SEO") and Board of Directors.

        • 3.7

          Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Manager. It should be segregated from and independent of the investment management function. The Manager should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.

        • 3.8

          Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Manager, an internal audit team from the head office of the Manager, or outsourced to a third party service provider, as set out in Appendix 3.

        • 3.9

          Independent Custody — A Manager should ensure that assets under management are subject to independent custody3. The independent custodians should be suitably authorised in their respective jurisdictions.


          3 Unless otherwise provided in the Rules.

        • 3.10

          Valuation & Reporting — A Manager should ensure that assets under management are subject to independent valuation and customer reporting. The Manager may have:

          (a) a third party service provider, such as a fund administrator or custodian, perform the valuation; or
          (b)an in-house asset valuation function4 that is segregated from the investment management function. Such arrangements may be adopted within larger financial services groups where there are sufficient resources and internal controls to provide for effective segregation of both functions.

          The annual audit performed by the independent auditor is intended to serve as a periodic check on the valuation of the assets. Taken on its own, the annual audit will not fulfil the requirement for independent valuation.


          4 Unless otherwise required in the Rules, e.g. Fund Managers of Property Funds pursuant to the FUNDS Rulebook.

        • 3.11

          Professional Indemnity Insurance ["PII"] — As set out in section 6.12 of the PRU Rulebook, a Manager shall maintain PII cover appropriate to the nature, size, and risk profile of the Manager's business. A Retail Manager should obtain a minimum PII coverage as set out in Appendix 4. For Restricted and Start-up Managers, we may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.

          Appendix 1 — Minimum Competency Criteria

            Start-Up Manager Restricted Manager Retail Manager
          (i) Number of Licensed Directors:

          A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.

          Of these Directors,

          •   Minimum years of individual relevant experience#:
          •   Number of Directors resident in the U.A.E.
          At least 2

          5 years

          At least 1
          At least 2*

          5 years

          At least 1
          At least 2*

          5 years

          At least 1
          (ii) Number of Approved Persons residing in the U.A.E:

          Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and Senior Executive Officer ["SEO"] of the Manager.

          Minimum years of relevant experience#:
          At least 2

          5 years
          At least 2

          5 years
          At least 3

          5 years
          (10 years for the SEO)
          (iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:

          Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Manager.
          At least 2 At least 2 At least 3

          #: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Manager. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting regulated activities in respect of discretionary portfolio management activities. Relevant experience may also include sector experience (e.g. corporate strategy and management of businesses), particularly for private equity and venture capital Managers. Directors/Partners, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.

          *: For a Manager that is deemed as high impact or systemically important, the Regulator may require the Manager to have more than 2 directors.

          •   The following are examples where the Regulator would consider a Start-up/Restricted Manager as having met the minimum competency criteria:

          Example 1

          The Manager has two resident Licensed Directors, one of whom is the SEO, who is responsible for the conduct of investment management activities. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and reporting (i.e. not conducting a regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Manager will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional, who will conduct investment management activities. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.

          Example 2

          The Manager has two Licensed Directors conducting investment management activities. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in investment management. One of the directors is the SEO. The Manager should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.

          Example 3

          The Manager in ADGM ("ADGM Manager") is a subsidiary of a foreign-based Manager who is regulated in its home jurisdiction. The ADGM Manager has one resident Licensed Director appointed as the SEO, who has 5 years of relevant experience and carries out investment management activities. The ADGM Manager has another director based overseas. The ADGM Manager will meet the criteria if it employs an additional resident full-time employee/professional to conduct the investment management activities, and this employee will be required to have at least five 5 years of relevant experience.

          Appendix 2: Minimum Compliance Arrangements

          Category Compliance Arrangements
          Retail Manager
          •   The Manager should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.
          •   Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel.
          Restricted Manager
          •   A Manager should have an independent compliance function with staff who are suitably qualified and independent from the front office.
          •   The Manager may, depending on the size and scale of the business:
          (i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or
          (ii) engage an external service provider to support its compliance arrangements. The Manager should ensure that the service provider is competent and familiar with the regulatory requirements for Managers in ADGM. The service provider should be able to provide meaningful onsite presence at the Manager.
          In either case, the Manager should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement;
          Start-up Manager
          •   A Start-up Manager should ensure that it has adequate compliance arrangements appropriate to the scale, nature and complexity of its operations. This may take the form of an independent compliance function, compliance support from overseas affiliates and/or use of external service providers that meet the requirements set out above.

          Appendix 3 — Internal Audit Arrangements

          Category Internal Audit Arrangements
          Retail Manager
          •   The Manager should have an independent and dedicated internal audit function.
          •   The internal audit function may be undertaken by an internal audit team within the Manager, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.
          Restricted Manager
          •   The internal audit function may be undertaken by an internal audit team within the Manager independent from the business functions, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.
          •   Where the Manager does not have a dedicated internal audit function, the adequacy of the Manager's internal audit arrangements should be assessed against the context of the Manager's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by control functions such as risk management and compliance.
          Start-up Manager
          •   The SEO and Board of the Manager are ultimately responsible for ensuring there are adequate internal controls within the Manager and should take reasonable measures to ensure that the internal controls are complied with.

          Appendix 4 — PII Coverage for Retail Managers

          •   PII coverage — A Retail Manager should maintain a PII coverage as follows:
          Min PII Remarks
          0.15% x AUM
          (subject to a cap of
          US$15mil)
          •   Copy of PII to be submitted to the Regulator on an annual basis.
          •   Amount of PII deductible should not exceed 20% of the Manager's CET1 Capital.
          •   Alternative PII — The Regulator may consider alternative forms of PII subject to the following conditions:
          Type Conditions
          Group PII
          •   Minimum coverage to be at least 5 times the required quantum under a standalone non-hybrid PII.
          •   If the deductible of the Group PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.
          Hybrid PII
          •   Sub-limits to be set for the non-PII sections of the hybrid PII.
          •   Total coverage under the hybrid PII less the sub-limits for the non-PII sections should be at least equivalent to the required quantum under a standalone non-hybrid PII.
          Group Hybrid PII
          •   Sub-limits to be set for the non-PII sections of the Group hybrid PII.
          •   Total coverage of the Group hybrid PII less the sub-limits for the non-PII sections has to be at least 5 times the required quantum under a standalone non-hybrid PII.
          •   If the deductible of the Group hybrid PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.

    • Supplementary Guidance — Authorisation for Investment Management Activities

      Click herehere to view PDF

    • Supplementary Guidance — Regulatory Framework for Fund Managers of Venture Capital Funds [15 May 2017]

      Click herehere to view PDF

    • FinTech Regulatory Laboratory Guidance

      Click herehere to view PDF

    • FinTech Regulatory Laboratory Guidance [02 November 2016]

      • 1. 1. Introduction

        • 1.1

          This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the relevant FSRA Rulebooks where applicable.

        • 1.2

          The Guidance is applicable to the following Persons:

          (a) an applicant for a Financial Services Permission to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab in or from ADGM; and/or
          (b) a FinTech Participant.

        • 1.3

          This Guidance sets out the Financial Services Regulatory Authority's ("FSRA's" or the "Regulator's") approach to the Regulatory Laboratory ("RegLab") framework. In particular, this Guidance includes the eligibility and authorisation criteria applicants must satisfy to be authorised as FinTech Participants, the authorisation process, the types of restrictions that the Regulator may impose on the FinTech Participants' conduct, as well as the information that FinTech Participants may be required to produce to the Regulator.

        • 1.4

          This Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other parameters to address any specific risks posed by the proposed activities of the applicant to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

        • 1.5

          The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

        • 1.6

          Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

      • 2. 2. Objectives Of The Reglab Framework

        • 2.1

          FinTech allows the use of new technologies in the financial services industry to improve operational and customer engagement capabilities by leveraging analytics, data management and digital functions.

        • 2.2

          The fast evolving FinTech landscape where new and emerging FinTech solutions are becoming more diverse and sophisticated requires a responsive and progressive regulatory framework to facilitate the development, testing and adoption of promising FinTech innovations. In particular, the FinTech regulatory framework should encourage, rather than front-run innovation, should be tailored and proportionate to the materiality of the risks posed, and should be responsive to support time-to-market of new FinTech solutions in a cost-efficient environment.

        • 2.3

          In light of these considerations, FSRA has created the RegLab, which is a specially tailored regulatory framework that provides a controlled environment for FinTech Participants to develop and test innovative FinTech solutions without immediately being subject to all the regulatory requirements that would otherwise apply to Authorised Persons.

      • 3. 3. The Reglab's Intended Participants

        • 3.1

          FSRA's RegLab framework may apply to two categories of FinTech Participants:-

          (a) those who have a FinTech product that is untested in the UAE market, to enable the FinTech Participants to live-test the product in a clearly demarcated environment in ADGM with controlled scope and scale, without attracting the full suite of regulatory requirements; and
          (b) those who may already be offering their FinTech product in the market, but wish to continue researching and developing it, and to live-test and offer any product enhancements, variations or new features on a limited rollout basis within the confines of the RegLab.

        • 3.2

          The RegLab is not intended to be a platform for firms to launch an established FinTech product which complies with all relevant regulatory requirements to a wider market. Financial institutions wishing to pilot and launch their complying technological innovations can do so in the ADGM under the existing authorisation and supervisory regime under the FSMR, without the need for the RegLab authorisation.

      • 4. 4. Features Of The Reglab

        • Developing Financial Technology Services within the RegLab

          • 4.1

            FinTech Participants that qualify for authorisation under the RegLab framework will be granted an FSRA Financial Services Permission ("FSP") in accordance with section 30 of the FSMR to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

          • 4.2

            Developing Financial Technology Services within the RegLab means the Regulated Activity specified in paragraph 73A of Schedule 1 to the FSMR.

          • 4.3

            The FinTech Participant authorised under the RegLab will be required to establish a commercial presence in ADGM.

        • Blank-Sheet Approach

          • 4.4

            The legislative requirements applicable to FinTech Participants under the RegLab framework will be tailored according to the specific characteristics and risks associated with the FinTech Proposal. This approach is consistent with the Regulator's objective to offer a responsive and risk-appropriate regulatory framework.

          • 4.5

            The requirements that will apply to FinTech participants under the RegLab framework may be adapted from existing regulations (including but not limited to the FSMR) and the FSRA Rules, as applicable.

          • 4.6

            As such, generally, the regulatory requirements applicable to all Persons to whom the FSMR applies would initially apply to each applicant for an FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

          • 4.7

            On receipt of the RegLab application, the Regulator will work with the applicant to identify those Rules (or Rulebooks, as the case may be) that are not relevant to the applicant's FinTech Proposal. The Regulator may then waive or modify any of these Rules or Rulebooks (in part or entirely, as appropriate) by way of a waiver or a modification notice.

          • 4.8

            As certain Rules will be waived or modified for the FinTech Participant under the RegLab, the Regulator will, among other things:-

            (a) set client and exposure limits to limit the scope and scale of the FinTech Participant's test activities; and
            (b) impose boundaries/geographical restrictions to ensure that client impact is controlled and the clients' interests are protected.

            Please refer to section 5.2 below titled Authorisation Requirements for further details of the requirements that the Regulator may impose.

          • 4.9

            The Regulator may vary the applicable waivers and modifications as the FinTech Participants progress through different stages of testing of their FinTech solution. Variations will be subject to the changing risks that the FinTech Proposal may pose at any point.

          • 4.10

            The RegLab is not intended to create a risk-free FinTech environment — an acceptable degree of risk is unavoidable in all innovation and entrepreneurial endeavours. What the RegLab aims to achieve is a controlled environment that promotes FinTech innovation, yet minimises the risks of poor client outcomes posed by these innovative solutions.

        • Two-year validity period

          • 4.11

            The FSP granted under the RegLab will have a validity period of up to two years for the FinTech Participant to test its FinTech solution.

          • 4.12

            At the end of the two-year validity period (or earlier if the size, scale or progress of the FinTech Proposal warrants), the FinTech Participant will exit the RegLab and, if eligible, migrate to the full authorisation and supervisory regime under the FSMR.

          • 4.13

            To be eligible to migrate to the full authorisation and supervisory regime, the FinTech Participant will be required to demonstrate to the Regulator that it:-

            (a) has achieved its intended test outcomes under the RegLab so as to deploy the FinTech product on a broader scale, and
            (b) continues to be fit and proper to be an Authorised Person in the ADGM.

          • 4.14

            If the FinTech Participant is unable to satisfy the above criteria, it will be required to cease carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab. The deadline for ceasing the Regulated Activity will be upon the expiry of its RegLab FSP, or at such time as the Regulator varies or cancels the FSP in accordance with section 33 of the FSMR. Please refer to section 8 below for more details.

          • 4.15

            During the two-year validity period, the Regulator will engage with and support the FinTech Participant and ensure the FinTech Participant operates within the parameters as set and agreed to prior to the grant of the FSP.

          • 4.16

            The two-year validity period of the authorisation granted under the RegLab may be extended in exceptional circumstances only, determined at the Regulator's discretion on a case-by-case basis.

        • Dedicated FinTech supervisory team

          • 4.17

            The Regulator's dedicated FinTech supervisory team will provide tailored guidance and support to applicants interested in applying to the RegLab and guide them in, among other things:-

            (a) understanding the RegLab regulatory framework;
            (b) preparing their RegLab application;
            (c) drawing up a risk-appropriate testing parameters; and
            (d) meeting their ongoing regulatory requirements.

      • 5. 5. Reglab Authorisation Criteria

        • Evaluation Criteria

          • 5.1

            To qualify for authorisation under the RegLab framework, the applicant must demonstrate how it satisfies the following evaluation criteria:

            (a) the FinTech Proposal promotes FinTech innovation, in terms of the business application and deployment model of the technology.
            (b) the FinTech Proposal has the potential to:
            i. promote significant growth, efficiency or competition in the financial sector;
            ii. promote better risk management solutions and regulatory outcomes for the financial industry; or
            iii. improve the choices and welfare of clients.
            (c) the FinTech Proposal is at a sufficiently advanced stage of development to mount a live test.
            (d) the FinTech Proposal can be deployed in the ADGM and the UAE on a broader scale or contribute to the development of ADGM as a financial centre, and, if so, how the applicant intends to do so on completion of the validity period.

        • Authorisation Requirements

          • 5.2

            In order to become authorised under the RegLab framework, the applicant must also demonstrate to the satisfaction of the Regulator that it:

            (a) satisfies, and will continue to satisfy, any Threshold Conditions made under section 7(2) of the FSMR, including but not limited to the following:
            i. the applicant has adequate and appropriate resources, including financial resources, to develop and test its FinTech Proposal;
            ii. the applicant is fit and proper; and
            iii. the applicant has relevant technical and business knowledge and experience to develop and test the FinTech Proposal;
            (b) is able to clearly define the FinTech Proposal's test parameters, control boundaries, key milestones and intended outcomes;
            (c) is able to propose an acceptable reporting schedule to report to the Regulator on the status and progress of development and testing of its FinTech Proposal;
            (d) is able to satisfactorily detail the safeguards that have been put in place, and demonstrate how they are appropriate to the FinTech Proposal being tested, the risks that are posed and the type of clients that are likely to be affected by the proposed innovation;
            (e) is able to set out a fair and proper exit strategy for clients should the FinTech Proposal be discontinued, completed or deployed on a broader scale outside the RegLab; and
            (f) is able to satisfy all applicable ADGM Regulations, Rules, conditions and/or limitations that the Regulator may prescribe.

      • 6. 6. Application Process For Authorisation

        • 6.1

          If the applicant is suitable participant for the FSRA's RegLab framework (refer to section 3) and meets the authorisation criteria (set out in section 5 above), it can proceed to complete and submit the RegLab Application Form. A copy of the RegLab Application Form is attached at Appendix A to this Guidance and can be submitted to the Regulator by email at FinTech@adgm.com.

        • 6.2

          Once the applicant has submitted its RegLab application form, the Regulator will review the application and inform the applicant whether the FinTech Proposal potentially qualifies for the RegLab.

        • 6.3

          The Regulator will work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the FinTech solution in question. The applicant will then assess if it is able to meet these requirements.

        • 6.4

          If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant will be granted an FSP in accordance with section 30 of the FSMR to carry on the Regulated Activity of "Developing Financial Technology Services within the RegLab".

        • 6.5

          Once the Regulator grants the FSP, the FinTech Participant will be able to develop and test its FinTech product within the parameters and control boundaries agreed upon with the Regulator.

        • 6.6

          Figure 1 overleaf depicts the RegLab application process.

          Figure 1: RegLab Application Process

      • 7. 7. Conditions / Limitations On The Fintech Participants

        • 7.1

          On being granted the FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab, the Regulator may impose limitations or conditions on the FinTech Participant in accordance with sections 30(4) and 35 of the FSMR. These may include, but are not limited to, any of the following:

          (a) the number and type of Clients with or for whom the FinTech Participant carries on, or intends to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab;
          (b) the type and size of Client transactions that the FinTech Participant is permitted to enter into;
          (c) the suitability assessment and Clients' written consent required prior to carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab;
          (d) the FinTech Participant's ability (if any) to hold or control Client Money and Client Investments;
          (e) the requirements surrounding the FinTech Participant's handling and protection of Client information;
          (f) the manner and type of financial promotion that the FinTech Participant may undertake and the associated disclosures that the FinTech Participant is required to make to Clients1;
          (g) the key information required to be contained in a Client Agreement;
          (h) the prevention of money laundering and countering the financing of terrorism measures that the FinTech Participant is required to implement2;
          (i) the FinTech Participant's capital requirements (if any)3;
          (j) the FinTech Participant's financial and other reporting requirements;
          (k) any other safeguards to protect the interests of Clients or maintain the safety and soundness of the financial system as the Regulator may prescribe.

          1Requiring appropriate disclosures to, and consent of clients willing to use the FinTech product in order for clients to make an informed decision.

          2If the Regulator has greater concerns regarding a FinTech solution, it may require the FinTech Participant to appoint an established financial institutions as a sponsor to undertake responsibility for compliance assurance or resolution of any client issue if a test does not perform as expected — e.g. the trial deployment of a robo-advisor may be excluded from Anti Money Laundering/Know Your Client due diligence if the consumer opens an investment account with a sponsor bank, which takes on the corresponding regulatory obligations.

          3For example, reducing or waiving capital requirements where the Regulator deems appropriate.

        • 7.2

          FSRA may, at any time through the life-cycle of the FinTech Proposal, by notice in writing to the FinTech Participant, cancel or vary any condition or restriction imposed on the FinTech Participant or impose such further condition or restriction as it may think fit in accordance with sections 33, 35 and 36 of the FSMR.

      • 8. 8. Exiting The Reglab

        • 8.1

          At the end of the two-year validity period, the FSP for the RegLab will expire.

        • 8.2

          Unless an application to extend the two-year validity period is made at least three months before its expiry, or at such time as is otherwise agreed by the Regulator4, the FinTech Participant will have to exit the RegLab and choose to either:

          (a) migrate to the full authorisation and supervisory regime under the FSMR and deploy its FinTech solution on a broader scale; or
          (b) employ an exit strategy.

          4 Please refer to paragraphs 8.5–8.6 of this Guidance.

        • 8.3

          The exit strategy of a FinTech Participant may vary according to its commercial needs. For example, the FinTech Participant may choose to cease its business at the end of the validity period, or it may transfer its FinTech product and any clients to other authorised financial institutions.

        • 8.4

          The two-year validity period of the authorisation granted under the RegLab may only be extended in exceptional circumstances.

        • 8.5

          In applying for an extension of the validity period, the FinTech Participant shall provide the justifications for extension to the Regulator in such form and manner as FSRA may prescribe.

        • 8.6

          All applications for an extension of the validity period are to be determined at the Regulator's discretion on a case-by-case basis. The Regulator reserves the right to refuse an application for an extension of the validity period if it is of the view that it is desirable to do so in order to further one or more of its regulatory objectives.

        • Cancellation of the FSP

          • 8.7

            FSRA may cancel the FSP on the application of the FinTech Participant, in accordance with section 32 of the FSMR, or on the initiative of the Regulator, in accordance with section 33 of the FSMR, if it appears to the Regulator that:

            (a) the FinTech Participant is failing, or is likely to fail, to satisfy the Threshold Conditions made under section 7(2) of the FSMR and set out in paragraph 5.2(a) of this Guidance;
            (b) it is desirable to exercise this power to further one or more of the Regulator's objectives, including, for example, if:
            i. the FinTech Participant is failing, or is likely to fail, to satisfy the authorisation requirements set out in section 5.2(b)–(f) of this Guidance; or
            ii. the FinTech Participant is failing, or is likely to fail, to satisfy the limitations or conditions set out in section 7.1 of this Guidance; or
            (c) the FinTech Participant has committed a contravention of the FSMR or any Rules made under the FSMR.

    • Supplementary Guidance — Authorisation for Dealing Activities [21 October 2015]

      • 1. 1. Purpose

        • 1.1

          This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR, the ADGM Rulebook and other applicable Rules.

        • 1.2

          The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Dealing in Investments as Principal, Dealing in Investments as Agent, or Arranging Deals in Investments (collectively referred to as "Dealing Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant.

        • 1.3

          Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

      • 2. 2. Consideration and Assessment of Applications

        • 2.1

          As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:

          (a) has adequate and appropriate resources, including financial resources;
          (b)is fit and proper;
          (c) is capable of being effectively supervised; and
          (d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

        • 2.2

          In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without relevant track record may seek authorisation to conduct Dealing Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.


          1 A "Start-up" entity is:

          (a) any newly set up business entity which is not part of a Group subject to financial services regulation; or
          (b) any existing business entity which, or whose Group is not subject to financial services regulation.

        • 2.3

          The Regulator will apply a risk-based assessment according to the categories of dealers ("Dealers") as set out in Table 1 below. The applicant should ensure that the category it chooses accommodates its needs over a reasonable timeframe.

          Table 1 — Categories of Dealers

          Category Permissible Activities
          Retail Dealer Dealing in investments with or for all types of Clients, including Retail Clients.
          Institutional Dealer Dealing in investments only with or for Professional Clients in the ordinary course of business.
          Restricted Dealer Dealing in investments only with or for Professional Clients and:
          •   does not carry any customers' positions or accounts on its own books2; and
          •   does not receive, hold or control Client Assets.

          2 This includes any intra-day positions pending settlement or undertaking of settlement risks.

      • 3. 3. Minimum Criteria for Authorisation

        • 3.1

          Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the dealing or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.

        • 3.2

          To be a Retail Dealer, the applicant should have a total Group shareholders' funds of at least US$200 million.

        • 3.3

          Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.

        • 3.4

          Competency of Key Individuals — A Dealer should ensure that the minimum competency criteria, set out in Appendix 1, are met.

        • 3.5

          Capital Requirements — As set out in section 3 of the PRU Rulebook, a Dealer must meet the following minimum capital requirements:

          Table 2 — Capital Requirement

          Category Capital Requirement
          Retail Dealer / Institutional Dealer (Dealing as principal)
          (a)Base Capital Requirement of US$2,000,000;
          (b)Expenditure-Based Capital Minimum; or
          (c)Risk Capital Requirement; whichever is higher.
          Retail Dealer / Institutional Dealer (Dealing as agent)
          (a)Base Capital Requirement of US$500,000;
          (b)Expenditure-Based Capital Minimum; or
          (c)Risk Capital Requirement; whichever is higher.
          Restricted Dealer3
          (a)Base Capital Requirement of US$10,000; or
          (b)Expenditure-Based Capital Minimum; whichever is higher.

          The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.


          3 As set out in section 6.12 of the PRU Rulebook, a Restricted Dealer shall maintain PII cover appropriate to the nature, size, and risk profile of its business. We may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.

        • 3.6

          Compliance Arrangements — A Dealer shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Dealer's Senior Executive Officer ("SEO") and Board of Directors.

        • 3.7

          Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Dealer. It should be segregated from and independent of the front office function. The Dealer should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.

        • 3.8

          Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Dealer, an internal audit team from the head office of the Dealer, or outsourced to a third party service provider, as set out in Appendix 3.

          Appendix 1 — Minimum Competency Criteria

            Restricted Dealer Institutional Dealer Retail Dealer
          (i) Number of Licensed Directors:

          A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.

          Minimum years of relevant experience#:

          Of these Directors,

          •   Number of executive Directors:

          Executive Directors are employed full-time in the day-to-day operations of the company and should be resident in the U.A.E.
          •   Minimum years of relevant experience# of Senior Executive Officer ["SEO"]:

          The SEO is a Controlled Function set out in GEN 5.3.2.
          At least 2

          5 years

          At least 1

          5 years
          At least 2*

          5 years

          At least 1

          5 years
          At least 2*

          5 years

          At least 1

          10 years
          (ii) Number of Approved Persons residing in the U.A.E:

          Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and SEO of the Dealer.

          Minimum years of relevant experience#:
          At least 2

          5 years
          At least 2

          5 years
          At least 3

          5 years
          (iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:

          Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Dealer.
          At least 2 At least 2 At least 3

          #: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Dealer. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting Dealing Activities on behalf of customers. Directors/Parnters, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.

          *: For a Dealer that is deemed as high impact or systemically important, the Regulator may require the Dealer to have at least more than 2 directors.

          •   The following are examples where the Regulator would consider a Restricted/Institutional Dealer as having met the minimum competency criteria:

          Example 1

          The Dealer has two executive resident directors, one of whom is the SEO, who is responsible for dealing function. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and risk management (i.e. not engaged in regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Dealer will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional on the dealing desk. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.

          Example 2

          The Dealer has two executive directors as dealers. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in dealing activities. One of the directors is the SEO. The Dealer should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.

          Example 3

          The Dealer in ADGM ("ADGM Dealer") is a subsidiary of a foreign-based Dealer who is regulated in its home jurisdiction. The ADGM Dealer has one resident executive director appointed as the SEO, who has 5 years of relevant experience and heads the dealing function. The ADGM Dealer has another director based overseas. The ADGM Dealer will meet the criteria if it employs an additional resident full-time employee/professional to conduct dealing activities, and this employee will be required to have at least five 5 years of relevant experience.

          Appendix 2: Minimum Compliance Arrangements

          Category Compliance Arrangements
          Retail Dealer
          •   The Dealer should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.
          •   Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel.
          Institutional Dealer
          •   The Dealer should have an independent compliance function with staff who are suitably qualified and independent from the front office.
          •   The Dealer may, depending on the size and scale of the business:
          (i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or
          (ii) engage an external service provider to support its compliance arrangements. The Dealer should ensure that the service provider is competent and familiar with the regulatory requirements for Dealers in ADGM. The service provider should be able to provide meaningful onsite presence at the Dealer.
          In either case, the Dealer should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement;
          Restricted Dealer

          Appendix 3 — Internal Audit Arrangements

          Category Internal Audit Arrangements
          Retail Dealer
          •   The Dealer should have an independent and dedicated internal audit function.
          •   The internal audit function may be undertaken by an internal audit team within the Dealer, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.
          Institutional Dealer
          •   The internal audit function may be undertaken by an internal audit team within the Dealer independent from the business functions, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.
          •   Where the Dealer does not have a dedicated internal audit function, the adequacy of the Dealer's internal audit arrangements should be assessed against the context of the Dealer's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by other control functions such as risk management and compliance.
          Restricted Dealer
          •   The SEO and Board of the Dealer are ultimately responsible for ensuring there are adequate internal controls within the Dealer and should take reasonable measures to ensure that the internal controls are complied with.

    • Supplementary Guidance — Authorisation for Dealing Activities

      Click herehere to view PDF