• GUIDANCE & POLICY STATEMENTS

    • FinTech Regulatory Laboratory Guidance

      Click herehere to view PDF

      • FinTech Regulatory Laboratory Guidance [02 November 2016]

        • 1. 1. Introduction

          • 1.1

            This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the relevant FSRA Rulebooks where applicable.

          • 1.2

            The Guidance is applicable to the following Persons:

            (a) an applicant for a Financial Services Permission to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab in or from ADGM; and/or
            (b) a FinTech Participant.

          • 1.3

            This Guidance sets out the Financial Services Regulatory Authority's ("FSRA's" or the "Regulator's") approach to the Regulatory Laboratory ("RegLab") framework. In particular, this Guidance includes the eligibility and authorisation criteria applicants must satisfy to be authorised as FinTech Participants, the authorisation process, the types of restrictions that the Regulator may impose on the FinTech Participants' conduct, as well as the information that FinTech Participants may be required to produce to the Regulator.

          • 1.4

            This Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other parameters to address any specific risks posed by the proposed activities of the applicant to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

          • 1.5

            The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

          • 1.6

            Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

        • 2. 2. Objectives Of The Reglab Framework

          • 2.1

            FinTech allows the use of new technologies in the financial services industry to improve operational and customer engagement capabilities by leveraging analytics, data management and digital functions.

          • 2.2

            The fast evolving FinTech landscape where new and emerging FinTech solutions are becoming more diverse and sophisticated requires a responsive and progressive regulatory framework to facilitate the development, testing and adoption of promising FinTech innovations. In particular, the FinTech regulatory framework should encourage, rather than front-run innovation, should be tailored and proportionate to the materiality of the risks posed, and should be responsive to support time-to-market of new FinTech solutions in a cost-efficient environment.

          • 2.3

            In light of these considerations, FSRA has created the RegLab, which is a specially tailored regulatory framework that provides a controlled environment for FinTech Participants to develop and test innovative FinTech solutions without immediately being subject to all the regulatory requirements that would otherwise apply to Authorised Persons.

        • 3. 3. The Reglab's Intended Participants

          • 3.1

            FSRA's RegLab framework may apply to two categories of FinTech Participants:-

            (a) those who have a FinTech product that is untested in the UAE market, to enable the FinTech Participants to live-test the product in a clearly demarcated environment in ADGM with controlled scope and scale, without attracting the full suite of regulatory requirements; and
            (b) those who may already be offering their FinTech product in the market, but wish to continue researching and developing it, and to live-test and offer any product enhancements, variations or new features on a limited rollout basis within the confines of the RegLab.

          • 3.2

            The RegLab is not intended to be a platform for firms to launch an established FinTech product which complies with all relevant regulatory requirements to a wider market. Financial institutions wishing to pilot and launch their complying technological innovations can do so in the ADGM under the existing authorisation and supervisory regime under the FSMR, without the need for the RegLab authorisation.

        • 4. 4. Features Of The Reglab

          • Developing Financial Technology Services within the RegLab

            • 4.1

              FinTech Participants that qualify for authorisation under the RegLab framework will be granted an FSRA Financial Services Permission ("FSP") in accordance with section 30 of the FSMR to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

            • 4.2

              Developing Financial Technology Services within the RegLab means the Regulated Activity specified in paragraph 73A of Schedule 1 to the FSMR.

            • 4.3

              The FinTech Participant authorised under the RegLab will be required to establish a commercial presence in ADGM.

          • Blank-Sheet Approach

            • 4.4

              The legislative requirements applicable to FinTech Participants under the RegLab framework will be tailored according to the specific characteristics and risks associated with the FinTech Proposal. This approach is consistent with the Regulator's objective to offer a responsive and risk-appropriate regulatory framework.

            • 4.5

              The requirements that will apply to FinTech participants under the RegLab framework may be adapted from existing regulations (including but not limited to the FSMR) and the FSRA Rules, as applicable.

            • 4.6

              As such, generally, the regulatory requirements applicable to all Persons to whom the FSMR applies would initially apply to each applicant for an FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

            • 4.7

              On receipt of the RegLab application, the Regulator will work with the applicant to identify those Rules (or Rulebooks, as the case may be) that are not relevant to the applicant's FinTech Proposal. The Regulator may then waive or modify any of these Rules or Rulebooks (in part or entirely, as appropriate) by way of a waiver or a modification notice.

            • 4.8

              As certain Rules will be waived or modified for the FinTech Participant under the RegLab, the Regulator will, among other things:-

              (a) set client and exposure limits to limit the scope and scale of the FinTech Participant's test activities; and
              (b) impose boundaries/geographical restrictions to ensure that client impact is controlled and the clients' interests are protected.

              Please refer to section 5.2 below titled Authorisation Requirements for further details of the requirements that the Regulator may impose.

            • 4.9

              The Regulator may vary the applicable waivers and modifications as the FinTech Participants progress through different stages of testing of their FinTech solution. Variations will be subject to the changing risks that the FinTech Proposal may pose at any point.

            • 4.10

              The RegLab is not intended to create a risk-free FinTech environment — an acceptable degree of risk is unavoidable in all innovation and entrepreneurial endeavours. What the RegLab aims to achieve is a controlled environment that promotes FinTech innovation, yet minimises the risks of poor client outcomes posed by these innovative solutions.

          • Two-year validity period

            • 4.11

              The FSP granted under the RegLab will have a validity period of up to two years for the FinTech Participant to test its FinTech solution.

            • 4.12

              At the end of the two-year validity period (or earlier if the size, scale or progress of the FinTech Proposal warrants), the FinTech Participant will exit the RegLab and, if eligible, migrate to the full authorisation and supervisory regime under the FSMR.

            • 4.13

              To be eligible to migrate to the full authorisation and supervisory regime, the FinTech Participant will be required to demonstrate to the Regulator that it:-

              (a) has achieved its intended test outcomes under the RegLab so as to deploy the FinTech product on a broader scale, and
              (b) continues to be fit and proper to be an Authorised Person in the ADGM.

            • 4.14

              If the FinTech Participant is unable to satisfy the above criteria, it will be required to cease carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab. The deadline for ceasing the Regulated Activity will be upon the expiry of its RegLab FSP, or at such time as the Regulator varies or cancels the FSP in accordance with section 33 of the FSMR. Please refer to section 8 below for more details.

            • 4.15

              During the two-year validity period, the Regulator will engage with and support the FinTech Participant and ensure the FinTech Participant operates within the parameters as set and agreed to prior to the grant of the FSP.

            • 4.16

              The two-year validity period of the authorisation granted under the RegLab may be extended in exceptional circumstances only, determined at the Regulator's discretion on a case-by-case basis.

          • Dedicated FinTech supervisory team

            • 4.17

              The Regulator's dedicated FinTech supervisory team will provide tailored guidance and support to applicants interested in applying to the RegLab and guide them in, among other things:-

              (a) understanding the RegLab regulatory framework;
              (b) preparing their RegLab application;
              (c) drawing up a risk-appropriate testing parameters; and
              (d) meeting their ongoing regulatory requirements.

        • 5. 5. Reglab Authorisation Criteria

          • Evaluation Criteria

            • 5.1

              To qualify for authorisation under the RegLab framework, the applicant must demonstrate how it satisfies the following evaluation criteria:

              (a) the FinTech Proposal promotes FinTech innovation, in terms of the business application and deployment model of the technology.
              (b) the FinTech Proposal has the potential to:
              i. promote significant growth, efficiency or competition in the financial sector;
              ii. promote better risk management solutions and regulatory outcomes for the financial industry; or
              iii. improve the choices and welfare of clients.
              (c) the FinTech Proposal is at a sufficiently advanced stage of development to mount a live test.
              (d) the FinTech Proposal can be deployed in the ADGM and the UAE on a broader scale or contribute to the development of ADGM as a financial centre, and, if so, how the applicant intends to do so on completion of the validity period.

          • Authorisation Requirements

            • 5.2

              In order to become authorised under the RegLab framework, the applicant must also demonstrate to the satisfaction of the Regulator that it:

              (a) satisfies, and will continue to satisfy, any Threshold Conditions made under section 7(2) of the FSMR, including but not limited to the following:
              i. the applicant has adequate and appropriate resources, including financial resources, to develop and test its FinTech Proposal;
              ii. the applicant is fit and proper; and
              iii. the applicant has relevant technical and business knowledge and experience to develop and test the FinTech Proposal;
              (b) is able to clearly define the FinTech Proposal's test parameters, control boundaries, key milestones and intended outcomes;
              (c) is able to propose an acceptable reporting schedule to report to the Regulator on the status and progress of development and testing of its FinTech Proposal;
              (d) is able to satisfactorily detail the safeguards that have been put in place, and demonstrate how they are appropriate to the FinTech Proposal being tested, the risks that are posed and the type of clients that are likely to be affected by the proposed innovation;
              (e) is able to set out a fair and proper exit strategy for clients should the FinTech Proposal be discontinued, completed or deployed on a broader scale outside the RegLab; and
              (f) is able to satisfy all applicable ADGM Regulations, Rules, conditions and/or limitations that the Regulator may prescribe.

        • 6. 6. Application Process For Authorisation

          • 6.1

            If the applicant is suitable participant for the FSRA's RegLab framework (refer to section 3) and meets the authorisation criteria (set out in section 5 above), it can proceed to complete and submit the RegLab Application Form. A copy of the RegLab Application Form is attached at Appendix A to this Guidance and can be submitted to the Regulator by email at FinTech@adgm.com.

          • 6.2

            Once the applicant has submitted its RegLab application form, the Regulator will review the application and inform the applicant whether the FinTech Proposal potentially qualifies for the RegLab.

          • 6.3

            The Regulator will work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the FinTech solution in question. The applicant will then assess if it is able to meet these requirements.

          • 6.4

            If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant will be granted an FSP in accordance with section 30 of the FSMR to carry on the Regulated Activity of "Developing Financial Technology Services within the RegLab".

          • 6.5

            Once the Regulator grants the FSP, the FinTech Participant will be able to develop and test its FinTech product within the parameters and control boundaries agreed upon with the Regulator.

          • 6.6

            Figure 1 overleaf depicts the RegLab application process.

            Figure 1: RegLab Application Process

        • 7. 7. Conditions / Limitations On The Fintech Participants

          • 7.1

            On being granted the FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab, the Regulator may impose limitations or conditions on the FinTech Participant in accordance with sections 30(4) and 35 of the FSMR. These may include, but are not limited to, any of the following:

            (a) the number and type of Clients with or for whom the FinTech Participant carries on, or intends to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab;
            (b) the type and size of Client transactions that the FinTech Participant is permitted to enter into;
            (c) the suitability assessment and Clients' written consent required prior to carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab;
            (d) the FinTech Participant's ability (if any) to hold or control Client Money and Client Investments;
            (e) the requirements surrounding the FinTech Participant's handling and protection of Client information;
            (f) the manner and type of financial promotion that the FinTech Participant may undertake and the associated disclosures that the FinTech Participant is required to make to Clients1;
            (g) the key information required to be contained in a Client Agreement;
            (h) the prevention of money laundering and countering the financing of terrorism measures that the FinTech Participant is required to implement2;
            (i) the FinTech Participant's capital requirements (if any)3;
            (j) the FinTech Participant's financial and other reporting requirements;
            (k) any other safeguards to protect the interests of Clients or maintain the safety and soundness of the financial system as the Regulator may prescribe.

            1Requiring appropriate disclosures to, and consent of clients willing to use the FinTech product in order for clients to make an informed decision.

            2If the Regulator has greater concerns regarding a FinTech solution, it may require the FinTech Participant to appoint an established financial institutions as a sponsor to undertake responsibility for compliance assurance or resolution of any client issue if a test does not perform as expected — e.g. the trial deployment of a robo-advisor may be excluded from Anti Money Laundering/Know Your Client due diligence if the consumer opens an investment account with a sponsor bank, which takes on the corresponding regulatory obligations.

            3For example, reducing or waiving capital requirements where the Regulator deems appropriate.

          • 7.2

            FSRA may, at any time through the life-cycle of the FinTech Proposal, by notice in writing to the FinTech Participant, cancel or vary any condition or restriction imposed on the FinTech Participant or impose such further condition or restriction as it may think fit in accordance with sections 33, 35 and 36 of the FSMR.

        • 8. 8. Exiting The Reglab

          • 8.1

            At the end of the two-year validity period, the FSP for the RegLab will expire.

          • 8.2

            Unless an application to extend the two-year validity period is made at least three months before its expiry, or at such time as is otherwise agreed by the Regulator4, the FinTech Participant will have to exit the RegLab and choose to either:

            (a) migrate to the full authorisation and supervisory regime under the FSMR and deploy its FinTech solution on a broader scale; or
            (b) employ an exit strategy.

            4 Please refer to paragraphs 8.5–8.6 of this Guidance.

          • 8.3

            The exit strategy of a FinTech Participant may vary according to its commercial needs. For example, the FinTech Participant may choose to cease its business at the end of the validity period, or it may transfer its FinTech product and any clients to other authorised financial institutions.

          • 8.4

            The two-year validity period of the authorisation granted under the RegLab may only be extended in exceptional circumstances.

          • 8.5

            In applying for an extension of the validity period, the FinTech Participant shall provide the justifications for extension to the Regulator in such form and manner as FSRA may prescribe.

          • 8.6

            All applications for an extension of the validity period are to be determined at the Regulator's discretion on a case-by-case basis. The Regulator reserves the right to refuse an application for an extension of the validity period if it is of the view that it is desirable to do so in order to further one or more of its regulatory objectives.

          • Cancellation of the FSP

            • 8.7

              FSRA may cancel the FSP on the application of the FinTech Participant, in accordance with section 32 of the FSMR, or on the initiative of the Regulator, in accordance with section 33 of the FSMR, if it appears to the Regulator that:

              (a) the FinTech Participant is failing, or is likely to fail, to satisfy the Threshold Conditions made under section 7(2) of the FSMR and set out in paragraph 5.2(a) of this Guidance;
              (b) it is desirable to exercise this power to further one or more of the Regulator's objectives, including, for example, if:
              i. the FinTech Participant is failing, or is likely to fail, to satisfy the authorisation requirements set out in section 5.2(b)–(f) of this Guidance; or
              ii. the FinTech Participant is failing, or is likely to fail, to satisfy the limitations or conditions set out in section 7.1 of this Guidance; or
              (c) the FinTech Participant has committed a contravention of the FSMR or any Rules made under the FSMR.

      • FSRA Confidentiality Policy

        Click herehere to view PDF

      • Guidance & Policies Manual (GPM)

        Click herehere to view PDF

      • Guidance —Developing and using APIs in ADGM [14 October 2019]

        Click herehere to view PDF

      • Guidance – Regulation of Digital Securities Activities in ADGM [24 February 2020]

        Click here to view PDF.

      • Guidance – Regulation of Digital Securities Activities in ADGM [24 February 2020]

        • INTRODUCTION

          1) This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority ("FSRA"), the FSRA's Guidance & Policies Manual, its 'Guidance — Regulation of Initial Coin/Token Offerings (ICOs) and Crypto Assets under the FSMR' ("ICO Guidance"),1 its 'Guidance — Regulation of Crypto Asset Activities in ADGM' ("OCAB Guidance")2 and its 'Guidance — Regulatory Framework for Private Financing Platforms'.3
          2) This Guidance is applicable to entities considering the use of, or using, 'Digital Securities' within ADGM, including activities undertaken by Recognised Investment Exchanges (RIEs), Multilateral Trading Facilities (MTFs), Issuers, Reporting Entities, entities undertaking the Regulated Activity of Operating a Crypto Asset Business ('OCAB', and for the purposes of this Guidance each such licence holder being an 'OCAB Holder'), and entities Providing Custody or Operating a Private Financing Platform ('PFP'), amongst others. The Guidance clarifies the use of Digital Securities within ADGM for both primary market and secondary market contexts. Readers seeking clarity on the licensing requirements for OCAB activities should refer to the OCAB Guidance.
          3) For the purposes of this Guidance, 'Digital Securities' are defined are types of digital assets that possess the features and characteristics of a Security (as defined in Schedule 1 — Part 3 of Specified Investments of FSMR).4 Digital Securities also include 'tokenised' offerings of Securities.
          4) This Guidance is separated into distinct chapters and is not necessarily best read from front to back. This Guidance may be most useful to a reader who needs to understand a specific aspect of FSRA policy in relation to Digital Securities, and who may therefore wish to better understand FSRA's regulatory treatment in the context of the reader's individual circumstances. Examples of such specific aspects could include (but are not limited to):
          a) a potential Issuer seeking to make an Offer of Digital Securities into ADGM;
          b) Issuers/Reporting Entities seeking to have Digital Securities admitted to the Official List of Securities;
          c) a Crypto Asset Exchange wanting to become a Digital Securities trading venue, whether that be a RIE (refer to paragraphs 7074) or MTF (refer to paragraphs 6469);
          d) a 'conventional' RIE or MTF wanting to operate a Digital Securities trading venue (refer to paragraphs 4144 for RIEs and paragraphs 4548 for MTFs);
          e) an entity, including a Crypto Asset Custodian, seeking to provide Digital Settlement Facility services (refer to paragraphs 5560);
          f) a 'conventional' intermediary, such as a broker, custodian, advisor, fund manager or asset manager, seeking to provide its services in relation to Digital Securities (refer to paragraphs 9092); or
          g) an Operator of a PFP seeking to market Digital Securities on its electronic platform (refer to paragraphs 9598).
          5) Except as otherwise set out, when interpreting (and demonstrating compliance with) the Rules discussed in this Guidance, readers are to interpret the Rules referenced in this Guidance (for example, in relation to the MIR, MKT, COBS, GEN and AML Rulebooks) in the way those Rules are written. Where this Guidance cross refers to the OCAB Guidance, it is the FSRA'S general expectation that readers apply those relevant aspects of the OCAB Guidance in the context of Digital Securities, with such changes in terminology being read (and understood) as required.
          6) This Guidance is not an exhaustive source of the FSRA's policy on the exercise of its regulatory functions and powers. The FSRA is not bound by the requirements set out in this Guidance and may:
          a) impose additional requirements to address any specific risks posed by Digital Securities; and/or
          b) waive or modify any of the Rules relevant to Digital Securities, at its discretion, where appropriate.
          7) Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in FSMR and the FSRA Glossary Rulebook ("GLO").
          8) For more details on the process for:
          a) conducting Offers of Securities, in or from ADGM, please contact the FSRA at MIP@adgm.com;
          b) recognition as a RIE and/or Recognised Clearing House (RCH), authorisation as an MTF or authorisation as an entity Providing Custody for services as a Digital Settlement Facility5 ("DSF"), please contact the FSRA at MIP@adgm.com; or
          c) authorisation as an intermediary conducting other Digital Securities-based activities, please contact the FSRA at authorisation@adgm.com.

          1 http://adgm.complinet.com/en/display//node/19331

          2 http://adgm.complinet.com/en/display//node/19432

          3 http://adgm.complinet.com/en/display//node/19424

          4 Securities, as set out in Schedule 1 of FSMR, include the following,: Shares (paragraph 87); Instruments creating of acknowledging indebtedness (paragraph 88); Sukuk (paragraph 89); Government and public Financial Instruments (paragraph 90); Instruments giving entitlements to investments (paragraph 91); Certificates representing certain Financial Instruments (paragraph 92); and Units in a Collective Investment Fund (paragraph 93).

          5 This Guidance interchangeably uses terms relating to Providing Custody (and by extension providing DSF services) and DSF.

        • BACKGROUND

          9) In October 2017, the FSRA published its ICO Guidance, setting out its regulatory position in relation to ICOs, ICOs deemed to be Securities, and Crypto Assets generally. In June 2018, the FSRA formally implemented its Crypto Asset Regulatory Framework, which specifically included the Rules and requirements (including OCAB Guidance) applicable to OCAB Holders. The FSRA released its first update to the OCAB Guidance in May 2019.
          10) On the back of the publication of these regulatory frameworks/positions, the FSRA continues to see substantial interest across the digital assets space, including the related use of distributed ledger technology (DLT) platforms. This interest is spread across a wide spectrum of digital asset based financial services activities, including exchanges, custody, dealing, advising, fund management, payment and other-banking related services.
          11) Equally, in addition to there being interest across various digital asset-based financial services activities, there is also extensive interest spread across the various types of digital asset-related instruments (including Digital Securities, Crypto Assets, fiat tokens, Derivatives and Funds).
          12) This Guidance is intended to provide clarity to those seeking to undertake 'Digital Securities'-related financial services activities within ADGM, including Issuers wanting to make an Offer of Digital Securities and to assist OCAB Holders wanting to extend their digital assets/financial services activities beyond Accepted Crypto Assets. It is also intended to assist entities seeking to utilise new technologies (such as DLT) for the purposes of expanding their activities from the more 'conventional' Securities space into Digital Securities.
          13) In terms of Crypto Assets, the OCAB Regulatory Framework (including the OCAB Guidance) provides clarity in relation to what is needed to undertake Crypto Asset-based financial services activity within ADGM. For readers interested in the OCAB Regulatory Framework, the FSRA suggests you read the OCAB Guidance in the first instance.
          14) The diagram and table on the following pages set out the FSRA's regulatory approach in relation to the different types of digital asset activities within ADGM.



          Category of Digital Assets / Instruments Regulatory Approach
          "Digital Securities"

          (e.g., digital/virtual tokens that have the features and characteristics of a Security under the FSMR (such as Shares, Debentures and Units in a Collective Investment Fund)).
          Deemed to be Securities pursuant to Paragraph 58(2)(b) of FSMR.

          All financial services activities in relation to Digital Securities, such as operating primary / secondary markets, dealing / trading / managing investments in or advising on Digital Securities, are subject to the relevant regulatory requirements under the FSMR.

          Market intermediaries and market operators dealing or managing investments in Digital Securities need to be licenced / approved by FSRA as FSP holders (including as MTFs or Custodians), Recognised Investment Exchanges, or Recognised Clearing Houses, as applicable.
          "Crypto Assets"

          (e.g., non-fiat virtual currencies, crypto 'exchange tokens').
          Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

          Pursuant to the OCAB Framework, however, market intermediaries (e.g., broker dealers, custodians, asset managers) dealing in or managing Crypto Assets, and Crypto Asset Exchanges, need to be licenced / approved by FSRA as OCAB Holders. Only activities in Accepted Crypto Assets will be permitted.

          Capital formation activities are not provided for under the OCAB Framework, and such activities are not envisaged under the Market Rules (MKT).
          Derivatives and Collective Investment Funds of Crypto Assets, Digital Securities and Utility Tokens. Regulated as Specified Investments under the FSMR.

          Market intermediaries and market operators dealing in such Derivatives and Collective Investment Funds will need to be licenced / approved by FSRA as FSP holders, Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
          "Utility Tokens"

          (e.g., tokens which can be redeemed for access to a specific product or service, typically provided using a DLT platform, do not exhibit the features and characteristics of a regulated investment / instrument under the FSMR).
          Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

          Unless such Utility Tokens are caught as Accepted Crypto Assets, spot trading and transactions in Utility Tokens do not constitute Regulated Activities, activities envisaged under a Recognition Order (e.g., those of a Recognised Investment Exchange or Recognised Clearing House), or activities envisaged under MKT.

          'Utility Tokens' are not considered appropriate for use in capital formation activities, and are therefore not envisaged for use under the Market Rules (MKT).
          "Fiat Tokens"

          (e.g., stablecoins whose value are fully backed by underlying fiat currencies).
          Treated as a form of digital representation of Fiat Currency.

          Where used as a payment instrument for the purposes of Money Transmission as defined under the FSMR, the activity will be licenced and regulated as Providing Money Services.

        • Regulatory Treatment Of Digital Securities

          15) As set out in the ICO Guidance, the FSRA's assessment of whether an offering of a digital/virtual token is regulated under FSMR is conducted on a case-by-case basis (in keeping with FSRA's treatment of 'conventional' Securities). If a digital/virtual token being offered is assessed to exhibit the (economic and legal) features and characteristics of a Security, the FSRA will deem the digital/virtual token (being a "Digital Security") as a Security pursuant to Section 58(2)(b)6 of FSMR. This approach has been taken by the FSRA to ensure the protection of investors, noting that while a Digital Security may have the characteristics of a Security, this position is not always clear and accordingly requires review by the FSRA.
          16) To use its powers under Section 58(2)(b), the FSRA expects that an Issuer will provide to it such information as is required to demonstrate that the proposed Digital Security meets the requirements of a "Security" (as defined in FSMR). In circumstances:
          a) requiring the submission of an Approved Prospectus to the FSRA, the FSRA will use the documentation submitted as part of this approval process to determine whether it will deem a Digital Security a Security under Section 58(2)(b) of FSMR; or
          b) relating to an Exempt Offer, the FSRA will review the Exempt Offer documentation for the purposes of being able to make a determination under Section 58(2)(b). The FSRA's review will not be for the purposes of approving the Exempt Offer itself.
          17) In either scenario, the FSRA may also request further supporting documents from an Issuer (e.g., constitutional documents, relevant legal opinions).
          18) For regulatory purposes, Offers of Securities (as defined in Section 258 of FSMR), whether through a DLT platform, digital platform or other means, will be subject to consistent regulatory treatment by the FSRA. As such, similar to the treatment of a conventional Issuer of Securities, Issuers / market participants who seek to raise funds in a regulated, robust and transparent manner using new business models or technologies (such as DLT), are encouraged to engage with the FSRA regarding the proposed Offer as early as possible in the fund-raising process.
          19) Where appropriate, Issuers should consider the appointment of (legal) advisers to assist with the preparation and submission to the FSRA of its relevant diligence materials (as part of any submission to the FSRA pursuant to Section 58(2)(b) of FSMR).
          20) To ensure appropriate safeguards are in place to protect both investors and market integrity, an offer of a 'Utility Token' falls outside the FSRA's regulatory remit and is not permitted under the Markets Rules (MKT).

          6 Section 58(2) of FSMR sets out that the FSRA may, by written notice 'deem any investment which is not a Security to be a Security for the purposes of these Regulations and the Rules made under these Regulations.'

        • MARKETS RULES — Offers Of Securities To The Public

          • Offers of Securities

            21) The requirements for Offers of Securities to the Public are set out in Sections 58 to 71 of FSMR, and Chapter 4 of MKT. These requirements apply to Offers of all types of Securities, including Digital Securities.
            22) Section 58(1) of FSMR prohibits Issuers from making an Offer of Securities to the Public in or from ADGM (or to have Securities admitted to trading on a RIE) from doing so other than in accordance with FSMR, and MKT.
            23) As set out in section 59 of FSMR, an Offer of Securities to the Public is "a communication to any person in any form or by any means presenting information on the Offer and the Securities offered so as to enable an investor to decide to buy or subscribe to those Securities".7
            24) Issuers wishing to make an Offer of Securities to the Public in, or from, ADGM must comply with all applicable requirements, including (unless it is an Exempt Offer) the obligation to publish an Approved Prospectus under Section 61 of FSMR (a "Prospectus Offer"). The requirements for the structure and content of an Approved Prospectus are detailed in MKT Rule 4.5 and described in more detail in paragraphs 28–30 below.
            25) In accordance with MKT Rule 4.6.1, a person intending to make a Prospectus Offer must make an application for approval of a prospectus to the FSRA at least 20 days prior to the intended date of an Offer commencing. The FSRA expects to have discussed an application with the Issuer well in advance of this, including having reviewed draft Prospectus Offer documents, as applicable.
            26) Due to the complexities associated with Offers of Digital Securities (from a technology perspective, and to take into account the relative infancy and resultant risks of the Digital Securities industry itself), the FSRA generally expects that an Issuer intending to make an Offer of Digital Securities is to be incorporated within the ADGM.
            27) An Offer of Securities to the Public (made by way of an Approved Prospectus) can be used for the purposes of having such Securities admitted to trading on a RIE (see paragraph 42). Where such Securities have already been admitted to trading on a RIE, they may also be admitted to trading (on the basis of admission to the first RIE) on a further RIE or MTF.

            7 section 59 of FSMR excludes from an Offer of Securities any:

            (a) communication in connection with the trading of Securities admitted to trading on a RIE;
            (b) communication made for the purposes of complying with the on-going reporting requirements of the FSRA or a RIE; or
            (c) other communication prescribed in Rules as an exempt communication.

          • Prospectus content for an Offer of Digital Securities

            28) The required disclosures to be included in an Approved Prospectus are set out in Appendix 1 of MKT. A Prospectus related to the Offering of Digital Securities is to include all required disclosures set out within MKT Appendix 1, as applicable.
            29) Where an Issuer considers that a specific disclosure requirement is not applicable/not relevant to their intended Offering, the Issuer is required to request from the FSRA a modification/waiver at the time of submission of the (Draft) Approved Prospectus for FSRA approval. Such request should be submitted in full detail to the FSRA.
            30) In the particular context of Digital Securities, further guidance is set out below in relation to several key disclosure requirements for an Approved Prospectus:
            a) Prospectus language: Issuers should ensure that when preparing a Prospectus, it is 'easily analysable and comprehensible' to retail investors. This means that the Prospectus should be written in a style that is appropriate for retail investors, and that the use of defined terms, technical language and market terminology should be restricted to circumstances where their use aids the comprehension of a retail investor, or where their use is necessary to ensure the Prospectus is true, accurate and not misleading.
            b) Risk Factors: Pursuant to MKT Appendix 1.1.1–2.3, proper consideration is to be given to the real risks that face an Issuer, and generic or boilerplate disclosures are to be avoided. If a risk is not relevant to a particular Issuer, or its Digital Securities, then it is expected that no disclosure of that risk be included in the Issuer's Prospectus. Risk factors should be grouped together in a coherent manner and risk factors considered to be of the greatest or most-immediate significance should be disclosed prominently at the beginning of the risk factors section.
            c) Responsibility: As per MKT Rule 4.10, an Issuer or the Person making a Prospectus Offer remains responsible for all disclosures within a Prospectus and ensuring that the disclosures within a Prospectus are clear and not misleading.
            d) General Information: As set out in MKT Appendix 1.1.11.1, the country of incorporation of the Issuer and its incorporation number should be clearly disclosed within the Prospectus. A statement should be included on whether the Issuer has been established as a special purpose vehicle or entity for the purpose of issuing asset backed Securities. In the context of Digital Securities, the FSRA would generally view digital representations (such as tokens) of Debentures or notes backed by financial assets to be considered asset backed for the purpose of this disclosure requirement. Please note that the disclosure requirement in Securities Note — 7.1 also applies.
            e) Actual and proposed business activities: As set out in MKT Appendix 1.1.12.1, a description of the history of the Issuer is to be included, and where an Issuer is newly incorporated, information should be disclosed regarding any preceding entity which conducted similar operations or was controlled by the same parties.
            f) Historical financial information: As set out in MKT Appendix 1.1.1–7.1, where an Issuer has begun operations, its relevant financial information is to be included in the Prospectus, and be appropriately audited. An Issuer's financial statements are to be prepared in compliance with IFRS. As set out in MKT Appendix 1.1.1–9.4, please also note that the requirement for an expert report applies to special categories of Companies.
            g) Securities Note: For the purposes of MKT Appendix 1.2.1 — Section 2 (General information relating to the Securities (b)&(d)), in the case of Digital Securities, the FSRA would normally expect this disclosure requirement to be deemed N/A for the former, and subject to ADGM legislation for the latter.
            h) Securities Note — Other rights: Pursuant to MKT Appendix 1.2.1–2.4, the disclosure of other rights (such as the existence of voting rights) associated with a Digital Security is an important disclosure to allow an investor to make a fully informed investment decision. As such, disclosures of this nature would need to be given due prominence within an Approved Prospectus, and effort needs to be made throughout the document to draw a reader's attention to such disclosures. This may involve cross-referencing or other appropriate signposting.
            31) Please note that the information required to be submitted as part of a Securities Note will be key information reviewed by the FSRA when considering the use of its power to deem a Security (as referred to in paragraph 16). If this information is not available, or has not been completed appropriately, it is most likely that the FSRA will not be in a position to utilise its deeming power (under section 58(2)(b) of FSMR).

          • Exempt Offers

            32) The obligation to issue a Prospectus under Section 61(3) of FSMR does not apply to an Offer of Securities to the Public that constitutes an Exempt Offer. Pursuant to MKT Rule 4.3, the FSRA has defined the types of Offers that constitute an Exempt Offer, including where:
            a) an Offer is directed at Professional Clients other than natural Persons;
            b) an Offer is directed at fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural Persons; or
            c) the total consideration to be paid by a Person to acquire Securities is at least USD 100,000, or an equivalent amount in another currency.
            33) As set out earlier in paragraph 16, an Issuer making an Exempt Offer of a Digital Security is still required to have the Digital Security deemed a Security under Section 58(2)(b) of FSMR. To clarify, the Issuer of the Exempt Offer document is not required to obtain FSRA approval for the Exempt Offer document itself.
            34) An Offer of Securities to the Public (made by way of an Exempt Offer document) can be used for the purposes of having such Securities admitted to trading on an MTF (see paragraph 46).

          • Appointment of Legal Advisers

            35) Issuers seeking to make an Offer of Digital Securities should consider the appointment of suitable legal advisers, with the appropriate skills, knowledge and experience to provide the requisite assistance to the Issuer throughout the Offer process. The FSRA expects that such legal advisers would assist in ensuring an Issuer's compliance with the applicable provisions of FSMR (including having the FSRA deem a Digital Security a Security under FSMR Section 58(2)(b)), and MKT (including in relation to the Listing Rules within MKT). The FSRA would generally expect to have direct engagement with an Issuer's legal advisers throughout this process, particularly in relation to the drafting, and FSRA review, of Offer documentation.

        • MARKETS RULES — Listing Rules

          36) Pursuant to section 50 of FSMR,8 the FSRA is required to maintain the Official List of Securities, and may admit to the Official List such Securities as it considers appropriate. For this purpose, Chapter 2 of MKT sets out the Listing Rules applicable to Listed Entities and to each Issuer seeking admission of its Securities to the Official List of Securities. It is important to note that pursuant to section 50 of FSMR, only the FSRA can maintain an Official List of Securities, and neither RIEs nor any other entity within ADGM are able to maintain their own 'Official List of Securities'.
          37) Due to the infancy of Digital Securities markets globally, and the generally incomplete integration of Digital Securities primary and secondary markets, the FSRA expects that Offers of Digital Securities being made in or from ADGM should also be linked to having such Issuers seek admission of their Securities to trading on a RIE or MTF operating within ADGM as well (see paragraphs 42 and 46–47 relating to admission to trading on RIEs and MTFs respectively). As set out initially in paragraph 2 of this Guidance, the considerations of both a primary market and secondary market context are expected to be fully considered by an Issuer. This should include considerations of where an Issuer should make an Offer (and what type of Offer), as well as which markets within ADGM would adequately meet its particular secondary market requirements (size, investor type, transparency, depth and liquidity).
          38) In relation to 'Primary Listings', due to concerns around different regulatory frameworks, regulatory appetite, and consistency of regulatory oversight/supervision globally, the FSRA does not, at this point in time, envisage allowing listings of Digital Securities within ADGM (on a secondary listing basis) where the primary listing remains outside of the ADGM, and in a jurisdiction that is not yet appropriately understood or deemed suitable by FSRA. Following the publication of this Guidance, the FSRA will continue to engage with its regulatory peers as needed, such that it can work towards identification of potential suitable jurisdictions for the purposes of both cross-border Offers and listings. Issuers intending to make cross-border Offers and listings (within or from ADGM markets) are therefore expected to engage with the FSRA at a very early stage when considering doing so.
          39) As set out earlier in paragraph 5, it is the FSRA's general expectation that its Regulations (FSMR) and Rules be read as written, including in relation to the Listing Rules (Chapter 2 of MKT). In relation to specific Listing Rules:
          a) an Issuer seeking to issue Digital Securities should note that the listing principles set out in MKT Rule 2.2 apply in full;
          b) for the avoidance of doubt, the requirement for a working capital statement per MKT Rule 2.3.3 applies, along with the other general eligibility requirements of MKT Rule 2.3;
          c) pursuant to Chapter 5 of MKT, the FSRA has discretion to require the appointment by an Issuer of a Sponsor, compliance adviser or other expert adviser. Due to the complexities involved and the relative infancy of Digital Securities, the FSRA will generally expect an Issuer of Digital Securities to appoint a Sponsor as required by MKT Rule 5.1.2; and
          d) for Digital Securities in the form of Units of a Fund, Chapter 3 (instead of Chapter 2) of MKT contains the relevant Listing Rules.

          8 Included within Part 6 of FSMR (Official Listing and Offers).

        • Digital Securities & Trading Venues

          40) As set out in this Guidance so far, the FSRA's regulatory framework allows for Digital Securities to be offered, admitted to the Official List (maintained by FSRA) and traded on secondary markets within ADGM. This section of the Guidance will now set out the FSRA's expectations in relation to how ADGM trading venues (RIEs, MTFs and Organised Trading Facilities ("OTFs")) interact with Digital Securities. The FSRA's policy position and expectations in relation to the operation of these different market infrastructures is set out below.

          • Recognised Investment Exchanges (RIEs)

            41) RIEs may operate both primary and secondary markets in Financial Instruments (including Digital Securities). A RIE must demonstrate to the FSRA that it is able to meet the Recognition Requirements as set out in Market Infrastructure Rules (MIR) Chapter 2 (Rules Applicable to All Recognised Bodies) and Chapter 3 (Rules Applicable to RIEs) before a Recognition Order can be granted by the FSRA. Once it has been granted a Recognition Order, a RIE must continue to comply with all Recognition Requirements (contained with MIR Chapters 2 and 3) on an ongoing basis.
            42) Pursuant to section 50(3) of FSMR, a RIE shall not permit trading of Securities on its facilities unless those Securities are admitted to, and not suspended from, the Official List. Section 61(1) of FSMR is linked to section 50(3), such that an Issuer cannot 'have Securities admitted to trading on a RIE, unless there is an Approved Prospectus in relation to the relevant Securities'. An Issuer therefore wanting to have its Securities traded on a RIE needs to have such Securities:9
            a) admitted to the Official List of Securities (maintained by FSRA); and
            b) offered by way of an Approved Prospectus.
            43) Application of MIR Chapter 2: As noted in paragraph 41 above, where an Applicant applies to become a RIE, the entirety of MIR Chapter 2 (Rules Applicable to All Recognised Bodies) will apply. Applicants should also, however, take note of the following:
            a) MIR Rule 2.8 (Membership criteria and access): MIR Rule 2.8.1 requires that a RIE 'must ensure that access to its facilities is subject to criteria designed to protect the orderly functioning of the market and the interests of investors'. Applicants should take into account, where relevant, the guidance provided by FSRA in relation to MIR Rule 2.8 in paragraph 127 of the OCAB Guidance (relating to 'direct client' vs 'membership' models) which should be read in the context of a RIE operating a Digital Securities market;
            b) MIR Rule 2.10 — Custody:10 Considering that the safeguarding and administration of Securities is a key requirement for a RIE, and that Digital Securities custody arrangements and technologies are still being developed globally, the custody of Digital Securities may possess higher inherent risks in comparison to traditional securities custody. The FSRA is therefore of the view that where an Applicant seeks to provide custody services within its Group, this can only occur via a separate legal entity appropriately licenced for such activities (see paragraphs 53 and 59 on RCHs and DSFs respectively);11 and
            c) MIR Rule 3.2.1 — Capital Requirements: Pursuant to this Rule, RIEs operating a market in Digital Securities will generally be required to hold 12 months operating expenses as regulatory capital.12
            44) Application of MIR Chapter 3: As noted in paragraph 41 above, where an Applicant applies to become a RIE, the entirety of MIR Chapter 3 (Rules Applicable to RIEs) will apply. Applicants, however, should also take note of the following:
            a) MIR Rule 3.8 (Settlement and Clearing Services): MIR Rule 3.8 requires a RIE to ensure that "satisfactory arrangements are made for securing the timely discharge (whether by performance, compromise or otherwise), Clearing and settlement of the rights and liabilities of the parties..." The FSRA's policy position in this regard is that clearing and settlement of Digital Securities can be undertaken by either a RCH or a DSF (see paragraphs 55–61). Further guidance on the clearing and settlement obligations of a RCH is set out at paragraph 52 and further guidance in relation to a DSF is outlined at paragraph 56. The FSRA has not yet formed a view as to whether Remote Clearing Houses would be suitable for this purpose. Until such time that the FSRA forms such a view, it will be the general FSRA position that a RIE/MTF seeking to meet MIR Rule 3.8 will only be able to do so by engaging an FSRA-regulated RCH or DSF.
            b) MIR Rules 3.5, 3.6 and 2.5 (normal trading hours): While a RIE's technology may facilitate its market operating for 24 hours, 7 days a week, RIEs (including those operating Digital Securities markets) will be expected to operate on the same basis/market timings as how Securities markets are conducted globally. This is to ensure, amongst other things, that the RIE's continuous disclosure obligations/market requirements /supervisory requirements can be suitably met (by the RIE itself, as well as for the FSRA, relevant Issuers, Reporting Entities and investors).

            9 That cannot rely an exemption provided for under FSMR or MKT.

            10 MIR Rule 2.10 requires that for a Recognised Body 'where its facilities include making provision for the safeguarding and administration of assets belonging to users of those facilities, satisfactory arrangements are made for that purpose with an appropriate custodian or settlement facility'.

            11 This is distinctly different to the view currently taken by FSRA in relation to Crypto Asset Exchanges which are also permitted to operate, subject to suitable internal segregation, as Crypto Asset Custodians.

            12 For further insight on issues relating to FSRA treatment of MIR Rule 3.2.1, please refer to paragraphs 31–36 of the OCAB Guidance.

          • Multilateral Trading Facilities (MTFs)

            45) Applicants wishing to operate as an MTF within ADGM may apply for a Financial Services Permission (FSP) to do so. Where an Applicant seeks to be licenced as an MTF, COBS Chapter 8 and the MIR Rules set out in COBS Rule 8.2 shall apply (being MIR Rules 2.6, 2.7, 2.8, 2.9, 2.11, 3.3, 3.7, 3.8 and 3.10). As an Authorised Person, an MTF also needs to comply with the wider Rulebooks relevant to all Authorised Persons, including COBS, GEN and AML.
            46) MTFs may operate as a primary trading venue for Digital Securities offered and issued by way of an Exempt Offer, provided that membership and trading is limited to non-retail clients only. As set out in paragraphs 16 and 31 of this Guidance, an Issuer wishing to make an Exempt Offer in order to have its Digital Securities admitted to trading on an MTF will need to ensure that it includes all required information in its Exempt Offer document in order to allow FSRA to deem the Digital Securities as Securities pursuant to section 58(2)(b) of FSMR.
            47) In addition, Offers of Securities that have been admitted to the Official List for the purposes of trading on a RIE (as noted in paragraph 42 above) may also be available for trading on the secondary market of an MTF, for both retail clients and professional clients. Retail participation will only be permitted on an MTF where an Approved Prospectus has been registered for the purposes of admission to trading by the RIE (as the primary trading venue). For both professional and retail clients, trading is limited to trading within the market of that MTF. It is important to note therefore that, with the exception of only Exempt Offers being made pursuant to admission to trading on an MTF, MTFs should generally be considered as (secondary market) trading venues rather than (primary market) offering venues.
            48) In the context of MIR Rule 3.8 (Settlement), MTFs have the same obligations as RIEs (see paragraph 44(a)), and specific guidance on the application of MIR Rule 3.8 (Settlement and Clearing Services) in the context of Digital Securities being trading on an MTF is set out in paragraphs 53–57 below. MTFs, however, looking to provide settlement services for Digital Securities directly will not be able to do so.

          • Organised Trading Facilities (OTFs)

            49) The regulatory framework for OTFs is similar to that of MTFs, but with certain differences (as set out in COBS Chapter 8). While OTFs can operate markets for some Securities (primarily Debentures), it is FSRA policy that markets for the trading of Digital Securities should be operated on a non-discretionary basis (RIEs and MTFs) instead of a discretionary basis (OTFs). As a result, the FSRA will not likely allow Digital Securities to be traded on an OTF, and will continue to monitor regulatory developments within this space.

        • Digital Securities Settlement

          50) This section of the Guidance sets out the two broad types of entities that are able to provide Digital Securities settlement facilities to RIEs and MTFs, as allowed for by MIR Rules 3.8 and 4.3. In choosing a RCH or DSF to utilise for custody operations (MIR Rule 2.10) or settlement (MIR Rule 3.3), a RIE or MTF can only use a RCH or DSF when the FSRA has been able to determine that the relevant settlement facility allows the RIE or MTF to meet its MIR obligations. Further discussion regarding the FSRA's policy position and expectations in relation to these entities is set out below.

          • Recognised Clearing Houses (RCHs)

            51) Subject to being granted a Recognition Order, RCHs operating within ADGM are permitted to settle different types of Financial Instruments, including Digital Securities. A RCH must demonstrate to the FSRA that it is able to meet the Recognition Requirements as set out in Market Infrastructure Rules (MIR) Chapter 2 (Rules Applicable to All Recognised Bodies) and Chapter 4 (Rules Applicable to RCHs) before a Recognition Order can be granted by the FSRA. Once it has been granted a Recognition Order, a RCH must continue to comply with the Recognition Requirements (contained within MIR Chapters 2 and 4) on an ongoing basis.
            52) Platforms allowing the trading of Digital Securities (RIEs and MTFs) may engage the services of a RCH operating in the ADGM. Subject to meeting the Recognition Requirements set out in MIR Chapters 2 and 4, the FSRA may allow RCHs to use DLT platforms, or conventional clearing/settlement technologies. The FSRA remains technology agnostic in its approach to the technology used by RCHs.
            53) Within ADGM, RCHs are to be operated independently from a RIE/MTF, requiring a RCH to be incorporated as a stand-alone, independent legal entity for the purposes of providing settlement services.
            54) While acceptable for use for the purposes of MIR Rules 2.10 and 3.8, the FSRA does not anticipate that RCHs will be the prevalent type of entity used for facilitating custody and settlement functions in relation to Digital Securities, given the costs related to establishing/capitalising a RCH and that mechanisms for close to real-time settlement may potentially remove the need for considerable parts of RCH functionality.

          • Digital Settlement Facilities (DSFs)

            55) For the purposes of this Guidance and distinct from RCHs, the FSRA will consider DSFs suitable for the purposes of settlement (MIR Rule 3.8) and custody (MIR Rule 2.10) of Digital Securities. A DSF, holding an FSP for Providing Custody, may provide custody and settlement services in Digital Securities for RIEs and MTFs (as applicable). Therefore, for the purposes of custody and settlement of Digital Securities, the arrangements that a RIE or MTF would normally have in place with a RCH can be replaced with arrangements provided by a DSF, provided that certain requirements, as described in this section, are met.
            56) Pursuant to MIR Rule 3.8.1, RIEs or MTFs are required to have satisfactory arrangements for securing the timely discharge of the rights and liabilities of the parties to transactions taking place on its platform. MIR Rule 3.8.2 normally allows for a RCH or Remote Clearing House (noting the FSRA's position that it will not permit Remote Clearing Houses for this purpose in the context of Digital Securities) to be deemed as sufficient for the purposes of satisfying MIR Rule 3.8.1.
            57) Pursuant to MIR Rule 3.8.3, however, and in the context of Digital Securities, a RIE or MTF must provide the FSRA, in writing, the satisfactory arrangements made when such RIE or MTF does not engage a RCH (for example, to use in this context, a DSF). To clarify, the FSRA will require that arrangements to use a DSF for settlement purposes will require the DSF to comply with the requirements of MIR Rule 4.3.3 (with the references to a RCH being read as references to a DSF).
            58) Pursuant to MIR Rule 4.3.3, in determining whether there are satisfactory arrangements for securing the timely discharge of the rights and liabilities of the parties to transactions, the FSRA may have regard to the DSF's:
            a) rules and practices relating to clearing and settlement, including its arrangements with another Person for the provision of clearing and settlement services;
            b) arrangements for matching trades and ensuring that the parties are in agreement about trade details;
            c) where relevant, arrangements for making deliveries and payments, in all relevant jurisdictions;
            d) procedures to detect and deal with the failure of a Member (or participants) to settle in accordance with its rules;
            e) arrangements for taking action to settle a trade if a Member (or participant) does not settle in accordance with its rules;
            f) arrangements for monitoring its Members' settlement performance; and
            g) where appropriate, Default Rules and default procedures.
            59) As set out earlier in paragraph 43(b), pursuant to MIR Rule 2.10, a RIE (but not an MTF) may be required to engage a custodian/settlement facility for the purposes of having satisfactory custody arrangements in place.13 A DSF, where engaged by a RIE for this purpose, will be required to have satisfactory arrangements in place in order to meet the full set of requirements set out in MIR Rule 2.10. As part of these services, DSFs may also record changes of ownership, maintain an Issuer's security holder records, cancel and issue Digital Security certificates, and distribute dividends. It is important that DSFs maintain an open channel of communication with Issuers to determine whether Digital Securities need to be issued or redeemed.
            60) In addition, the FSRA reserves the right at any point in time, either during the Authorisation14 process or as part of its supervisory oversight of a DSF, to consider the applicability of other Rules within MIR Chapter 4 (Rules Applicable to RCHs), dependent on the relevance of those Rules to the business model/operations of the DSF.
            61) Entities seeking to operate as DSFs should take note of the following:
            a) Entities providing custody of Digital Securities within ADGM, including DSFs, may also wish, or be required, to operate a CSD. COBS Chapter 10 sets out the requirements relevant to the operation of a CSD, including that as set out in COBS Rule 10.1.3, only an Authorised Person licenced for Providing Custody is permitted to act as a CSD.
            b) For transactions where delayed settlement occurs (e.g., on an end of day or t+n basis), the FSRA may likely require the DSF to integrate specific risk management functions within its operations, as per the requirements of MIR Chapter 4, including in relation to (but not limited to) the scenarios identified in paragraph (c) below.
            c) For transactions with instantaneous delivery versus payment (DvP),15 the FSRA may deem certain aspects relating to default management to not apply. For transactions where end of day, or t+n DvP occurs, there may be scope for the DSF to implement default management provisions commensurate to the settlement time horizon.
            d) In the case of a DSF performing DvP on a delayed basis, the FSRA may impose certain further obligations on the DSF (as set out within Chapter 4 of MIR) including in relation to the following:
            •   MIR Rule 4.2 (e.g., capital requirements — in relation to credit, counterparty, and market risks);
            •   MIR Rule 4.5 (e.g., default management);
            •   MIR Rule 4.6 (e.g., stress testing);
            •   MIR Rule 4.7 (risk management);
            •   MIR Rule 4.10 (collateral management and margin); and
            •   MIR Rule 4.12 (segregation and portability of Client Assets).

            13 As set out in other parts of this Guidance, such custodian/settlement facility will need to be operated and established as a standalone legal entity.

            14 Whether at the point of In-Principle Approval or at the time of Final Approval.

            15 DvP is considered to be the irrevocable and unconditional transfer of an asset or Financial Instrument, or the discharge of obligations arising under the underlying contract by the parties to the contract (as per the definition contained in MIR Rule 4.11.3).

        • OCAB HOLDERS — MIGRATION TO DIGITAL SECURITIES ACTIVITIES

          62) This section of the Guidance sets out the FSRA's views as to how entities undertaking the Regulated Activity of Operating a Crypto Asset Business (OCAB) can migrate from (or add to) their Regulated Activities by undertaking Digital Securities-related Regulated Activities as well (across RIEs, MTFs, and DSFs). OCAB Holders (whether Crypto Asset Exchanges, Crypto Asset Custodians or other intermediaries) wishing to expand into Digital Securities markets will need to apply to the FSRA for the relevant additional regulatory approvals to do so.
          63) Please note that OCAB Holders are not able to conduct financial services related to Digital Securities, as they are only licenced to operate within Accepted Crypto Asset markets. As such, OCAB Holders wanting to conduct Digital Securities-related financial services within ADGM markets will need to obtain additional regulatory approvals from the FSRA.

          • Crypto Asset Exchange — Becoming a Digital Securities MTF

            64) Due to their having to satisfy the MTF Rules set out in COBS Chapter 8, Crypto Asset Exchanges are treated by the FSRA (as a market infrastructure) similar to an MTF. As noted in paragraph 45 above, the applicable MTF Rules in COBS 8 incorporate and apply certain Rules from MIR.
            65) OCAB Holders operating a Crypto Asset Exchange can apply to the FSRA for an additional permission to be added to its FSP, in order for it to be permitted to operate an MTF. This MTF can have Digital Securities admitted to trading, where such Digital Securities were directly offered/issued based on an Exempt Offer, or have already been admitted to a RIE (as the primary venue for trading — refer to paragraph 42).
            66) OCAB Holders operating a Crypto Asset Exchange and seeking to extend their operations to include Digital Securities will be required to demonstrate that they can comply with those requirements applicable to operating a MTF (e.g., COBS, MIR, GEN, AML) in the context of undertaking new Digital Securities-related financial services. While the FSRA anticipates that the technology utilised by a Crypto Asset Exchange may be the same, or substantially similar, as that required to operate a Digital Securities MTF, the MTF Applicant will still be required to demonstrate to the FSRA how each of the applicable Authorised Person/MTF requirements have been met now taking into account Digital Securities requirements.
            67) For the purposes of MIR Rule 3.8 (settlement), OCAB Holders operating a Crypto Asset Exchange and seeking to extend their operations to include Digital Securities will not be permitted to clear and settle transactions within the same legal entity that is conducting trading activities as an MTF. In such circumstances, the OCAB Holder will be required to separately establish, or make arrangements to use, a separate clearing and settlement entity (refer to the sections above in relation to RCHs or DSFs, in paragraphs 53 or 59 respectively).16
            68) Taking into account the similarities between the applicable Rules (primarily those set out in COBS Chapter 8) and the operation (particularly from a technology perspective) of a Crypto Asset Exchange and a Digital Security MTF, from an operational point of view, for example, the migration/expansion from the former to the latter may not raise significant technical issues. However, the update/integration of a Crypto Asset Exchange's technology in order to introduce new primary market and secondary market functionalities (offers, issuance and (Member) trading of Digital Securities) may likely impose new regulatory and technical burdens on migrating entities.
            69) Please note that the relief provided by FSRA in May 2019 (to allow Crypto Asset Exchanges) to operate a direct client access market has not been extended to allow MTFs to operate on a similar basis. As such, due to the policy/operational requirements at play, the FSRA suggests that entities wanting to operate a RIE on a 'direct client' basis engage with the FSRA as early as possible.

            16 The requirement to use a separate entity for the (clearing and/or) settlement of Digital Securities differs from the FSRA's current position relating to settlement of Crypto Asset transactions, where an OCAB Holder can operate as both a Crypto Asset Exchange and a Crypto Asset Custodian without legal entity (and operational) segregation.

          • Crypto Asset Exchange — Becoming a Digital Securities RIE

            70) OCAB Holders operating a Crypto Asset Exchange wishing to also operate a RIE will be required to relinquish their FSP (in relation to their operation of a Crypto Asset Exchange) upon obtaining a Recognition Order to operate a RIE. Pursuant to MIR Rule 3.4.1A, if licenced by the FSRA to carry out the activities of both a RIE and Crypto Asset Exchange, the Recognition Order granted for the RIE will include a stipulation, including the Crypto Asset Exchange, to that effect.
            71) RIEs can admit to trading Digital Securities that have been admitted to the Official List of Securities (maintained by FSRA) and offered by way of an Approved Prospectus. As set out earlier in paragraph 36, the FSRA is ADGM's Listing Authority, and as such the Issuer/Reporting Entity of the Digital Securities must meet all requirements of the Listing Rules, as outlined in Chapter 2 of the Market Rules (MKT) before an admission to listing and admission to trading on a RIE may occur.
            72) The FSRA is of the view that the migration of a Crypto Asset Exchange to a RIE is more complex than the migration of a Crypto Asset Exchange to an MTF (as dealt with in paragraphs 64–69 above). This is due to a number of factors, including that a RIE is required to meet the full suite of requirements in Chapters 2 and 3 of MIR, and the primary market considerations associated with operating a RIE (e.g., requirement for Approved Prospectuses, admission to the Official List of Securities, and the ongoing technical/operational and regulatory requirements related to Digital Securities being admitted to trading and admitted to the Official List).
            73) For the purposes of MIR Rule 3.8 (settlement), OCAB Holders operating a Crypto Asset Exchange and seeking to extend their operations to include Digital Securities will not be permitted to clear and settle transactions within the same legal entity that is conducting trading activities as a RIE. In such circumstances (and in keeping with the treatment of Digital Securities MTFs (see paragraph 67) the OCAB Holder will be required to separately establish, or make arrangements to use, a separate clearing and settlement entity17 (refer to the sections above in relation to RCHs or DSFs, in paragraphs 53 and 59 respectively).
            74) Please note that the relief provided by FSRA in May 2019 (to allow Crypto Asset Exchanges) to operate a direct client access market has not been extended to allow RIEs to operate on a similar basis. As such, due to the policy/operational requirements at play, the FSRA suggests that entities wanting to operate a RIE on a 'direct client' basis engage with the FSRA as early as possible.

            17 The requirement to use a separate entity for the (clearing and/or) settlement of Digital Securities differs from the FSRA's current position relating to settlement of Crypto Asset transactions, where an OCAB Holder can operate as both a Crypto Asset Exchange and a Crypto Asset Custodian without legal entity segregation.

          • Crypto Asset Custodian — Becoming a DSF

            75) As Providing Custody of Digital Securities is a separate regulated activity from providing custody of Crypto Assets, a Crypto Asset Custodian seeking to operate as a DSF may apply to the FSRA to vary its FSP to add the Regulated Activity of Providing Custody. Further guidance on the considerations applicable to entities wishing to operate as a DSF are set out in paragraphs 55–61 above. Note, however, that with respect to entities currently operating as Crypto Asset Exchanges, the FSRA will require the DSF to be a separate legal/operating entity from those entities it is providing settlement services for (MIR Rule 3.8) and/or custody services (MIR Rule 2.10). Migration of an independent Crypto Asset Custodian to being a DSF will therefore likely pose less operational/regulatory issues than an entity currently operating as both a Crypto Asset Exchange and Crypto Asset Custodian.
            76) Crypto Asset Custodians may expand their custodial offering to Digital Securities by utilising their existing technologies (or implementing new technologies, if required), to allow it to operate as a DSF across custody, clearing (as applicable) and settlement functions for Digital Securities.18 Given the difference in nature between Digital Securities and Crypto Assets, however, it is expected that a Crypto Asset Custodian seeking to migrate to becoming a DSF will be required to meet a significant number of new requirements, including but not limited to those outlined under paragraphs 55–61 of this Guidance.
            77) As noted in paragraph 60, the FSRA reserves the right to impose any of the Rules outlined in MIR Chapter 4 on a Crypto Asset Custodian seeking to operate as a DSF (considering the particular business/operational model of the proposed DSF).

            18 This may require the OCAB Holder/DSF Applicant to make necessary changes to ensure that it can process all settlement obligations based on the features of particular Digital Securities (including, but not limited to, Dividends and Coupon Payments).

        • CONVENTIONAL MARKET INFRASTRUCTURES & DIGITAL SECURITIES

          78) This section of the Guidance addresses Recognised Bodies or MTFs operating traditional Securities markets that may wish to expand their product offering into Digital Securities. Entities seeking to do so will need to demonstrate to the FSRA how they will meet the Rules applicable to Digital Securities and how either its existing technology infrastructure will be able to meet these requirements or new technology will be implemented.
          79) Given the nature of digital markets, entities can expect particular FSRA focus to be placed on their use of technology and technology governance. Entities should familiarise themselves with the FSRA's technology governance guidance as set out in paragraphs 49–64, 67–68 and 74–84 of the OCAB Guidance (where Crypto Assets should be read as Digital Securities) which will form part of the basis for FSRA review.

          • RIEs & Digital Securities

            80) A RIE should engage with the FSRA at an early stage and be in a position to outline how they intend to continue to meet their obligations as a Recognised Body in the context of Digital Securities (treated similarly to the introduction of a new asset class). Formal approval from the FSRA will be required before a RIE can facilitate offers of, issuances in and the trading of Digital Securities.
            81) In addition to what is separately set out in this Guidance, a RIE operating within the conventional Securities space seeking to facilitate Digital Securities offers and trading, and proposing to use new technologies such as DLT, should review and consider a number of areas of the OCAB Guidance (as applicable), including the following:
            a) Technology Governance and Controls (paragraphs 45–89);
            b) Accepted Crypto Assets (paragraph 25, including for Security (b) and Type of DLT(e));
            c) Capital requirements (paragraphs 31–36);
            d) Margin Trading (paragraph 118); and
            e) Substance requirements (paragraphs 123–125).
            82) A particular area of focus for the FSRA will be the Applicant's custody and settlement arrangements (pursuant to MIR Rules 2.10 and 3.8 (refer to paragraphs 43(b) and 44(a) respectively).

          • MTFs & Digital Securities

            83) MTFs operating a market for traditional Securities seeking to operate a market in Digital Securities activities should engage with the FSRA at an early stage and be in a position to outline how they intend to continue to meet their obligations as an Authorised Person/MTF. It is important to recall that an MTF can only admit to trading Digital Securities offered by way of an Exempt Offer or that have already been admitted to a RIE (refer to paragraphs 46 and 47 respectively). As noted in paragraph 79 above, for an entity that is already operating as an MTF, one area of FSRA focus when considering an application for expansion into Digital Securities will be on the MTFs use of technology and the governance arrangements around technologies that are to be newly introduced. Further discussion about the FSRA's expectations in this regard is set out at paragraphs 100–102.
            84) Another particular area of focus for the FSRA will be the Applicant's custody and settlement arrangements (pursuant to MIR Rules 2.10 and 3.8 (refer to paragraphs 43(b) and 44(a) respectively).

          • RCHs & Digital Securities

            85) RCHs providing services for the clearing and settlement of traditional Securities seeking to do the same for Digital Securities should engage with the FSRA at an early stage and be in a position to outline how they intend to continue to meet their obligations as a RCH (noting the points raised earlier in this Guidance in relation to the use of technology and governance arrangements of a RCH (as a Recognised Body) (refer to paragraphs 79 and 100–102). Depending on the technology used, a Securities RCH seeking to additionally operate with Digital Securities may potentially use their existing technology (DLT or similar) to enable the settlement of Digital Securities.
            86) In the context of clearing and settlement for Digital Securities, if it is determined that the RCH acts as a central counterparty (CCP) guaranteeing the settlement of transactions, then the RCH is considered to act as a clearing house.
            87) If instead, instantaneous settlement occurs within the RCH, then the RCH does not act as a CCP, as it does not establish / hold positions on either side of a trade prior to settlement taking place, and it is therefore not considered to be a clearing house. Such a scenario may likely occur in the case of settlement for Digital Securities.
            88) RCHs (operating as a clearing house, as set out above) who settle transactions in Digital Securities, are also required to meet obligations in relation to Clearing, where this entails a process of establishing positions, including the calculation of net obligations and ensuring that Digital Securities, cash, or both are available to secure the exposures arising from such positions.

        • DIGITAL SECURITIES — INTERMEDIARIES

          89) This section applies to conventional and crypto asset intermediaries such as brokers, dealers, managers, advisors and arrangers of Digital Securities.

          • Conventional Intermediaries — Digital Securities

            90) A conventional intermediary licenced by the FSRA is able to provide Regulated Activities within the scope of its existing FSP in relation to Specified Investments, including Digital Securities.19 However, should such intermediaries intend to do so, they must provide prior notification to their FSRA Supervision Relationship Manager of the proposed changes to their business model.
            91) Intermediaries intending to operate solely, in the context of Digital Securities, as a broker or dealer for Clients (including the operation of an OTC broking or dealing desk) are not permitted to structure their broking / dealing service or platform in such a way that would have it be considered as operating a RIE or MTF. The FSRA would consider features such as allowing for price discovery, displaying a public trading order book (accessible to any member of the public, regardless of whether they are Clients), and allowing trades to automatically be matched using an exchange-type matching engine as characteristic of a RIE or MTF, and not activities acceptable for an Digital Securities intermediary to undertake.
            92) A conventional custodian may apply to the FSRA to be a DSF in order to provide custody of Digital Securities. Refer to paragraphs 55 to 61, for further information on the requirements relating to DSFs.

            19 Unless there is a specific restriction on its FSP stating otherwise.

          • Crypto Asset Intermediaries — Extension into Digital Securities

            93) An OCAB intermediary may provide services in respect of both Accepted Crypto Assets and Digital Securities. In order to do so, it must apply to the FSRA to vary its FSP to include the appropriate conventional Regulated Activity/ies, including but not limited to, Dealing in Investments as Principal, Dealing in Investments as Agent, Managing Assets, Arranging Deals in Investments or Advising on Investments or Credit.
            94) Crypto Assets Custodians may apply to the FSRA to be a DSF in order to provide custody of Digital Securities. Refer to paragraphs 75 to 77 for further information on the requirements that will apply.

          • Private Financing Platforms (PFPs)

            95) A PFP (as provided for in Schedule 1, Section 73E of FSMR) includes electronic platforms which facilitate the provision of financing between Issuers and investors in the form of Digital Securities.
            96) The FSRA only allows a financing proposal to be published on a PFP where it qualifies as an Exempt Offer through satisfying any of the criteria set out in MKT Rule 4.3.
            97) A PFP Operator may offer an incidental facility, termed an 'Exit Facility', to permit clients to exit their PFP transactions by allowing them to seek potential "buyers" who are also clients of the PFP Operator in order to transfer their rights and obligations under their investment agreements. The Exit Facility should not allow active (secondary market) trading by clients, and such trading can only be an ancillary service provided by the PFP Operator. The Exit Facility must comply with the requirements in COBS Rule 18.8. In particular, the Exit Facility must not exhibit characteristics of a trading facility, otherwise the PFP Operator will require a separate FSP for Operating an MTF.20
            98) A PFP Operator which facilitates the trading of Digital Securities through its platform will also need to consider, among other things, the relevant technology governance requirements set out in paragraphs 45 to 84 of the OCAB Guidance.

            20 See paragraph 47 for the FSRA's policy position on OTFs with regard to Digital Securities.

        • DIGITAL SECURITIES — SPECIFIC REGULATORY CONSIDERATIONS

          99) This section of the Guidance, rather than address specific requirements relating to the operation of activities undertaken by Authorised Persons or Recognised Bodies, sets out specific FSRA policy positions in relation to specific regulatory considerations relevant to Digital Securities.

          • Technology Governance and Controls

            100) While the FSRA adopts a technology-neutral approach to the regulation of Digital Securities markets, there is considerable industry appetite to use and deploy DLT, and related technologies. The development, and usage, of such technologies, however, is still widely considered to be in its early years of development and usage at scale. While it does not seek to regulate specific technologies such as DLT directly, the FSRA expects users of such technology to meet particular requirements in terms of their technology systems, governance and controls.
            101) All Authorised Persons and holders of Recognition Orders (in relation to Digital Securities) will need to take into account considerations relating to technology governance and controls, for the purposes of compliance with primarily, in the case of a RIE, MIR Rules 2.5 and 2.6, and in the case of an MTF, GEN Rule 3.3. The FSRA would further recommend that when Applicants are seeking to comply with these requirements, they take into account paragraphs 49–64, 67–68 and 74–84 of the OCAB Guidance in relation to their technology governance (with Crypto Assets being read as Digital Securities for the purposes of that Guidance).
            102) The FSRA acknowledges that non-DLT technologies may be used for the secure custody, clearing and settlement of Digital Securities. Where this is the case, the relevant licence holders are still required to meet MIR Rules 2.6 and 2.10, as applicable, at all times.

          • DLT Access Implications — Offers, Issuance & Trading

            103) The FSRA expects that the particular use, and surrounding controls related to the use, of DLT will have implications for how Digital Securities are offered, issued, traded and ultimately settled. On issuance, for example, the FSRA expects that Offers of Digital Securities to be limited/linked to an initial venue (e.g., MTF or RIE), due to the likelihood that permissioned access to a DLT will be limited due to commercial or technology compatibility issues. The implication therefore is that where an MTF or RIE, for example, controls access to a distributed ledger there may be a limit/restriction on an investor to transfer Digital Securities to another investor. This is in contrast to Crypto Assets (for example, Bitcoin), where access to the Bitcoin distributed ledger is not permissioned.
            104) Access to DLT may alternatively be controlled by a DSF/RCH, or the Issuer of a Digital Security itself. Whatever the model of access/permission, the FSRA would expect any costs for the transfer of a Digital Security to be clearly disclosed and be undertaken on a reasonable commercial basis.

          • Subscriptions to an Offer of Digital Securities

            105) Pursuant to various requirements set out in MKT, an Offer of Securities should be denominated and priced in fiat currency. It is recognised, however, that subscriptions/payments for an Offer of Digital Securities could be made via fiat currencies and/or Accepted Crypto Assets. Subscription amounts collected in Accepted Crypto Assets, therefore, are subject to the prevailing exchange rate between the (denominated) fiat currency and the relevant Accepted Crypto Asset at the time of payment.
            106) Accordingly, an ADGM-licenced intermediary will also need to be an OCAB Holder in order to offer subscription services, or alternatively may engage the services of an ADGM OCAB Holder for such services.

          • Market Abuse, Transaction Reporting and Misleading Impressions (FSMR)

            107) The Market Abuse Provisions in Part 8 of FSMR specifically cover Market Abuse Behaviour in relation to Securities (including Digital Securities) admitted to trading on a RIE or an MTF.
            108) FSMR Section 149 sets out the reporting obligations imposed on RIEs and MTFs which are required to report details of transactions in Securities (including Digital Securities) traded on their platforms. Consistent with its treatment of all RIEs, MTFs and Crypto Asset Exchanges, the FSRA expects RIEs and MTFs (providing markets in Digital Securities) to report order/trading data to the FSRA on both a real-time and batch basis.
            109) In addition, the FSMR provisions on Misleading Statements apply to Securities (including Digital Securities). The FSRA expects that all communications (including advertising or investment materials or other publications) made by a RIE or an MTF will be made in an appropriate manner and those infrastructures will implement suitable policies and procedures to comply with the relevant requirements of FSMR.

          • Substance requirements

            110) In order to operate effectively within ADGM, Authorised Persons and holders of Recognition Orders for the operation of market infrastructures (including for all RIEs, MTFs, RCHs and DSFs) must commit resources of a nature allowing them to be operating in substance within ADGM. The FSRA expects to see substantive resources committed within ADGM across all lines of activity, including, but not limited to, commercial, governance, compliance/surveillance, operations, technical, IT and HR functions. In particular, the FSRA expects 'mind and management' to be located within ADGM.

          • Third party audit obligations

            111) All Authorised Persons and Recognised Bodies carrying out Digital Securities activities should have independent third party verification or checks carried out at least annually to verify that the amount and value of Digital Securities (and Client Money (e.g., fiat) held on custody on behalf of Clients) is correct and matches what is supposed to be held.

          • Third party outsourcing

            112) FSRA's policy position on outsourcing is set out paragraphs 79–84 of the OCAB Guidance, and applies equally to entities engaged in Digital Securities activities. In addition, FSRA expects that any outsourcing arrangements will meet international regulatory guidelines applicable to outsourcing arrangements, including in relation to its contractual arrangements.

          • Anti-Money Laundering and Countering Financing of Terrorism

            113) As is required of all Authorised Persons and Recognised Bodies operating within the ADGM, those entities seeking to undertake Digital Securities-based financial services activities are required to comply with the FSRA's Anti Money Laundering and Countering Financing of Terrorism "AML/CFT" framework including, among other things:
            a) UAE AML/CFT Federal Laws, including the UAE Cabinet Resolution No. (10) of 2019 Concerning the Executive Regulation of the Federal Law No. 20 of 2018 concerning Anti-Money Laundering and Combating Terrorism Financing;
            b) the FSRA AML and Sanctions Rules and Guidance ("AML Rules") or such other AML rules as may be applicable in ADGM from time to time; and
            c) the adoption of international best practices (including FATF Recommendations).
            114) For a further understanding of the FSRA's policy position in relation to AML, the FSRA recommends readers consider, as applicable, paragraphs 37–43 of the OCAB Guidance, particularly as it relates to Digital Securities and the FATF Recommendations.

            • Principle 1: Risk Based Approach

              a) FATF expects countries, regulators, financial institutions and other concerned parties to adopt a ‘Risk Based Approach’ (“RBA”). Authorised Persons are expected to understand the risks associated with their activities and allocate proper resources to mitigate those risks. A RBA can only be achieved if it is embedded into the compliance culture of the Authorised Person, which enables the Authorised Person to make decisions and allocate appropriate resources in the most efficient and effective way.
              b) Authorised Persons should, on a periodic basis, carry out a proper risk based assessment of their processes and activities. In order to implement the RBA, Authorised Persons are expected to have processes in place to identify, assess, monitor, manage and mitigate ML risks. The general principle is that in circumstances where there are higher risks of ML, Authorised Persons are required to implement enhanced measures to manage and mitigate those risks.
              c) One of the most challenging risks facing financial institutions is how the on-boarding of an Authorised Person may affect its relationship with foreign correspondent financial institutions, as well as the views of the regulator of those foreign correspondent financial institutions. In essence, a foreign correspondent financial institution relationship is built on the effectiveness of a financial institution’s ML compliance program and ongoing monitoring capabilities.
              d) With the use of cryptology and block chain technologies at a nascent stage within financial services, any financial institution banking an Authorised Person must not only satisfy itself, but also its foreign correspondent financial institution(s), that the Authorised Person is well regulated and has appropriate systems and controls in place to address ML, TF and sanctions risks. These systems and controls should include robust processes to carry out CDD on Clients and beneficial owners, to monitor transactions for these risks, and the willingness and ability of the Authorised Person to provide complete transparency to its financial institution(s) and foreign correspondent financial institution(s) if and when required.

          • International Tax Reporting Obligations

            115) All entities seeking to engage in Digital Securities-based financial services activities must consider and, if applicable, adhere to their tax reporting obligations including, as applicable, under the Foreign Account Tax Compliance Act ("FATCA") and the ADGM Common Reporting Standard Regulations 2017.

          • Data protection obligations for Issuers

            116) Issuers, and other holders of client data, should familiarise themselves with the data protection obligations applying within ADGM. Further information regarding the ADGM's data protection requirements is addressed at paragraphs 110–115 of the OCAB Guidance.

          • Margin trading

            117) Entities wishing to provide margin trading to its Clients will need to submit for approval details of the terms upon which it proposes to do so (for an Applicant, in its Application; for an FSP holder or Recognition Order holder, as part of ongoing supervisory arrangements). As a general position, the FSRA would only consider allowing entities with a relevant proven track record to provide margin trading. Particular focus will be placed on the proposed leverage ratio.
            118) Entities that are not proposing, or permitted, to carry out margin trading will likely have a restriction from doing so placed on their FSP or Recognition Order.

          • Islamic Finance Rules

            119) FSRA's Islamic Finance Rules (IFR) apply to a number of entities that can operate within ADGM, including Authorised Persons and a Person making an Offer of Securities. As IFR is linked to the use of 'Specified Investments', including (Digital) Securities, IFR can apply to Authorised Persons Conducting Islamic Financial Business or offering/distributing Shari'a-compliant Securities.

        • STABLECOINS

          120) The FSRA recognises that the use of Digital Securities in ADGM may likely coincide with the use of fiat tokens. Further clarity on FSRA's regulatory position in relation to stablecoins is set out in paragraphs 158–162 of the OCAB Guidance. For RIEs or MTFs trading in Digital Securities, the FSRA's expectation is that paragraph 162d of the OCAB Guidance (where an infrastructure is using its own fiat tokens as a payment/transaction mechanism solely within its own platform/ecosystem) is likely to be the only scenario for the use of stable coins by a RIE or MTF trading in Digital Securities. Where Applicants consider that there are other business use cases for stable coins (particularly when used by a RIE, MTF or DSF), these would need to be raised (in writing, and for discussion) with the FSRA.

        • APPLICATION PROCESS

          121) In the context of Digital Securities, engagement with the FSRA in relation to approvals required under MKT (Offers of Securities and/or Admissions to the Official List) will be via the FSRA Listing Authority.
          122) Separately, Applicants seeking approvals to operate as a RIE, MTF, DSF or RCH must be prepared to engage heavily with the FSRA throughout the relevant application process. The Application process is broadly broken down into five stages, as follows:
          a) Due Diligence & Discussions with FSRA team(s);
          b) Submission of Formal Application;
          c) Granting of In Principle Approval;
          d) Granting of Final Approval; and
          e) 'Operational Launch' Testing

          • Due diligence and Discussions with FSRA team(s)

            123) Prior to the submission of an Application, all Applicants are expected to provide the FSRA with a clear explanation of their proposed business model and to demonstrate how the Applicant will meet all applicable FSRA Rules and requirements. These sessions will also involve the Applicants providing a number of in-depth technology demonstrations, across all aspects of its proposed Digital Securities activities. The FSRA generally expects these meetings, where possible, to take place between the Applicant and the FSRA in person. In addition, the FSRA further expects that a number of meetings will need to be held between an Applicant and the FSRA before the Applicant will be in a position to submit a draft, then formal, application.

          • Submission of Formal Application

            124) Following discussions with the FSRA, and upon the FSRA having reasonable comfort that the Applicant's proposed business processes, technologies and capabilities are at a sufficiently advanced stage, the Applicant will be required to submit a completed Application Form, and supporting documents, to the FSRA. Payment of the fees applicable to the Application, as set out in paragraphs 130–141, must also be made at the time of submission. The FSRA will only consider an Application as having been formally submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.

          • Granting of In Principle Approval (IPA)

            125) The FSRA will undertake an in-depth review of the Application, and supporting documents, submitted by an Applicant. The FSRA will only consider granting an IPA for those Applicants that are considered able to adequately meet all applicable Rules and requirements. An Applicant will be required to meet all conditions applicable to the IPA prior to being granted with final approval, and an FSP or Recognition Order (as applicable).

          • Granting of Final Approval (Financial Services Permission/Recognition Order)

            126) Subject to being satisfied that the Applicant has met all conditions applicable to the IPA, the FSRA will grant the Applicant with final approval for an FSP or Recognition Order (as applicable). Final approval will be conditional upon the FSRA being further satisfied in relation to the Applicant's operational testing and capabilities, and completion of a third-party verification of the Applicant's systems where applicable.

          • 'Operational Launch' Testing

            127) An Applicant operating a RIE, MTF, DSF or RCH will only be permitted to progress to operational launch when it has completed its operational launch testing to the FSRA's satisfaction, including completion of third party verification of the Applicant's systems, where applicable.
            128) Noting the public nature of these entities and the consumer protection considerations associated with significant client participation, these licence holders, like many others regulated by FSRA, will be closely supervised by the FSRA once licenced. Entities should expect to meet frequently with the FSRA, be subject to ongoing assessments, and be prepared to undergo thematic reviews from time to time (particularly considering the nascent stage of Digital Securities markets globally).
            129) Authorised Persons seeking FSP variations, other than MTFs, will follow the variation process as set out in sections 2.9.6 and 2.9.7 of the Guidance & Policies Manual (GPM) and are encouraged to discuss their variation proposals with their Supervision Relationship Managers as early as possible.

        • Fees

          • Authorisation and supervision fees

            130) The applicable fees for entities seeking to carry out Digital Securities activities within ADGM are set out in the FEES Rulebook. Examples of the application of these fees to particular scenarios are set out in the paragraphs below.
            131) As it is not proposed that there be an immediate change to the fee structure in relation to Digital Securities, the FSRA will continue to monitor its position in relation to these fees as part of the wider Securities-regulatory framework.
            132) As noted in paragraph 124 above, the FSRA will only consider an Application as having been submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.

          • Authorisation fees

            133) For Digital Securities activities by new entrants applying to operate in ADGM: For Applicants seeking to carry on Digital Securities activities within ADGM, with no existing ADGM licenced business operations, the Authorisation fees are the same as those already provided in the applicable Rulebook for the relevant activity, subject to paragraph 135 below. In summary:
            a) the applicable fees for a Recognition Order as an RIE or an RCH are set out in FEES Rule 3.7.1(a);
            b) the fees for a FSP for an Authorised Person (other than a DSF) are set out in FEES Rules 2.2.1(a) and 3.5; and
            c) the fees for a DSF are as set out in paragraph 135 below.
            134) For Digital Securities activities to be conducted by existing ADGM licenced intermediaries or MTFs:
            a) For Authorised Persons (OCAB or otherwise) seeking to expand their activities to include Digital Securities activities, an application for an amendment to the scope to their existing FSP will need to be submitted. The applicable fees will be as set out in FEES Rule 3.8; and
            b) For an Authorised Person intending to provide Regulated Activities in relation to Digital Securities within the scope of their existing FSP, no fees will apply, subject to paragraph (a) and paragraph 135 below, but firms are required to discuss this with their FSRA Supervision Relationship Manager as early as possible (as there may be wider fee or other supervisory implications).
            135) For entities seeking to be authorised for Providing Custody (and by extension as a DSF): For these entities, the authorisation fee will be US$20,000, comprising a fee of US$5,000 for Providing Custody and a US$15,000 supplementary fee in accordance with FEES Rule 1.2.6, reflective of the regulatory burden imposed on FSRA to ensure compliance with the applicable Rules and requirements for conducting DSF related activities.
            136) RIEs or RCHs with Recognitions Orders seeking to expand their activities to include Digital Securities activities: No additional fees will apply.
            137) For Crypto Asset Exchanges upgrading to a Digital Securities RIE: For Authorised Persons operating a Crypto Asset Exchange and seeking to further operate as a Digital Securities RIE, it is unlikely that the FSRA would seek to impose the full RIE Recognition Order fee (being US $125,000), on the assumption that there is likely to be significant overlap in the systems, controls and technology used by the entity across both activities. The FSRA may instead impose a fee in the region of US$40,000 (dependent on the Applicant's business model and any overlap/similarities in its technology, systems and controls).

          • Supervision fees

            138) Annual supervision fees applicable to Authorised Persons and Recognised Bodies carrying on Digital Securities activities within ADGM are as set out in the FEES Rulebook, in particular:
            a) for Authorised Persons (excluding those outlined in paragraph 139 below), in FEES Rules 2.2.2, 2.2.3 and 3.5.3; and
            b) for Recognised Bodies, in FEES Rules 3.7.1 (b) and 3.7.2(b).
            139) Annual supervision fees applicable to Authorised Persons who are Providing Custody (and by extension meeting the obligations of a DSF) within the ADGM, are US$15,000 (which will be imposed as a condition to the granting of an FSP).

          • Fees — Prospectus Offers and Admission to Official List

            140) The fees for Offers and Listings of Digital Securities are as set out in Rules 3.10 (Funds), 4.1.1(a) (Digital Securities Prospectus) and 4.1.1(b) (Debenture Prospectus) of the FEES Rulebook.
            141) The listing fee for an admission of Digital Securities to the Official List of Securities is US$3,000 as set out in FEES Rule 3.9.1.

      • Guidance — Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations [24 February 2020]

        Click here to view PDF.

      • Guidance — Regulation of Digital Security Offerings and Virtual Assets under the Financial Services and Markets Regulations [24 February 2020]

        • 1. INTRODUCTION

          1.1 This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 (“FSMR”). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority (“FSRA”), the Guidance & Policies Manual of FSRA, the ‘Guidance – Regulation of Virtual Asset Activities in ADGM’1 and the ‘Guidance – Regulation of Digital Securities Activity in ADGM’ (“Digital Securities Guidance”). 2
          1.2 This Guidance is applicable to those considering the use of initial coin or token offerings (“ICOs”, also known as a Coin or Token Sale) to raise funds. The Guidance is also applicable to those considering transacting in, and the general use of, virtual tokens and Virtual Assets (as defined below).
          1.3 The Guidance sets out FSRA’s approach to digital security issuers seeking to raise funds through ICOs, and market intermediaries or operators dealing in or offering services in digital securities and Virtual Assets.
          1.4 This Guidance is not an exhaustive source of the FSRA’s policy on the exercise of its regulatory mandate, and the FSRA may impose other, specific conditions to address any specific risks posed by the proposed activities set out herein.
          1.5 The FSRA is not bound by the requirements set out in this Guidance and may waive or modify this Guidance at its discretion where appropriate.
          1.6 Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meanings as defined in FSMR and the Glossary (GLO).

          1 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-virtual-asset-activities-adgm
          2 https://en.adgm.thomsonreuters.com/rulebook/guidance-regulation-digital-securities-activities-adgm

        • 2. BACKGROUND

          2.1 Globally, the use of virtual tokens and Virtual Assets to raise funding and facilitate economic transactions has been on the rise in recent years. A number of financial services regulators have issued comments or consumer alerts setting out their regulatory position on virtual tokens and/or Virtual Assets. This is especially relevant since the use of virtual tokens and Virtual Assets can be subject to risks arising from fraud, money-laundering and terrorist financing, as well as the observed volatility of the “value” of Virtual Assets.
          2.2 The FSRA adopts a technology-neutral approach to regulation, where regulatory requirements are applied to the conduct of Regulated Activities or activities envisaged under a Recognition Order3, as opposed to the technological means to conduct a Regulated Activity. To the extent that virtual tokens are used as a mechanism to enable or facilitate a Regulated Activity to be carried out, they are generally permitted. For example, subject to fit and proper safeguards, an authorised money remittance house may receive fiat currencies from Clients and use virtual tokens to securely remit an equivalent value overseas directly to a regulated foreign counterparty via the internet in real-time; the foreign counterparty can then pay out in fiat currencies to the intended end-clients.
          2.3 Given the evolving developments in the space of virtual tokens and Virtual Assets, FSRA will continue to closely monitor industry developments. FSRA may issue further Guidance as necessary, to ensure the regulatory framework is updated and risk-appropriate in order to facilitate the sound development and deployment of promising financial technology innovations.

          3 Pursuant to Section 124 of the FSMR, these include activities of Recognised Investment Exchanges and Recognised Clearing Houses.

           

        • 3. 3. INITIAL COIN OFFERINGS

          3.1 ICOs can take many forms, but all of them utilise Distributed Ledger Technology (“DLT”). Investors will typically give Virtual Assets to an ICO issuer in exchange for a proprietary digital medium of exchange on the DLT platform, being termed a “coin” or “token” (where the latter term will be used hereafter). In some cases the proprietary tokens will not represent an underlying financial asset; for example, a DLT token may represent a digital identity record, a voting right, or simply access to software running on a DLT platform.
          3.2 Alternatively, an emerging method of fund-raising uses DLT with the tokens representing a “traditional” regulated issuance, such as Shares, Debentures or Units in a Collective Investment Fund. In these instances, a DLT platform may also comprise a share or bond register. We are aware that there are many companies seeking to raise money through such traditional and regulated means using a DLT-enabled platform.

          • Innovation

            3.8 In our engagement with innovative firms in the financial services sector, we have been made aware of business models using a DLT platform to facilitate the issuance of Securities on a private placement basis. These business models may include a high level of disclosure and transparency with investors, and a robust reconciliation and reporting mechanism. These types of business models may benefit from the Exempt Offers regime set out above.
            3.9 We are also aware of firms seeking to build investment funds using DLT platforms for the purposes of investor reporting and funds management. In such cases, the Digital Securities issued as a result of the ICO may be Units in a Collective Investment Fund as defined in Section 106 of FSMR. This may fall within our FUNDS Rules, and again we encourage firms considering such DLT-enabled business models to engage with us as early as possible.
             

        • Regulatory treatment of tokens deemed to be Securities

          3.3 Whether an ICO is to be regulated under FSMR will be assessed by FSRA on a case-by-case basis. To this end, if the tokens in an ICO are assessed to exhibit the characteristics of a Security, FSRA may deem the tokens as a Security pursuant to Section 58(2)(b)4 of FSMR, hereinafter referred to as “Digital Securities”. Consequently, an issuer seeking to launch an ICO in or from ADGM should approach FSRA at the earliest opportunity.
          3.4 For regulatory purposes, issuances of Securities (as defined in Section 258 of FSMR), whether through a DLT platform or other means, will see no difference in their treatment under our regulatory framework. Those issuers/market actors who seek to raise funds in a regulated, robust and transparent manner using new business models or technologies such as DLT are encouraged to engage with us as early as possible in the fund-raising process.
          3.5 The requirements for Offers of Securities fall under Sections 58 to 71 of FSMR and Chapter 4 of the Markets Rules (“MKT”). When an Issuer wishes to make an Offer of Securities to the Public in or from ADGM, these requirements include, for example, the obligation to publish a Prospectus under Section 61 of FSMR.
          3.6 Offers of Securities may benefit from an exemption under the Exempt Offers regime set out in Rule 4.3 of MKT. In the circumstances specified in that Rule, it should be noted that a Person may make an Offer of Securities to the Public without a Prospectus where any one of the following conditions, amongst other conditions in that Rule, is met:
          (i) an Offer is directed at Professional Clients other than natural Persons;
          (ii) fewer than 50 Persons in any 12 month period, excluding Professional Clients who are not natural persons; or
          (iii) where the consideration to be paid by a Person to acquire Securities is at least USD100,000.
          3.7 Additionally, any market intermediaries (e.g., broker-dealers, investment managers, custodians) and primary / secondary market operators dealing in Digital Securities and/or their Derivatives with or on behalf of Clients, will need to be approved by FSRA as Financial Services Permission (“FSP”) holders, Recognised Investment Exchanges or Recognised Clearing Houses (collectively referred to as “Regulated Firms”).

          4 Section 58(2) of FSMR sets out that FSRA may, by written notice ‘deem any investment which is not a Security to be a Security for the purposes of these Regulations and the Rules made under these Regulations’.

        • Tokens not deemed to be Digital Securities

          3.10 It should also be noted that not all ICOs constitute an Offer of Securities under the FSMR or MKT. Where tokens do not have the features and characteristics of Securities such as Shares, Debentures or Units in a Fund, the offer of such tokens is unlikely to be an Offer of Securities, nor is the trading of such tokens likely to constitute a Regulated Activity under FSMR.
          3.11 In unregulated ICOs, investors do not benefit from any of the safeguards that accompany a regulated Offer of Securities. Reliable information regarding the issuer, and what it plans to do with the funds raised may be lacking. The risk of fraud and loss of capital is therefore significantly higher. This is particularly likely to be the case where a token issuer promises extremely high investment returns that are disproportionately high relative to those generally available in the market. We advise potential investors in unregulated ICOs to exercise extreme caution before committing any funds.
          3.12 However, there are instances of such unregulated ICOs being used to raise money for legitimate companies and development efforts. In such cases, while these do not fulfil the same requirements as a regulated Offer of Securities, issuers of the ICO may disclose detailed information on their products / tokens and business plan. We welcome engagement from the industry, in particular from trade bodies, in developing voluntary best-practice standards in relation to the use of such unregulated ICOs as a legitimate method for raising funds.

        • 4. 4. VIRTUAL ASSETS

          4.1 As set out in the FSMR, a Virtual Asset is defined as:
          A digital representation of value that can be digitally traded and functions as (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status in any jurisdiction. A Virtual Asset is -
          (a) neither issued nor guaranteed by any jurisdiction, and fulfils the above functions only by agreement within the community of users of the Virtual Asset; and
          (b) distinguished from Fiat Currency5 and E-money6.”
          4.2 Although not legal tender, Virtual Assets (such as bitcoin) have “value” in that they can be exchanged for other things of value, with that value being dependent on considerations of supply and demand. In this respect, Virtual Assets have much in common with physical commodities such as precious metals, fuels and agricultural produce. Therefore from a regulatory policy perspective, Virtual Assets are treated as commodities, instead of Specified Investments as defined under the FSMR.
          4.3 Under FSRA’s regulatory framework for Virtual Assets, any market operator, custodian or intermediary dealing in Virtual Assets is required to be approved by FSRA as an FSP holder in relation to the applicable Regulated Activity. Details of FSRA’s approach to the regulation of spot Virtual Asset activities are set out in FSRA’s ‘Guidance – Regulation of Virtual Asset Activities in ADGM’.
          4.4 Where a Regulated Firm uses Virtual Assets in an ancillary manner (e.g. as a means to enable or facilitate the carrying on of any financial services businesses), it does not necessary mean that the Regulated Firm needs to seek approvals from the FSRA in order to use Virtual Assets as part of its Regulated Activities. As illustrated in paragraph 2.2, an authorised money remittance house does not need to apply for specific approvals from the FSRA to use Virtual Assets if it merely uses Virtual Assets as a medium of exchange to facilitate the remittance of fiat currencies on behalf of Clients across jurisdictions. The Regulated Firm will, however, have to demonstrate that the use of the Virtual Asset, used in such ancillary manner, is fit for purpose, e.g., putting in place control requirements to address technology and security risks associated with the use of the Virtual Asset. On the other hand, for example, if the Regulated Firm offers its Clients services to exchange Virtual Assets for fiat currencies, the Regulated Firm will need to apply to, and be authorised by, the FSRA to use Virtual Assets as part of its Regulated Activities.

          5 “Fiat Currency” means government issued currency that is designated as legal tender in its country of issuance through government decree, regulation or law.
          6 “E-money” means a digital representation of Fiat Currency used to electronically transfer value denominated in Fiat Currency.

          • Derivatives of Virtual Assets

            4.5 In line with the policy treatment of Virtual Assets as commodities, Derivatives of Virtual Assets are regulated as Commodity Derivatives and hence, a type of Specified Investment under the FSMR. Consequently, any market operators or market intermediaries dealing or managing investments in Derivatives of Virtual Assets will be subject to the appropriate regulations and rules applicable under FSMR.
            4.6 Notwithstanding that certain Virtual Asset activities are subject to regulations under the FSMR, the FSRA does not take a view on the merits of transacting or investing in Virtual Assets. Given the volatility of Virtual Assets, they constitute high-risk investments. FSRA therefore advises consumers and companies to consider the risks of investing in Virtual Assets or any related Derivatives carefully before committing any funds.
            4.7 For avoidance of doubt, where a Virtual Asset has the features and characteristics of a Digital Security, it will additionally be subject to the applicable regulatory requirements as explained in section 3 above.

        • 5. SUMMARY

          5.1 A summary of the regulatory treatment of Digital Assets is shown in the table below.

          Category of Digital Assets / Instruments Regulatory Approach
          “Digital Securities”

          (e.g., digital/virtual tokens that have the features and characteristics of a Security under the FSMR (such as Shares, Debentures and Units in a Collective Investment Fund)).
          Deemed to be Securities pursuant to Paragraph 58(2)(b) of FSMR.

          All financial services activities in relation to Digital Securities, such as operating primary / secondary markets, dealing / trading / managing investments in or advising on Digital Securities, are subject to the relevant regulatory requirements under the FSMR.

          Market intermediaries and market operators dealing or managing investments in Digital Securities need to be licensed / approved by FSRA as FSP holders (including as Multilateral Trading Facilities), Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
          “Virtual Assets”

          (e.g., non-fiat virtual currencies, virtual asset ‘exchange tokens’).
          Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

          Market intermediaries (e.g., broker dealers, custodians, asset managers) dealing in or managing Virtual Assets, and Multilateral Trading Facilities using Virtual Assets, need to be licensed / approved by FSRA. Only activities in Accepted Virtual Assets will be permitted.

          Capital formation activities are not provided for under the Virtual Asset Framework, and such activities are not envisaged under the Market Rules (MKT).
          Derivatives and Collective Investment Funds of Virtual Assets, Digital Securities and Utility Tokens Regulated as Specified Investments under the FSMR.

          Market intermediaries and market operators dealing in such Derivatives and Collective Investment Funds will need to be licensed / approved by FSRA as FSP holders, Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.
          “Utility Tokens”

          (e.g., tokens which can be redeemed for access to a specific product or service, typically provided using a DLT platform, do not exhibit the features and characteristics of a regulated investment / instrument under the FSMR).
          Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

          Unless such Utility Tokens are caught as Accepted Virtual Assets, spot trading and transactions in Utility Tokens do not constitute Regulated Activities, activities envisaged under a Recognition Order (e.g., those of a Recognised Investment Exchange or Recognised Clearing House), or activities envisaged under MKT.
          “Fiat Tokens”

          (e.g. stablecoins whose value are fully backed by underlying fiat currencies)
          Treated as a form of digital representation of Fiat Currency.

          Where used as a payment instrument for the purposes of Money Transmission as defined under the FSMR, the activity will be licensed and regulated as Providing Money Services.

          5.2 A schematic representation of the FSRA’s regulatory ambit under the FSMR is shown within the blue dotted box.

           

           

      • Guidance — Regulation of Virtual Asset Activities in ADGM [24 February 2020]

        • INTRODUCTION

        • BACKGROUND

        • OBJECTIVES OF THE SPOT CRYPTO ASSET FRAMEWORK

        • FEATURES OF THE SPOT CRYPTO ASSET FRAMEWORK

          • Regulated Activity of Operating a Crypto Asset Business

          • Combination of Regulated Activities

        • REGULATORY REQUIREMENTS FOR OPERATING A CRYPTO ASSET BUSINESS

          • Operating a Crypto Asset Business

          • Accepted Crypto Assets

          • Capital Requirements

          • Anti-Money Laundering and Countering Financing of Terrorism

            • Key considerations for AML/CFT compliance

              45) When considering the FATF Recommendations, in combination with the application of the AML Rules, the FSRA notes the following key principles that an Authorised Person conducting a Regulated Activity in relation to Virtual Assets should consider:

            • Principle 2: Business Risk Assessment

              e) Chapter 6 of the AML Rules requires Relevant Persons to take appropriate steps to identify and assess the ML risks to which their businesses are exposed, taking into consideration the nature, size and complexity of their activities. When identifying and assessing these risks, several factors should be considered, including an assessment of the use of new technologies. Importantly, in the context of Virtual Assets, FATF Recommendation (15) states that:
              “Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks.”
              f) Another aspect of assessing the business risk relevant to Authorised Persons is gaining familiarity with the characteristics and terminology17 of the Virtual Asset industry. Additionally, Authorised Persons, and their management and staff, should be aware of the possible misuse of Virtual Assets in criminal activities, as well as the technical and complicated nature of Virtual Assets (and the platforms they operate on).
              g) When making its assessment, an Authorised Person must give consideration to all business risks. For example, while an issue may be identified in relation to cyber security (e.g., when dealing with hot wallets or using cloud computing to store data – being a ‘technology’ risk), the FSRA expects Authorised Persons to consider these risks from all perspectives to establish whether the risk triggers other issues for consideration (including ML/TF risks, technology governance and consumer protection). An Authorised Person must then use the identified risks to develop and maintain its AML/CTF policies, procedures, systems and controls and take all reasonable steps to eliminate or manage such risks.

              17 Examples of Digital Asset/Virtual Asset relevant terminology include: cold, warm or hot wallets/storage, on/off ramps, tainted wallets, public key, private key and forks.

            • Principle 3: Customer Risk Assessment and Customer Due Diligence

              h) The FSRA expects all Authorised Persons to have fully compliant Client on-boarding processes. Virtual Assets have been criticised by regulatory bodies globally due to their (pseudo-)anonymity features, which makes tracking Client records and transactions more challenging for compliance officers and money laundering reporting officers.
              i) Customer Risk Assessment and ‘Customer Due Diligence’ (“CDD”) policies and procedures are required to be implemented by all Authorised Persons. Authorised Persons should have a process to assess and rate all their Clients according to that Client’s risk profile (and taking into consideration the Authorised Persons’ RBA). This risk-based assessment is required to be undertaken for each Client prior to transacting any business on behalf of the Client. Authorised Persons must undertake CDD for each Client and comply in full with Chapter 8 of the AML Rules noting that the FSRA does not consider it appropriate for Authorised Persons to use simplified CDD when conducting a Regulated Activity in relation to Virtual Assets, largely due to issues surrounding the (pseudo-) anonymity of Clients and transactions associated with Virtual Assets.
              j) In the case of non-face-to-face Client on-boarding and ongoing due diligence, the FSRA expects that Authorised Persons will take the necessary action, and develop appropriate policies, to ensure correct identification of a Client as a natural person. This may include obtaining a “selfie”, together with two currently valid forms of the Client’s facial ID; one must be the Client’s passport with all details clear and visible, the second should be a copy (front and back) of an official government issued document, such as a national ID or driver’s license.
              k) The FSRA understands that Authorised Persons may need to use new technology to improve Client on-boarding processes for the purpose of assessing and managing ML and TF risks. For example, in order for Authorised Persons to conduct non-face-to-face on-boarding they will need to implement facial recognition software to validate the “selfie” against the other uploaded documentation, or other suitable biometric technology.
              l) The FSRA further understands that the proper use of such technologies (e.g., fingerprinting, retinal/eye scans, use of real-time video conference facilities to enable facial recognition) can assist with mitigation of the ML/TF risks associated with the use of Virtual Assets. Technological features, such as secure digital signatures that allow the verification of a Client’s identity through a signed document, may also be acceptable to the FSRA. In all cases, an Authorised Person should ensure that the use of these technologies will not lead to a simplified process where the required Customer Risk Assessment and CDD requirements are not appropriately undertaken by an Authorised Person.
              m) The FSRA recommends that Authorised Persons obtain a signed self-certification from their Clients identifying the details of all passports issued and held in their name(s). Authorised Persons may also use this as an opportunity to capture all tax related details in order to meet their international tax reporting obligations. Self-certification should not prevent Authorised Persons from conducting proper CDD.

            • Principle 4: Governance, Systems and Controls

              n) Authorised Persons are required to implement an appropriate governance structure, especially in relation to Information Technology governance18, and provide for the development and maintenance of all necessary systems and controls to ensure appropriate ML and TF compliance.
              o) The FSRA expects that Authorised Persons may seek to utilise (their own or third-party) technologies and solutions to meet their regulatory obligations (e.g., customer risk assessment, detection of fraud, and transaction identification, monitoring and reporting) and risk management requirements (e.g., margin limits, large exposure monitoring).
              p) The FSRA expects Authorised Persons to develop, implement and maintain effective transactional monitoring systems to determine the origin of a Virtual Asset and to monitor its destination, and to apply strong “know your transaction” measures which enable Authorised Persons to have complete granular data centric information about the transactions done by a Client.
              q) The FSRA expects Authorised Persons to act responsibly and always be vigilant in ensuring that their activities are not subject to any misuse by participants transacting with Virtual Assets that may have been tainted in any way from an illegal activity. The FSRA expects that an Authorised Person’s internal processes establish the types of ‘indicators’ or activities that could be used to identify when Accepted Virtual Assets may have been used in an illegal manner. An Authorised Person should have a process for the management of when such ‘indicators’ (for example, certain Client or use of “mixer” and “tumbler” services) are triggered.
              r) While the FSRA cannot recommend particular vendors or providers, all technology solutions must be fit for purpose and Authorised Persons should consider using those with an established track record, and undertake their own due diligence/risk assessment to ensure competency and capability. The FSRA recognises that many of the (technology) solutions appropriate for mitigating Virtual Asset risks are continuing to be developed within the Virtual Asset industry itself.
              s) The FSRA expects Authorised Persons to develop, implement and adhere to a “Virtual Asset Compliance Policy”, tailored to meet specific Virtual Asset business compliance requirements, and reflecting a clear comprehension of the Authorised Person’s understanding of its compliance responsibilities. The FSRA expects this policy to be well defined, comprehensive, robust and as specific to an individual Authorised Person’s activities as possible. The policy can be separate or part of other compliance policies/manuals.
              t) Following the development of the Virtual Asset Compliance Policy, Authorised Persons’ compliance officers are expected to establish a “Virtual Asset compliance monitoring program”, requiring internal reviews to be conducted in an efficient way, and on a periodic basis.
              u) Authorised Persons must appoint a Money Laundering Reporting Officer (“MLRO”) who will be responsible for the implementation and oversight of the Authorised Person’s compliance with the AML Rules. Consistent with the FSRA’s expectation in relation to all other Authorised Persons, an MLRO should have an appropriate level of seniority and independence in order to be effective in the role.

              18 Please also refer to the section on Technology Governance and Controls in this Guidance (page 26).

            • Principle 5: Suspicious Activity Reporting obligations

              v) Authorised Persons should familiarise themselves with their reporting obligations under the AML Rules, in particular in relation to the reporting of suspicious activities/transactions.
              w) Prior to commencing operations, the FSRA expects Authorised Persons to establish online connectivity with the UAE’s Financial Intelligence Unit for the purposes of submitting Suspicious Activity Reports (“SARs”). Instructions on how to do this can be found on the FSRA’s FCPU webpage.
              x) Authorised Persons are required to establish sophisticated transaction monitoring systems to detect possible ML and TF activities. Systems should also be implemented to effectively identify any attempt to breach domestic and international sanctions. Such systems may rely on new technological solutions (including monitoring algorithms or Artificial Intelligence (“AI”)).

            • Principle 6: Record keeping

              y) As proper documentation is one of the main pillars of ensuring AML/CFT compliance, Authorised Persons are required to have policies and procedures in place to ensure proper record keeping practices. It is expected that ane Authorised Person will maintain up to date records in accordance with the CDD obligations applicable to it and be prepared to provide the records upon request from the FSRA.
              z) The FSRA understands that the transaction recording of many Virtual Asset transactions is linked to, or based on, DLT. This requires an Authorised Person to implement specific arrangements to ensure that, at a minimum, the Authorised Person and the FSRA have access to all relevant information as necessary. An Authorised Person may use a distributed ledger to store its data, provided it is able to provide this data, in an easily accessible format, to the FSRA when required.
              aa) The FSRA views Virtual Asset activities that are linked to cash transactions as posing higher ML and TF risks, due to the source of funding being significantly more difficult to determine. Authorised Persons wishing to conduct cash transactions will be required to implement enhanced controls to mitigate the inherent risks of such transactions. Such controls may include, among other things, setting appropriate limits on cash deposits (e.g., daily, monthly, yearly limits), a prohibition on receiving cash directly, prohibitions on the receipt of cash other than from bank accounts, and prohibitions on receiving funds from third parties. In all cases, Authorised Persons will need to clearly demonstrate to the FSRA how their controls suitably mitigate the risks of cash transactions within their operations. Considering the wider consumer protection implications, the FSRA also considers it unlikely to be appropriate for Authorised Persons to accept deposits by way of credit card or credit facilities/credit lines.
              bb) FSRA expects all Authorised Persons to exercise due care, to the utmost extent possible, in their day-to-day operations and when dealing with Clients or potential Clients. An Authorised Person’s activities are expected to be in compliance with the AML Rules, ensuring that their activities do not pose a regulatory risk or reputational damage to the ADGM Financial System.

            • International Tax Reporting Obligations

              46) COBS Rule 17.4 requires Authorised Persons to consider and, if applicable, adhere to their tax reporting obligations including, as applicable, under the Foreign Account Tax Compliance Act (“FATCA”) and the ADGM Common Reporting Standard Regulations 2017.

        • Technology Governance and Controls

          • Maintenance and development of systems

            51) Authorised Persons are expected to have a well-defined, documented and deliberate approach for the implementation and upgrade of systems and software.
            52) Authorised Persons should also have well-established policies and procedures for the regular and thorough testing of any system currently implemented or being considered for use (e.g., upgrades to a matching engine or opening of a new Application Programming Interface (“API”) internally or with a third party).
            53) The updated system should be tested for technical, operational and security vulnerabilities including but not limited to functional, penetration and stress testing. The outcome of the testing should be well structured and documented and signed off by the responsible (technology-focused) executives of the Authorised Person.
            54) All changes made to the codebase in use are to be tracked and recorded, with a clear audit trail for appropriate internal checks and sign-off. The use of a version control system which allows for the accurate timestamping and identification of the user responsible for relevant changes should be considered.
            55) Authorised Persons should maintain a clear and comprehensive audit trail for system issues internally, including security issues and those with third parties, their resolution and implementation of fixes.
            56) Authorised Persons should conduct at least annual third-party verification/audit of core systems being used (including, if relevant, verification / audit of custody arrangements and verification of the amount of their purported holdings of Virtual Assets and Client Money). MTFs using Virtual Assets and Virtual Asset Custodians should have an annual review of their infrastructure undertaken by reputable third party cyber security consultants, producing a list of recommendations and areas of concern.

          • Security measures and procedures

            57) Authorised Persons should have measures and procedures in place which comply with network security industry best practices (e.g., the implementation of firewalls, strong passwords, password management procedures, multifactor authentication and encryption of data in transit and at rest).
            58) Updates and patches to all systems, particularly security systems, should be performed as soon as safely feasible after such updates and patches have been released, whether these systems have been developed internally or developed by a third-party.
            59) An Authorised Person’s IT infrastructures (particularly for MTFs using Virtual Assets and Virtual Asset Custodians) are expected to provide strong layered security and seek the elimination of “single points of failure”. IT infrastructure security policies are required to be maintained, describing in particular how strong layered security is provided and how “single points of failure” are eliminated. This includes, but should not be limited to, systems and procedures to limit the access of a single user to the use of private and confidential information of Clients.
            60) IT infrastructures should be strong enough to resist, without significant loss to Clients, a number of scenarios, including but not limited to: accidental destruction or breach of data, collusion or leakage of information by employees/former employees, successful hack of a cryptographic and hardware security module or server, or access by hackers of any single set of encryption/decryption keys that could result in a complete system breach.
            61) Authorised Persons should have in place policies and procedures that address information security for all personnel. The security policy should set the security tone for the whole entity and inform personnel what is expected of them. All personnel should be aware of the sensitivity of data and their responsibilities for protecting it. To mitigate “key person risk”, Authorised Persons are to ensure that there is no single individual that holds privileged or sensitive information that is critical to the operation of the Authorised Person.
            62) The strong encryption of data, both at rest and in transit, should be included in the security policy. In particular, encryption and decryption of Virtual Asset private keys should utilise strong encryption protocols and algorithms that have broad acceptance with cyber security professionals. Critical cryptographic functions such as encryption, decryption, generation of private keys, and the use of digital signatures should only be performed within cryptographic modules complying with the highest, and internationally recognised, applicable security standards.
            63) All security incidents and breaches should be logged and documented in detail as soon as practicable and the resolution and implementation details should subsequently be added to the log.
            64) The use of open source software should be governed by clear, well documented and transparent rules and procedures governing the software’s stability, security and fitness for purpose. Any open source software, whether it is a compiled distribution or code, should be thoroughly tested for security and operational vulnerabilities. This testing should be signed off by the responsible executives of the Authorised Person before being used for the processing or storing of operational and Client information.
            65) All APIs that are internal or external facing should be secured by strict access management procedures and systems, including encryption of the information (e.g., SSL certificates). All API access activity should be logged and scanned for security breaches on an ongoing basis.
            66) All access management and credential changes (for employees, third-party service providers and Clients) should be governed and monitored by strict and well documented rules and procedures. This should include, but not be limited to, enforcing strong passwords and the monitoring of IP geo-location, use of VPN, TOR or unencrypted web connections.

          • Cryptographic Keys and wallet storage

            67) The ability to send and receive Virtual Assets by recording new transactions on a distributed ledger is usually dependent on cryptographic keys – a public key and one or more private keys. The public key allows other users on a distributed ledger to send Virtual Assets to an address associated with that public key. The private key(s) provides full control of the Virtual Assets associated with the public key. As such, Authorised Persons need to have robust procedures and protective measures to ensure the secure offline generation, storage, backup and destruction of both public and private keys for their own wallet operations and where they offer wallet services to Clients.
            68) Whether private keys are held on network attached devices or devices that are offline, Authorised Persons must have policies and procedures to ensure that they are not compromised by malicious actors.

          • Password protection and encryption

            69) Authorised Persons should consider the use of multi-signature wallets (e.g., where multiple private keys are associated with a given public key and a subset of these private keys, sometimes held by different parties, are required to authorise transactions). Where a multi-signature solution is not feasible due to the underlying structure of the Virtual Asset, a similar mechanism or procedure should be in place (e.g., a multi-user authentication prior to enacting on-chain changes to the Virtual Asset holdings).
            70) Authorised Persons should have clear policies and procedures that detail procedures for recovery in the event that a Client loses access credentials. These policies and procedures should also cover the recovery or re-generation of lost private keys (e.g., using a seed phrase if applicable).
            71) Authorised Persons must have policies and procedures in place that set out actions and responsibilities in the event of a breach of private and public keys, as well as Client user access credentials.

          • Origin and destination of Virtual Asset funds

            72) Virtual Asset transactions between public addresses take place on public DLT. Although it is normally possible to identify the public addresses of the parties to a transaction, it is often very difficult to establish the owner (whether natural or legal) of these addresses. This makes Virtual Assets attractive to money launderers, terrorist financers and other criminals.
            73) The US Office of Foreign Asset Control (OFAC) has issued a statement requiring wallet addresses known to belong to individuals listed on the Specially Designated Nationals And Blocked Persons sanctions (“SDN”) list to be reported. Further information is available on the OFAC website.19 Additionally, there are companies collecting “tainted” wallet addresses that have been used in hacks, “dark web” transactions and other criminal activities.
            74) An Authorised Person must have clear policies and procedures, consistent with the AML Rules applicable to it, to identify the source of funds and to ensure its compliance with COBS Rules 17.5(c) (Origin and destination of Virtual Asset funds) and 17.5(e) (Risk Management). These policies and procedures should cover due diligence on the deposits and withdrawals by legal persons that represent further multiple deposit-holders or withdrawal recipients of the Virtual Assets. For such deposits and withdrawals, Authorised Persons should be able to assess the ultimate beneficiaries’ wallet addresses and their source or destination of funds as appropriate.
            75) It is crucial that Authorised Persons perform due diligence on their Clients before opening an account so that wallet addresses can be identified as belonging to a specific user. If a transaction is detected that originates from or is sent to a “tainted” wallet address belonging to a known user, that user should be reported. Authorised Persons should maintain lists of tainted wallet addresses and, if not in possession of their own services, utilise third party services to help identify such addresses.
            76) Currently, there are technology solutions developed in-house and available from third party service providers which enable the tracking of Virtual Assets through multiple transactions to more accurately identify the source and destination of these Virtual Assets. It is expected that Authorised Persons may need to consider the use of such solutions and other systems to adequately meet their anti-money laundering, financial crime and know-your-customer obligations under the Virtual Asset Framework.20

            19 https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx
            20 For full details on these obligations, please refer to the earlier section of AML/CFT.

          • Planned and Unplanned system outages

            77) Authorised Persons should have a programme of planned systems outages to provide for adequate opportunities to perform updates and testing. Authorised Persons should also have multiple communication channels to ensure that its Clients are informed, ahead of time, of any outages which may affect them.
            78) Authorised Persons should have clear, publicly available, procedures articulating the process in the event of an unplanned outage. During an unplanned outage, Authorised Persons should be able to rapidly disseminate key information and updates on a frequent basis.

          • Management of personnel and decision making

            79) Authorised Persons should implement processes and procedures concerning decision making and access to sensitive information and security systems.
            80) A clear audit log of decision making should be kept. Staff with decision-making responsibilities should have the adequate expertise, particularly from a technological standpoint, to make such decisions.
            81) Protective measures should be implemented to restrict access to critical and/or sensitive data to key personnel only. This includes both digital and physical access. Authorised Persons should have processes and procedures to track and monitor access to all network resources. Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimising the impact of a data compromise. The maintenance of logs allows thorough tracking, alerting, and analysis when issues occur.

          • Third party outsourcing

            82) Authorised Persons may use third party services for their systems. However, when doing so, an Authorised Person (pursuant to GEN Rule 3.3.31) retains full responsibility from a regulatory perspective for any issues that may result from the outsourcing including the failure of any third party to meet its obligations. The FSRA requires that certain core systems (for example, the matching engine of an MTF using Virtual Assets) are maintained by the Authorised Person itself and will not generally permit these to be outsourced.
            83) In its assessment of a potential third party service provider, an Authorised Person must satisfy itself that the service provider maintains robust processes and procedures regarding the relevant service (including, for example, in relation to the testing and security required in this section on Technology Governance).
            84) In all circumstances, including in relation to business activities that are outsourced, an Authorised Person is expected to maintain a strong understanding of the third party service being provided and, for critical services, have redundancy measures in place where appropriate.
            85) Public and private cloud service providers should be subject to thorough screening. A set of well-defined and documented access management procedures should be in place. All service level agreements should be reviewed annually for serviceability and security of the systems and related operations as per the IT policies of the Authorised Person. A ‘clear roles and responsibilities matrix’ should be in place to delineate operations of a service provider from those of an Authorised Person. Physical access to systems should be limited to the relevant personnel and access should be monitored by the Authorised Person on an ongoing basis.
            86) Authorised Persons are required to retain and be in the position to retrieve the data held on a cloud platform for such duration as they are required to under ADGM/FSRA record keeping purposes, and submit the data held on a cloud platform to the FSRA, as and when directed to do so, with immediate effect.
            87) Authorised Persons who employ cloud based data storage services for the purpose of recording personal data must also take into consideration ADGM data protection regulations. Consideration must be given to the jurisdiction within which the cloud storage service provider is located, or alternatively other arrangements which may facilitate compliance with applicable data protection requirements.

          • Forks

            88) Authorised Persons should ensure that changes in the underlying protocol of a Virtual Asset that result in a fork are managed and tested proactively. This includes temporary forks which should be managed for reverse compatibility for as long as required.
            89) Authorised Persons should ensure that their Clients are able to deposit and withdraw Accepted Virtual Assets in and out of an Authorised Person’s infrastructure as and when requested before and after a fork (except during go-live). Clients should be notified well in advance of any periods of time when deposits and withdrawals are not feasible.
            90) Where the underlying protocol of a Virtual Asset (e.g., the native token of that protocol) is changed, and the new version of that Virtual Asset is backwards-compatible with the old version (soft fork), Authorised Persons should ensure that the new and old versions of the Virtual Asset continue to satisfy the relevant Accepted Virtual Asset requirements.
            91) Where the underlying protocol of an Accepted Virtual Asset is changed, and the older version of the Accepted Virtual Asset is no longer compatible with the new version and/or there is an entirely new and separate version of the Virtual Asset (hard fork), Authorised Persons should ensure that client balances on the old version are reconciled with the new version of the Virtual Asset. Authorised Persons should also maintain transparent lines of communication with their Clients on how Authorised Persons are managing Clients’ Virtual Asset holdings in such a scenario.
            92) In the case of a hard fork, Authorised Persons should proactively manage any discrepancy between the balances recorded on the previous version versus the new version by engaging with the community which is responsible for updating and supporting the underlying protocol of the relevant Virtual Asset. Additionally, Authorised Persons should ensure that, where they seek to offer services in relation to the Virtual Asset associated with the new version of the underlying protocol, this new Virtual Asset meets the requirements for an Accepted Virtual Asset and that they notify the FSRA well in advance of offering the Virtual Asset as part of its activities.

        • Crypto Asset Risk Disclosures

        • Market Abuse, Transaction Reporting and Misleading Impressions (FSMR)

        • SPECIFIC FSRA GUIDANCE ON THE VIRTUAL ASSET FRAMEWORK

        • Application of particular Rules in COBS

        • Substance requirements of Authorised Persons

          106) In order to operate effectively as an Authorised Person within ADGM, an Authorised Person conducting a Regulated Activity in relation to Virtual Assets must commit resources of a nature allowing it to be operating in substance within ADGM. Depending on the relevant Regulated Activities being undertaken, the FSRA expects to see substantive resources committed within ADGM across all lines of the Authorised Person’s activity, including, but not limited to, commercial, governance, compliance/surveillance, operations, technical, IT and HR functions. The FSRA expects the ‘mind and management’ of an Authorised Person to be located within ADGM. Further discussion on substance in relation to MTFs using Virtual Assets is set out at paragraph 126.

        • Virtual Asset Brokers or Dealers

          107) Authorised Persons intending to operate solely as a broker or dealer for Clients (including the operation of an OTC broking or dealing desk) are not permitted to structure their broking / dealing service or platform in such a way that would have it be considered as operating a market / MTF using Virtual Assets. The FSRA would consider features such as allowing for price discovery, displaying a public trading order book (accessible to any member of the public, regardless of whether they are Clients), and allowing trades to automatically be matched using an exchange-type matching engine as characteristic of an MTF using Virtual Assets, and not activities acceptable for an intermediary-type Authorised Person to undertake.
          108) An Authorised Person (conducting a Regulated Activity in relation to Virtual Assets) that only has an FSP to operate as a broker / dealer and not as an MTF is required to design and structure its operations, user interface, website, marketing materials and any public or client-facing information such that it does not create the impression that it is running an MTF.24 In practice, this may include not displaying any publicly-accessible information that may appear like a trading order book, not providing for any price discovery, and not giving actual or potential Clients the impression that they are interacting with an MTF.
          109) Virtual Asset brokers / dealers are required to comply with the best execution requirements in COBS Rule 6.5 at all times.
          110) Virtual Asset brokers / dealers are required to disclose the following information to clients:
          a) how they execute and route Client’s orders and source liquidity (e.g., whether they pass or route orders to other brokers, dealers or exchanges to execute). Where a broker / dealer routes Client orders to a single liquidity source such as an MTF for execution, it must also disclose this to all Clients;
          b) whether it may carry out proprietary trading on its own account, and if so, whether it may trade against Clients’ positions;25
          c) the fees it charges Clients; and
          d) how it determines the prices of the Accepted Virtual Assets it quotes to Clients.

          24 Unless they also hold an FSP that allows them to operate as an MTF.
          25 The FSRA would not allow Virtual Asset brokers / dealers to “front run” or trade ahead of Clients’ trades, or trade on a proprietary basis alongside Clients’ trades.

        • Appointment of advisers

          111) Applicants should consider the appointment of compliance advisers, with the appropriate skills, knowledge and experience (taking into account the activities that the Applicant is proposing to undertake), to provide the requisite assistance to the Applicant throughout the Application process. The FSRA expects that Applicants should engage its compliance advisers by no later than when it begins to prepare its Application, and should retain them up until the date of operational launch.

        • Certain class order modifications / waivers

          112) The FSRA appreciates that some Rules, in particular within MIR and parts of COBS, may not apply to certain Authorised Persons and the FSRA may grant class order modification and waiver relief in relation to these Rules.26 To the extent that an Applicant or Authorised Person considers that any other Rules do not apply to it by virtue of its business model or otherwise, the FSRA expects that an application for modification or relief be submitted either as part of its Application or at such later date as the relief may be required.

          26 Any such relief, and the terms on which it is based, is located at https://en.adgm.thomsonreuters.com/rulebook/waivers-and-modifications-0

        • Data protection obligations for Authorised Persons

          113) ADGM’s data protection regime protects individuals’ right to privacy by controlling how personal information is used by organisations and businesses registered in ADGM. All entities registered in ADGM that hold or process the personal data of an individual must protect personal data in compliance with the ADGM Data Protection Regulations 2015 (the “Data Protection Regulations”). Specifically, an Authorised Person, as a data controller, will be responsible for determining the purposes for which, and the manner in which, personal data is processed in compliance with the Data Protection Regulations. Failure to do so risks enforcement action and compensation claims from individuals, each of which are considered data subjects under the Data Protection Regulations.
          114) Data controllers must ensure that personal data which they process is:
          a) processed fairly, lawfully and securely;
          b) processed for specified, explicit and legitimate purposes in accordance with the data subject's rights and not further processed in a way incompatible with those purposes or rights;
          c) adequate, relevant and not excessive in relation to the purposes for which they are collected or further processed;
          d) accurate and, where necessary, kept up to date; and
          e) kept in a form, which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected or for which they are further processed.
          115) Data controllers must, on request, provide individuals with access to any personal information they hold.
          116) The registration of all data controllers with the ADGM’s Registration Authority27 is mandatory. A data controller must maintain records of all personal data processing operations undertaken by it or on its behalf and must notify the Registration Authority upon becoming aware of any security breach involving personal data as soon as possible.
          117) Personal data must not be transferred to a country or territory outside ADGM unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The Registration Authority has designated certain jurisdictions as providing an adequate level of protection; a current list is maintained by the Registration Authority upon its website, which may be updated from time to time.
          118) If an Authorised Person intends to transfer personal data to a recipient, including by way of storage of personal information upon a cloud based service or remote server, located in a jurisdiction other than those considered by the Registration Authority to be possessing adequate safeguards, such transfer is only possible under certain conditions, including, but not limited to, circumstances where the:
          a) individual has consented to the proposed transfer;
          b) proposed transfer is necessary for the performance of the service for which the data controller was engaged by the individual; and
          c) data controller and data processor have entered into an approved form of agreement concerning the protection of personal data, or the Registration Authority has granted a permit consenting to the proposed transfer.

          27 Detailed information concerning data protection obligations under the ADGM data protection regime, including registration forms, fee information and specific guidance is available on the Registration Authority website.

        • Transactions with unknown counterparties

          119) Authorised Persons should avoid a transactional interaction with any infrastructure or services where a counterparty is unknown or anonymous (e.g., via certain peer to peer or decentralised exchanges) at any stage of the process within and outside of the Authorised Persons’ core operations. This is to ensure that Authorised Persons remain compliant with FSRA Rules at all times and do not unnecessarily expose their activities to risks emanating from tainted sources / destination of funds.
          120) Authorised Persons should also avoid inclusion of liquidity, pricing and settlement data from such entities in their day to day operations. Any interaction (whether deliberate or not) with such entities should be notified to the FSRA as soon as practicable.

        • Margin trading

          121) An Applicant/Authorised Person wishing to provide margin trading to its Clients will need to submit for approval details of the terms upon which it proposes to do so (for an Applicant, in its Application – for an Authorised Person as part of ongoing supervisory arrangements). As a general position, the FSRA would only consider allowing Applicants/Authorised Persons with a relevant proven track record to provide margin trading.
          122) Particular focus will be placed on an Applicant or Authorised Person’s proposed leverage ratio. The FSRA is aware that some of the significant Virtual Asset markets around the world operate margin ratios of between 2-4 times, and it is likely that FSRA consideration of leverage ratios will be in reference to this position.
          123) Applicants that are not proposing, or permitted, to carry out margin trading will have a restriction from doing so placed on their FSP.

        • Insurance

          124) The FSRA recognises the growing interest/interplay between Virtual Asset activities and the provision of insurance to such activities. While recognising this, the FSRA does not require Authorised Persons to maintain insurance in relation to their Virtual Asset activities, as the provision of insurance is considered a second line of defence. As a first line of defence, the FSRA expects all Authorised Persons to ensure the proper structuring of their business operations and to implement robust mechanisms for the mitigation of actual and potential areas of risk.

        • CRYPTO ASSET EXCHANGES

          • Background

            125) While multiple Regulated Activities can be conducted in relation Virtual Assets, and regulated by the FSRA, within ADGM, the FSRA considers Operating a Multilateral Trading Facility to be a key Virtual Asset activity in ADGM.

          • Substance requirements for MTFs

            126) Consistent with the treatment of all Authorised Persons (see paragraph 106), the FSRA requires MTFs to be based in substance within ADGM. In addition to the substantial commitment of resources required of an MTF Operator, this also means that the FSRA’s regulatory oversight of an MTF extends to its order book, matching engine, rulebook(s), ensuring fair and orderly markets, settlement, and for the purposes of preventing/monitoring for Market Abuse, amongst the relevant requirements set out in the Market Infrastructure Rules (“MIR”) and COBS Chapter 8.
            127) In practical terms, this means that for a start-up MTF, its entire order book and the functionality of its matching engine will be subject to FSRA oversight. For existing operational virtual asset exchanges that already have their order book / matching engine outside ADGM prior to making an application, a determination of which parts (if not all) of its order book (and how its matching engine) will come under FSRA regulatory oversight needs to be made by the Applicant,28 to allow it to apply to become authorised as an MTF.
            128) The FSRA is of the view that only MTFs can operate markets within ADGM that allow for the matching of orders, or for the purposes of price discovery, of Accepted Virtual Assets. For this reason, and the reasons set out above, the application of FSRA’s regulatory oversight may, therefore, be distinctly different from other regulators globally.

            28 In situations where an entity establishes an Authorised Person that routes orders to a virtual asset exchange outside ADGM (even as part of a Group that may be operating globally) instead of having orders matched within an MTF’s order book within ADGM, that entity cannot obtain an MTF Exchange license within ADGM and can only be licensed as an intermediary-type Authorised Person within ADGM.

          • Trading Pairs

            129) The FSRA’s expectation is that an MTF’s trading pairs can only comprise of the following:
            a) Fiat Currency (or other value) into Accepted Virtual Assets;
            b) Accepted Virtual Assets into Fiat Currency (or other value); or
            c) One Accepted Virtual Asset into another Accepted Virtual Asset.

          • Guidance in relation to Applicable Rules

            130) In addition to the MTF Rules set out in COBS Chapter 8, MTFs are also required to meet the requirements set out in COBS Rules 17.1 to 17.6, and the additional Rules set out in COBS 17.7.29
            131) Chapter 8 of COBS incorporates Rules from various other FSRA Rulebooks that must be complied with, including certain sections of MIR. COBS Rule 8.2.1 sets out various Rules in MIR that MTFs (using Virtual Assets) are required to comply with to the satisfaction of the FSRA, with the applicable Rules set out as follows:
            a) MIR Rule 2.6 (Operational systems and controls): MIR Rule 2.6.1 requires an MTF to ‘establish a robust operational risk management framework with appropriate systems and controls to identify, monitor and manage operational risks that key participants, other [MTFs], service providers (including outsourcees) and utility providers might pose to itself.
            i. In relation to systems and controls, the FSRA has provided guidance on what it expects in relation to technology governance controls in paragraphs 47 to 92 of this Guidance. The FSRA therefore requires an MTF to undertake its ‘MTF’ activities in compliance with these operational system and control requirements, in combination with the technology governance controls outlined earlier in this Guidance.
            ii. The FSRA expects an MTF to undertake extensive due diligence and testing of its operational systems and controls, with the relevant reports of such testing capable of being provided to the FSRA for review. Such testing should be undertaken by an officer of the MTF possessing appropriate skills and experience. The testing reports need to confirm the robustness of the MTF’s systems and address any potential areas of failure. Testing should include the settlement processes for the movement of Virtual Assets between wallets, and the general connectivity of the MTF’s systems with other parties. Testing should be ongoing, building in processes for the introduction of new Accepted Virtual Assets.
            iii. An MTF will need to provide policies and procedures that clearly evidence how it will effectively address a failure of its systems. Failures must be rectified as soon as practicable, with an MTF’s business continuity plan including detailed and realistic response timeframes for failures or disruptions.
            b) MIR Rules 2.7.1 and 2.7.2 (Transaction recording): FSRA expects that the primary ledger technology systems and controls of an MTF (whether they be DLT or multiple-ledger technologies) will be such that transaction recording and reporting is easily facilitated, and that all FSRA requirements can be effectively complied with. Where reconciliations are required to be undertaken, for example, between a DLT based ledger and an internal ledger maintained by an MTF for the purposes of transactions and/or settlement, the FSRA will need to be satisfied that the reconciliation process is robust, timely and efficient.
            c) MIR Rule 2.8 (Membership criteria and access): MIR Rule 2.8.1 requires that an MTF ‘must ensure that access to its facilities is subject to criteria designed to protect the orderly functioning of the market and the interests of investors’.

            29 Chapter 8 of COBS also contains the requirements for the operation of an Organised Trading Facility (OTFs). The application of OTF Rules, however, are not relevant to the operation of Virtual Assets.

          • Access Requirements

            i. MIR Rules 2.8.2, 2.8.3, 2.8.5 and 2.8.6 support the operation of MIR Rule 2.8.1, and the FSRA expects that MTFs consider the application of the requirements across these Rules - for example, MIR Rule 2.8.5 contains substantive provisions that should apply, regardless of what model of ‘access’ an MTF (using Virtual Assets) utilises.
            ii. The FSRA recognises, however, that MTFs (using Virtual Assets) generally operate an ‘access’ model that does not include Members30 (e.g., access is granted directly to (retail and institutional) Clients of the MTF). An MTF operating in this manner will, therefore, need to ensure that it has appropriate processes, controls and rules to ‘protect the orderly functioning’ of its market, its facilities and the interests of its investors.
            iii. By not adopting a ‘Member-access’ model and allowing direct ‘Client-access’, MTFs lose one layer of regulatory/supervisory defense that Recognised Investment Exchanges and Member-access MTFs have, in that they do not have Members assisting them in the undertaking of the necessary due diligence and compliance reviews of investors being on-boarded into their market. The FSRA, in these circumstances, requires MTFs to undertake their own CDD reviews for every client accessing (trading on) their market (something which traditionally a Recognised Investment Exchange or Member-access MTF can rely on its Members to do). Resultant AML/CFT obligations therefore fall more directly on a Client-access MTF as well.
            iv. The FSRA expects that the controls (and resultant resourcing needs) of an MTF be appropriately budgeted and accounted for, including specific controls for when it has Clients that are institutional Clients (as the current conventional Member/institutional client global regulatory model may not properly account for, and mitigate, the risks relevant to operating such model within the Virtual Asset space). For example, where an MTF has institutional Clients that are regulated as Authorised Persons (for example, an Authorised Person that is a broker / dealer) within ADGM, the MTF may take comfort from the fact that its Clients are appropriately regulated (including for AML purposes). An MTF may not, however, take such comfort when its institutional Clients may come from unregulated/less regulated jurisdictions. MTFs with an institutional Client base will therefore need to demonstrate how the MTF will adequately comply with the requirements of the AML Rulebook where its institutional Clients are trading on behalf of further clients.
            v. Given the current lack of global regulation of Virtual Asset intermediaries, those MTFs operating a ‘membership model’ will need to assess whether their members are adequately regulated in their home jurisdiction, such that the MTF can suitably rely on their Members, for example, to undertake CDD/AML checks. Where members are not properly regulated, the FSRA expects that MTFs will centralise the relevant compliance activities internally (and not be able to rely on their ‘members’ for such purposes).
            vi. Depending on the model, controls and criteria to be adopted by an MTF, the class order modification or waiver relief granted by the FSRA to Authorised Persons conducting Regulated Activities using Virtual Assets as referred to in paragraph 112 of the Guidance may apply.

            30 To clarify, ‘Members’ are not the same as ‘Institutional Clients’.

          • Rulebook(s)

            vii. Further to MIR Rule 2.8, the FSRA expects an MTF to have a rulebook(s) in place. This rulebook should be clearly labelled as such and be publicly available on the website of the MTF.
            viii. Supporting documents such as participation agreements, terms of business, product lists, user guides and technical specifications are also a key part of the operation of an MTF, and should be consistent with its rulebook. The FSRA does not consider that the existence of these documents alone meet the requirement of having a transparent and effective rulebook. The FSRA considers it good practice that these supporting documents are available and transparent, alongside the published rulebook, to the extent possible.
            ix. The content of a rulebook31 should enable an MTF to demonstrate how it is complying with MIR Rule 2.8, be supported by procedures that are complete and clear, and all in support of an MTF seeking to ensure that behaviour within its market is fair and orderly.
            x. The FSRA expects MTFs to require explicit acknowledgement via a user agreement, that participants have read, understood and will abide by the rulebook at all times.
            xi. The FSRA expects an MTF to undertake regular reviews of its rulebook to ensure it is consistent with relevant regulatory and legislative requirements. Best practice may see such activity undertaken no less than every twelve-months.
            d) MIR Rule 2.9 (Financial crime and market abuse): MTFs are required to operate an effective market surveillance program to identify, monitor, detect and prevent conduct amounting to market misconduct and/or Financial Crime. Given the significant risks, and the nascent nature and constant pace of development of the Virtual Asset industry, an MTF’s surveillance system will need to be robust, and regularly reviewed and enhanced.
            i. The FSRA recognises that an MTF outside ADGM may not be subject to a similar regulatory standard as that which applies within ADGM. The FSRA recommends, therefore, that MTFs spend the time to consider the application of MIR Rules 2.9.1 to 2.9.3, which technology, systems and controls they propose to use for these purposes, and the associated resourcing needs required to undertake these functions appropriately. For this reason, among others set out in this Guidance, the FSRA is of the view that it is not appropriate for an MTF to outsource its compliance / market surveillance functions.
            ii. The FSRA further reminds MTFs, and investors trading on an MTF, of the Market Abuse provisions applicable to the trading of Accepted Virtual Assets on an MTF.32
            e) MIR Rule 2.11 (Rules and consultation): To meet MIR Rules 2.11.1 to 2.11.11, an MTF must ensure that it has appropriate procedures in place for it to make rules, for keeping its rules under review, for consulting and for amending its rules. MIR Rule 2.11.2 requires proposed rule changes be subject to FSRA approval.
            f) MIR Rule 3.3 (Fair and orderly trading): MIR Rules 3.3.1 to 3.3.4 establish the requirements an MTF must meet for providing fair and orderly trading across its market, and for having objective criteria for the efficient execution of orders. The FSRA considers these requirements to be fundamental to the operation of an MTF.
            g) COBS Rule 8.3.1 & MIR Rule 3.7 (Public disclosure):
            i. Any arrangements of an MTF used to make information public (including trading information required to be disclosed under COBS Rule 8.3.1) must satisfy a number of conditions, including that it is reliable, monitored continuously, and made available to the public on a non-discriminatory basis. While an MTF can choose the format structure to be used for dissemination, MIR Rule 3.7.4 requires it to conform to a consistent and structured format.
            ii. In terms of the timing of disclosure of MTF trading information, the FSRA recognises that current virtual asset industry practice is for such trading information to be released on a real-time basis (in alignment with current practice for trading within spot commodity markets, but different to the current industry/regulatory practice of delayed data within certain securities/derivatives markets). The FSRA is not proposing any additional specific requirements at this stage (to those already applicable in COBS Rule 8.3.1 and MIR Rule 3.7), but will continue to monitor industry practice.
            h) MIR Rule 3.8 (Settlement and Clearing Services): An MTF will need to have clear processes in place for the settlement (and if applicable, the clearing) of all Accepted Virtual Asset transactions. As noted in the AML and Technology Governance sections of this Guidance, extensive stress testing on capabilities to connect successfully with third parties, and in relation to the movement of Accepted Virtual Assets between wallets, will be required to be undertaken to the FSRA’s satisfaction. The FSRA will not necessarily require a connection to a separate Recognised (or Remote) Clearing House where the MTF can demonstrate that it has in place ‘satisfactory arrangements for the timely discharge, Clearing and settlement of the rights and liabilities of the parties to transactions effected’ on the MTF, including where it is utilising the services of a Virtual Asset Custodian.
            i) MIR Rule 3.10 (Default Rules): Depending on whether an MTF operates a ‘Member-access’ model or it allows direct ‘Client-access’ will determine the full, or partial, application of MIR Rules 3.10.1 to 3.10.3. The FSRA, at a minimum, expects MTFs to have in place both rules and a process to suspend or terminate access to its markets in circumstances where a Client/Member is unable to meet its obligations in respect of transactions relating to Accepted Virtual Assets.
            i. The FSRA suggests that an Applicant/Authorised Person consider different scenarios/circumstances where it may need to utilise the powers provided to it under its Default Rules, and take appropriate action as required. Scenario testing of this kind could relate to when there is a financial and/or technical ‘default’ in relation to, for example, its custody, fiat token or wider banking arrangements. Due to a prevalence of pre-funding of (client) positions within Virtual Asset markets, the impact of a ‘default’ in such a scenario may not necessarily be on a per-transaction basis, but could be structural in nature, in limiting the ability of Clients to fund their positions (and therefore the ability of the MTF to operate on a fair and orderly basis).
            ii. To prepare for the event of a loss/default, the FSRA expects an MTF to have, within its policies, a clear process for the management of such loss (e.g., what is the exposure of individual Clients, counterparties, its Custodian and itself, as applicable).
            132) COBS Rule 17.7.4 specifies that certain notification requirements applicable to Recognised Investment Exchanges under MIR Rules 5.1, 5.3 and certain information requirements under MIR Rule 5.4.1 apply to MTFs (using Virtual Assets). These are additional requirements applicable to MTFs using Virtual Assets. MTFs using Virtual Assets will also need to comply with any other applicable notification requirements, including those set out in paragraph 29 of this Guidance in relation to the use of additional Accepted Virtual Assets.
            133) It is recognised that MTFs may take varying approaches in relation to the custody of fiat currencies and Virtual Assets. An MTF may use third party custodians but still be holding itself out to its Clients as being responsible for custody of their fiat currencies and Accepted Virtual Assets. Alternatively, an MTF may provide custody of Clients’ fiat currencies and Accepted Virtual Assets wholly itself, done “in-house” without the use of any third party custodians. An MTF whose custody arrangements fall into either of these two scenarios will also be considered to be Providing Custody of Virtual Assets for the purposes of the Virtual Asset Framework, and will be required to comply with COBS Chapters 14, 15 and 16, and take guidance from the sections below on “Authorised Persons Providing Custody of Virtual Assets”.
            134) As further set out in paragraphs 154 and 155, in circumstances where an MTF is also Providing Custody, the FSRA expects appropriate segregation of responsibilities, staff, technology and, as appropriate, financial resources, between the operations of the MTF and the Virtual Asset Custodian.

            31 A non-exhaustive list of sections that the FSRA consider key for inclusion in a rulebook include:
            • participant eligibility criteria;
            • participant obligations;
            • Accepted Virtual Asset eligibility criteria;
            • Virtual Asset fork protocols;
            • fair and orderly trading rules;
            • AML and source of fund requirements;
            • market abuse prohibition rules;
            • measures to prevent a disorderly market;
            • disciplinary procedures;
            • pre- and post-trade obligations;
            • settlement obligations;
            • certain wallet and custody provisions;
            • default provisions;
            • compliance;
            • monitoring & enforcement;
            • definitions / glossary of terms;
            • co-operation with regulators; and
            • powers to amend rules and consultation procedures.
            32 Refer to paragraphs 98 to 102 of this Guidance.

          • Recognised Investment Exchanges Operating a Crypto Asset Exchange

        • CRYPTO ASSET CUSTODIANS

          • Protection of Client Money

          • Safe Custody of Clients' Crypto Assets

          • Governance Arrangements for Virtual Asset Custodians

            154) From a governance perspective, an Authorised Person Providing Custody in relation to Virtual Assets should have proper governance structures in place to avoid or mitigate actual or potential conflicts of interest between its custody functions and any other activities or functions within itself or with other Group entities. Such governance arrangements may include having a separate team, which does not have other conflicting responsibilities within the firm, handling custody.
            155) To assist with ring-fencing and to reduce potential conflicts of interest, an Applicant that wishes to Provide Custody in relation to Virtual Assets and concurrently provide other Regulated Activities should consider the merit of establishing a separate, standalone legal entity for its Virtual Asset Custodian activities.40 If so established, this standalone entity would need to apply to the FSRA for its own FSP to carry on the Regulated Activity of Providing Custody.

            40 For example, a Virtual Asset Exchange may decide to offer a dedicated Accepted Virtual Asset custody service to certain Clients.

          • Other Requirements Pertaining to the Provision of Custody of Virtual Assets

          • Governance

            156) Authorised Persons operating as Virtual Asset Custodians must not, at any time, permit arrangements whereby just a sole party or signatory is able to completely authorise the movement, transfer or withdrawal of Accepted Virtual Assets or Client Money held under custody on behalf of Clients. In particular, Authorised Persons must not have custody arrangements whereby only a sole person can fully access the private key or keys for the Accepted Virtual Assets held under custody by the Authorised Person. Preventing such arrangements can help reduce potential key person risk such as theft, fraud, unwillingness or inability of the sole party to grant access to private keys.
            157) Authorised Persons are also required to mitigate the risk of collusion between all authorised parties or signatories who are able to authorise the movement, transfer or withdrawal of Accepted Virtual Assets or Client Money held under custody. Authorised Persons are required to provide information on these mitigating controls to the FSRA.
            158) Authorised Persons are required to maintain, at all times, an updated list of all past and present authorised persons who were / are able to view, initiate, authorise, sign, approve or complete the transfer or withdrawal of Accepted Virtual Assets or Client Money held under custody on behalf of Clients. In addition, Authorised Persons are to have clearly defined policies and procedures to enable or revoke the authority granted to these persons.
            159) Authorised Persons are required to have policies and procedures in place that clearly describe the process that will be adopted in the event that it knows or suspects that the Accepted Virtual Assets or Client Money it is holding under custody on behalf for Clients has been compromised, such as in the event of a hacking attack, theft or fraud. Such policies and procedures should detail the specific steps the firm will take to protect Clients’ Accepted Virtual Assets and Client Money in the event of such incidents. Authorised Persons should also have the ability to immediately halt all further transactions with regard to the Accepted Virtual Assets and Client Money.

          • Obligations in relation to outsourcing

            160) Where an Authorised Person that seeks to operate as a Virtual Asset Custodian wishes to outsource part or all of the custody function to a third party, the Authorised Person is required to perform its due diligence and background checks on the third party, and ensure that the third party meets all the FSRA’s requirements applicable to Virtual Asset Custodians. Such Authorised Persons are required to make full disclosures to their Clients and to the FSRA regarding such outsourced custody arrangements. The Authorised Person retains full responsibility from a regulatory perspective for any issues that may result from such outsourcing, including the failure of any third party to meet its Virtual Asset Custody obligations.

          • Third party audit obligations

            161) Authorised Persons should have independent third party verification or checks carried out at least annually to verify that the amount and value of Accepted Virtual Assets and Client Money (e.g., fiat) held on custody on behalf of Clients is correct and matches what the Virtual Asset Custodian is supposed to hold.

        • STABLECOINS

          162) A stablecoin is a blockchain-based token that is valued by reference to an underlying fiat currency or basket of assets. A key feature of a stablecoin is that it purports to have less volatility than other Virtual Assets, allowing it to operate as a transfer of value within the Virtual Asset ecosystem, including as one leg of a trading pair on an MTF (using Virtual Assets). Demand continues to grow for effective stablecoins within Virtual Asset markets as many participants seek a safe store of value (in terms of reconciliation and to protect from manipulation). Demand has also increased as a result of the general inability to liquidate Virtual Assets into fiat currencies. Additionally, some stablecoins are aimed more as operating as a ‘digital currency’ within the digital economy.
          163) Various stablecoin issuers have entered the Virtual Asset ecosystem, with a variety of models used in order to try and stabilise the price of their particular stablecoin. Models include one or a combination of one of the following:
          a) Fiat token: the issuer holds fiat currency41 equal to a portion of the total sum of tokens in issuance.
          b) Diversification/Basket: Purchasing or tracking the price of a basket of assets including Virtual Assets, commodities, fiat currency, shares, debentures, derivatives and real estate42.
          c) Algorithm: the issuance of the quantity of tokens (inflation) is controlled by a proprietary algorithm in consideration of various market and risk factors. These issuers attempt to mimic a central bank’s monetary policy. Others incorporate additional layers of game-theoretic incentives to encourage self-interested user behavior that would be instrumental in sustaining a ‘peg’.
          164) The rights of purchasers/issuers of stablecoins vary significantly. Some issuers retain rights to freeze client accounts for any reason, re-hypothecate monies/assets at will, and provide no right of guarantee in relation to the returning of monies to clients.

          41 Refer to footnote 2.
          42 A basket of assets of such nature may meet the FSRA definition of ‘Structured Product’.

        • FSRA position in relation to stablecoins

          165) The FSRA position in relation to stablecoins is as follows:
          a) Permit only those stablecoins which constitute a fully backed 1:1 fiat token (as referred to in paragraph 163(a) above), backed only by the same fiat currency it purports to be tokenising;
          b) Fiat tokens are to be treated as a mechanism for storing value (e.g., e-money);
          c) Issuers of fiat tokens for the purposes of facilitating or effecting payments are treated as money services businesses.43 In addition, to the need to hold a FSP for the Regulated Activity of Providing Money Services (see paragraph 166(a) below), the issuer will additionally be subject to relevant parts of this Guidance, including only allowing stablecoins where they meet the same requirements as those of Accepted Virtual Assets (particularly including the seven factors used to validate a Virtual Asset as an Accepted Virtual Asset as set out in paragraph 25), and that they meet wider applicable requirements as set out in this Guidance (including Technology Governance (see paragraphs 47 – 92, as applicable);
          d) Require Authorised Persons to consider the wider requirements within this Guidance, and how these requirements may specially apply to the use of stablecoins, including for example, what particular risk disclosures may be relevant (see paragraphs 93-97); and
          e) Continue to apply the Client Money rules in COBS to holders of Client Money (tokenised or not).

          43 Captured under the ‘Money Transmission’ definition (b) pursuant to Section 258 of the FSMR - selling or issuing stored value.

        • Application of FSRA’s stablecoin position to the conduct of Regulated Activities within ADGM

          166) A number of possible scenarios for the use of stablecoins within ADGM, and the proposed regulatory approach for each, are set out below:
          a) Issuer of fiat tokens:44 for use in the Virtual Asset ecosystem and/or as a means of payment, an Issuer (where it is located in ADGM):
          i. Must seek an FSP for Providing Money Services pursuant to Schedule 1, Section 52 of FSMR;
          ii. Is not required to hold additional permissions within its FSP in relation to its Virtual Assets activities, but is required to comply with certain aspects of the Virtual Asset Framework, namely the:
          1. COB Client Money rules, and must additionally be able to show that the fiat token is backed 1:1 through weekly reconciliation; and
          2. The Virtual Asset Custodian sections of this Guidance, including that the fiat token must meet the requirements applicable to Accepted Virtual Assets, Technology Governance, reconciliation and reporting (for the latter, refer to paragraph 153), and
          iii. If the Issuer wishes to conduct any other Virtual Asset activities within ADGM in addition to the issuance of a fiat token, it will need to obtain approval as an Authorised Person conducting a Regulated Activity in relation to Virtual Assets.
          b) Virtual Asset Custodian: that wants to hold custody over both Accepted Virtual Assets and fiat tokens:
          i. The Authorised Person must be authorised by the FSRA for the Regulated Activity of Providing Custody (including in relation to Virtual Assets). No additional FSP is required to allow for the custody of fiat tokens (including for the underlying fiat currency itself). The FSRA therefore relies on the Authorised Person meeting the:
          1. Virtual Asset Framework capital requirements (see paragraphs 31-36);
          2. Virtual Asset Client Money rules (see paragraphs 142 - 145); and
          3. requirements of this Guidance in the context of both its Accepted Virtual Asset and fiat token activities, particularly in the context of ensuring that the methods by which the Authorised Person meets the requirements applicable to Accepted Virtual Assets and Technology Governance, and
          ii. No issuance of a fiat token is permitted.
          c) Custodian providing custody/escrow services solely of a fiat currency and the related fiat token (“Fiat Custodian”):
          i. Must obtain an FSP for the Regulated Activity of Providing Custody.
          ii. Is required to comply with certain aspects of the Virtual Asset Framework, namely:
          1. Being able to demonstrate that the fiat token is backed 1:1 through more frequent (weekly) reconciliations45; and that
          2. Being able to demonstrate that the Accepted Virtual Asset and Technology Governance requirements are met in relation to the related fiat token.
          iii. In relation to the issuance of the related fiat token, in circumstances where the issuer is not authorised under paragraph 166(a) above, it is expected that the Fiat Custodian undertake the same due diligence as that would normally apply for an Authorised Person to determine the Accepted Virtual Assets it proposes to use (focusing on Technology Governance requirements, the seven factors used to determine an Accepted Virtual Asset, and requirements relating to reporting and reconciliation).
          d) MTF (using Virtual Assets): using its own fiat tokens as a payment/transaction mechanism solely within its own platform/ecosystem:
          i. No additional FSP is required to allow for use of fiat tokens within the MTF’s platform.
          ii. The fiat token cannot be transferred/transacted outside its own platform/ecosystem.
          iii. The Authorised Person must meet the requirements of this Guidance in the context of both its Accepted Virtual Asset and fiat token activities, particularly in the context of ensuring that the methods by which the Authorised Person meets the requirements applicable to Accepted Virtual Assets and Technology Governance, and
          iv. The Authorised Person must additionally be able to show that the token is backed 1:1 through weekly reconciliation.
          e) MTF (using Virtual Assets): using third-party issued fiat tokens as a payment/transaction mechanism:
          i. In the context of using third party fiat tokens, the Authorised Person must directly meet the requirements of the Accepted Virtual Assets, Technology Governance and AML/CFT sections of this Guidance.
          ii. For the related fiat currency custody activities, FSRA preference is to have the MTF utilise a Virtual Asset/Fiat Custodian authorised on the basis of paragraphs 139 - 145 or 166(b) above.
          iii. In relation to the issuance of the related fiat token, in circumstances where the issuer is not authorised under paragraph 166(a) above, it is expected that the Authorised Person undertake the same due diligence as that it would apply for the purposes of determining Accepted Virtual Assets (focusing on Technology Governance requirements, the seven factors used to determine an Accepted Virtual Asset, and requirements relating to reporting and reconciliation).

          44 Regardless of legal personality of issuer.
          45 COBS Rule 17.8.3

        • APPLICATION PROCESS

          167) Applicants seeking to become an Authorised Person conducting a Regulated Activity in relation to Virtual Assets must be prepared to engage heavily with the FSRA throughout the application process. The Application process is broadly broken down into five stages, as follows:
          a) Due Diligence & Discussions with FSRA team(s);
          b) Submission of Formal Application;
          c) Granting of In Principle Approval;
          d) Granting of Final Approval; and
          e) ‘Operational Launch’ Testing

        • Due diligence and Discussions with FSRA team(s)

          168) Prior to the submission of an Application, all Applicants are expected to provide the FSRA with a clear explanation of their proposed business model and to demonstrate how the Applicant will meet all applicable FSRA Rules and requirements. These sessions will also involve the Applicants providing a number of in-depth technology demonstrations, across all aspects of its proposed Virtual Asset activities. The FSRA generally expects these meetings, where possible, to take place between the Applicant and the FSRA in person. Given the complexity of the activities associated with the Virtual Asset Framework, it is likely that a number of meetings will need to be held between an Applicant and the FSRA before the Applicant will be in a position to submit a draft, then formal, application.

        • Submission of Formal Application

          169) Following discussions with the FSRA, and upon the FSRA having reasonable comfort that the Applicant’s proposed business processes, technologies and capabilities are at a sufficiently advanced stage, the Applicant will be required to submit a completed Virtual Asset Application Form, and supporting documents, to the FSRA46. Payment of the fees applicable to the Application, as set out in paragraphs 175 - 183, must also be made at the time of submission. The FSRA will only consider an Application as having been formally submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.

          46 The FSRA will make available to the Applicant an editable version of the Virtual Asset Application Form at the appropriate time. Other ancillary forms to be submitted include the Approved Person Status form (for appointing Controlled Functions such as the SEO and Licensed Directors) and the Recognised Person Status form (for appointing Recognised Functions such as the Compliance Officer, MLRO and Finance Officer).

        • Granting of In Principle Approval (IPA)

          170) The FSRA will undertake an in depth review of the Application, and supporting documents, submitted by an Applicant. The FSRA will only consider granting an IPA for a FSP to those Applicants that are considered able to adequately meet all applicable Rules and requirements. An Applicant will be required to meet all conditions applicable to the IPA prior to being granted with final approval and an FSP for the relevant Regulated Activity.

        • Fees

          • Authorisation and supervision fees

            175) The Fees applicable to Authorised Persons conducting a Regulated Activity in relation to Virtual Assets have been established in consideration of the risks involved in relation to Virtual Asset activities and the supervisory requirements placed on the FSRA to suitably regulate these Authorised Persons and Virtual Asset activities in ADGM.
            176) Pursuant to FEES Rule 3.14.1, an Applicant for an FSP to conduct a Regulated Activity in relation to Virtual Assets must pay, at the time of submission of its Application, an initial authorisation fee of (as applicable):
            a) $20,000; or
            b) $125,000 if the Applicant is seeking to operate an MTF (in relation to Virtual Assets).
            177) As set out earlier in paragraph 169, the FSRA will only consider an Application as having been formally submitted, and commence its formal review of the Application, upon receipt of both the completed Application and the associated fees.
            178) Pursuant to FEES Rule 3.14.2, annual supervision fees for an Authorised Person conducting a Regulated Activity in relation to Virtual Assets, payable in accordance with paragraph 1 of the FEES Rulebook, are set as follows:
            a) $15,000; or
            b) $60,000 if the Applicant is seeking to operate an MTF (in relation to Virtual Assets).

          • Cumulative application of Fees

            179) Subject to paragraph 181 below, if an Applicant/Authorised Person will be conducting multiple Regulated Activities in relation to Virtual Assets as part of its FSP, the fees (authorisation and supervision) payable by that Authorised Person will be cumulative, and considered across the following:
            a) Authorised Person intermediary-type activities (being “Non-Custody Intermediary Activities”);
            b) activities as a Virtual Asset Custodian (Providing Custody); and
            c) activities as an MTF.
            180) In practice, and to further clarify, this results in several scenarios for FEES in relation to Virtual Asset activities, being:
            a) Non-Custody Intermediary Activities only = Application Fee of $20,000 and annual supervision fee of $15,000 (irrespective of the number of Non-Custody Intermediary Activities proposed to be undertaken).
            b) Virtual Asset Custodian and Non-Custody Intermediary Activities = Application fee of $40,000 and annual supervision fee of $30,000.
            c) MTF = Application fee of $125,000 and annual supervision fee of $60,000.
            d) MTF and Virtual Asset Custodian = Application fee of $145,000 and annual supervision fee of $75,000.
            181) Noting the above paragraph, if an Applicant/Authorised Person will be undertaking a Regulated Activity involving conventional assets (e.g. securities or derivatives) in addition to Virtual Assets, as noted in paragraphs 20 to 21, it will need to seek approval from the FSRA to carry out its Regulated Activity in relation to both asset types (conventional and Virtual Asset). The fees attributable to that Authorised Person for its Regulated Activities (conventional and Virtual Asset-related), will likely not be cumulative (considering the high fees already imposed on Applicants/Authorised Persons conducting a Regulated Activity in relation to Virtual Assets, subject to the considerations set out in paragraph 183 below). The FSRA recommends that that Applicants discuss any questions relating to FEES with the FSRA as early as practicable.
            182) Pursuant to FEES Rule 3.14.3, an MTF using Virtual Assets must pay to the FSRA a trading levy on a sliding scale basis (as set out in the table below), payable monthly in USD. Unless otherwise determined by an MTF (and agreed to by the FSRA), the FSRA expects that the calculation of average daily value should occur at 12am Abu Dhabi time (+4hr GMT).
            Average Daily Value
            (ADV) ($USD)
            Levy
            ADV ≤ 10m 0.0015%
            10m < ADV ≤ 50m 0.0012%
            50m < ADV ≤ 250m 0.0009%
            ADV > 250m 0.0006%
            183) Pursuant to FEES Rule 1.2.6(a), the FSRA reserves its right to impose additional fees in circumstances where a ‘substantial additional’ regulatory burden is imposed on FSRA. In such circumstances, including the migration of an MTF to become a conventional ‘Securities’ Recognised Investment Exchange, the FSRA recommends that the Applicant/Authorised Person discuss FEE implications with the FSRA as early as practicable.

             

        • Granting of Final Approval (Financial Services Permission)

          171) Subject to being satisfied that the Applicant has met all conditions applicable to the IPA, the FSRA will grant the Applicant with final approval for an FSP for the relevant Regulated Activity. Final approval will be conditional upon the FSRA being further satisfied in relation to the Applicant’s operational testing and capabilities, and completion of a third party verification of the Applicant’s systems where applicable.

        • ‘Operational Launch’ Testing

          172) An Applicant (particularly an MTF (seeking to use Virtual Assets) and/or Virtual Asset Custodian) will only be permitted to progress to operational launch when it has completed its operational launch testing to the FSRA’s satisfaction, including completion of third party verification of the Applicant’s systems, where applicable.
          173) Noting the heightened risks associated with activities related to Virtual Assets, Authorised Persons will be closely supervised by the FSRA once licensed. Authorised Persons will be expected to meet frequently with the FSRA, will be subject to ongoing assessments and should be prepared to undergo thematic reviews from time to time.

        • Opening a bank account

          174) Given the associated risks within the Virtual Asset space, the global banking sector is focusing on account opening requests from entities associated with Virtual Assets with increased scrutiny. The FSRA has engaged in extensive discussions with local and international banks for the purposes of providing an overview of the Virtual Asset Framework and the stringent authorisation requirements imposed on Applicants when applying to become an Authorised Person. It is intended that those banks with a risk appetite to bank Virtual Asset players will glean comfort from the regulatory oversight of the FSRA and the issuance of an IPA to entities demonstrating that they have a clear roadmap of development of their business towards final approval and issuance of an FSP. The process for approval for the opening of a bank account with local or international banks will typically include a full explanation and review of an Applicant’s AML and Client on-boarding processes and procedures, as well as its ability to monitor the source and destination of funds, amongst other areas of its Virtual Asset activities.

        • Guidance — Regulation Of Crypto Asset Activities in ADGM (Explanatory Draft — comparison of 1st and 2nd editions of Guidance)

          Click herehere to view PDF

      • Guidance & Policies Manual (GPM) [03 February 2020]

        • Guidance — Regulation of Virtual Asset Activities in ADGM [24 February 2020]

          Click here to view PDF

          • 1. 1. Introduction

            • 1.1 1.1 General

              • 1.1.1

                This document is called the Guidance and Policies Manual ("GPM"). The GPM is for information purposes only and explains how we may regulate and supervise financial services firms and markets that operate in ADGM. The GPM has purposely been written in plain English. The GPM contains guidance on:

                (a) our regulatory policies;
                (b) our risk-based approach to authorisation, supervision and enforcement; and
                (c) what we consider and take into account when exercising our powers.

              • 1.1.2

                The GPM is meant to assist persons operating or intending to operate financial services or a market in the ADGM and should be read in conjunction with the Financial Services and Markets Regulations ("FSMR") and the ADGM Rulebooks.

              • 1.1.3

                The GPM is not meant to be all of our guidance and policies on how we will operate and exercise our powers and we are not bound to follow it on all occasions. It is merely an informative document, which sets how we may act when exercising our powers.

            • 1.2 1.2 Defined terms

              • 1.2.1

                Where we have used a defined term in the GPM, these are identified by the capitalisation of the word or a phrase capitalised. You can find meanings of these defined terms in the Glossary module ("GLO") of the ADGM Rulebook. There are also defined terms in the FSMR. If there is no capitalisation of the initial letter, the word or phrase has its normal common day meaning.

            • 1.3 1.3 Updating the GPM

              • 1.3.1

                We will make amendments to the GPM when we make changes in our policies or processes to ensure it remains current.

            • 1.4 1.4 Our mandate

              • 1.4.1

                We are committed to foster, promote and maintain a fair, efficient and responsive regulatory environment for our market participants and stakeholders.

              • 1.4.2

                We have adopted and apply international standards, such as those set out by the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, the International Organisation of Securities Commissions, the Financial Stability Board and the Financial Action Task Force.

          • 2. 2. Becoming Regulated

            • 2.1 2.1 Our approach to authorisation

              • Introduction

                • 2.1.1

                  This chapter outlines our approach when assessing if an applicant or registrant can become:

                  (a) an Authorised Firm;
                  (b) a Recognised Body;
                  (c) a Representative Office;
                  (d) an Approved Person; or
                  (e) a Principal Representative.

                • 2.1.2

                  Before submitting an application, an applicant or registrant should contact our Authorisation Team at authorisation@adgm.com.

              • Prohibition and by way of business

                • 2.1.3

                  The FSMR impose a prohibition on all persons who carry on an activity regulated by us in the ADGM "by way of business" unless the person is an Authorised Firm, Recognised Body or an Exempt Person.

                • 2.1.4

                  Whether or not an activity is carried on by way of business is a question of fact that takes account several factors, including:

                  (a) how often the activity is conducted;
                  (b) whether there is a commercial element involved;
                  (c) the size and proportion of non-regulated activities carried on by the same person; and
                  (d) the nature, context and circumstances of the activity that is carried on.

              • Whether someone is carrying on his or her own business

                • 2.1.5

                  Another aspect of the prohibition is that an employee will not breach the prohibition by carrying on an activity on behalf of his employer, as in such cases it is the employer who is carrying on that activity. The employee is simply carrying on the employer's business. This principle potentially also applies to agents and others who assist another to carry on that other's business.

              • General Prohibition and by way of business

                • 2.1.6

                  The regulations impose a general prohibition on all persons who carry on a Regulated Activity in the ADGM "by way of business" unless the person is a firm, Recognised Body or an exempt person.

                • 2.1.7

                  Whether or not an activity is carried on by way of business is a question of fact that takes account of several factors. These include:

                  (a) the degree to which the activity is conducted with continuity, regularity and systemically;
                  (b) the existence of a commercial element;
                  (c) the scale proportion and impact which the activity bears to other activities carried on by the same Person but which are not regulated; and
                  (d) the nature, context and circumstances of the particular activity that is carried on.

              • Regulated Activities and the need for a Financial Service Permission

                • 2.1.8

                  Schedule 1 to the Financial Services and Markets Regulations contains a complete list of Regulated Activities. When determining whether an applicant will require a Financial Services Permission to engage in a specific Regulated Activity, the applicant should first, determine that such Regulated Activity will be carried on in or from the ADGM 'by way of business' as described in 2.1.6 and 2.1.7. If they are then the applicant will need to consider whether any of the applicable exclusions apply either (i) specified following the description of the relevant Regulated Activity or (ii) amongst the general exclusions contained in Chapter 18 of Schedule 1.

              • Combinations of Regulated Activities

                • 2.1.9

                  Generally, we will rely upon the applicant's written application and discussions when considering which Regulated Activities should be included in any Financial Service Permission granted to the applicant. The Regulator will only include a Regulated Activity within a Financial Service Permission when it reasonably believes such Regulated Activity is required for the applicant to conduct its business. Applicants should consider each Regulated Activity as a distinct activity with a distinct Financial Service Permission.

                • 2.1.10

                  While no Regulated Activity will require the Regulator to include a second Regulated Activity within the Financial Service Permission to enable the applicant to engage in the original Regulated Activity, certain Regulated Activities may be combined with other Regulated Activities. For example, where an applicant may be arranging transactions which arise from advice given to a client. This would be acceptable, provided (i) the applicant has requested both Regulated Activities to be included in its Financial Service Permission, (ii) the applicant satisfies the relevant criteria necessary to engage in both Regulated Activities and (iii) no conflicts arise as a consequence of the conduct of both Regulated Activities by a single person (see 2.1.10).

              • Conflicts between Regulated Activities

                • 2.1.11

                  By their nature, certain combinations of Regulated Activities may be difficult for a single applicant to undertake without risk of a material conflict of interest. In such circumstances the Regulator will not grant a Financial Service Permission to engage in both Regulated Activities without being satisfied that both activities may be undertaken independently in a manner which addresses potential conflicting duties between clients or conflicts between the interests of the applicant and its clients.

                • 2.1.12

                  The Regulator does not provide an exhaustive list of potential conflicting duties and interests and expects that each applicant will have reviewed the scope of those Regulated Activities it wishes to engage in, in order to identify and take steps to mitigate potential conflicts.

            • 2.2 2.2 Assessing the fitness and propriety of applicants

              • 2.2.1

                We expect applicants seeking authorisation/recognition to be fit and proper. This provides us with the assurance that applicants are willing and able to fulfil their obligations under the law. The onus is on each applicant to establish that they are fit and proper.

              • Reputation and standing

                • 2.2.2

                  In assessing the reputation and standing of an applicant, we can take into consideration any relevant matters including:

                  (a) any matter affecting the propriety of the applicant's conduct, whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of the law, or the institution of legal or disciplinary proceedings of whatever nature;
                  (b) whether an applicant has ever been the subject of disciplinary procedures by a government body or agency or any self-regulatory organisation or other professional body;
                  (c) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under it or made by a recognised self-regulatory organisation, non-ADGM financial services regulator or regulated exchange or clearing house;
                  (d) whether an applicant has been refused, or had a restriction placed on, the right to carry on a trade, business or profession requiring a licence, registration or other permission;
                  (e) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against or payment by an applicant;
                  (f) whether an applicant has been censured, disciplined, publicly criticised or the subject of a court order at the instigation of any regulatory authority, or any officially appointed inquiry, or any other non-ADGM financial services regulator;
                  (g) whether an applicant has been open and truthful in all its dealings with us; and
                  (h) any other matter that we consider relevant.

              • Locations of offices

                • 2.2.3

                  An applicant should be able to satisfy us that it will establish an office and maintain a presence in the ADGM based on the activities it will carry on.

              • Close Links

                • 2.2.4

                  We need to be satisfied, as to who are the applicant's Close Links or where the applicants is closely related to another person (for example a parent or subsidiary company or someone who owns and controls 20% or more of the applicant). This is to make sure we are not prevented from effectively supervising the applicant.

              • Legal status of Firms and Recognised Bodies

                • 2.2.5

                  We will only consider an application for authorisation or recognition where the legal status of the proposed ADGM entity is a Body Corporate or a Partnership. Individuals cannot make an application. In respect of the regulated activities of Effecting Contracts of Insurance or Carrying Out Contracts of Insurance as Principal, a firm can only be a Body Corporate.

                • 2.2.6

                  In the case of non-ADGM persons other than companies limited by shares, we will consider whether the legal form is appropriate for the activities proposed.

                • 2.2.7

                  If the applicant is seeking to branch in to the ADGM, we will take into account where the applicant's head office is located.

              • Ownership and Group

                • 2.2.8

                  In relation to the ownership and Group structure of an applicant, we may have regard to:

                  (a) the applicant's position within its group, including any other relationships that may exist between the applicant, controllers, associates and other persons that may be considered a close link;
                  (b) the financial strength of the Group and its implications for the applicant;
                  (c) whether the Group has a structure which makes it possible to:
                  (i) exercise effective supervision;
                  (ii) exchange information among regulators who supervise group members; and
                  (iii) determine the allocation of responsibility among the relevant regulators;
                  (d) any information provided by other regulators or third parties in relation to the applicant or any entity within its Group; and
                  (e) whether the applicant or its group is subject to any adverse effect or considerations arising from a country or countries of incorporation, establishment and operations of any member of its group. In considering these matters, we may also have regard to the type and level of regulatory oversight in the relevant country or countries of the group members and the regulatory infrastructure and adherence to internationally held conventions.

              • Controllers

                • 2.2.9

                  In relation to the controllers of an applicant, we may, taking into account the nature, scale and complexity of the firm's business and organisation, have regard to:

                  (a) the background, history and principal activities of the applicant's controllers, including that of the controller's directors, partners or other officers associated with the applicant, and the degree of influence that they are, or may be, able to exert over the applicant and/or its activities;
                  (b) where the Controller will exert significant management influence over the applicant, the reputation and experience of the controller or any individual within the controller;
                  (c) the financial strength of a controller and its implications for the applicant's ability to ensure the sound and prudent management of its affairs, in particular where a controller agrees to contribute any funds or other financial support such as a guarantee or a debt subordination agreement in favour of the Firm or Recognised Body; and
                  (d) whether the applicant is subject to any adverse effect or considerations arising from the country or countries of incorporation, establishment or operations of a controller. In considering such matters, we may have regard to, among other things, the type and level of regulatory oversight, which the controller is subject to in the relevant country or countries and the regulatory infrastructure and adherence to internationally held conventions and standards.

                • 2.2.10

                  Where we have any concerns relating to the fitness and propriety of an applicant for a Financial Services Permission stemming from a Controller of such a Person, we may consider imposing conditions on the Financial Services Permission designed to address such concerns. For example, we may impose, in the case of a start-up, a condition that there should be a shareholder agreement that implements an effective shareholder dispute resolution mechanism.

              • Resources, systems and controls

                • 2.2.11

                  We will have regard to whether the applicant has sufficient resources, including the appropriate systems and controls, such as:

                  (a) the applicant's financial resources and whether it complies, or will comply, with any applicable financial rules, and whether the applicant appears to be in a position to be able to comply with such rules;
                  (b) the extent to which the applicant is or may be able to secure additional capital in a form acceptable to us where this appears likely to be necessary at any stage in the future;
                  (c) the availability of sufficient competent human resources to conduct and manage the applicant's affairs, in addition to the availability of sufficient Approved Persons to conduct and manage the applicant's activities;
                  (d) whether the applicant has sufficient and appropriate systems and procedures in order to support, monitor and manage its affairs, resources and regulatory obligations in a sound and prudent manner;
                  (e) whether the applicant has appropriate anti-money laundering procedures and systems designed to ensure full compliance with applicable money laundering and counter terrorism legislation, and relevant UN Security Council and applicable sanctions and resolutions, including arrangements to ensure that all relevant staff are aware of their obligations;
                  (f) the impact of other members of the applicant's group on the adequacy of the applicant's resources and, in particular, though not exclusively, the extent to which the applicant is or may be subject to consolidated prudential supervision by us or another non-ADGM financial services regulator;
                  (g) whether the applicant is able to provide sufficient evidence about the source of funds available to it, to our satisfaction. This is particularly relevant in the case of a start-up entity; and
                  (h) the matters specified in paragraph 2.2.88(c).

              • Firms and Recognised Persons: Collective suitability of individuals or other Persons connected to the firm

                • 2.2.12

                  Although individuals performing Controlled and Recognised Functions are required to be Approved Persons and/or Recognised Persons and that a firm is required to appoint certain Approved and Recognised Persons to certain functions, we will also consider:

                  (a) the collective suitability of all of the firm's staff taken together, and whether there is a sufficient range of individuals with appropriate knowledge, skills and experience to understand, operate and manage the firm's affairs in a sound and prudent manner;
                  (b) the composition of the Governing Body of the firm. The factors that would be taken into account by us in this context include, depending on the nature, scale and complexity of the firm's business and its organisational structure, whether:
                  (i) the governing body has a sufficient number of members with relevant knowledge, skills and expertise among them to provide effective leadership, direction and oversight of the firm's business. For this purpose, the members of the governing body should be able to demonstrate that they have, and would continue to maintain, including through training, the necessary skills, knowledge and understanding of the firm's business to be able to fulfil their roles;
                  (ii) the individual members of the governing body have the commitment necessary to fulfil their roles, demonstrated, for example, by a sufficient allocation of time to the affairs of the firm and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, we will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the firm and its customers and stakeholders; and
                  (iii) there is a sufficient number of independent members on the governing body. We will consider a member of the governing body to be "independent" if he is found, on reasonable grounds by the governing body, to be independent in character and judgement and able to make decisions in a manner that is consistent with the best interests of the Firm;
                  (c) the position of the Firm in any Group to which it belongs;
                  (d) the individual or collective suitability of any person or persons connected with the firm;
                  (e) the extent to which the firm has robust human resources policies designed to ensure high standards of conduct and integrity in the conduct of its activities;
                  (f) whether the firm has appointed Auditors, actuaries and advisers with sufficient experience and understanding in relation to the nature of the firm's activities; and
                  (g) whether the remuneration structure and strategy adopted by the firm is consistent with the requirements in GEN 3.3.42(1).

              • Recognised Bodies: other considerations

                • 2.2.13

                  In determining whether a Recognised Body has satisfied its recognition requirements set out in MIR Chapter 2 and GEN Chapter 3, we will consider:

                  (a) its arrangements, policies and resources for fulfilling its obligations under the recognition requirements as set out in MIR 4.2.1;
                  (b) its arrangements for managing conflicts and potential conflicts between its commercial interest and applicable regulatory requirements;
                  (c) the extent to which its constitution and organisation provide for effective governance;
                  (d) the arrangements made to ensure that the Governing Body has effective oversight of its regulatory functions;
                  (e) the fitness and propriety of its Approved Persons and the access the approved persons have to the Governing Body;
                  (f) the size and composition of the Governing Body including:
                  (i) the number of independent members on the Governing Body;
                  (ii) the number of members of the Governing Body who represent members of the Recognised Body or other persons and the types of persons whom they represent; and
                  (iii) the number and responsibilities of any members of the governing body with executive roles within the Recognised Body;
                  (g) the structure and organisation of its Governing Body, including any distribution of responsibilities among its members and committees;
                  (h) the integrity, relevant knowledge, skills and expertise of the members of the governing body to provide effective leadership, direction and oversight of the Recognised Body's business. For this purpose, such individuals should be able to demonstrate that they have, and would continue to maintain, including through training, necessary skills, knowledge and understanding of the Recognised Body's business to be able to fulfil their roles;
                  (i) the commitment necessary by the members of the governing body to fulfil their roles effectively, demonstrated, for example, by a sufficient allocation of time to the affairs of the Recognised Body and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, the Regulator will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the Recognised Body and its stakeholders;
                  (j) the integrity, qualifications and competence of its approved persons;
                  (k) its arrangements for ensuring that it employs individuals who are honest and demonstrate integrity;
                  (l) the independence of its regulatory departments from its commercial departments; and
                  (m) whether the remuneration structure and strategy adopted by the Recognised Body is consistent with the requirements in GEN 3.3.42(1).

                • 2.2.14

                  We will consider a Director to be "independent" if the Director is found, on the reasonable determination of the Governing Body, to:

                  (a) be independent in character and judgement; and
                  (b) have no relationships or circumstances which are likely to affect or could appear to affect the director's judgement in a manner other than in the best interests of the Recognised Body.

                • 2.2.15

                  In forming a determination the Governing Body should consider the length of time the director has served as a member of the Governing Body and whether the relevant director:

                  (a) has been an employee of the Recognised Body or group within the last five years;
                  (b) has or has had, within the last three years, a material business relationship with the Recognised Body, either directly or as a partner, shareholder, director or senior employee of a body that has such a relationship with the Recognised Body;
                  (c) receives or has received, in the last three years, additional remuneration or payments from the Recognised Body apart from a director's fee, participates in the Recognised Body's share option, or a performance- related pay scheme, or is a member of the Recognised Body's pension scheme;
                  (d) is or has been a director, partner or employee of a firm which is the Recognised Body's auditor;
                  (e) has close family ties with any of the Recognised Body's advisors, directors or senior employees;
                  (f) holds cross directorships or has significant links with other directors through involvement in other bodies; or
                  (g) represents a significant shareholder.

            • 2.3 2.3 Assessing the fitness and propriety of Approved Persons, Recognised Persons and Principal Representatives

              • Introduction

                • 2.3.1

                  This section sets out the matters which we take into consideration, and expect the firm or Recognised Body to take into consideration, when assessing the fitness and propriety of:

                  (a) In the case of a firm, an Approved Person, Recognised Person under GEN 5.3 and GEN 5.4 and Principal Representative under 9.8;
                  (b) In the case of a Recognised Body, an Approved Person under MIR 7.2.

                • 2.3.2

                  Applications for approved person status in respect of the controlled functions of Senior Executive Officer, Licensed Director and Licensed Partner shall be made by the firm and approved by us. We may reject an application for an Approved Person status or grant an Approved Person status with or without conditions and restrictions.

                • 2.3.3

                  In relation to applications for Recognised Persons status the firm or Recognised Body will approve the Recognised Functions of Finance Officer, Compliance Officer, Senior Manager, Money Laundering Reporting Officer and Responsible Officer, and notify us of such appointments. The onus is on the firm or Recognised Body to carry out proper due diligence to ensure that the person is fit and proper to carry out the function, and to maintain the necessary supporting documentation for its due diligence.

                • 2.3.4

                  We expect a firm and Recognised Body to continually ensure that all Approved and Recognised Persons are fit and proper for the controlled and or recognised Functions that they have been appointed to.

                • 2.3.5

                  When assessing whether an individual meets the fitness and propriety criteria to be able to perform the role of an Approved Person or Recognised Person, we take the following considerations into account, as set out in paragraphs 2.3.6 to 2.3.8 below.

              • Integrity

                • 2.3.6

                  In determining whether an individual has met the fitness and propriety criteria with respect to his/her integrity, the following matters may be taken into account:

                  (a) the propriety of an individual's conduct whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of a law or the institution of legal or disciplinary proceedings of whatever nature;
                  (b) a conviction or finding of guilt in respect of any offence, other than a minor road traffic offence, by any court of competent jurisdiction;
                  (c) whether the individual has ever been the subject of disciplinary proceedings by a government body or agency or any recognised self-regulatory organisation or other professional body;
                  (d) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under or by a recognised self-regulatory organisation, Recognised Body, regulated exchange or regulated clearing house or non-ADGM Financial Services Regulator;
                  (e) a refusal or restriction of the right to carry on a trade, business or profession requiring a licence, registration or other authority;
                  (f) a dismissal or a request to resign from any office or employment;
                  (g) whether an individual has been or is currently the subject of or has been concerned with the management of a Body Corporate which has been or is currently the subject of an investigation into an allegation of misconduct or malpractice;
                  (h) an adverse finding in a civil proceeding by any court of competent jurisdiction of fraud, misfeasance or other misconduct, whether in connection with the formation or management of a corporation or otherwise;
                  (i) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against the individual;
                  (j) an order of disqualification as a director or to act in the management or conduct of the affairs of a corporation by a court of competent jurisdiction or regulator;
                  (k) whether the individual has been a director, or concerned in the management of, a body corporate which has gone into liquidation or administration whilst that individual was connected with that body corporate or within one year of such a connection;
                  (l) whether the individual has been a partner or concerned in the management of a partnership where one or more partners have been made bankrupt whilst that individual was connected with that partnership or within a year of such a connection;
                  (m) whether the individual has been the subject of a complaint in connection with a financial service, which relates to his integrity, competence or financial soundness;
                  (n) whether the individual has been censured, disciplined, publicly criticised by, or has been the subject of a court order at the instigation of, us or any officially appointed inquiry, or Non-ADGM Financial Services Regulator; and
                  (o) whether the individual has been candid and truthful in all his dealings with us.

              • Competence and capability

                • 2.3.7

                  We will take into account the individual's qualifications and experience, in determining the fitness and propriety criteria of competence and capability of an individual to perform a role as an Approved Person or Principal Representative.

              • Financial soundness

                • 2.3.8

                  With respect to the financial soundness of an individual, we will take into account :

                  (a) whether an individual is able to meet his debts as and when they fall due; and
                  (b) whether an individual has been declared bankrupt, had a receiver or an administrator appointed, had a bankruptcy petition served on him, had his estate sequestrated, entered into a deed of arrangement (or any contract in relation to a failure to pay due debts) in favour of his creditors, or within the last 10 years, has failed to satisfy a judgement debt under a court order.

            • 2.4 2.4 Waivers during authorisation

              • 2.4.1

                An applicant for authorisation may request a waiver or modification when the application is made and being processed. In some circumstances, the applicant may need to work with us in developing the waiver or modification and may not be required to use the formal application process. However, the written consent to the waiver or modification will be required if the applicant is authorised.

            • 2.5 2.5 Start-up entities in the ADGM

              • What are "Start-up" entities?

                • 2.5.1

                  This paragraph serves as a guide to assist Start-up entities that are interested in applying for a Financial Services Permission to conduct Regulated Activities in the ADGM. It sets out the information required to support an application and what criteria that we may consider in the authorisation process. Start-ups, as with any applicants, will be required to satisfy all of our requirements prior to being granted a Financial Services Permission.

                • 2.5.2

                  A Start-up entity is:

                  (a) any newly set up business entity which is not part of a group that is subject to financial services regulation; or
                  (b) part of an existing business entity which it, or whose group is not subject to financial services regulation.

                • 2.5.3

                  As a general position, we will not usually accept applications for start-up banks or insurers however each application will be considered on its merits. We will take into account such factors as the applicant's financial position, systems and controls and whether the Start-up entity is managed by persons who have the necessary expertise and knowledge to conduct such activities.

              • Our risk-based approach to Start-ups

                • 2.5.4

                  Any consideration of an application for the granting of a Financial Services Permission to carry on a regulated activity is likely to involve an assessment of the risks posed to our objectives by the proposed regulated activity. Whilst the broad categories of risks for all applicants will be the same, the nature of those risks within start-ups can be amplified, as a start-up does not have a regulatory track record to deal with risks and upon which we may place reliance. In the case of a new business, even where senior management has substantial experience and relevant competence in the business sector, this does not necessarily imply an ability to create and sustain an adequate management control environment and compliance culture, particularly when faced with all the other issues of establishing a new business.

                • 2.5.5

                  The broad categories of risk and some of the unique elements of those risk categories that apply to start-ups include financial risk, governance risk, business/operational risk and compliance risk.

              • Financial risk

                • 2.5.6

                  All applicants are required to demonstrate they have a sound initial capital base and funding and must be able to meet the relevant prudential requirements of the ADGM laws, on an on-going basis. This includes holding enough capital resources to cover expenses even if expected revenue takes time to materialise. Start-ups can encounter greater financial risks as they seek to establish and grow a new business.

                • 2.5.7

                  In addition to the risks associated with the financial viability of the start-up, particular attention may be given to the clarity and the verifiable source of the initial capital funding.

              • Governance risk

                • 2.5.8

                  All applicants are required to demonstrate robust governance arrangements together with the fitness and integrity of all controllers, directors and senior management. We are aware that management control, in smaller start-ups especially, may lie with one or two dominant individuals who may also be amongst the owners of the firm. In such circumstances, we would expect the key business and control functions (i.e. risk management, compliance and internal audit) to be subject to appropriate oversight arrangements which reflect the size and complexity of the business. Applicants can assist us by describing in detail the ownership structure, high level controls and clear reporting lines which demonstrate an adequate segregation of duties.

                • 2.5.9

                  We may request details of the background, history and ownership of the start-up and, where applicable, its Group. Similar details relating to the background, history and other interests of the directors of the start-up may also be required. Where it considers it necessary to do so, we may undertake independent background checks on such material. A higher degree of due diligence will apply to individuals involved in a start-up and there would be an expectation that the start-up itself will have conducted detailed background checks, which may then be verified by us.

              • Business/operational risk

                • 2.5.10

                  All applicants are required to establish appropriate systems and controls to demonstrate that the affairs of the firm are managed and controlled effectively. The nature of the systems and controls may depend on the nature, size and complexity of the business. A start-up may wish to consider which additional systems and controls may be appropriate in the initial period of operation following launch, such as increased risk or compliance monitoring. Due to the unproven track record of a startup, we may, for example, impose restrictions on the business activities of the entity or a greater degree and intensity of supervision until such a track record is established.

              • Compliance risk

                • 2.5.11

                  The Senior Executive Officer of a firm is expected to take full responsibility for ensuring compliance with the ADGM laws by establishing a strong compliance culture which is fully embedded within the organisation. A start-up will be required to appoint a U.A.E. resident as the senior executive officer as well as the compliance officer and money laundering reporting officer (MLRO) with the requisite skills and relevant experience in compliance and anti-money laundering duties. The individuals fulfilling the compliance and MLRO roles will be expected to demonstrate to us their competence to perform the proposed roles and adequate knowledge of the relevant sections of the ADGM laws and, in the case of the MLRO, the wider anti-money laundering laws.

              • Main information requirements

                • 2.5.12

                  The main information requirements are the same for all applicants, including startups, and each application will be assessed on its own merits.

                • 2.5.13

                  A key document will be the regulatory business plan submitted in support of the application. It will facilitate the application process if applicants cover the following areas within this submission:

                  (a) an introduction and background;
                  (b) strategy and rationale for establishing in the ADGM;
                  (c) organisational structure;
                  (d) management structure;
                  (e) proposed resources;
                  (f) high level controls;
                  (g) risk management;
                  (h) operational controls;
                  (i) systems overview;
                  (j) how the proposed activities are mapped against the Regulated Activities and why particular Regulated Activities are applied for; and
                  (k) financial projections.

                • 2.5.14

                  Start-up applicants may find it useful to include diagrams illustrating corporate structures, and, where applicable, group relationships, governance arrangements, organisational design, clear reporting lines, business process flows and systems environments.

                • 2.5.15

                  Comprehensively addressing these areas and detailing how the key risks will be identified, monitored and controlled may significantly assist us in determining applications from a start-up.

            • 2.6 2.6 Application for carrying out a Regulated Activity with or for a Retail Client

              • 2.6.1

                GEN 5.2.3 outlines the requirements to be met by an applicant intending to carry on a Regulated Activity where the client is a Retail Client.

              • 2.6.2

                When assessing an application of this type we may consider the following:

                (a) the adequacy of an applicant's systems and controls for carrying on Regulated Activities with a Retail Client;
                (b) whether the applicant is able to demonstrate that its systems and controls (including policies and procedures) adequately provide for, among other things, compliance with the requirements specifically dealing with Retail Clients under the Conduct of Business Rulebook (COBS), in particular:
                (i) marketing materials;
                (ii) the content requirements for Client Agreements;
                (iii) the suitability assessment for recommending a financial product;
                (iv) the disclosure of fees and commissions, and any inducements; and
                (v) the segregation of Client Money and/or Client Investments, where relevant;
                (c) whether the applicant has adequate systems and controls to ensure, on an on-going basis, that its Employees remain competent and capable to perform the functions which are assigned to them, including any additional factors that may be relevant if their functions involve interfacing with Retail Clients; and
                (d) the adequacy of the applicant's Complaints handling policies and procedures. An applicant's policies and procedures must provide for fair, consistent and prompt handling of Complaints. In addition to the matters set out in GEN Chapter 7, the policies and procedures should explicitly deal with how the applicant ensures that:
                (i) Employees dealing with Complaints have adequate training and competencies to handle complaints, as well as impartiality and sufficient authority (see GEN 3.3.19, 7.2.7 and 7.2.8);
                (ii) a Retail Client is made aware of the firm's Complaints handling policies and procedures before obtaining its services (see COB 12.1.2(a)(viii)); and
                (iii) the applicant's Complaints handling policies and procedures are freely available to any Retail Client upon request (see GEN 7.2.11).

            • 2.7 2.7 Application to conduct Islamic Financial Business

              • 2.7.1

                A firm wishing to carry on Islamic Financial Business must have a Financial Services Permission authorising it to Conduct Islamic Financial Business either as an Islamic Financial Institution or by operating an Islamic Window.

              • 2.7.2

                A Firm that is granted a Financial Services Permission to operate an Islamic Window may conduct some of its Regulated Activities in a conventional manner while conducting its Islamic Financial Business through the Islamic Window.

              • 2.7.3

                We may grant a Financial Services Permission only if we are satisfied that the applicant has demonstrated that it has the systems and controls in place to undertake Islamic Financial Business. In determining whether to grant such a Financial Services Permission, we may consider, among other things, those matters set out in the IFR module of the ADGM Rulebook.

            • 2.8 2.8 Application to be a Representative Office

              • 2.8.1

                An applicant seeking to become a Representative Office will need to comply with requirements including those set out in GEN Chapter 9.

              • 2.8.2

                In assessing an application for a Representative Office, we will need to be satisfied that:

                (a) the proposed activities are that of marketing, which means providing information on investments or financial services; engaging in promotions of investments or financial services; or making introductions or referrals of investments or financial services. It does not include advising on investments or the receiving or transmitting of orders(see paragraph 67 of Schedule 1 of the FSMR); and
                (b) the applicant is incorporated and regulated by a Non-ADGM Financial Services Regulator and setting up in the ADGM as a branch.

            • 2.9 2.9 Application for a withdrawal of Financial Services Permission

              • 2.9.1

                In considering requests for the withdrawal of a Financial Services Permission, a firm will need to satisfy us that it has made appropriate arrangements with respect to its existing customers, including the receipt of any customers' consent where required and, in particular:

                (a) whether there may be a long period in which the business will be run-off or transferred;
                (b) whether deposits must be returned to customers;
                (c) whether money and other assets belonging to customers must be returned to them; and
                (d) whether there is any other matter which we would reasonably expect to be resolved before granting a request for the withdrawal of a Financial Services Permission.

              • 2.9.2

                In determining a request for the withdrawal of a Financial Services Permission, we may require additional procedures or information as appropriate, including evidence that the firm has ceased to carry on Regulated Activities.

              • 2.9.3

                A firm should submit detailed plans where there may be an extensive period of wind-down. It may not be appropriate for a firm to immediately request a withdrawal of its Financial Services Permission in all circumstances, although it may wish to consider reducing the scope of its Financial Services Permission during this period. Firms should discuss these arrangements with us.

              • 2.9.4

                We may also refuse a request for the withdrawal of a Financial Services Permission where:

                (a) the firm has failed to settle its debts owed to us; or
                (b) it is in the interests of a current or pending investigation by us, or by another regulatory body or a Non-ADGM Financial Services Regulator.

              • 2.9.5

                Some other matters which a firm should be mindful of in relation to the withdrawal of its Financial Services Permission include:

                (a) Where a firm's FSP is withdrawn, the approved status of its Approved Persons will also be withdrawn on the same date. However, this does not remove the obligation on a firm to provide a statement where an approved person has been dismissed or requested to resign (under GEN 8.7.3); and
                (b) Where a Fund Manager or the Trustee makes a request for withdrawal (under GEN 8.4.1), the Fund Manager or the Trustee will need to satisfy us that it has made appropriate arrangements in accordance with the requirements under the FUNDS Rules with respect to the continuing management of the Fund for which it is the Fund Manager or the Trustee, as the case may be.

              • Application for variation of a Financial Services Permission

                • 2.9.6

                  Where a firm applies to change the scope of its Financial Services Permission, it should provide the following information:

                  (a) a revised business plan as appropriate, describing the basis of, and rationale for, the proposed change;
                  (b) details of the extent to which existing documentation, procedures, systems and controls will be amended to take into account any additional activities, and how the firm will be able to comply with any additional regulatory requirements; and
                  (c) descriptions of the firm's senior management responsibilities (see GEN Chapter 5) where these have changed from those previously disclosed, including any updated staff organisation charts and internal and external reporting lines;
                  (d) details of any transitional arrangements where the firm is reducing its activities and where it has existing customers who may be affected by the cessation of a Regulated Activity;
                  (e) the appropriate financial reporting statement where the variation may result in a change to the firm's prudential category or the application of additional or different financial rules. If a capital increase is required in order to demonstrate compliance with additional financial rules but such capital is not paid up or available at the time of application, proposed or forecast figures may be used;
                  (f) details of the effect of the proposed variation on the approved persons including, where applicable, submitting any written applications for individuals to perform additional or new controlled functions, or to remove existing controlled functions; and
                  (g) revised pro forma financial statements.

                • 2.9.7

                  In considering whether a Firm or Recognised Body is fit and proper with respect to a change in the scope of its Financial Services Permission, we may take into account the matters set out in Chapter 2 of this document, which provides guidance on assessing fitness and propriety for firms and Recognised Bodies.

          • 3. 3. Supervision: Being Regulated

            • 3.1 3.1 Our approach to supervision

              • Supervision philosophy

                • 3.1.1

                  We adopt a risk-based approach to the regulation and supervision of all regulated firms in order to concentrate our resources on the mitigation of risks to our objectives. We will work with a regulated entity to identify, assess, mitigate and control these risks where appropriate.

                • 3.1.2

                  Our supervisory risk-based approach involves:

                  (a) establishing the supervisory intensity of a given firm based on the combination of its size and complexity (impact rating) and its risk profile (risk rating), see paragraphs 3.1.8–3.1.11 below). The higher the impact and/or risk profile of the firm, the higher the supervisory intensity and the resources deployed by us;
                  (b) continuous risk management cycle, utilising sectoral and firm-specific data, notifications by the firm, risk assessments and the risk and impact ratings;
                  (c) using appropriate supervisory tools; and
                  (d) where applicable, considering any lead or consolidated supervision which a firm or its Group may be subject to in other jurisdictions, taking into account our relationship with other regulators and the extent to which it or they meet appropriate regulatory criteria and standards.

                • 3.1.3

                  We believe a firm's culture and behaviour affects both its overall financial condition and its interaction with individual customers and market counterparties. Our aim is to reduce the risk and impact of a failure or inappropriate conduct by requiring our regulated firms to have sound risk management systems and adequate internal controls.

              • Risk management cycle

                • 3.1.4

                  We adopt a structured risk management cycle. This comprises the identification, assessment, prioritisation, mitigation and monitoring of risks. It ensures appropriate action is taken upon the identification and/or materialisation of risks.

                • 3.1.5

                  We will identify and collate a comprehensive set of indicators on a regular basis which provides insights into the financial position and business activities of all our regulated entities. This data set allows us to assess the specific risk profile of regulated entities, sectoral risks by types of entities, and systemic risks posed by the firms to other market counterparties and the wider financial system.

                • 3.1.6

                  Based on the analysis of this data set, we will prioritise and step up our supervision with respect to certain firms as appropriate, or use thematic reviews to target certain products, services or practices across a set of firms, to mitigate any emerging, specific or systemic risks.

                • 3.1.7

                  We will monitor and use this data, amongst other factors, to review the effectiveness of our mitigation plans, and set organisational risk tolerances to allocate our supervisory resources.

              • Impact and risk ratings

                • 3.1.8

                  The impact and risk rating is an assessment of the potential adverse consequences that could follow from the failure of, or significant misconduct by, a firm. The potential adverse consequences include not only the direct financial impact on such firm's customers, counterparties and stakeholders, but also the potential for damage to our reputation and objectives.

                • 3.1.9

                  In assessing the impact rating, we will consider a variety of factors such as:

                  (a) the complexity of the firm's activities and structure, which is dependent on the nature and type of Regulated Activities it conducts. For instance, a firm that holds customers' deposits and assets will be operationally more complex and more difficult to resolve any issues or to supervise into compliance, as opposed to a Regulated Activity that does not involve accepting / holding customers' assets;
                  (b) the scale of the firm's activities and its linkages with other financial institutions and the wider financial system.

                • 3.1.10

                  The risk rating is an assessment of the firm's level of risk exposure or probability of failure across a wide range of risk factors. It takes into consideration a number of broad risk groups, including:

                  (a) Financial Strength
                  (b) Liquidity
                  (c) Credit Risk
                  (d) Market Risk
                  (e) AML/CFT and Financial Crime
                  (f) Conduct Risk
                  (g) Operational Risk
                  (h) Corporate Governance
                  (i) Internal Control System
                  (j) Business Model Risk

                • 3.1.11

                  The combination of the risk and the impact will determine the level and intensity of supervision. Firms with higher ratings will be subject to higher supervisory intensity. Our supervisory oversight of these firms will entail more frequent and routine engagements and on-site visits to oversee the activities and developments in the firm. These engagements would typically involve discussions with the board and senior management, business and compliance heads, auditors and risk managers of the firm and, in the case of overseas financial Groups, its head office staff and home country regulators.

              • Risk mitigation

                • 3.1.12

                  Whenever appropriate, we may inform the firm of the steps it needs to take in relation to specific risks. We then expect the firm to demonstrate that it has taken appropriate steps to mitigate these risks.

                • 3.1.13

                  Where necessary, risk mitigation programmes may be developed for a firm in order to mitigate or remove identified areas of risk.

              • Our relationship with firms

                • 3.1.14

                  In order to meet our objectives, we require an open, transparent and co-operative relationship with our regulated firms. We expect to establish and maintain an on-going dialogue with the firm's senior management in order to develop and sustain a thorough understanding of the firm's business, systems and controls and, through this relationship, to be aware of all areas of risk to our objectives.

                • 3.1.15

                  We seek to reinforce the responsibilities of senior management for the risk oversight and governance of the firm's activities, to ensure financial soundness, fair dealing and compliance with regulatory standards.

                • 3.1.16

                  We seek to maintain an up-to-date knowledge of a firm's business. However, a firm is also required to keep us informed of significant events, or anything related to the firm of which we would reasonably expect to be notified (as set out below).

              • Notifications to us

                • 3.1.17

                  GEN 8.10 sets out the requirements on a firm to notify us of specified events, changes or circumstances a firm (other than a Representative Office) may encounter. The list of notifications outlined in GEN 8.10 is not exhaustive and there are other areas of the Rulebooks that also specify additional notification requirements. (See appendix A)

              • Co-operation with other regulators

                • 3.1.18

                  We view co-operation with other regulators as an important component of our supervisory activities. Effective co-operation arrangements with other regulators will provide for prompt exchange of information in relation to supervision, investigation and enforcement matters. The information exchange may enhance, for example, our understanding of the operations of a firm's Group and the effect on our firm.

                • 3.1.19

                  We may also exercise our powers for the purposes of assisting other regulators or agencies, see sections 215 – 217 of the FSMR.

            • 3.2 3.2 Supervision of Firms

              • Group supervision

                • 3.2.1

                  When we authorise a firm, we take into consideration the relationship the firm has within its Group, with related parties or other parties closely linked to it. We may also take into account lead or consolidated supervision to which a firm or its Group may be subject to in another jurisdiction.

                • 3.2.2

                  A firm is expected to provide information as required or reasonably requested relating to the Authorised Person and, where applicable, its consolidated or lead regulatory arrangements. This information may include:

                  (a) prudential information;
                  (b) reports on systems and controls relating to a firm's Group;
                  (c) internal and external audit reports;
                  (d) details of disciplinary proceedings or any matters which may have financial consequences, reputational impact or pose any significant risk to the ADGM or to the firm; and
                  (e) the group-wide corporate governance practices and policies, and the remuneration structure and strategies adopted.

                • 3.2.3

                  This information may be taken into account as part of our fit and proper test as set out in Chapter 2.2 0 above and the supervision of the firm. Further Rules and Guidance with regard to obtaining information from a Representative office's lead regulator are set out in GEN 9.15.3.

                • 3.2.4

                  We have an interest in the relationship of a firm with other regulators, particularly in order to determine the level of reliance we may place on a regulator in another jurisdiction concerning any lead supervision arrangements. Depending on the legal structure of a firm and our relationship with the regulator in question, we may place appropriate reliance on the supervision undertaken by this regulator.

              • Domestic Firm's Group with ADGM head office

                • 3.2.5

                  We will usually be the lead and consolidated regulator of any Group headquartered as a Domestic Firm in the ADGM. Members of the Group, that is, any of the firm's Subsidiaries or Branches, will be either subject to our exclusive supervision or, where members of the Group are located in a jurisdiction outside the ADGM, generally subject to lead or consolidated supervision by us in co-operation with another regulator, provided we are satisfied that it meets appropriate regulatory criteria and standards.

              • Subsidiary of a non-ADGM firm

                • 3.2.6

                  We will be the host regulator for the purpose of prudential supervision of a firm which is an ADGM incorporated Subsidiary of a non-ADGM firm.

                • 3.2.7

                  Where a firm is a Subsidiary of a regulated non-ADGM parent company, we take into account any consolidated prudential supervision arrangements to which the firm is subject and will liaise with other regulators as necessary to ensure that these are adequately carried out, taking into account the firm's activities. We may place appropriate reliance on the firm's consolidated regulator in another jurisdiction if we are satisfied that it meets appropriate regulatory criteria and standards.

                • 3.2.8

                  A firm carrying on Regulated Activities as a Subsidiary of an unregulated non-ADGM parent company may be subject to our consolidated prudential supervision, taking into account the parent's activities.

              • Branch of a non-ADGM firm

                • 3.2.9

                  A firm carrying on Regulated Activities through a Branch will be subject to supervision by both us and the regulator in its head office jurisdiction.

                • 3.2.10

                  We will have regard to any lead or consolidated prudential supervision arrangements to which a firm is subject. We may place appropriate reliance on a firm's lead regulator in another jurisdiction and, where appropriate, it's consolidated prudential regulator if we are satisfied that it meets appropriate regulatory criteria and standards. Where a firm is subject to lead regulation arrangements with a foreign regulator, we will usually not seek to impose consolidated prudential supervision on the firm's Group.

                • 3.2.11

                  In determining the level of regulatory and supervisory oversight required for a specific firm, we will consider:

                  (a) the degree of home country regulation and supervision by the home regulator;
                  (b) the fitness and propriety of the head office and its Controllers;
                  (c) the strength of support, both financial and managerial, which the head office is capable of providing to the branch, taking into account the branch's activities and the adequacy of, among other things, the corporate governance framework and practices at the head office; and
                  (d) the risk and control mechanisms within the Branch itself.

                • 3.2.12

                  Based on this assessment, we may consider granting a waiver or modification notice in respect of specific prudential or other regulatory requirements relating to a Branch.

              • Periodic returns for Firms

                • 3.2.13

                  A firm is required to submit periodic returns. In addition, a firm may be required to submit copies of its Group's annual interim and audited accounts. We may also require a firm to provide copies of Group returns which are sent to any other regulator.

                • 3.2.14

                  Collecting this data in a timely and accurate manner is imperative to our risk management cycle.

              • Review of risk management systems

                • 3.2.15

                  Under GEN 3.3.4, a firm must ensure that its risk management systems provide the firm with the means to identify, assess, mitigate, monitor and control its risks. In addition to undertaking our own assessment of the firm, we may review the firm's internal risk self-assessment and determine the extent to which each of the firm's risks impacts on our objectives, the likelihood of the risk occurring, and the controls and mitigation programmes the firm has in place.

              • Desktop reviews

                • 3.2.16

                  We may undertake desktop analyses to review a firm's business activities and compliance with our laws. A desktop review may involve analysing information provided by the firm through periodic returns, internal management information, ad-hoc questionnaires, published financial information or specially requested information. Through monitoring key indicators and the development of the firm's business, we seek to detect emerging issues for further in-depth reviews through meetings with the firm's management, onsite examinations, or otherwise. Apart from reports such as regular prudential returns, we may from time to time also request from a firm additional supplementary information and documents, including non-financial information such as a firm's internal policies on particular areas of risk and compliance.

              • On-site visits

                • 3.2.17

                  On-site visits provide us with an overview of the firm's operations and enable us to form a first-hand view of the personnel, systems and controls and compliance culture within the firm as well as identifying and evaluating the risks to our objectives, taking into account any mitigation by the firm. They enable us to test the soundness of the firm's systems and controls and the extent to which we can continue to rely on them and the firm's senior management to prevent or mitigate risks to our objectives. On-site visits will also assist us to assess the extent of supervision and the use of other supervisory tools required to address certain key risk areas.

              • Periodic communications

                • 3.2.18

                  We are committed to open and transparent communication with firms. From time to time, we may issue letters to Senior Executive Officers or equivalent persons across the ADGM. Frequently, these letters will be issued as a means of communicating findings arising from thematic visits, emerging trends and risks in the financial sector, or in response to any major events or developments.

                • 3.2.19

                  From time to time, we may consider a particular item of communication to a firm to be of key regulatory importance. For this reason, it may be necessary to issue such communications directly to a senior member of staff at the board level of the ADGM entity copied (where appropriate) to the group's home regulator. For entities established as a Branch in the ADGM, these communications will likely be delivered to the Chairman of the Board at the ADGM Branch entity's head or Parent office. For ADGM incorporated entities, these communications will likely be delivered directly to the Chairman of the firm's board or head office. These communications may include, for example, the findings of our risk assessment visits where a risk mitigation plan has been sent that contains significant matters of concern to our objectives.

              • External Auditor reports, statements and meetings

                • 3.2.20

                  An Auditor of a firm is required to provide reports to us addressing the matters outlined in section 191 of the FSMR. As part of an audit, we would expect an Auditor to review any relevant correspondence between us and the firm (e.g. on matters of regulatory concern) and ensure that appropriate follow-up actions have been taken by the firm. We may also require the firm to commission the auditor to conduct a special purpose audit to certify and ensure that any risk mitigation plan has been appropriately implemented. Further, we may from time to time, request tripartite meetings between the firm's senior management, the Auditor, and ourselves.

              • Controllers — Our approval

                • 3.2.21

                  A person who proposes to become a Controller of a Domestic Firm or an existing Controller who proposes to increase the level of control which that person has in a domestic firm beyond the threshold of 20%, 30% or 50% is required to obtain our prior approval before doing so. Our assessment of a proposed acquisition or increase in control of a domestic firm is a review of such a firm's continued fitness and propriety and ability to conduct business soundly and prudently, and takes into account considerations set out in para 2.2.8.

                • 3.2.22

                  Under GEN Rule 8.8.5(1), a person who proposes either to acquire or increase the level of control in a Domestic Firm must provide written notice to us in such form as we shall set. We may approve of, object to or impose conditions relating to the proposed acquisition or the proposed increase in the level of control of the firm. If the information in the written application lodged with us is incomplete or unclear, we may in writing request further clarification or information. We may do so at any time during the processing of such an application. The period of 90 days within which we will make a decision will not commence until such clarification or additional information is provided to our satisfaction. We may, in our absolute discretion, agree to a shorter period for processing an application where an applicant requests for such a period, provided all the information required is available to us.

                • 3.2.23

                  Where we propose to object to or impose conditions relating to a proposed acquisition of or increase in the level of control in a domestic firm, we will first notify the applicant in writing of its proposal to do so and its reasons. We will take into account any representations made by an applicant before making our final decision.

                • 3.2.24

                  We may consider whether a person has become an unacceptable Controller as a result of any notification given by a firm, including under GEN Rule 8.8.11(2) or as a result of our own supervisory work. The considerations which we will take into account in assessing whether a person is an acceptable Controller are those set out in paragraphs 3.2.21 above.

                • 3.2.25

                  We may request, in writing, any further information required to enable us to complete our assessment of the application no later than the 50th Business Day of the assessment period.

            • 3.3 3.3 Supervision of Representative Offices

              • 3.3.1

                As part of our risk-based approach to supervising firms we may undertake periodic visits to Representative Offices and may also include Representative Offices in our thematic visits.

              • 3.3.2

                Onsite visits to Representative Offices are likely to focus on issues including:

                (a) confirming that activities undertaken by the Representative Office are allowed under its Financial Services Permission;
                (b) reviewing the adequacy of its systems and controls to comply with its responsibilities;
                (c) reviewing the material distributed by the Representative Office to ensure it is clear, fair and not misleading;
                (d) any solvency concerns with the head office or Group; and
                (e) the firm's disclosure of its regulated status.

              • 3.3.3

                The onsite visit is likely to include interviews with the Principal Representative and a review of relevant records.

            • 3.4 3.4 Supervision of Recognised Bodies

              • Introduction

                • 3.4.1

                  The FSMR and the Rules establishes a principles-based framework for the recognition and supervision of Recognised Bodies and for taking regulatory action against those recognised institutions. This framework is supplemented by supervisory powers and other requirements in MIR and MKT rulebooks.

              • Group supervision

                • 3.4.2

                  When we recognise a Recognised Body, we take into consideration the relationship with any wider group to which the Recognised Body may belong or with other Persons closely linked to it. We will also take into account lead or consolidated supervision to which a Recognised Body or its Group may be subject in another jurisdiction to the extent it is satisfied that it meets appropriate regulatory criteria and standards. This may lead to us placing some reliance on the supervisory arrangements in another jurisdiction or creating and participating in special arrangements for the supervision of the Recognised Body and its Group. The Recognised Body is expected to provide information required or reasonably requested in relation to these consolidated or lead supervisory arrangements before final supervisory arrangements are established.

                • 3.4.3

                  Each relationship will be considered on a case by case basis and according to the risks posed by the Recognised Body's activities identified during supervisory arrangements. Such supervisory arrangements may include a process to be agreed by us, the Recognised Body itself and other relevant regulators.

                • 3.4.4

                  Effective co-operation with regulators will provide for prompt exchange of information and co-operation in relation to supervision and enforcement between jurisdictions. This may include exchanges of information and co-operation in respect of activities conducted by a Recognised Body. Usually co-operation arrangements will be in the form of memoranda of understanding. The information exchange will enhance our understanding of the operations of the Group and the impact (if any) on the Recognised Body.

              • Application for a change in control

                • 3.4.5

                  GEN 8.8 sets out the requirements relating to a change in control. See also paragraphs 3.2.21 to 3.2.25 above.

              • Directions power

                • 3.4.6

                  MIR Chapter 6 empowers us to give a Recognised Body certain directions in relation to the Recognised Body's duties under the laws. It also gives us the power to direct a Recognised Body to do specified things, including closing the market, suspending transactions and prohibiting trading in Investments. MIR Chapter 6 also empowers us to exercise the powers contained in the Recognised Body's rules for participants as though it was the Recognised Body where we consider that the Recognised Body has not exercised the powers under those rules.

                • 3.4.7

                  In considering whether to exercise such powers, we may take into account the following factors:

                  (a) what steps the Recognised Body has taken or is taking in respect of the issue being addressed in the planned direction;
                  (b) the impact on our objectives if a direction were not issued; or
                  (c) whether it is in the interests of the ADGM.

                • 3.4.8

                  The written notice given by us will specify what a Recognised Body is required to do under the exercise of such directions. Though we are not required to do so under MIR, in most cases we will endeavour to contact the Recognised Body prior to issuing such a direction.

                • 3.4.9

                  Part 14 of the FSMR and MIR 6.1 allow us to direct a Recognised Body to suspend or delist Securities from its Official List. Such directions may take effect immediately or from a date and time as may be specified in the direction. MKT Chapter 2 contains details in this regard.

          • 4. 4. Supervisory And Enforcement Powers

            • 4.1 4.1 Introduction

              • 4.1.1

                This chapter sets out how we may exercise our supervisory and enforcement powers. We can exercise these powers in respect of any person who has been approved or recognised by us, including persons in senior positions.

              • 4.1.2

                Chapter 5 of this document describes how we will exercise additional powers when conducting enforcement activities.

              • 4.1.3

                The range of powers available to us includes the power to:

                (a) require information or documents (FSMR section 201 and 206);
                (b) require a firm to provide a report from a skilled person (FSMR section 203);
                (c) impose requirements on a firm (FSMR section 35);
                (d) issue a direction to a firm or an Affiliate for prudential purposes (FSMR section 202);
                (e) impose conditions on an Approved Person on our own initiative (FSMR section 48); and
                (f) suspend the Financial Services Permission of a firm (FSMR section 33).

              • 4.1.4

                In exercising a power specified in this Chapter (except when requesting information and/or documents; or a skilled person report), we will generally follow the decision making procedures set out in Chapter 7 of this document.

            • 4.2 4.2 Power to request information and documents

              • 4.2.1

                In order to supervise the conduct and activities of a firm, a Recognised Body, any director, officer, employee or agent of such firm or Recognised Body, we require access to a broad range of information relating to a Person's business. In particular, firms, Recognised Bodies, Approved Persons or Recognised Persons are expected to deal with us in an open and co-operative manner and disclose to us any information of which we would reasonably expect to be notified.

              • 4.2.2

                We may require a person referred to in paragraph 4.2.1 above to give information and produce documents about its business (including reports prepared by external parties such as consultants appointed by the firm or Recognised Body), transactions or employees to us. When we require the giving of information or production of documents, it will give the person a written notice specifying what is required to be given or produced.

              • 4.2.3

                We may exercise this power either within, or outside, the ADGM.

            • 4.3 4.3 Power to require a report

              • 4.3.1

                We may require a firm or Recognised Body to provide it with a report from a skilled person on specified matters, in circumstances where:

                (a) we have concerns about the adequacy of systems and controls (such as compliance, internal audit, anti-money laundering, risk management and record keeping);
                (b) we seek verification of information submitted by it; or
                (c) we require remedial action to ensure the firm or Recognised Body complies with the laws.

              • 4.3.2

                GEN 8.12 sets out various requirements relating to the appointment of a skilled person, including:

                (a) give written notification to the firm or Recognised Body, by us, concerning the purpose of the proposed report, the scope, the timetable for completion and any other relevant matters;
                (b) specify the nature of the concerns, by us, that led to the decision to appoint a skilled person and the uses we may have for the results of any skilled person's report;
                (c) the skilled person must be appointed by the firm or Recognised Body and be nominated or approved by us;
                (d) a firm or Recognised Body is required to ensure it provides all assistance that the skilled person may reasonably require and ensure that the skilled person co-operates with us; and
                (e) a firm or Recognised Body is required to pay for the services of the skilled person.

            • 4.4 4.4 Power to impose requirements on a firm or Recognised Body

              • 4.4.1

                We may impose a requirement on a firm or Recognised Body under FSMR section 35, so as to:

                (a) require a firm or Recognised Body to take action specified by us; or
                (b) require a firm or Recognised Body to refrain from taking action specified by us.

              • 4.4.2

                Examples of requirements that we may consider imposing include, among other things, a requirement:

                (a) not to take on new business;
                (b) not to hold or control Client Money;
                (c) not to trade in certain categories of Specified Investment;
                (d) prohibiting or restricting the disposal of, or other dealing with, any of the firm's or Recognised Body's assets (whether in the ADGM or elsewhere); and
                (e) that all or any of the firm's assets (or all or any assets belonging to investors but held by the firm or Recognised Body) must be transferred to a trustee approved by us.

              • 4.4.3

                We may exercise our power under paragraph 4.4.1 above in certain circumstances, as set out in FSMR section 35(2) and GEN 8.13.1, including where:

                (a) the firm or Recognised Body is failing, or is likely to fail, to satisfy the Threshold Conditions when it was first granted a Financial Services Permission including:
                (i) having adequate and appropriate resources;
                (ii) being fit and proper to carry on a activity regulated by us for which it has an authorisation or recognition;
                (iii) capability of being effectively supervised; and
                (iv) having adequate compliance arrangements to enable it to comply with all applicable legal requirements.
                (b) the firm or Recognised Body has committed a contravention of the FSMR, Rules or other enactments or subordinate legislation administered by us;
                (c) the firm or Recognised Body has failed, during the period of at least 12 months, to carry on an activity regulated by us to which the Financial Services Permission relates; or
                (d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.

              • 4.4.4

                In determining whether to exercise our power under section 35 of the FSMR, we may take into account relevant facts and circumstances including, the following:

                (a) whether we have concerns about the fitness and propriety of the firm or Recognised Body;
                (b) whether the firm's or Recognised Body's resources are adequate for the scale or type of activity which the firm is authorised to undertake;
                (c) whether the firm or Recognised Body has conducted its business in compliance with the FSMR and the Rules;
                (d) whether the firm or Recognised Body has ensured full compliance with applicable money laundering or counter terrorism legislation; and
                (e) whether the firm's or Recognised Body's management is able to address the Regulator's concerns about the firm or Recognised Body, or the way the business is being or has been run.

              • 4.4.5

                When exercising this power, we will have regard to the principle that any restriction imposed on a firm or a Recognised Body should be proportionate to the objectives which we are seeking to achieve.

            • 4.5 4.5 Power to cancel a Financial Services Permission or revoke recognition

              • At the request of a firm

                • 4.5.1

                  On application of the firm or Recognised Body (in such firm as we shall prescribe), we may exercise our powers to vary or cancel a firm's Financial Services Permission or a Recognised Body's recognition (See FSMR section 32(2)).

                • 4.5.2

                  Depending on the circumstances, we may need to consider whether we should first use our powers to impose requirements on a firm or Recognised Body or to vary a firm's Financial Services Permission or Recognised Body's recognition, before going on to cancel or revoke the Financial Services Permission.

              • On our own initiative

                • 4.5.3

                  We may exercise our powers to cancel a Financial Services Permission to carry on one or more Regulated Activities, or to revoke recognition in respect of a Recognised Body (see FSMR sections 33 and 134(2)), respectively where:

                  (a) firm or Recognised Body is failing, or is likely to fail, to satisfy the threshold conditions;
                  (b) firm or Recognised Body has committed a contravention of the laws administered by us;
                  (c) firm or Recognised Body has failed, during the period of at least 12 months, to carry on a Regulated Activity to which the Financial Services Permission or recognition relates; or
                  (d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.

                • 4.5.4

                  Circumstances when we may exercise our powers to cancel a Financial Services Permission or revoke a recognition include, among other things, where:

                  (a) we have serious concerns about the manner in which the business of the firm or Recognised Body has been or is being conducted;
                  (b) we consider it necessary to protect regulated entities and customers in the ADGM;
                  (c) the firm or Recognised Body has failed to have or maintain adequate financial resources or a failure to comply with regulatory capital requirements;
                  (d) the firm or Recognised Body has not submitted regulatory returns in a timely fashion or has provided false information in regulatory returns;
                  (e) as a result of withdrawal of authorisation in relation to one or more Regulated Activities, the firm or Recognised Body is no longer authorised to carry on a Regulated Activity;
                  (f) whether the firm or Recognised Body no longer satisfies the relevant criteria in respect of the fitness and propriety to carry on a Regulated Activity or hold a Financial Services Permission or recognition order (set out in GEN, Chapter 5 and MIR Chapters 2 and 4);
                  (g) the firm or Recognised Body has repeatedly contravened the FSMR or the Rules.

            • 4.6 4.6 Power to impose conditions on the status of an Approved Person

              • 4.6.1

                We may at any time by a written notice to an Approved Person and the relevant firm:

                (a) impose conditions on the grant of Approved Person status (FSMR section 48); and
                (b) vary or withdraw conditions imposed on the grant of such status (FSMR section 46).

              • 4.6.2

                We may exercise this power in circumstances where:

                (a) the Approved Person has not exercised the expected level of skill, care and diligence in carrying out the Controlled Function;
                (b) the conduct of the Approved Person is inconsistent with the requirements and standards expected; or
                (c) we have concerns about the fitness and propriety of the Approved Person (but not such as to warrant the suspension or withdrawal of an Approved Person's status pursuant to section 46 of FSMR).

            • 4.7 4.7 Power to withdraw the status of an Approved Person

              • 4.7.1

                Under section 46 of the FSMR, we may withdraw an individual's Approved Person status given under section 45 of FSMR, if we consider that the Approved Person is no longer fit and proper to perform the Controlled Function in question, including for example, where:

                (a) the individual is in breach of an obligation applicable as a result of their Approved Person status;
                (b) the Financial Services Permission of the relevant firm is withdrawn;
                (c) the individual becomes bankrupt;
                (d) the individual is convicted of an offence that would be considered relevant to his integrity and honesty, or his ability to perform his functions;
                (e) the individual becomes incapable, through mental or physical incapacity, of managing his affairs; or
                (f) the individual or the relevant firm asks us to withdraw the relevant status.

              • 4.7.2

                In determining whether to exercise its power under section 46 of FSMR, we will have regard to all relevant matters including, but not limited to:

                (a) the criteria for assessing the fitness and propriety of an Approved Person as set out in GEN Chapter 5 (GEN 5.2.9) and paragraph 2.3 of this document;
                (b) the commission of any offences involving dishonesty, fraud or a Financial Crime by the Approved Person;
                (c) whether other enforcement action should be taken, or has already been taken, against the Approved Person by us or by other enforcement agencies;
                (d) the particular Controlled Function the Approved Person is or was performing;
                (e) the nature and activities of the firm concerned;
                (f) the markets in which the firm operates; and
                (g) the severity of the risk which the individual poses to consumers and to confidence in the ADGM financial system.

              • Disqualification of Auditors and actuaries under section 233 of the FSMR

                • 4.7.3

                  We recognise that the use of our powers to disqualify Auditors and actuaries from being an Auditor of, or acting as an actuary for, a firm will have serious consequences for the Auditors or actuaries concerned and their clients.

                • 4.7.4

                  In deciding whether to exercise our power to disqualify an Auditor or actuary under section 233(3) of FSMR, and what the scope of any disqualification will be, we will take into account all the circumstances of the case, including:

                  (a) the nature and seriousness of any contravention of the FSMR or Rules and the effect of that contravention;
                  (b) whether any contravention of the FSMR or Rules, or any failure to disclose information to us, has resulted in, or is likely to result in:
                  (i) loss to customers;
                  (ii) damage to the reputation of the ADGM; or
                  (iii) an increased risk that an firm, Recognised Body or Reporting Entity may be used for the purposes of Financial Crime;
                  (c) any action taken by the Auditor or actuary to remedy the contravention;
                  (d) any disciplinary action taken (or to be taken) against the Auditor or actuary by a relevant professional body, and whether that action adequately addresses the particular contravention; and
                  (e) the previous compliance record of the Auditor or actuary concerned, and whether the relevant regulatory body or professional body has imposed any previous disciplinary sanctions on the firm, Recognised Body, Reporting Entity or individual concerned.

          • 5. 5. Enforcement

            • 5.1 5.1 Our approach to enforcement

              • Introduction

                • 5.1.1

                  This Chapter sets out our approach to enforcement including how we may commence and conduct investigations and exercise our powers to address any misconduct or contravention of the FSMR or Rules. Our approach to imposing a penalty can be found in Chapter 6 of this document.

                • 5.1.2

                  The fair and proportionate use of our enforcement powers plays a critical role in fulfilling our objectives as set out in section 1(3) of FSMR.

                • 5.1.3

                  There are a number of principles underlying our approach to the exercise of our enforcement powers, including:

                  (a) the effectiveness of the regulatory regime depends on the maintenance of an open and co-operative relationship between us and those we regulate;
                  (b) we adopt a risk-based approach to regulation, focusing our efforts on those activities that we perceive as posing the greatest risk to the furtherance of our objectives;
                  (c) we will act fairly, openly, accountably and proportionally in the exercise of our enforcement powers;
                  (d) we will act swiftly and decisively to stop conduct which threatens the integrity of the ADGM or the stability of the financial services industry in the ADGM, minimise its effects, and prevent such conduct re-occurring;
                  (e) we aim to:
                  (i) deter or reduce the likelihood of future non-compliance;
                  (ii) reduce or eliminate any financial gain or benefit from non-compliance; and
                  (iii) where appropriate, remedy the harm caused by the non-compliance.

            • 5.2 5.2 Enforcement framework

              • Introduction

                • 5.2.1

                  Enforcement is one of a number of regulatory tools available to us. We will take enforcement action in line with our objectives and approach to enforcement and may conduct investigations where there is a suspected contravention.

                • 5.2.2

                  As a risk-based regulator, priority will be given to those areas which pose the biggest risk to achieving our objectives.

                • 5.2.3

                  The proactive supervision and monitoring of Authorised Persons and an open and cooperative relationship between such Authorised Persons and their supervisors may, in some cases where a contravention of the FSMR or Rules has taken place, lead us to decide against taking formal disciplinary action. In those cases, we would expect the firm or person to act promptly in taking the necessary remedial action agreed with its supervisors to deal with our concerns. If the firm or person does not take such action, we may then proceed to take formal enforcement action.

              • General contravention provisions

                • 5.2.4

                  Pursuant to section 218 of FSMR, a person commits a contravention if he:

                  (a) does an act or thing that the person is prohibited from doing by or under the FSMR or Rules;
                  (b) does not do an act or thing that the person is required or directed to do by or under the FSMR or Rules;
                  (c) fails to comply with a requirement or condition imposed by or under the FSMR or the Rules; or
                  (d) otherwise contravenes a provision of the FSMR or Rules.

              • Involvement in contravention

                • 5.2.5

                  If a person is Knowingly Concerned in a contravention of the FSMR or Rules committed by another person then, under section 220 of FSMR, both persons may be held liable for committing a contravention.

                • 5.2.6

                  A person is "Knowingly Concerned" in a contravention if the person:

                  (a) has aided, abetted, counselled or procured the contravention;
                  (b) has induced, whether by threats or promises or otherwise, the contravention;
                  (c) has in any way, by act or omission, directly or indirectly, been knowingly involved in or been party to, the contravention; or
                  (d) has conspired with another or others to commit the contravention.

              • Enforcement assessment: Threshold Conditions cases

                • 5.2.7

                  We may take enforcement action against an Authorised Person who no longer meets the Threshold Conditions. . We view the Threshold Conditions as being fundamental requirements for a firm operating within the ADGM under a Financial Services Permission.

              • Decision to take action

                • 5.2.8

                  We will make an assessment on a case by case basis whether to carry out a formal investigation, having considered all the available information, including:

                  (a) elements of suspected contravention of the FSMR or Rules;
                  (b) the Authorised Person's willingness to co-operate with us;
                  (c) whether confidentiality obligations prevent individuals from providing information unless we compel them to do so by using our formal powers; and
                  (d) whether the Authorised Person concerned has undertaken, or offered to undertake, remedial action.

              • Enforcement process

                • 5.2.9

                  When taking enforcement action, we will generally adopt the following process:

                  (a) Step 1 — Assessment of complaints and referrals (paragraph 5.3);
                  (b) Step 2 — Commencement of an investigation (paragraph 5.4);
                  (c) Step 3 — Information gathering (paragraph 5.5);
                  (d) Step 4 – Analysis of information provided (paragraph 5.7);
                  (e) Step 5 — Assessment of remedies (paragraph 5.8); and
                  (f) Step 6 — Conclusion of the investigation (paragraph 5.19).

            • 5.3 5.3 Step 1 — Assessment of complaints and referrals

              • 5.3.1

                Assessment of complaints and referrals concerning suspected misconduct or suspected contraventions is a key function of our regulatory remit and enforcement framework. Every complaint and referral, regardless of source, is assessed to determine whether an investigation or other action ought to take place.

              • Sources of complaints and referrals

                • 5.3.2

                  We may become aware of suspected misconduct or suspected contraventions from a variety of sources, including:

                  (a) members of the public;
                  (b) our supervisory activities; and
                  (c) other external regulatory authorities or law enforcement agencies.

              • Complaints

                • 5.3.3

                  Complaints received by us from members of the public which relate to:

                  (a) any conduct of, or dissatisfaction with, any person regulated by us;
                  (b) a potential contravention of the FSMR or Rules; or
                  (c) any conduct that causes, or may cause, damage to the reputation of the ADGM or the financial services industry in the ADGM;

                  are classified as regulatory complaints and are assessed through our complaints management function.

                • 5.3.4

                  A person wishing to lodge a regulatory complaint with us should, where possible, do so in writing. A complaint can be lodged:

                  (a) by email to: FSRA.Complaints@adgm.com;
                  (b) by sending the complaint to Financial Services Regulatory Authority, Abu Dhabi Global Market PO Box 111999, Abu Dhabi, United Arab Emirates; or
                  (c) delivering the complaint to us at Financial Services Regulatory Authority, Abu Dhabi Global Market Square, Al Maryah Island Abu Dhabi, United Arab Emirates.

                • 5.3.5

                  When a complaint is received, we will send an acknowledgement letter to the complainant which will include the contact details of our complaints management function.

                • 5.3.6

                  If, during the assessment of a regulatory complaint, we identify suspected misconduct or a suspected contravention, we will refer the complaint to the relevant staff member. After that, the relevant department assumes responsibility for the complaint and undertakes further consideration of the complaint.

                • 5.3.7

                  All complaints lodged with us are held in confidence in accordance with the FSMR. However, in order to assess a complaint properly, we may need to speak to third parties including any person who is the subject of the complaint.

              • Referrals

                • 5.3.8

                  There are two types of referrals — internal and external.

                  (a) Internal referrals

                  Internal referrals originate from our supervisory activities. Our supervisory framework is designed to detect and mitigate risks to the ADGM and the financial services industry in the ADGM.

                  An internal referral occurs when our supervision division refers a matter to our enforcement department, when the supervisory department has identified possible contraventions.

                  When the enforcement division receives an internal referral, the referring division may continue to be responsible for the on-going supervision of the firm who may be the subject of the referral.
                  (b) External referrals

                  We may also receive allegations of misconduct through an external referral from other regulatory authorities and law enforcement agencies or any other person.

                  Such allegations may be received pursuant to the IOSCO or IAIS Multilateral Memoranda of Understanding (MMoU), or bilateral arrangements for the exchange of information between us and other regulatory and enforcement agencies.

            • 5.4 5.4 Step 2 — Commencement of investigations

              • Introduction

                • 5.4.1

                  On receipt of an internal or external referral, the allegation will be assessed to determine if there is a suspicion of a contravention. If a suspicion arises and it is appropriate and expedient, we may start an investigation.

                  Section 205 of FSMR empowers us to conduct investigations if we consider there is good reason to do so, including investigations into reasonable suspicions of contraventions of FSMR and Rules.

                • 5.4.2

                  In determining whether to commence an investigation, we will consider a number of factors including:

                  (a) the nature and seriousness of the suspected contravention;
                  (b) whether the suspected contravention is on-going;
                  (c) whether the suspected contravention affects, or has the potential to affect, our objectives;
                  (d) whether those involved in the suspected contravention are likely to cooperate;
                  (e) the disciplinary record and compliance history of the person(s) involved in the suspected contravention;
                  (f) whether, if proven, a suitable remedy is available;
                  (g) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter;
                  (h) the nature of any request for assistance made by another regulator or body under sections 216 or 217of FSMR; and
                  (i) whether any party who may have suffered a detriment as a result of the suspected contravention is able to take his own remedial action.

                • 5.4.3

                  Whether we "reasonably suspect" a contravention is a question which we will determine on the facts and circumstances available at the time of the determination to commence investigation.

                • 5.4.4

                  While we are not bound to disclose to any party that an investigation has commenced or is on-going, or the basis on which an investigation is commenced, we may where necessary or desirable to do so, notify a person who is the subject of an investigation that an investigation has commenced, and the nature of our investigation.

                • 5.4.5

                  We will not normally make public the fact that we are investigating a matter. We also expect that the person who is the subject of an investigation will treat the matter as confidential. However, subject to the restrictions on disclosure of confidential information in sections 197 and 198 of the FSMR, this does not stop the person under investigation from seeking professional advice or making their own enquiries into the matter, giving their Auditors appropriate details of the matter or making notifications required by law.

            • 5.5 5.5 Step 3 — Information gathering

              • Introduction

                • 5.5.1

                  Once an investigation has commenced, we may exercise our powers to gather information to advance our objectives.

                • 5.5.2

                  Our information-gathering powers may only be exercised by the Chief Executive or his delegate(s). The delegation need not be limited to our employees and can extend to other, non FSRA staff who are able to assist the investigation.

              • Power to require documents or information

                • 5.5.3

                  During an investigation, the investigator may obtain relevant information and/or documents either: on a compulsory basis, principally through the exercise of its powers under section 206(1)(b) and (c) of FSMR, and/or on a voluntary basis.

                • 5.5.4

                  Our compulsory information gathering powers are divided into two broad categories – supervisory and investigative. When we require the giving of information or production of documents, we will generally give the Person a written notice specifying what is required to be given or produced.

                • 5.5.5

                  Under our supervisory powers, we may require a Person to give us information and produce documents about its business under section 201 of the FSMR. The power of section 201 of FSMR permits us to request information and documents from an Authorised Person, Recognised Body, Issuer of Securities admitted to the Official List and any director, officer, employees or agent of such Authorised Person, Recognised Body or Issuer, which we consider is necessary or desirable to meet our objectives.

                • 5.5.6

                  Under our investigative powers, we also have the power to require documents or information under section 206(1)(b) and (c) of the FSMR. Unlike the supervisory power under s201, the powers under section 206 may only be used:

                  (a) for the purposes of an investigation; and
                  (b) in circumstances where the investigator considers that a person is or may be able to give information or produce a document which is or may be relevant to an investigation.

              • Power to Inspect and copy documents

                • 5.5.7

                  The section 206(1)(e) of FSMR permits the investigator to enter the business premises of the person under investigation for the purpose of inspecting and copying documents.

                • 5.5.8

                  The investigator will generally not provide prior notice of an inspection in circumstances where the provision of prior notice may prejudice the investigation.

                • 5.5.9

                  When exercising this power, the investigator may:

                  (a) require any appropriate person to:
                  (i) make available any relevant information stored at the business premises for inspection or copying; or
                  (ii) convert any relevant information into a physical form capable of being copied; and
                  (b) use the facilities of the occupier of the business premises where appropriate and necessary, free of charge, to make copies.

              • Power to require production of information

                • 5.5.10

                  Section 206(1)(c) of FSMR empowers the investigator to require a person to give, or procure the giving of, information. The term "information" should be interpreted broadly, in accordance with its ordinary meaning, and may include

                  (a) knowledge communicated or received concerning a particular matter, fact or circumstance;
                  (b) knowledge gained through work, commerce, study, communication, research or instruction;
                  (c) data obtained as output from a computer by means of processing input data with a program or any data at any stage of processing including input, output, storage or transmission data;
                  (d) an explanation or statement about a matter;
                  (e) the identification of a person, matter or thing; or
                  (f) the provision of a response to a question.

              • Power to require production of documents

                • 5.5.11

                  Section 206(1)(b) of FSMR empowers the investigator to require a person to produce, or procure the production of, specified documents or documents of a specified description. Specified documents may include, for example, any record of information, including:

                  (a) anything on which there is writing;
                  (b) anything on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them;
                  (c) anything from which sounds, images or writings can be reproduced with or without the aid of anything else; or
                  (d) a map, plan, drawing or photograph.

                • 5.5.12

                  Section 206(1)(b) of FSMR empowers the investigator to require production of original documents or copies.

                • 5.5.13

                  When exercising his powers under section 206(1)(b) of FSMR, the investigator may retain possession of any original document for as long as is necessary for the investigation to which the notice relates. When a person is unable to produce documents in compliance with a requirement made by the investigator, the investigator may require the person to state, to the best of that person's knowledge or belief, where the documents may be found and who last had possession, custody or control of those documents.

              • Time for responding to information and document requirements

                • 5.5.14

                  As delays in the provision of information and/or documents can have an adverse impact on the efficient and effective progression of an investigation, we expect persons to respond to information and document requests within the timeframe required by us, in particular where a deadline for submission has been imposed.

              • Power to require a Person to attend an interview

                • 5.5.15

                  Section 206(1)(a) of FSMR empowers the investigator has the power to require a person (the interviewee) to attend before us (the interviewer) for an interview to provide oral evidence relevant to an investigation we are conducting.

                • 5.5.16

                  A person attending an interview will first be served with a written notice requiring his attendance. Pursuant to section 206(5) of FSMR, an interviewee is not entitled to refuse or fail to answer a question on the basis that his answers may incriminate him, make him liable for a penalty or reveal communications made in confidence (subject to section 209(6) of the FSMR).

                • 5.5.17

                  An interview will be conducted in private and the interviewer may give directions to the interviewee regarding:

                  (a) who may be present during the interview;
                  (b) swearing an oath, or giving an affirmation, that the answers provided will be true;
                  (c) what, if any, information may be disclosed by the interviewee or any other person present at the interview to any third party;
                  (d) the conduct of any person and the manner in which they will participate during the interview; and
                  (e) answering any question which is relevant to the investigation.

                • 5.5.18

                  An interviewee is entitled to legal representation during the course of an interview.

              • Power to require a Person to provide assistance

                • 5.5.19

                  Section 206(1)(d) of FSMR empowers the investigator to require a person to provide assistance in relation to an investigation, which may include requiring a person to do a physical act or provide information to advance an investigation. For example, it may require a person to assist in the location of specific documents.

                • 5.5.20

                  This power can be used independently, or in conjunction with, the exercise of other investigative powers. For example, the investigator can exercise its powers under section 206(1)(a) of FSMR to require a person to attend an interview and under section 206(1)(d) of FSMR, to require the interviewee to provide reasonable assistance during or after the interview. For example, the interviewee may be required, during the interview, to explain the context of a document shown to him, or, after the interview, to locate and later produce a document referred to during the interview.

            • 5.6 5.6 Power to enter the premises for the purposes of an investigation

              • 5.6.1

                For the purposes of an investigation conducted under section 205 of FSMR, we may require any Authorised Person or Recognised Body to allow entry on to the premises (during normal business hours or at any other time as may be agreed) for the purpose of inspecting and copying information or documents (at the relevant person's expense).

              • 5.6.2

                We will provide reasonable notice to an Authorised Person, Recognised Body, or other person when we seek information, documents or access to premises. In exceptional circumstances, such as where any delay may be prejudicial to the interests of the ADGM, we may seek access to premises without the giving of prior notice.

              • Confidentiality

                • 5.6.3

                  When carrying out our regulatory functions, we must maintain confidentiality of information, unless disclosure is permitted by section 199 of FSMR. We have issued a separate policy statement on Confidentiality and it is available on our website.

                • 5.6.4

                  We may also impose obligations of confidentiality in respect of information and documents provided during the exercise of an investigator's powers under section 206(1) of FSMR.

                • 5.6.5

                  The investigator can make directions to protect the confidentiality of information and documents which are part of an interview, in accordance with section 206(4)(b) of FSMR.

                • 5.6.6

                  We or our investigator conducting an interview pursuant to section 206(1)(a) of FSMR may direct any person present during the interview from disclosing any information provided to the interviewee or questions asked by the interviewer during the interview.

                • 5.6.7

                  Directions under section 206(4) of FSMR are made to ensure that an investigation is not prejudiced by the disclosure of the nature of the information sought or the questions asked during an investigation. In each case, we need to consider whether or not such directions are appropriate in the circumstances of that matter.

              • Protections

                • 5.6.8

                  Parties who are required to comply with a requirement made by us during the course of an investigation, and persons who are the subject of an investigation, may benefit from certain protections in the FSMR, including:

                  (a) section 198, which provides that confidential information provided to us must not be disclosed except in certain limited circumstances;
                  (b) section 207(2), which provides that where a person takes part in an interview, any statements made during the interview cannot be disclosed by the investigator to a law enforcement agency for the purpose of criminal proceedings unless the person consents to the disclosure or the investigator is required by law or court order to disclose the statement; and
                  (c) claims of legal professional privilege and other protections (see paragraph 5.6.9 – 5.6.10 below)

              • Claims of privilege and other protections

                • 5.6.9

                  As set out in sections 210 and 211 of FSMR, there are a number of limitations on our powers to require documents and information.

                • 5.6.10

                  we will recognise a valid claim for Legal Professional Privilege (LPP), made by:

                  (a) the privilege holder, or
                  (b) a third party seeking to assert the LPP claim on behalf of the privilege holder.

              • Non-compliance with requirements

                • 5.6.11

                  Pursuant to section 214 of FSMR, a person must not, without reasonable excuse, engage in conduct that is intended to obstruct us in the exercise of our investigative powers by any means, including:

                  (a) the failure to attend at a specified time and place to answer questions;
                  (b) the falsification, concealment or destruction of documents;
                  (c) the failure to give or produce information or documents specified by us
                  (d) the failure to provide assistance in relation to an investigation which the person is able to give.

                • 5.6.12

                  We will regard any breach of a requirement under Part 17 of FSMR as serious and take appropriate action where necessary.

              • Return of information and documents

                • 5.6.13

                  Where, during the course of an investigation, we have obtained original documents, we will usually return these to the person from whom the documents were received, as soon as practicable after the conclusion of the investigation or related proceedings.

                • 5.6.14

                  Where information or documents have been produced to us in the course of an investigation to assist another regulator or agency, we may release the information or documents to that other regulator or agency. The information and documents will usually be returned to the person from whom the information and documents were received, as soon as practicable after receiving them back from the other regulator or agency.

            • 5.7 5.7 Step 4 — Analysis of information provided

              • 5.7.1

                On completion of the information gathering step, we will carefully consider all the relevant facts and circumstances of the matter to determine:-

                (a) whether there has been a contravention of the FSMR or the Rules; and
                (b) if so, if there is a regulatory benefit of pursuing the contravention in question.

              • 5.7.2

                The effective and proportionate use of our powers to enforce the requirements of the FSMR and the Rules will play an important role in our pursuit of our objectives as set out in section 1(3) of the FSMR. Imposing financial penalties, public censures and other disciplinary measures shows that we are upholding regulatory standards and helps to maintain market confidence and deter financial crime.

              • 5.7.3

                However, they are not the only tools available to us, and there will be instances of non-compliance which we consider appropriate to address without the use of such tools. For example, consistent with our risk-based approach to regulation, activities that are not seen as posing a significant risk to the furtherance of our objectives may not attract the same remedies as activities which we are seeking to prioritise.

              • 5.7.4

                At the conclusion of an investigation, we may:

                (a) take no further action;
                (b) commence a settlement negotiation;
                (c) accept a settlement;
                (d) accept an enforceable undertaking;
                (e) refer a matter for determination to a delegated decision-maker, e.g. for the
                (i) imposition of a financial penalty;
                (ii) imposition of a public censure;
                (iii) variation or cancellation of a Financial Services Permission;
                (iv) imposition of conditions on an Approved Person;
                (v) suspension or withdrawal of an Approved Person's Approval; or
                (vi) revocation of recognition of a Recognised Body;
                (f) commence Court proceedings; or
                (g) exercise a power on behalf of another regulator.

            • 5.8 5.8 Step 5 — Assessment of Remedies

              • 5.8.1

                There is a range of remedies which we may pursue to achieve our objectives, including:

                (a) financial penalties;
                (b) public censure;
                (c) private warning; and
                (d) injunctions and other court orders.

              • 5.8.2

                We may, in any matter, pursue more than one remedy.

              • 5.8.3

                We do not have criminal jurisdiction. Should criminal conduct be identified, it will be referred to the appropriate law enforcement agency.

            • 5.9 5.9 Financial penalties

              • 5.9.1

                We may seek to impose a financial penalty under section 232 of FSMR on a person whom we consider has contravened a provision of the FSMR or the Rules. We may impose a financial penalty in any amount considered appropriate, provided such amount is not less than 5,000 UAE Dirhams and not exceeding the higher of 50 million UAE Dirhams or 10% of the value of the relevant transaction.

              • 5.9.2

                In determining whether to impose a financial penalty, and the quantum of the financial penalty, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in Chapter 6 of this document.

              • 5.9.3

                Prior to making a decision, we will follow the procedures set out in Part 21 of the FSMR (see also Chapter 7 of this document for guidance).

            • 5.10 5.10 Public censure

              • 5.10.1

                We may, under section 231 of FSMR, seek to publicly censure a person whom we consider has contravened a provision of the FSMR and Rules.

              • 5.10.2

                In determining whether to publicly censure a person, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in paragraph 6.3 of this document.

            • 5.11 5.11 Private warnings

              • 5.11.1

                In certain cases, despite concerns about a person's behaviour or evidence of a breach of the FSMR or the Rules, we may decide that it is not appropriate, having regard to all the circumstances of the case, to bring formal action for a financial penalty or public censure, or that an alternative regulatory outcome is preferable in light of the circumstances of the case. This is consistent with our risk-based approach to enforcement.

              • 5.11.2

                Private warnings is a non-statutory tool, primarily used by us as an enforcement tool, but they may also be used in other departments. Whilst a private warning is not intended to be a determination by us as to whether the recipient has breached a provision of the FSMR or the Rules, private warnings, together with any comments received in response, will form part of the person's compliance history.

              • Instances where we may issue a private warning

                • 5.11.3

                  We may give a private warning rather than take formal action where the matter giving cause for concern is minor, or where the person has taken full and immediate remedial action. In any event, we will take into account all the circumstances of the case before deciding whether a private warning is appropriate.

                  Generally, we would expect to use private warnings in the context of Authorised Person, Recognised Bodies and Approved Persons. However, we may also issue private warnings in circumstances where the persons involved may not necessarily be authorised or approved, including, for example, in potential cases of Market Abuse.

            • 5.12 5.12 Injunctions and orders

              • 5.12.1

                We have a broad power to make an application to the ADGM Court for injunctive relief and other orders (see FSMR, sections 236 — 238). The ADGM Court may make one or more of the following orders:

                (a) an order restraining a person that is engaging in conduct that would constitute a contravention;
                (b) an order requiring a person to do an act or thing to remedy a contravention or to minimise loss or damage; or
                (c) any other order as the Court sees fit, including an order restraining the transfer of assets or the departure of individuals from the jurisdiction of the court.

              • 5.12.2

                In deciding whether an application for an injunction is appropriate, we will consider all relevant circumstances including:

                (a) the nature and seriousness of the contravention;
                (b) whether the contravention is on-going;
                (c) whether the contravention affects, or has the potential to affect, our objectives;
                (d) where we consider it necessary to protect regulated entities and clients in the ADGM;
                (e) whether there is a danger of assets being dissipated or removed from the jurisdiction of the Court;
                (f) whether there is a danger that a person or persons may leave the jurisdiction and, if so, the effect that his or their absence may have on the effectiveness of the court's orders;
                (g) costs we would incur in applying for and enforcing an injunction and the likely effectiveness of such an injunction or other order;
                (h) the disciplinary record and compliance history of the person;
                (i) whether the losses suffered are substantial;
                (j) whether the assets at risk are substantial;
                (k) whether the number of clients at risk is significant;
                (l) whether the conduct in question can be adequately addressed by other disciplinary measures;
                (m) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter in question; and
                (n) whether there is a reason to believe that the person who is the subject of the possible application is or has been involved in money laundering, terrorist financing or other form of financial crime or criminal conduct.

            • 5.13 5.13 Actions for damages

              • 5.13.1

                Section 242 of FSMR provides that where a person:

                (a) intentionally, recklessly or negligently commits a breach of duty, requirement, prohibition, obligation or responsibility imposed under the FSMR; or
                (b) commits fraud or other dishonest conduct in connection with the matter arising under the FSMR;

                the person is liable to compensate any other person for any loss or damage caused to that other person as a result of such conduct.

              • 5.13.2

                Section 242 of FSMR gives us, and any aggrieved persons, broad powers to make application for recovery of damages where there has been an identified contravention of the FSMR or Rules administered by us. An aggrieved person may exercise rights provided under section 242 of FSMR independently of, or contemporaneously with, us.

              • 5.13.3

                In determining whether to commence proceedings, we will take into account all relevant circumstances, including:

                (a) the nature and seriousness of the suspected contravention;
                (b) whether the suspected contravention is on-going;
                (c) whether the contravention affects, or has the potential to affect, our objectives;
                (d) whether a party who may have suffered detriment as a result of the alleged contravention is able to take his own remedial action;
                (e) in circumstances where more than one person has suffered loss or damage:
                (i) the number of those that have suffered loss or damage and the amount of loss or damage involved; and
                (ii) whether it is convenient or possible for a class of aggrieved persons to commence a proceeding;
                (f) the cost we would incur in applying for or enforcing any order that it is successful in obtaining;
                (g) whether the conduct in question can be adequately addressed by the use of other regulatory powers;
                (h) whether redress is available elsewhere or through another Non-ADGM Financial Services Regulator;
                (i) whether there is a reason to believe that the person is or has been, involved in money laundering, terrorist financing or other form of financial crime or criminal conduct;
                (j) whether the profits are quantifiable;
                (k) whether the person is solvent; and
                (l) whether we have a reasonable prospect of success in the relevant proceedings.

              • Determining the amount of restitution

                • 5.13.4

                  In determining the amount of compensation payable in accordance with section 241 of FSMR, we may obtain information relating to the amount of profits made and/or losses or any other adverse effects resulting from the conduct of Authorised Person, Recognised Bodies or unauthorised persons.

                • 5.13.5

                  As well as obtaining information through the use of our information gathering powers, we may consider using our powers under section 203 of FSMR to require an Authorised Person or Recognised Body to provide a report prepared by a Skilled Person, or appoint a Skilled Person ourselves to prepare a report. A Skilled Person's report may be requested to assist us to determine:

                  (a) the amount of profits which have been made by the Authorised Person or Recognised Body;
                  (b) whether the conduct of the Authorised Person or Recognised Body has caused any losses or other adverse effects to persons and/or the extent of such losses; or
                  (c) how any amounts to be paid by the Authorised Person or Recognised Body are to be distributed between persons.

            • 5.14 5.14 The compulsory winding-up of a regulated entity

              • 5.14.1

                We may apply to the ADGM Court for the winding up of a company which is, or has been, an Authorised Person or Recognised Body, or operating in breach of the General Prohibition, where we consider it is just and equitable and in the interests of the ADGM, in accordance with section 244 of FSMR.

              • 5.14.2

                In deciding whether such an application is just and equitable and is in the interests of the ADGM, we will consider all relevant circumstances, including:

                (a) whether the company has operated in accordance with the FSMR and Rules;
                (b) where the company has contravened the FSMR or Rules:
                (i) the nature, scale and seriousness of the contravention;
                (ii) whether the contravention is on-going;
                (iii) whether the contravention affects, or has the potential to affect, our objectives;
                (iv) what other steps the person could take or other orders a court could make to remedy the contravention;
                (c) the need to protect a firm's clients, particularly in cases where an Authorised Person holds or controls Client Assets;
                (d) whether the needs of those operating in the ADGM and the interests of the ADGM are best served by the company ceasing to operate;
                (e) in the case of an Authorised Person, where we consider that our Financial Services Permission should be withdrawn or, where it has been withdrawn, the extent to which there is other business that the firm carries on without authorisation;
                (f) whether there is reason to believe that the firm or person is or has been involved in money laundering, terrorist financing or other form of financial crime or other criminal conduct;
                (g) where there is a significant cross-border or international element to the business being carried on by the company, the impact on the business in other jurisdictions and whether another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter; or
                (h) the extent to which the firm or person company has co-operated with us.

            • 5.15 5.15 Injunctions and restitution orders in cases of market abuse

              • 5.15.1

                Sections 238 and 240 of FSMR provide that the ADGM Court, on application by us, may make one of a range of orders in relation to a person, irrespective of whether a contravention has occurred, if it is satisfied that it is in the interests of the ADGM for such an order to be made.

              • 5.15.2

                We may seek a range of orders from the ADGM Court, including:

                (a) an order requiring that trading in any Investments cease, either permanently or for such period as is specified in the order;
                (b) an order requiring that a disclosure be made to the market;
                (c) an order prohibiting a person from making offers of Securities in or from the ADGM; or
                (d) an order prohibiting a person from being involved in Reporting Entities, Listed Funds or Securities within the ADGM.

              • 5.15.3

                Before we make an application for an order (whether interim, ex parte or final), we must be satisfied that such an order would be in the interests of the ADGM and will take into account all relevant circumstances, including:

                (a) the nature and extent of the conduct or any other matters in question;
                (b) the effect of the conduct on the market and our objectives;
                (c) whether the market is informed of all material information;
                (d) what steps the relevant person has taken in respect of the conduct or any other matters being considered;
                (e) what other form of relief (if any) is available to us; and
                (f) whether the conduct in question could have a significant impact on the integrity of, or confidence in, the ADGM.

            • 5.16 5.16 Intervention power

              • 5.16.1

                We may intervene as a party in any proceeding in the ADGM Court where we consider such intervention appropriate to meet our objectives (section 243 of FSMR). Where we intervene, it shall be subject to any other law, and have all the rights, duties and liabilities of such a party.

              • 5.16.2

                This provision does not affect our ability to seek leave to appear in proceedings as Amicus Curiae (i.e. someone not a party to the case, who volunteers to offer information to assist a court in deciding a matter before it, to make submissions on an issue of significance to the ADGM, or to place material before the Court that may otherwise not be available).

              • 5.16.3

                We will generally only exercise this right of intervention where we form the view that we will not be able to meet our objectives by simply appearing as Amicus Curiae and that, to serve the interests of the ADGM fully, it is necessary to join the proceeding as a party and stay involved in the matter throughout.

            • 5.17 5.17 Settlement guidance

              • 5.17.1

                A settlement is a resolution, between us and a person who is subject to potential enforcement action, to agree an outcome resulting from an investigation. A person who is or may be the subject of any form of enforcement action arising out of, or during the course of, an investigation may enter into settlement discussions with us. The possibility of a settlement does not, however, change the fact that enforcement action is, and continues to be, one of the tools available to us to secure our objectives under section 1(3) of the FSMR.

              • 5.17.2

                We generally consider that early settlement of an investigation advances our objectives in that it may result in, for example, consumers obtaining compensation sooner, the saving of our and industry resources and the promotion of good business and regulatory practices.

              • 5.17.3

                However, we will only consider settlement when we are confident we have sufficient understanding of the nature and gravity of the suspected misconduct to make a reasonable assessment of the appropriate outcome.

              • 5.17.4

                We will conduct all settlement discussions on a "without prejudice" basis; namely, that no party to the discussions may subsequently rely upon any admissions or statements made during the course of the settlement discussion or on any document recording those discussions.

              • 5.17.5

                We will only settle when the agreed terms result in what we consider to be an appropriate and proportionate regulatory outcome.

              • 5.17.6

                In the interests of efficiency and effectiveness, we will set clear and reasonable timetables for settlement discussions to ensure they do not unreasonably delay settlement or a regulatory or enforcement outcome. Where we have concerns that a party to settlement discussions is using negotiations as a means to delay or frustrate us with no genuine intention to settle, we, having made our concerns known to the other party, may bring the settlement discussions to an end and pursue other appropriate enforcement action.

              • 5.17.7

                Settlement in particular circumstances should not be regarded as binding precedent for future settlement discussions. Whilst we recognise the importance of consistency in its decision-making, we recognise that the facts of two enforcement cases are seldom identical. For this reason, and to ensure that we are able to respond to the demands of a changing and principles-based regulatory environment, it is important for us to be able to take a different view to that taken in an earlier case. However, any decision to depart from the earlier approach will only be made after careful consideration of the reasons for doing so.

              • Factors we will consider when contemplating settlement

                • 5.17.8

                  In deciding whether a proposed settlement is acceptable, and in accordance with meeting our objectives, we will consider a number of factors, including:

                  (a) the nature and seriousness of the conduct or suspected contravention the subject of the proposed settlement;
                  (b) whether the suspected contravention is continuing;
                  (c) whether the person is prepared to publicly acknowledge our concerns about the conduct or suspected contravention that is the subject of the proposed settlement;
                  (d) the necessity for protective or corrective action;
                  (e) the prospects for a swift resolution of the matter;
                  (f) whether the suspected contravention that is the subject of the proposed settlement was:
                  (i) inadvertent; or
                  (ii) the result of the conduct of one or more individual officers or employees of the Authorised Person (and their level of seniority);
                  (g) whether the person has co-operated with us (e.g. by providing complete information about the conduct or suspected contravention, taking any remedial action);
                  (h) whether the settlement will achieve an effective outcome for those who have been adversely affected by the suspected contravention;
                  (i) whether the person is likely to comply with the terms of the settlement;
                  (j) the person's disciplinary record and compliance history; and
                  (k) whether the settlement promotes general deterrence.

              • Form of settlement

                • 5.17.9

                  We will generally only settle an enforcement matter on the basis of either:

                  (a) a Final Notice setting out the action taken (see paragraph 5.17.10); and/or
                  (b) an Enforceable Undertaking (see paragraph 5.17.11).

                  A settlement which results in a notice of decision will be documented in the form of a legally enforceable agreement executed by all parties to the settlement.

              • Final Notice

                • 5.17.10

                  The outcome of a settlement with us may result in a Final Notice (in accordance with section 251 of FSMR), which promotes consistency of regulatory outcomes and transparency of approach to enforcement decision-making.

              • Enforceable Undertakings

                • 5.17.11

                  An Enforceable Undertaking ("EU") is a form of settlement that we may accept, under section 235 of FSMR as an alternative to other remedies available to us to influence behaviour and encourage a culture of compliance.

                • 5.17.12

                  An EU involves a written undertaking from a person against whom action could be taken under the FSMR or any Rules made under the FSMR, to do or refrain from doing a specified act or acts. It may, amongst other things, include remedial actions that are not otherwise available under a notice of decision.

                • 5.17.13

                  An EU may be offered by a person and accepted by us at any time, either before, during or after an investigation, the making of a decision or the commencement of proceedings in the court. Entry into an EU is voluntary. We do not have the power to require a person to enter into an EU, nor can a person compel us to accept an EU.

                • 5.17.14

                  We will generally only consider accepting an EU that we consider to be necessary or desirable in pursuit of our objectives and where the EU contains:

                  (a) an admission or acknowledgement of any contraventions or our concerns;
                  (b) undertakings addressing our concerns; and
                  (c) an agreement to make the EU public, and
                  (d) an agreement not to make public statements conflicting with the spirit of the EU.

                • 5.17.15

                  A person offering us an EU may also undertake in the EU to pay a pecuniary penalty and/or our costs, including any costs associated with compliance with the EU.

              • Variation or withdrawal

                • 5.17.16

                  Once accepted by us, an EU can only be withdrawn or varied with our consent in writing. We will only consider a request to vary an undertaking if:

                  (a) the variation will not alter the spirit of the original undertaking;
                  (b) compliance with any one or more terms of the undertaking is subsequently found to be impractical or impossible; or
                  (c) there has been a material change in the circumstances which led to the undertaking being given.

              • Compliance with an EU or decision

                • 5.17.17

                  If we consider that a person has not complied with a term of the EU or a decision, we may:

                  (a) apply to the ADGM Court for appropriate orders;
                  (b) publish the fact of the application to the ADGM Court and any subsequent orders of the court; and
                  (c) seek the costs of the application.

            • 5.18 5.18 Costs

              • Litigation Costs

                • 5.18.1

                  We will generally seek litigation costs orders from the ADGM Court where we have commenced a proceeding and been successful in achieving all or part of the outcome sought.

              • Costs in proceedings before the ADGM Appeals Panel

                • 5.18.2

                  The ADGM Appeals Panel, on conclusion of any proceedings before it, may make an order (under section 229(2)€ of the FSMR) requiring a party to the appeal to pay a specified amount, being all or part of the costs of the proceedings, including those of any party to the proceedings.

              • Investigation Costs

                • 5.18.3

                  Where a person is found by the Court to have contravened the FSMR or Rules, the ADGM Court may order that person to pay or reimburse us in respect of the whole or a specified part of the costs and expenses of the investigation, including the remuneration of a Person involved in the investigation.

            • 5.19 5.19 Step 5 — Conclusion of an investigation

              • 5.19.1

                We will conclude an investigation when:

                (a) we have decided to take no further action in response to the suspected contraventions which are the subject of the investigation (due to, for example, insufficiency of evidence); or
                (b) all remedies and obligations resulting from an investigation are concluded and fulfilled.

            • 5.20 5.20 Publicity

              • Publicity of enforcement actions

                • 5.20.1

                  We will generally publish, in a manner we consider appropriate and proportionate, information and statements relating to enforcement actions, including public censures and any other relevant matters. The publication of enforcement outcomes is consistent with our commitment to open and transparent processes and our objectives.

                • 5.20.2

                  In all cases we retain the discretion to take a different course of action, where it furthers our ability to achieve our objectives or is otherwise in the public interest to do so. For example, if we issue a private warning, rather than taking formal action, we may decide not to publish this if it furthers our ability to achieve our objectives. Please refer to paragraph 5.11 for further details about how we use private warnings.

              • Commencement and conclusion of investigations

                • 5.20.3

                  We will generally not publish information about the commencement, conduct or conclusion of the investigative phase of our enforcement actions.

                • 5.20.4

                  Where we do publish the fact that we are conducting an investigation and no enforcement action results, we may issue a press release confirming the conclusion of the investigation and that no action is to be taken.

              • Commencement of proceedings

                • 5.20.5

                  We expect to publish information about the commencement or hearing of enforcement proceedings, unless otherwise required not to by the relevant body or it is not in the public interest to do so and would not achieve our objectives.

            • Disclosure of decisions

              • 5.21 5.21 Executive Decisions

                • 5.21.1

                  We will generally make public any enforcement administrative decision made by our Executive and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Regulatory Committee has expired or appeal process has come to an end, unless it is not in the public interest to do so and would not achieve our objectives.

                • The Regulatory Committee's Decisions

                  • 5.21.2

                    We will generally make public any decision made by the ADGM Regulatory Committee and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Appeals Panel has expired or appeal process has come to an end, unless otherwise required not to by the ADGM Regulatory Committee, or it is not in the public interest to do so and would not achieve our objectives.

                • Appeals Panel or Court Decisions

                  • 5.21.3

                    FSMR requires all ADGM Appeals Panel hearings to be heard in public unless the Appeals Panel orders otherwise or its rules of procedure provide otherwise. The Appeals Panel may exercise its discretion not to make public any decisions it may make. Where it does determine to publish a decision or interim decision, the Appeals Panel will publish these on its website.

                  • 5.21.4

                    Following hearings and decisions by the ADGM Appeals Panel, we expect to make timely public disclosure of the Appeals Panel's decisions, including any interim decisions, unless otherwise ordered.

                  • 5.21.5

                    Decisions made by the ADGM Courts will be publicised by us in a timely manner, unless ordered otherwise.

                  • 5.21.6

                    This approach is adopted on the basis that any delay in disclosure may hinder and unfairly prejudice us in achieving some of our primary objectives. For example, non-disclosure may potentially prejudice users and prospective users of financial services in the ADGM if they are acting unaware of facts known in the enforcement action.

                • Disclosure of settled enforcement actions

                  • 5.21.7

                    We expect to disclose publicly the outcome of any settlement of an enforcement action, including the notice of decision or EU, to ensure all stakeholders and the general public are clearly informed of the outcome.

                  • 5.21.8

                    Settlement agreements which result in a Final Notice or an EU will result in the publication of the relevant notice of decision or EU on our website as well as an associated press release.

                  • 5.21.9

                    We may be ordered, or required by law, not to publish information regarding a settlement. For example, disclosure may not occur if a third party has commenced proceedings in the courts in respect of the same conduct and the publication of the undertaking or settlement may prejudice that party's case in the courts. However, simply because a third party has commenced proceedings does not preclude us from publishing our settlements, including the notice of decision or EU.

                • Content and mode of publication

                  • 5.21.10

                    Where appropriate, we may comment publicly on investigations, enforcement actions and other formal regulatory decisions publishing final notices of regulatory decision, EUs or other enforcement actions. In doing so, we will take into account:

                    (a) any privileged or sensitive information when considering the content of our publications; and
                    (b) the possibility that any publication may potentially affect the rights of a third party and, if so, will endeavour to give that third party notification of the publication and an opportunity to make representations on the publication.

                  • 5.21.11

                    Publication may take any one or more forms including a media release, a statement on our website or any other forums as determined suitable by us.

          • 6. 6. Penalty Guidance

            • 6.1 6.1 Approach to imposing a penalty

              • 6.1.1

                This chapter sets out the matters that will be taken into account by us when determining a "penalty", which includes a financial penalty, public censure or any other enforcement action.

              • 6.1.2

                We may also refer to matters described in this chapter when determining an appropriate penalty in settlement agreements, including an EU.

            • 6.2 6.2 Deciding to take action

              • 6.2.1

                When determining a penalty, we will consider all relevant facts and circumstances, including the factors listed below that may be relevant for this purpose:

                (a) our objectives;
                (b) the deterrent effect of the penalty on:
                (i) persons that have committed or may commit the contraventions; and
                (ii) other persons that have committed or may commit similar contraventions;
                (c) the nature, seriousness, duration and impact of the contravention, including:
                (i) whether the contravention was deliberate or reckless;
                (ii) the duration and frequency of the contravention;
                (iii) whether the contravention reveals serious or systemic weaknesses of the management systems or internal controls relating to all or part of a person's business;
                (iv) the impact (actual or potential) of the contravention on the orderliness of markets, including whether confidence in those markets has been damaged or put at risk;
                (d) if the contravention involved a number of persons, the degree of involvement and specific role of each Person;
                (e) the benefit gained (whether direct or indirect, pecuniary or non-pecuniary) or loss avoided as a result of the contravention;
                (f) the conduct of the person after the contravention, including:
                (i) how quickly, effectively and completely the person brought the contravention to our attention;
                (ii) the degree of cooperation the person showed during the investigation of the contravention;
                (iii) any remedial steps the person has taken in respect of the contravention;
                (iv) the likelihood that the same type of contravention (whether on the part of the person or others) will recur if no action is taken;
                (v) the nature and extent of any false or inaccurate information given by the person and whether the information appears to have been given in an attempt to knowingly mislead us;
                (g) the difficulty in detecting and investigating the contravention that is the subject of the penalty;
                (h) whether the person committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
                (i) the disciplinary record and compliance history of the person on whom the penalty is imposed, including whether we have taken any previous disciplinary action against the person;
                (j) where the person reasonably believed that their behaviour did not amount to a contravention and whether they undertook reasonable precautions and diligence to avoid committing such a contravention;
                (k) whether the person acted in accordance with our guidance and other published materials;
                (l) action taken by us in previous similar cases; and
                (m) action taken by other domestic or international regulatory authorities. Where other regulatory authorities propose to take action in respect of the contravention which is under consideration by us, or one similar to it, we will consider whether the other authority's action would be adequate to address our concerns, or whether it would be appropriate for us to take our own action.

              • Actions against Approved Persons and Recognised Persons

                • 6.2.2

                  In addition to the general factors listed in paragraph 6.2.1, there are some additional considerations that may be relevant when we decide whether to take action against an Approved or Recognised Person. The list is not exhaustive; not all of these factors may be applicable in a particular case, and there may be other factors, not listed that are relevant. The factors include:

                  (a) the approved or recognised person's position and responsibilities. We may take into account the responsibility of those exercising important functions in the firm. The more senior the person responsible for the misconduct, the more seriously we are likely to view the misconduct, and the more likely it is to take action against the Approved or Recognised Person;
                  (b) whether disciplinary action against the firm rather than the person would be a more appropriate regulatory response; and
                  (c) whether disciplinary action would be a proportionate response to the nature and seriousness of the contravention by the person.

            • 6.3 6.3 Financial penalty, public censure or other enforcement action

              • 6.3.1

                We will consider all the relevant circumstances of the case when deciding whether to impose a financial penalty, or other enforcement action. As such, the factors set out in paragraph 6.2 are not exhaustive. Not all of the factors may be relevant in a particular case and there may be other factors, not listed, that are relevant.

              • 6.3.2

                The criteria for determining whether it is appropriate to issue a public censure or other enforcement action (rather than impose a financial penalty) include those factors that we will consider in determining the amount of a financial penalty, as set out in paragraphs 6.5 to 6.7. In particular, considerations that may be relevant when we determine the penalty are:

                (a) whether deterrence may be effectively achieved by issuing a public censure;
                (b) whether the person has brought the contravention to our attention;
                (c) whether the person has admitted the contravention and provides full and immediate co-operation to us, and takes steps to ensure that those who have suffered loss due to the contravention are fully compensated for those losses; and
                (d) our approach to previous similar cases — we will aim for a consistent approach.

              • 6.3.3

                Some particular considerations that may be relevant when we determine whether to issue a financial penalty rather than impose a public censure or other enforcement action are:

                (a) if the person has made a profit or avoided a loss as a result of the contravention, on the basis that a person should not be permitted to benefit from its contravention;
                (b) if the contravention is more serious in nature or degree, on the basis that the sanction should reflect the seriousness of the contravention; other things being equal, the more serious the contravention, the more likely we are to impose a financial penalty; and
                (c) if the person has a poor disciplinary record or compliance history, on the basis that it may be particularly important to deter future cases.

            • 6.4 6.4 Determining the appropriate level of financial penalty

              • 6.4.1

                Our penalty-setting regime is based on three principles:

                (a) disgorgement: a firm or individual should not benefit from any contravention;
                (b) sanction: a firm or individual should be penalised for wrongdoing; and
                (c) deterrence: any penalty imposed should deter the firm or individual who committed the contravention, and others, from committing further or similar contraventions.

              • 6.4.2

                The total amount payable by a person subject to enforcement action may be made up of two elements:

                (a) disgorgement of the benefit received as a result of the contravention; and
                (b) a financial penalty reflecting the seriousness of the contravention.

              • 6.4.3

                These elements are incorporated in a five-step framework, which can be summarised as follows:

                (a) Step 1: the removal of any economic benefit derived from a contravention;
                (b) Step 2: the determination of a figure which reflects the seriousness of the contravention;
                (c) Step 3: an adjustment made to the step 2 figure to take account of any aggravating and mitigating circumstances;
                (d) Step 4: an adjustment made to the step 3 figure, where appropriate, to ensure that the penalty has an appropriate deterrent effect; and
                (e) Step 5: if applicable, an adjustment for cooperation/early settlement may be made.

              • 6.4.4

                These steps will apply in all cases, although the details of Steps 1 to 4 will differ for cases against firms (paragraph 6.5), and cases against individuals (paragraph 6.6).

              • 6.4.5

                The lists of factors and circumstances in paragraphs 6.5 and 6.6 are not exhaustive. Not all of the factors or circumstances listed will necessarily be relevant in a particular case and there may be other factors or circumstances not listed which are relevant.

              • 6.4.6

                We will not, in determining our policy with respect to the amount of penalties, take account of expenses which we incur, or expect to incur, in discharging its functions.

            • 6.5 6.5 Financial penalties imposed on a firm

              • Step 1: Disgorgement

                • 6.5.1

                  We will seek to deprive a firm of the economic benefits derived from a contravention (which may include the profit made or loss avoided) where it is practicable to quantify this.

              • Step 2: The seriousness of the contravention

                • 6.5.2

                  We will determine a financial penalty figure that reflects the seriousness of the contravention, taking into the following factors:

                  (a) factors relating to the impact of a contravention;
                  (b) factors relating to the nature of a contravention;
                  (c) factors tending to show whether a contravention was deliberate; and
                  (d) factors tending to show whether a contravention was reckless.

                • 6.5.3

                  Factors relating to the impact of a contravention committed by a firm include:

                  (a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the firm from the contravention;
                  (b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;
                  (c) the loss or risk of loss caused to individual clients, investors or other market users;
                  (d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;
                  (e) the distress or inconvenience caused to clients; and
                  (f) whether the contravention had an adverse effect on the orderliness of, or confidence in, markets and, if so, how serious that effect was.

                • 6.5.4

                  Factors relating to the nature of a contravention by a firm include:

                  (a) the nature of the FSMR or Rules contravened;
                  (b) the frequency of the contravention;
                  (c) whether the contravention revealed serious or systemic weaknesses in the firm's procedures or in the management systems or internal controls relating to all or part of the firm's business;
                  (d) whether the firm's senior management were aware of the contravention;
                  (e) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;
                  (f) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;
                  (g) whether the firm failed to conduct its business with integrity; and
                  (h) whether the firm, in committing the contravention, took any steps to comply with the FSMR and Rules, and the adequacy of those steps.

                • 6.5.5

                  Factors tending to show the contravention was deliberate include:

                  (a) the contravention was intentional, in that the firm's senior management, or a responsible individual, intended, could reasonably have foreseen, or foresaw that the likely or actual consequences of their actions or inaction would result in a contravention;
                  (b) the firm's senior management, or a responsible individual, knew that their actions were not in accordance with the firm's internal procedures;
                  (c) the firm's senior management, or a responsible individual, sought to conceal their misconduct;
                  (d) the firm's senior management, or a responsible individual, committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
                  (e) the firm's senior management, or a responsible individual, were influenced to commit the contravention by the belief that it would be difficult to detect; and
                  (f) the contravention was repeated.

                • 6.5.6

                  Factors tending to show the contravention was reckless include:

                  (a) the firm's senior management, or a responsible individual, appreciated that there was a risk that their actions or inaction could result in a contravention and failed to adequately mitigate that risk; and
                  (b) the firm's senior management, or a responsible individual, were aware that there was a risk that their actions or inaction could result in a contravention but failed to check if they were acting in accordance with the firm's internal procedures.

              • Step 3: Mitigating and aggravating factors

                • 6.5.7

                  We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

                • 6.5.8

                  The following list of factors may have the effect of aggravating or mitigating the contravention:

                  (a) the conduct of the firm in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);
                  (b) the degree of cooperation the firm showed during the investigation of the contravention to us, or any other regulatory authority allowed to share information with us;
                  (c) where the firm's senior management were aware of the contravention or of the potential for a contravention, whether they took any steps to stop the contravention, and when these steps were taken;
                  (d) the nature, timeliness and adequacy of the firm's responses to any supervisory interventions by us and any remedial actions proposed or required by us;
                  (e) whether the firm has arranged its resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;
                  (f) whether the firm had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;
                  (g) whether the firm had previously undertaken not to perform a particular act or engage in particular behaviour;
                  (h) whether the firm concerned has complied with any requirements or rulings of another regulatory authority relating to the contravention;
                  (i) the previous disciplinary record and general compliance history of the firm;
                  (j) action taken against the firm by other domestic or international regulatory authorities that is relevant to the contravention in question;
                  (k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials; and
                  (l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention.

              • Step 4: Adjustment for deterrence

                • 6.5.9

                  If we consider the figure arrived at after Step 3 is insufficient to deter the firm or person who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:

                  (a) where we consider the absolute value of the financial penalty too low in relation to the contravention to meet our objective of credible deterrence;
                  (b) where our previous action in respect of similar contravention has failed to improve industry standards;
                  (c) where we consider it is likely that similar contraventions will be committed by the firm or by others in the future in the absence of such an increase to the financial penalty; and
                  (d) where we considers that the likelihood of the detection of such a contravention is low.

              • Step 5: Adjustment for cooperation/early settlement

                • 6.5.10

                  We and the firm upon whom a financial penalty is to be imposed may seek to agree the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the firm's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the firm concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.

            • 6.6 6.6 Financial penalties imposed on an individual

              • Step 1: Disgorgement

                • 6.6.1

                  We will seek to deprive an individual of the economic benefits derived from the contravention (which may include the profit made or loss avoided) where it is possible to quantify this. We will ordinarily also charge interest on the benefit.

              • Step 2: The seriousness of the contravention

                • 6.6.2

                  We will determine a financial penalty figure that reflects the seriousness of the contravention. In determining such a figure, we will take into account the following factors relating to:

                  (a) the impact of the contravention;
                  (b) the nature of the contravention;
                  (c) whether the contravention was deliberate; and
                  (d) whether the contravention was reckless.

                • 6.6.3

                  Factors relating to the impact of a contravention committed by an individual include:

                  (a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the individual from the contravention;
                  (b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;
                  (c) the loss or risk of loss caused to individual clients, investors or other market users;
                  (d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;
                  (e) the distress or inconvenience caused to clients; and
                  (f) whether the contravention had an adverse effect on orderliness of, or confidence in, markets and, if so, how serious that effect was.

                • 6.6.4

                  Factors relating to the nature of a contravention by an individual include:

                  (a) the nature of the FSMR or Rules contravened;
                  (b) the frequency of the contravention;
                  (c) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;
                  (d) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;
                  (e) whether the individual failed to act with integrity or abused a position of trust;
                  (f) whether the individual committed a contravention of any professional code of conduct;
                  (g) whether the individual caused or encouraged other individuals to commit contraventions;
                  (h) whether the individual held a prominent position within the industry;
                  (i) whether the individual is an experienced industry professional;
                  (j) whether the individual held a senior position with the firm;
                  (k) the extent of the responsibility of the individual for the product or business areas affected by the contravention, and for the particular matter that was the subject of the contravention;
                  (l) whether the individual acted under duress; and
                  (m) whether the individual took any steps to comply with Regulatory rules, and the adequacy of those steps.

                • 6.6.5

                  Factors tending to show the contravention was deliberate include:

                  (a) the contravention was intentional, in that the individual intended, could reasonably have foreseen or foresaw that the likely or actual consequences of his actions or inaction would result in a contravention;
                  (b) the individual intended to benefit financially from the contravention, either directly or indirectly;
                  (c) the individual knew that his actions were not in accordance with his firm's internal procedures;
                  (d) the individual sought to conceal his misconduct;
                  (e) the individual committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
                  (f) the individual was influenced to commit the contravention by the belief that it would be difficult to detect;
                  (g) the individual knowingly took decisions relating to the contravention beyond his field of competence; and
                  (h) the individual's actions were repeated.

                • 6.6.6

                  Factors tending to show the contravention was reckless include:

                  (a) the individual appreciated there was a risk that his actions or inaction could result in a contravention and failed to adequately mitigate that risk; and
                  (b) the individual was aware there was a risk that his actions or inaction could result in a contravention but failed to check if he was acting in accordance with the firm's internal procedures.

              • Step 3: Mitigating and aggravating factors

                • 6.6.7

                  We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

                • 6.6.8

                  The following list of factors may have the effect of aggravating or mitigating the contravention:

                  (a) the conduct of the individual in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);
                  (b) the degree of co-operation the individual showed during the investigation of the contravention by us, or any other regulatory authority allowed to share information with us;
                  (c) whether the individual took any steps to stop the contravention, and when these steps were taken;
                  (d) any remedial steps taken since the contravention was identified, including whether these were taken on the individual's own initiative or that by us or another regulatory authority;
                  (e) whether the individual has arranged his resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;
                  (f) whether the individual had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;
                  (g) whether the individual had previously undertaken not to perform a particular act or engage in particular behaviour;
                  (h) whether the individual has complied with any requirements or rulings of another regulatory authority relating to the contravention;
                  (i) the previous disciplinary record and general compliance history of the individual;
                  (j) action taken against the individual by other domestic or international regulatory authorities that is relevant to the contravention in question;
                  (k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials;
                  (l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention; and
                  (m) whether the individual agreed to undertake training subsequent to the contravention.

              • Step 4: Adjustment for deterrence

                • 6.6.9

                  If we consider the figure arrived at after Step 3 is insufficient to deter the individual who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:

                  (a) where we considers the absolute value of the penalty too small in relation to the contravention to meet our objective of credible deterrence;
                  (b) where our previous action in respect of similar contraventions has failed to improve industry standards. This may include similar contraventions relating to different products;
                  (c) where we consider it is likely that similar contraventions will be committed by the individual or by other individuals in the future; and
                  (d) where we consider that the likelihood of the detection of such a contravention is low.

              • Step 5: Adjustment for cooperation/ early settlement

                • 6.6.10

                  We and the individual on whom a penalty is to be imposed may seek to agree on the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the individual's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the individual concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.

            • 6.7 6.7 Serious financial hardship

              • 6.7.1

                Our approach to determining financial penalties described in paragraphs 6.5 and 6.6 is intended to ensure that financial penalties are proportionate to the contravention. We recognise that financial penalties may affect Persons differently, and that we should consider whether a reduction in the proposed financial penalty is appropriate, including if such penalty would cause the subject of enforcement action serious financial hardship.

              • 6.7.2

                Where an individual or firm claims that payment of the financial penalty proposed by us will cause them serious financial hardship, we will consider whether to reduce the proposed financial penalty only if:

                (a) the individual or firm provides verifiable evidence that payment of the financial penalty will cause them serious financial hardship;
                (b) the individual or firm provides full, frank and timely disclosure of the verifiable evidence, and co-operates fully in answering any questions asked by us about their financial position; and
                (c) the onus is on the individual or firm to satisfy us that payment of the financial penalty will cause them serious financial hardship.

              • Individuals

                • 6.7.3

                  In assessing whether a financial penalty would cause an individual serious financial hardship, we will consider the individual's ability to pay the financial penalty over a reasonable period, including agreeing to payment of the financial penalty by instalments where the individual requires time to realise his assets, for example, by waiting for payment of a salary or by selling property.

              • Firms

                • 6.7.4

                  We will consider reducing the amount of a financial penalty if a firm will suffer serious financial hardship as a result of having to pay the entire financial penalty. In deciding whether it is appropriate to reduce the financial penalty, we will take into consideration the firm's financial circumstances, including whether the financial penalty would render the firm insolvent or threaten the firm's solvency. We will also take into account our statutory objectives, for example, in situations where clients would be harmed or market confidence would suffer. We may also consider if it is appropriate to reduce a financial penalty in order to allow a firm to continue in business and/or pay redress.

                • 6.7.5

                  There may be cases where, even though the individual or firm has satisfied us that payment of the financial penalty would cause serious financial hardship, we consider the contravention to be so serious that it is not appropriate to reduce the financial penalty. We will consider all the circumstances of the case in determining whether this course of action is appropriate, including whether:

                  (a) the individual or firm directly or indirectly derived an economic benefit from the contravention and, if so, the extent of that economic benefit;
                  (b) the individual or firm acted fraudulently or dishonestly with a view to personal gain;
                  (c) previous action by us in respect of similar contraventions has failed to improve industry standards; or
                  (d) the individual or firm has spent money or dissipated assets in anticipation of enforcement action with a view to frustrating or limiting the impact of action taken by us or other authorities.

              • Withdrawal of authorisation or registration

                • 6.7.6

                  We may withdraw a firm's Financial Services Permission, or the status of an Approved or Recognised Person or Principal Representative, as well as impose a financial penalty. Such action by us does not affect our assessment of the appropriate financial penalty in relation to a contravention.

                • 6.7.7

                  However, the fact that we have withdrawn such Financial Services Permission or registration, as a result of which the firm or individual may have less earning potential, may be relevant in assessing whether the financial penalty will cause the firm or individual serious financial hardship.

            • 6.8 6.8 Adjustment for cooperation/early settlement

              • 6.8.1

                It is our policy to encourage and recognise cooperation. A cooperative approach to dealing with us will be taken into consideration when assessing what type of enforcement action to pursue and/or what remedy we will seek. Cooperation can take many forms, including but not limited to:

                (a) self-reporting any misconduct to us and disclosing all the relevant information;
                (b) assisting us voluntarily during the investigation;
                (c) admitting any misconduct that the person or firm had committed or was involved in committing.

              • 6.8.2

                For the avoidance of doubt, merely fulfilling the person's or firms legal obligations will not be considered as cooperation for the purpose of assessing any adjustment to the financial penalties imposed on a firm or an individual.

              • 6.8.3

                Subject to enforcement action, we may be prepared to agree on the amount of any financial penalty, and other conditions which we seek to impose by way of such action, for example, the amount or mechanism for the payment of compensation to consumers. We recognise the benefits of such agreements, in that they offer the potential for securing earlier redress or protection for clients and the saving of cost to the Person concerned, and us, in contesting the financial penalty. The financial penalty that might otherwise be payable, in respect of a contravention by the person concerned, may, therefore, be reduced to reflect the timing of any settlement agreement.

              • 6.8.4

                In appropriate cases our approach may be to negotiate with the person concerned to agree in principle on the amount of a financial penalty having regard to our policy as set out in Chapter 5 of this document. Where part of a proposed financial penalty specifically equates to the disgorgement of profit accrued or loss avoided, then the percentage reduction will not apply to that part of the financial penalty.

          • 7. 7. Decision Making

            • 7.1 7.1 Introduction

              • 7.1.1

                This chapter sets out our general approach to making decisions when exercising our discretionary powers.

            • 7.2 7.2 Who can exercise our powers?

              • 7.2.1

                Our powers can be exercised by the Chief Executive or any delegate of the Chief Executive, including:

                (a) to any employee to whom the Chief Executive has delegated his powers ("Regulatory officer"); and
                (b) to any panel or committee established by the Chief Executive for the purpose of making decisions; or
                (c) to any other delegated person.

            • 7.3 7.3 Our general approach to decision-making

              • Natural Justice and Procedural fairness principles

                • 7.3.1

                  Our approach to decision-making is based on observance of natural justice and the procedural fairness principles, by:

                  (a) acting without bias or conflict of interest;
                  (b) giving the Person an opportunity to present his case; and
                  (c) taking into account only those considerations which are relevant to the matter to be decided upon.

              • Acting without bias or conflict of interest

                • 7.3.2

                  A decision maker called upon to make a decision is expected to act impartially in doing so. If the decision maker has a vested financial or personal interest in the matter, a conflict of interest may arise that prevents an impartial or unbiased decision being made. A decision maker who does have a financial or other personal interest in the matter is required to disclose this interest and, if the interest is material, would not be the decision maker in relation to that matter.

                • 7.3.3

                  We may refer an executive decision to the ADGM Regulatory Committee for determination under section 225(5) of the FSMR in order to avoid the risk of bias or conflict of interest affecting any such decision.

              • Relevant considerations

                • 7.3.4

                  The decision maker is expected to take into account all and only those considerations which are relevant to the matter to be decided upon. This requires the decision maker to:

                  (a) ensure that it has all the material information that is necessary to be able to make the relevant decision (and, if necessary, obtain further information, including from any third party sources);
                  (b) disregard any irrelevant information; and
                  (c) have the relevant power to make the decision.

                • 7.3.5

                  To meet its procedural fairness obligations, the key elements to our approach to decision-making include:

                  (a) having adequate systems and controls to ensure that those making decisions on our behalf are impartial and not affected by conflicts of interests that may affect their decisions;
                  (b) giving a person in respect of whom we propose to make a decision (in this Chapter, the "affected person") advance notice about our proposed action (with the exception of cases when we may take immediate action because any delay resulting from advance notice would be prejudicial to the interests of direct or indirect users of financial services in the ADGM or otherwise prejudicial to the interests of the ADGM);
                  (c) giving the affected person clear reasons why we propose to take the relevant action;
                  (d) giving the affected person a suitable opportunity to make representations (in person and in writing) with regard to the our proposed action;
                  (e) taking into account any representations made by, or on behalf of, the affected person before making a final decision, i.e. making any consequential changes to the proposed action given the representations made or other additional material available to us, as appropriate;
                  (f) taking into account only those considerations which are relevant to the matter to be decided upon;
                  (g) giving, without undue delay, the affected person a clear statement in writing of our final decision, the reasons for that decision and the effective date;
                  (h) informing the affected person what rights of review that person has in respect of our decision, and within what period those rights of review must be exercised; and
                  (i) having in place adequate mechanisms to enable the affected person to have our decision properly and impartially reviewed.

                • 7.3.6

                  In certain circumstances, including:

                  (a) the issuing of a stop order under section 71 of FSMR; and
                  (b) suspension of a Listed Entity's Securities from the Official List under section 180 of FSMR,

                  We do not have to give an affected person advance notice of our proposed action and a right for that person to make prior representations before we make our final decision.

                  In such circumstances, we are still obliged to give the affected person a right of representation within 14 days (or other longer period as may be agreed) from the date on which the decision is made and communicated to the affected person. We are obliged to consider any representations made by, or on behalf of, the affected person during that period.

                • 7.3.7

                  Where a right to make representations is exercised by an affected person, we will communicate to the affected person whether we confirm our original decision, or otherwise we vary or withdraw that decision, given the representations made.

                • 7.3.8

                  Where no representations are made by, or on behalf of, the affected person during the relevant period, our original decision will remain in effect and will be confirmed.

              • Categories of decisions

                • 7.3.9

                  The decisions which are made by us fall into three broad categories:

                  (a) decisions which are subject to the procedures in Part 21 of the FSMR ("Part 21 Decisions") e.g. a decision to cancel the Financial Services Permission of an Authorised Person or to revoke the recognition of a Recognised Body;
                  (b) decisions which are not subject to the procedures set out in Part 21 of the FSMR ("Non Part 21 Decisions") e.g. the rejection of a new Controller of an Authorised Person; and
                  (c) routine operational decisions that do not affect the rights, interests and liabilities of a person ("Operational Decisions") e.g. a decision to commence an investigation against a person.

            • 7.4 7.4 Part 21 Decisions

              • 7.4.1

                Where, on our own initiative, we propose to:

                (a) impose a public censure or financial penalty;
                (b) cancel the Financial Services Permission of an Authorised Person firm;
                (c) revoke the recognition of a Recognised Body; or
                (d) withdraw the approval of an Approved Person,

                the procedures must be exercised according to what is set out in Part 21 of the FSMR.

              • 7.4.2

                To facilitate a consistent approach to decision-making, Part 21 of the FSMR sets out the steps we are required to follow in relation to Part 21 Decisions.

              • 7.4.3

                The procedures set out in Part 21 are designed to ensure procedural fairness by giving:

                (a) advance notice of our proposed decision (the Warning Notice), except in the cases referred to in paragraph 7.5 and 7.6 and the reasons for proposing to make such a decision;
                (b) an opportunity to make representations relating to the proposed decision;
                (c) our final decision (the Decision Notice) and the reasons for that decision, including any changes made to the preliminary decision, taking into account any representations made for, or on behalf of, the affected person; and
                (d) notice of the affected person's right to have our decision reviewed by the Regulatory Committee, including the period within which that right can be exercised.

              • 7.4.4

                Prior to any issue of a Warning Notice, we will notify the person concerned and provide an opportunity to present enquiries and make representations, provided this would not result in a tip-off, prejudice the exercise of our powers or otherwise jeopardise our objectives.

                Figure 1: the Regulator's Decision Making Process for Part 21 Decisions

            • 7.5 7.5 Non Part 21 Decisions

              • 7.5.1

                Certain decisions are not subject to the procedures set out in Part 21 of the FSMR — for example our powers relating to Controllers of regulated firms and the power to approve or reject the Business Rules of a Recognised Body.

            • 7.6 7.6 Operational decisions

              • 7.6.1

                The remaining decisions, such as decisions made as part of our day-to-day supervision of regulated firms, do not invoke the procedures in Part 21 of the FSMR. Examples of these operational decisions include decisions to:

                (a) obtain additional information from an Authorised Person;
                (b) disclose information about an Authorised Person to a Non-ADGM Financial Services Regulator;
                (c) issue a risk mitigation plan stemming from any supervisory concerns identified in the course of firm visit; or
                (d) commence an investigation.

              • 7.6.2

                Operational decisions are generally not reviewable by the ADGM Regulatory Committee. In making these decisions, we are still subject to overarching administrative law principles of acting in good faith and acting in a proportionate and reasonable manner.

            • 7.7 7.7 The Regulatory Committee

              • 7.7.1

                Section 225(1) of FSMR provides that all of our decisions that may affect the rights or liabilities of a person or otherwise adversely affect the interests of a person (except operational decisions) may be referred to the ADGM Regulatory Committee for review. Upon a referral, the Regulatory Committee (which is independent of us) is required to conduct a full merits review of our decision.

              • 7.7.2

                To enable an affected person to exercise properly and effectively his right to have our original decision referred to the Regulatory Committee, we will provide to such a person a Decision Notice specifying:

                (a) our decision and the reasons for making that decision;
                (b) the date on which the decision is to take effect; and
                (c) the person's right to seek a review of the decision by the Regulatory Committee; and
                (d) by when the right referred to in paragraph (c) has to be exercised.

            • 7.8 7.8 The Appeals Panel

              • 7.8.1

                Any decision, order or direction made by the Regulatory Committee may in turn be referred to the Appeals Panel for review by the person in respect of whom the decision was made or by us, in accordance with section 228(1) of FSMR. A second full merits review may then be conducted by the Appeals Panel.

              • 7.8.2

                Decisions of the Appeals Panel may only be reviewed on judicial review basis. An application for judicial review of a decision of the Appeals Panel may be made to the ADGM Court on the grounds that the decision is wrong in law or is in excess of the Appeal Panel's jurisdiction.

          • 8. 8. Waivers And Modification

            • 8.1 8.1 Introduction

              • 8.1.1

                Part 2 chapter 2 of FSMR provides for the modification or waiver of Rules by us.

              • 8.1.2

                This chapter outlines our approach to evaluating applications to grant relief from the requirements imposed by the Rules, by either waiving or modifying the application of one or more Rules. Our powers to waive or modify the requirements imposed by ADGM legislation do not extend to regulations such as the FSMR.

              • 8.1.2

                To waive the application of a Rule is to give relief to a Person from the entire obligation contained in that Rule. A modification can either modify the way in which a Person can comply with an obligation in a Rule or can give relief from part of the obligation in a Rule. A detailed description of the process to seek a waiver or modification of the Rules may be found in Rule 8.2 of the GEN Rules.

            • 8.2 8.2 Power to issue relief

              • 8.2.1

                We may, on the application or with the consent of a Authorised Person or Recognised Body, direct that a Rule:

                (a) does not apply to a person; or
                (b) does apply to a person but with such modifications as are set out in a notice issued by us for this purpose.

              • 8.2.2

                Waivers and modifications may only be sought by an Authorised Person or Recognised Body, or an applicant seeking such status.

              • 8.2.3

                If an application is successful, we will issue its decision by means of written Direction provided to the applicant.

            • 8.3 8.3 Making an application

              • 8.3.1

                Prior to submitting an application to us, the applicant should contact their assigned supervisory contact to discuss the application.

              • 8.3.2

                If the applicant is not regulated by us at the time of application, contact should be made through our Supervision Division.

              • 8.3.3

                Before making an application, we expect that the applicant will carry out appropriate research on:

                (a) the intention behind the Rule in question and the regulatory outcomes that the Rule aims to achieve;
                (b) whether there are any precedents where we have previously granted relief, or not granted relief, from the Rule in question, including any conditions which may have been imposed; and
                (c) if relief has been granted in the past, the similarities and differences between the cases where relief has previously been granted and the applicant's case.

              • 8.3.4

                All applications for waivers or modifications should be made in such form as we shall prescribe.

              • 8.3.5

                The applicant will need to in its application form address the following:

                (a) set out the reasons for requesting the granting of a waiver or a modification;
                (b) explain the impact of the application of the provisions as it stands on the applicant;
                (c) attach any precedent relief supporting the application which may have been issued;
                (d) identify any risks associated with the relief being sought and how the applicant plans to mitigate such risks; and
                (e) in the case of an application to modify a Rule, propose wording for the modified Rule.

              • 8.3.6

                It is for the applicant to demonstrate a compelling case for granting relief, we do not make decisions lightly. The granting of a waiver or modification, including the specific wording of any modification and any conditions attached to the relief granted, is at our discretion and it will generally only grant relief where there is shown to be an appropriate and necessary reason for doing so.

              • 8.3.7

                On occasion, we may believe that the relief being sought by an applicant may be relevant to, and should be applied to, a number of persons (or a class of persons) similarly affected by the Rule in question. In these circumstances, instead of requiring the affected persons to individually apply for the same relief, we will publish a notice on our website and invite the relevant Persons to "consent" to the "class Waiver" or "class Modification". This is simply done by notifying us that they wish the class Waiver or class Modification apply in relation to their activities.

            • 8.4 8.4 Considering an application

              • 8.4.1

                We will acknowledge receipt of an application for relief and may request further information, potentially including meeting with the applicant to discuss the need for the relief sought. The time taken by us to determine the application will depend upon the complexity of the issues it raises.

              • 8.4.2

                When considering each application, we assess the net regulatory benefit or detriment which would result from granting the relief sought on the conditions proposed and any risks posed by such relief. We will generally grant relief where:

                (a) it has formed the opinion that there is a net regulatory benefit; or
                (b) the regulatory detriment is minimal as the relief sought does not conflict with the policy intent of the Rule and the applicant has demonstrated that the associated risks would be adequately mitigated if relief was granted.

              • 8.4.3

                Relief will be given to overcome the disproportionate effects of Rules in exceptional cases, the anomalous effects of Rules in unique cases for which they were not created, and the unforeseen side effects of Rules.

                For example, changes in international standards may result in unforeseen differences between the Rules and the new standards. While the Rules would ordinarily adapt over time to reflect such changes, an Authorised Person or Recognised Body may seek a waiver or modification of a specific Rule to accommodate the evolution of the international standard. This may also represent a scenario where we may publish a notice to be made available to other affected persons within the ADGM upon their consent. Similarly, where material changes to a Rule may make it impractical for Authorised Persons or a Recognised Body to comply immediately, a request for a temporary waiver or modification may be granted.

              • 8.4.4

                We may impose such conditions on relief as it may see fit, and a notice may specify that the relevant waiver or modification may be available for only a specified period of time, after which time it will cease to apply.

              • 8.4.5

                If we decide not to grant relief, it will give reasons for the decision. An applicant may withdraw its application for relief at any time up until notification of our decision has been given to the applicant. In doing so, the applicant should give reasons for the withdrawal of the application.

            • 8.5 8.5 Publication of waivers and modifications

              • 8.5.1

                We will publish all Directions concerning waivers and modifications unless we are satisfied that it is inappropriate or unnecessary to do so.

              • 8.5.2

                We will publish all Directions concerning waivers and modifications in such a way that we consider appropriate for bringing the notice to the attention of:

                (a) those likely to be affected by it, such as clients of the applicant; and
                (b) others who may be likely to be affected by the same Rule and may seek a similar waiver or modification.

              • 8.5.3

                The principal method of publication of waivers and modifications Directions is by publication on our webpage. The fundamental principle behind publication is transparency. This allows any person dealing with the applicant, for example, its clients and competitors, to know to what extent the relevant provisions apply to the applicant.

              • 8.5.4

                If an applicant believes that it is inappropriate or unnecessary for us to publish the relief, or to publish it after a delay, or without disclosing the identity of the applicant, it should make this clear in its application. Decisions not to grant relief will not be published by us.

            • 8.6 8.6 Withdrawal or variation of waivers and modifications

              • 8.6.1

                Under section 9(5) of the FSMR, we may:

                (a) revoke a Direction; or
                (b) on the application of, or with the consent of, the Person to whom it applies, vary a Direction.

            • 8.7 8.7 Enforcement of waivers and modifications

              • 8.7.1

                If a Direction under section 9 of the FSMR states that a Rule is to apply to the applicant with modifications, then a contravention of the modified provision could lead to us taking enforcement action.

              • 8.7.2

                If relief is given subject to a condition, the relief will not apply to activities conducted in breach of the condition. Further, those activities, if in breach of the original provision, could lead to enforcement action.

            • 8.8 8.8 Expiry and extension of current waivers and modifications

              • 8.8.1

                Where relief has been granted for a limited period of time (see paragraph 9.4.4) it is the responsibility of the Person to whom the notice applies to monitor any expiry date.

              • 8.8.2

                There is no automatic renewal process for any relief granted by us for a limited period of time.

              • 8.8.3

                It is the responsibility of the person to whom a time-limited Direction applies to notify us within a reasonable period in advance of the expiry of the Direction of their intention to apply for an extension of the relief or explain how they intend to comply with the original Rule.

              • 8.8.4

                Notification should be made through the same contact point as described above, namely either the assigned supervisory contact, the dedicated contact portal or the Supervisory Division.

              • 8.8.5

                We will consider every application for extension of the term of the Direction in the same manner as an initial application and will not necessarily grant extensions as a matter of course.

        • FSRA Confidentiality Policy [18 April 2019]

          • Guidance — Regulatory Framework for Private Financing Platforms [10 September 2018]

            Click herehere to view PDF

            • 1. 1. Dealing With Confidential Information

              • 1.1 1.1 Introduction

                • 1.1.1

                  This Confidentiality Policy provides guidance concerning the obligations and requirements on the Financial Services Regulatory Authority (the "Regulator") when using and disclosing non-public information provided by third parties in the course of regulating financial services in the Abu Dhabi Global Market ("ADGM"). Unless expressly provided in this Confidentiality Policy, definitions for capitalized terms may be found in the Financial Services Markets Regulations (2015) (the "FSMR").

              • 1.2 1.2 Regulatory Approach

                • 1.2.1

                  When dealing with Confidential Information, the Regulator employs best practice, consistent with international standards set by organisations such as the Basel Committee on Banking Supervision ("BCBS"), the International Organisation of Securities Commissions ("IOSCO"), the Financial Action Task Force ("FATF") and the Islamic Financial Services Board ("IFSB").

                • 1.2.2

                  With the application of international best practice standards, the Regulator is obligated to:

                  (a) ensure compliance with and enforce applicable financial services legislation, consistent with the Basel Core Principles for Effective Banking Supervision, the IOSCO Objectives and Principles of Securities Regulation and the FATF Recommendations on combating money laundering, the financing of terrorism and proliferation of weapons of mass destruction;
                  (b) assist financial services regulators in other jurisdictions to the best possible extent regarding co-operation and the exchange of Confidential Information consistent with the obligations contained and in the manner prescribed in the IOSCO Multilateral Memorandum of Understanding;
                  (c) use all reasonable efforts to ensure that neither ADGM regulations nor foreign laws relating to confidentiality and secrecy prevent the Regulator from gathering, protecting or disclosing Confidential Information where required for lawful regulatory purposes;
                  (d) limit the disclosure of Confidential Information to other financial services regulators and enforcement agencies to the extent required for ensuring compliance with, and enforcement of, applicable financial services and criminal legislation;
                  (e) to adopt and implement internal control systems and procedures for the handling, storing, processing and securing of Confidential Information that meet international best practices; and
                  (f) to comply with all applicable laws and ADGM regulations which govern the Regulator's collection and dissemination of Confidential Information.

              • 1.3 1.3 Applicable legislation

                • 1.3.1

                  The main legislative provisions governing the use of Confidential Information by the Regulator are set out in Abu Dhabi Law No. (4) of 2013, Part 16 of the FSMR, the Data Protection Regulations (2015) and the UAE Penal Code (Federal Law No. (3) of 1987).

            • 2. 2. Regulatory Powers To Obtain Confidential Information

              • 2.1 2.1 Background

                • 2.1.1

                  The Regulator may be provided with information which is confidential in two ways:

                  (a) voluntarily (that is, information obtained on a voluntary basis); and
                  (b) under compulsion, including through:
                  i. the exercise of the Regulator's supervisory and investigative powers (see section 2.2 below); and
                  ii. the exercise of the Regulator's information gathering powers at the request, and on behalf, of Non-ADGM Regulators (see section 2.3 below).

              • 2.2 2.2 Regulator's Supervisory and Investigative Powers

                • 2.2.1

                  The Regulator has comprehensive powers under the FSMR to carry out its duties and responsibilities. These include the power to require reports, conduct on-site inspections of business premises of authorised entities within the ADGM, interview individuals, as well as compel the production of documents, testimony and other information — see, for example, sections 201 and 206 of the FSMR.

                • 2.2.2

                  The Regulator has in place internal procedures to monitor and manage access to and the use of Confidential Information and documents obtained during the course of its regulatory activities. These procedures include the use of manual and electronic document storage and retrieval systems.

                  For example, the Regulator limits access to confidential documents obtained to those members of the Regulator's staff engaged with the relevant matter to which the documents are related by use of secure filing of physical documents and restricted computer drives containing confidential documents in electronic form.

                • 2.2.3

                  The Regulator may obtain information relating to regulated entities from third parties including intermediaries and companies that perform outsourced functions for regulated entities.

                • 2.2.4

                  As the Regulator's mandate is to regulate all financial services provided in and from the ADGM, the Regulator has broad access to compel the disclosure of Confidential Information from individuals and firms participating in or connected to the provision of financial services in or from the ADGM. This includes, without limitation, all market participants, listed companies, reporting entities and their respective officers and directors.

                  For example, an ADGM-based fund manager which manages a fund organized in and sold to investors in a foreign jurisdiction will be subject to the jurisdiction of the Regulator and all books and records relating to the fund and its unitholders will be subject to examination by the Regulator upon request.

              • 2.3 2.3 Powers to cooperate with, assist and support Non-ADGM Regulators

                • 2.3.1

                  The Regulator may also exercise its information gathering powers at the request, and on behalf, of regulators and authorities in other jurisdictions, solely to assist them in performing their regulatory or enforcement functions.

                  Amended on (18 April, 2019).

                • 2.3.2

                  The following sections of the FSMR give the Regulator specific authority to exercise some of its specific powers on behalf of other authorities:

                  (a) section 215 enables the Regulator to co-operate with other persons (in ADGM or elsewhere) who have functions (i) similar to those of the Regulator or (ii) in relation to the prevention or detection of Financial Crime. Co-operation may include the sharing of information which the Regulator is not prevented from lawfully disclosing;
                  (b) section 216 gives the Regulator specific authority to exercise its Own-Initiative Powers at the request, or on behalf, of Non-ADGM Regulators; and
                  (c) section 217 gives the Regulator specific authority to exercise its Investigative Powers at the request of Non-ADGM Regulators. In deciding whether or not to exercise its Investigative Powers, section 217(2) sets out a non-exhaustive list of factors that the Regulator may take into account.

                • 2.3.3

                  If the Regulator decides to exercise its powers at the request, or on behalf, of a Non-ADGM Regulator, Confidential Information gathered as result of the Regulator exercising its powers under sections 215, 216 or 217 can only be disclosed to that Non-ADGM Regulator in accordance with the provisions of sections 198 or section 199 of the FSMR.

                  Amended on (18 April, 2019).

            • 3. 3. Regulator's Obligation Of Confidentiality

              • 3.1 3.1 Background

                • 3.1.1

                  The Regulator's powers to obtain, use and disclose Confidential Information in order to discharge its functions and powers are subject to statutory limitations. These protections exist to protect individual privacy and to assure regulated firms and individuals that any Confidential Information they provide to the Regulator will be dealt with in confidence and used only for lawful purposes.

                  Amended on (18 April, 2019).

              • 3.2 3.2 Overriding Duty of Confidentiality

                • 3.2.1

                  The Regulator must keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, subject to the exceptions set out in section 3.3 below.

                • Abu Dhabi Law No. (4) of 2013

                  • 3.2.2

                    This duty of confidentiality is set out in Article 12 of Abu Dhabi Law No. (4) of 2013 and requires the Regulator to keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, unless disclosure is permitted in accordance with ADGM regulations.

                  • 3.2.3

                    The relevant ADGM regulations impacting on the Regulator's duty of confidentiality are the FSMR and the Data Protection Regulations 2015.

                • FSMR

                  • 3.2.4

                    Similarly to the duty of confidentiality in Abu Dhabi Law No. (4) of 2013, section 198 of the FSMR also prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of it, subject to exceptions set out in section 3.3 below.

                    Amended on (18 April, 2019).

                • Data Protection Regulations 2015

                  • 3.2.5

                    Certain duties and obligations contained within the Data Protection Regulations 2015 apply to the Regulator when dealing with personal data, concerning accuracy and the duty to ensure security of processing when personal data is being collected and maintained.

                  • 3.2.6

                    The Regulator is excused from certain obligations set out in the Data Protection Regulations in circumstances where compliance with such duties would be likely to prejudice the proper discharge of the Regulator's powers or functions to protect the public from financial loss due to improper conduct, unfitness or incompetence of persons engaging in offering financial services.

                • The UAE Penal Code (Federal Law No. (3) of 1987)

                  • 3.2.7

                    As the UAE criminal laws apply in the ADGM, Article 379 of the UAE Penal Code provides for criminal penalties for disclosure of Confidential Information in cases other than those lawfully permitted. Public officials, or those persons in charge of a public service, are subject to more severe penalties than the general persons for unlawful disclosure of Confidential Information — namely, imprisonment of up to five (5) years.

                • Regulator's internal practices and procedures

                  • 3.2.8

                    The above-mentioned statutory obligations requiring all Regulator's employees, agents and independent contractors to keep all Confidential Information confidential is further reinforced by requiring all Regulator's employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause.

              • 3.3 3.3 Exceptions to the Duty of Confidentiality

                • With prior consent under section 198(1) of FSMR

                  Amended on (18 April, 2019).

                  • 3.3.1

                    Section 198(1) prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of Confidential Information unless they have the prior consent of—

                    (a) the person from whom the Confidential Information was obtained; and,
                    (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)).
                    Amended on (18 April, 2019).

                • The exceptions under section 199(1) of FSMR

                  • 3.3.2

                    Section 199 of the FSMR provides certain exceptions from the overriding restriction on disclosure of Confidential Information in section 198. Specifically, subsection 199(1) enables the Regulator to disclose Confidential Information for the purpose of facilitating the carrying out of a Public Function, subject to section 199(2), if the disclosure is —

                    (a) permitted or required under any enactment applicable to the Regulator, including, for the avoidance of doubt, any applicable international obligations; or
                    (b) made to —
                    (i) the ADGM Registrar of Companies;
                    (ii) a Non-Abu Dhabi Global Market Regulator;
                    (iii) a governmental or regulatory authority exercising powers and performing functions relating to anti-money laundering, counter-terrorist financing or sanctions compliance, whether in the ADGM or otherwise;
                    (iv) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services, whether in the ADGM or otherwise;
                    (v) a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings;
                    (v) a civil law enforcement agency or body, whether in the Abu Dhabi Global Market, U.A.E or otherwise;
                    for the purpose of assisting the performance by any such person of its functions and powers; or
                    (c) made in good faith for the purposes of the exercise of the functions and powers of the Regulator or in order to further the Regulator's objectives.
                    Amended on (18 April, 2019).

                  • 3.3.3

                    The provisions in section 199(2) relate specifically to Confidential Information originating in another governmental or regulatory authority, or Confidential Information that is CRD Information, and provide for and are consistent with the exchange of information and professional secrecy requirements in the European Union's Capital Requirements Directive. For the purposes of section 199(2):

                    (a) 'CRD Information' is defined as Confidential Information received or obtained by the Regulator from the EEA Competent Authority by virtue of the Capital Requirements Directive; and
                    (b) 'EEA Competent Authority' means a public authority or body officially recognised by national law of a jurisdiction within the EEA and empowered by that national law to supervise institutions as part of the supervisory system.
                    Added on (18 April, 2019).

                  • 3.3.4

                    Section 199(2) provides that paragraphs 198(1)b)(i), (ii), (iii), (iv), (vi) and 1(c) do not permit the Regulator to disclose this Confidential Information unless—

                    (a) the governmental or regulatory authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
                    (b) where the Confidential Information is CRD Information:
                    (i) the EEA Competent Authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
                    (ii) if such consent was given for a particular purpose, the disclosure by the Regulator is solely for that purpose.
                    Added on (18 April, 2019).

                • Disclosure to a criminal law enforcement agency

                  • 3.3.5

                    Importantly, disclosure of Confidential Information by the Regulator to a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings under paragraph 199(1)(b)(v) is not subject to the requirements under section 199(2).

                    Added on (18 April, 2019).

              • 3.4 3.4 Admissibility of compelled testimony in criminal proceedings

                • 3.4.1

                  In addition to the overriding duty of confidentiality set out in section 198, section 207(2) of the FSMR prohibits the Regulator from disclosing a statement made by a person to an investigator at an interview conducted pursuant to section 206(1)(a) to any law enforcement agency for the purpose of criminal proceedings against that person unless:

                  (a) the person consents to the disclosure; or
                  (b) the Regulator is required by law or court order to disclose the statement.

              • 3.5 3.5 The effect of foreign secrecy laws

                • 3.5.1

                  Foreign banking secrecy laws lack extraterritorial effect and thus do not apply in the ADGM; entities regulated by the Regulator and their clients are not prevented from complying with obligations to disclose information related to financial services activities conducted in or from the ADGM.

                • 3.5.2

                  Similarly, a request from the Regulator for disclosure of confidential client account information (if the client's business is booked, held, serviced and managed exclusively in a foreign jurisdiction) shall be governed by and be subject to the secrecy laws, if any, of that jurisdiction.

              • 3.6 3.6 Criminal prosecutions in the UAE Courts [Deleted]

                • 3.6.1 [Deleted]

              • 3.7 3.7 The effect of foreign secrecy laws [Deleted]

                • 3.7.1 [Deleted]

                • 3.7.2 [Deleted]

            • 4. 4. Disclosure Of Confidential Information

              • 4.1 4.1 Making a request for disclosure of Confidential Information

                • 4.1.1

                  Every request to disclose Confidential Information, will be assessed by the Regulator on a case-by-case basis, whether this information was obtained voluntarily, in the course of the Regulator exercising its own functions and powers or exercising its powers on behalf of other authorities.

                  Amended on (18 April, 2019).

                • 4.1.2

                  In deciding whether to comply with a request to disclose Confidential Information, the Regulator would satisfy itself that there are legitimate reasons for the request and that the authority requesting the information has the appropriate policies and procedures in place for dealing with Confidential Information.

                  Amended on (18 April, 2019).

                • 4.1.3

                  Section 199(3) of the FSMR enables the Regulator to, among other things:

                  (a) impose conditions on the information disclosed, which may relate to, among other things, the obtaining of consents or, where appropriate, subjecting information received to restrictions on disclosure that are at least equivalent to those set out in section 198, per paragraph 199(3)(a); and
                  (b) restrict the uses to which the Confidential Information disclosed may be put.
                  Added on (18 April, 2019).

                • 4.1.4

                  Where the disclosure by the Regulator is made subject to conditions, the person to whom the Confidential Information has been disclosed may not use the Confidential Information in breach of any such condition, as set out in section 199(4) of the FSMR.

                  Added on (18 April, 2019).

              • 4.2 4.2 Disclosure to governmental and regulatory authorities in section 199 of the FSMR

                Amended on (18 April, 2019).

                • 4.2.1

                  Section 199(1)(b) gives the Regulator specific authority to disclose Confidential Information to the authorities listed therein so that they may properly carry out their function, subject to section 199(2).

                  Amended on (18 April, 2019).

                • 4.2.2

                  Where the Confidential Information (in whole or in part) originates in another governmental or regulatory authority, the Regulator may only disclose that Confidential Information in accordance with section 199(2), as set out in paragraphs 3.3.3 – 3.3.4 above, subject to paragraph 3.3.5.

                  Amended on (18 April, 2019).

                • 4.2.3

                  As set out in paragraphs 4.1.3 and 4.1.4 above, in disclosing any Confidential Information under section 199(1), the Regulator may require the requesting authority to comply with certain conditions or agree to restrict the uses to which the Confidential Information may be put, insofar as the Regulator considers appropriate.

                  Amended on (18 April, 2019).

                • 4.2.4

                  In addition, should a memorandum of understanding be in place between the Regulator and a Non-ADGM Regulator concerning the sharing of Confidential Information, subject to the limitations contained in the FSMR, the Regulator will conduct itself in accordance with section 199(2) and the terms of such memorandum of understanding. For example, the Regulator may include a provision that each party's consent is required to be obtained prior to disclosing any Confidential Information to a third party (unless the information is required for the purpose of a criminal investigation or criminal proceedings, as discussed in paragraph 3.3.5).

                  For example, on receipt of a legitimate request for Confidential Information in possession of the Regulator from a Non-ADGM Regulator ("the requestor"), made for the purpose of facilitating the carrying out of a Public Function, the Regulator:

                  a) may disclose the Confidential Information to the requestor subject to conditions, including that:—
                  i. the requestor may only use the Confidential Information for their own lawful purpose as identified in the request;
                  ii. the requestor may not voluntarily disclose the Confidential Information to a third party (including other regulatory entities in their home jurisdiction) without the further consent of the Regulator; and
                  iii. if the requestor is compelled to disclose the Confidential Information by court order or subpoena, it must give notice to the Regulator prior to disclosure unless such notice would violate applicable laws.
                  b) will generally not notify affected parties of the request for Confidential Information. Notice to the affected party/parties will only be considered where such notification would not be contrary to the public interest and would not frustrate or prejudice the purpose of the disclosure to the requestor.
                  Amended on (18 April, 2019).

                • 4.2.5

                  When the Regulator receives a request from an authority to disclose Confidential Information (other than compelled testimony – see paragraph 4.5), the Regulator will generally comply with such request if made in good faith for the specific purpose of fulfilling the performance of the requesting party's functions and powers, as contemplated by section 199(1).

                  Added on (18 April, 2019).

              • 4.3 4.3 Disclosure for use in civil litigation

                • 4.3.1

                  In other circumstances, such as where Confidential Information is sought by a party other than a governmental or regulatory authority, such as, for example, as evidence for use in civil litigation, the Regulator will require prior consent of—

                  (a) the person from whom the Confidential Information was obtained; and,
                  (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)),
                  consistent with its general duty of confidentiality, as contemplated by section 198(1) of the FSMR.

                  Amended on (18 April, 2019).

                • 4.3.2

                  The Regulator will, to the extent permitted by applicable law, provide the person whose interests are likely to be adversely affected by the proposed disclosure with the information necessary to enable the person to make submissions to the Regulator. These may include the following:

                  (a) whether the factual and legal conditions justifying the disclosure are met;
                  (b) the scope of the disclosure of Confidential Information; and
                  (c) whether any conditions should apply to the disclosure.

                • 4.3.3

                  If a person would be adversely affected by the proposed disclosure of Confidential Information and the purpose for the request is to use the information in civil proceedings in the ADGM Court, the person requesting the Confidential Information would be required to obtain an order of the ADGM Court compelling the Regulator to disclose the Confidential Information.

                • 4.3.4

                  Upon receipt of such an order, the Regulator would generally notify the person adversely affected by the proposed disclosure of Confidential Information of this so that the person has an opportunity to challenge the request according to the rules of the Court.

                • 4.3.5 [Deleted]

              • 4.4 4.4 Disclosure to a court

                • Civil proceedings in the ADGM Court

                  • 4.4.1

                    The ADGM Court's enabling legislation, Abu Dhabi Law No. (4) of 2013, gives it exclusive judicial jurisdiction in the ADGM and over ADGM bodies, including the Regulator. Therefore, the Regulator may be obliged to disclose Confidential Information if it is compelled to do so under an order from the ADGM Court.

                  • 4.4.2

                    If the Regulator is required to disclose Confidential Information received from a government or Regulatory Authority (for example, information received under a Memorandum of Understanding), the Regulator will ordinarily:

                    (a) notify the Regulatory Authority that provided the Confidential Information of the receipt of the legally enforceable demand, in accordance with section 199(2); and
                    (b) where appropriate, assert any legal rights or privileges to protect the Confidential Information (for example, Public Interest Immunity — see paragraph 4.6 below).

                • Criminal prosecutions in the UAE Courts

                  • 4.4.3

                    All activities in the ADGM remain subject to UAE criminal laws by virtue of the Federal Law No. 8 of 2004 concerning Financial Free Zones. Accordingly, the Regulator is obliged, under Article 78, Part 2 of the UAE Penal Procedures Law (Federal Law No. 35) of 1992, to comply with any legally enforceable demand or order from a competent authority responsible for administering the criminal laws of the UAE. This includes orders or demands to disclose Confidential Information.

                  • 4.4.4

                    As in the case of legally enforceable demands in civil or commercial matters discussed at paragraph 4.4.2 above, the Regulator will, where appropriate, assert any legal rights or privileges to protect the Confidential Information and resist disclosure (for example, Public Interest Immunity – see paragraph 4.6 below).

              • 4.5 4.5 Compelled testimony in criminal proceedings

                • 4.5.1

                  If the Regulator receives a request from a law enforcement agency for a person's answers in an interview conducted under section 206(1)(a) of the FSMR for the purpose of criminal proceedings against the person, the Regulator will, in accordance with section 207(2) of the FSMR, generally notify the person concerned of such request (so that the person has an opportunity to either consent to the disclosure or challenge the request), unless the Regulator is required by law or court order to disclose the statement.

              • 4.6 4.6 Public Interest Immunity

                • 4.6.1

                  Public Interest Immunity ("PII") is an immunity from the production of documents or information where their disclosure would be against the public interest. PII is a common law doctrine, developed to allow the courts to reconcile any potential conflict between the following two public interests—

                  (a) the interest in the administration of justice which demands that relevant material is available to the parties to litigation; and
                  (b) the interest in maintaining the confidentiality of certain documents whose disclosure would be damaging to the public interest.

                • 4.6.2

                  When a PII claim is asserted, a court would be required to balance between whether the public interest in disclosing certain information is outweighed by the public interest in preserving the confidentiality of that information.

                • 4.6.3

                  A claim of PII, for example, may be appropriate in the circumstances where disclosure would prejudice or otherwise unduly interfere with the Regulator's ability to perform its functions and exercise its powers (including if the disclosure would adversely affect its ability to cooperate with and receive Confidential Information from other Regulatory Authorities).

          • Supplementary Guidance — Authorisation for Dealing Activities

            Click herehere to view PDF

          • Supplementary Guidance — Authorisation for Investment Management Activities

            Click herehere to view PDF

            • Supplementary Guidance — Authorisation for Dealing Activities [21 October 2015]

              • 1. 1. Purpose

                • 1.1

                  This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR, the ADGM Rulebook and other applicable Rules.

                • 1.2

                  The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Dealing in Investments as Principal, Dealing in Investments as Agent, or Arranging Deals in Investments (collectively referred to as "Dealing Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant.

                • 1.3

                  Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

              • 2. 2. Consideration and Assessment of Applications

                • 2.1

                  As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:

                  (a) has adequate and appropriate resources, including financial resources;
                  (b)is fit and proper;
                  (c) is capable of being effectively supervised; and
                  (d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

                • 2.2

                  In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without relevant track record may seek authorisation to conduct Dealing Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.


                  1 A "Start-up" entity is:

                  (a) any newly set up business entity which is not part of a Group subject to financial services regulation; or
                  (b) any existing business entity which, or whose Group is not subject to financial services regulation.

                • 2.3

                  The Regulator will apply a risk-based assessment according to the categories of dealers ("Dealers") as set out in Table 1 below. The applicant should ensure that the category it chooses accommodates its needs over a reasonable timeframe.

                  Table 1 — Categories of Dealers

                  Category Permissible Activities
                  Retail Dealer Dealing in investments with or for all types of Clients, including Retail Clients.
                  Institutional Dealer Dealing in investments only with or for Professional Clients in the ordinary course of business.
                  Restricted Dealer Dealing in investments only with or for Professional Clients and:
                  •   does not carry any customers' positions or accounts on its own books2; and
                  •   does not receive, hold or control Client Assets.

                  2 This includes any intra-day positions pending settlement or undertaking of settlement risks.

              • 3. 3. Minimum Criteria for Authorisation

                • 3.1

                  Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the dealing or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.

                • 3.2

                  To be a Retail Dealer, the applicant should have a total Group shareholders' funds of at least US$200 million.

                • 3.3

                  Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.

                • 3.4

                  Competency of Key Individuals — A Dealer should ensure that the minimum competency criteria, set out in Appendix 1, are met.

                • 3.5

                  Capital Requirements — As set out in section 3 of the PRU Rulebook, a Dealer must meet the following minimum capital requirements:

                  Table 2 — Capital Requirement

                  Category Capital Requirement
                  Retail Dealer / Institutional Dealer (Dealing as principal)
                  (a)Base Capital Requirement of US$2,000,000;
                  (b)Expenditure-Based Capital Minimum; or
                  (c)Risk Capital Requirement; whichever is higher.
                  Retail Dealer / Institutional Dealer (Dealing as agent)
                  (a)Base Capital Requirement of US$500,000;
                  (b)Expenditure-Based Capital Minimum; or
                  (c)Risk Capital Requirement; whichever is higher.
                  Restricted Dealer3
                  (a)Base Capital Requirement of US$10,000; or
                  (b)Expenditure-Based Capital Minimum; whichever is higher.

                  The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.


                  3 As set out in section 6.12 of the PRU Rulebook, a Restricted Dealer shall maintain PII cover appropriate to the nature, size, and risk profile of its business. We may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.

                • 3.6

                  Compliance Arrangements — A Dealer shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Dealer's Senior Executive Officer ("SEO") and Board of Directors.

                • 3.7

                  Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Dealer. It should be segregated from and independent of the front office function. The Dealer should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.

                • 3.8

                  Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Dealer, an internal audit team from the head office of the Dealer, or outsourced to a third party service provider, as set out in Appendix 3.

                  Appendix 1 — Minimum Competency Criteria

                    Restricted Dealer Institutional Dealer Retail Dealer
                  (i) Number of Licensed Directors:

                  A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.

                  Minimum years of relevant experience#:

                  Of these Directors,

                  •   Number of executive Directors:

                  Executive Directors are employed full-time in the day-to-day operations of the company and should be resident in the U.A.E.
                  •   Minimum years of relevant experience# of Senior Executive Officer ["SEO"]:

                  The SEO is a Controlled Function set out in GEN 5.3.2.
                  At least 2

                  5 years

                  At least 1

                  5 years
                  At least 2*

                  5 years

                  At least 1

                  5 years
                  At least 2*

                  5 years

                  At least 1

                  10 years
                  (ii) Number of Approved Persons residing in the U.A.E:

                  Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and SEO of the Dealer.

                  Minimum years of relevant experience#:
                  At least 2

                  5 years
                  At least 2

                  5 years
                  At least 3

                  5 years
                  (iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:

                  Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Dealer.
                  At least 2 At least 2 At least 3

                  #: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Dealer. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting Dealing Activities on behalf of customers. Directors/Parnters, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.

                  *: For a Dealer that is deemed as high impact or systemically important, the Regulator may require the Dealer to have at least more than 2 directors.

                  •   The following are examples where the Regulator would consider a Restricted/Institutional Dealer as having met the minimum competency criteria:

                  Example 1

                  The Dealer has two executive resident directors, one of whom is the SEO, who is responsible for dealing function. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and risk management (i.e. not engaged in regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Dealer will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional on the dealing desk. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.

                  Example 2

                  The Dealer has two executive directors as dealers. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in dealing activities. One of the directors is the SEO. The Dealer should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.

                  Example 3

                  The Dealer in ADGM ("ADGM Dealer") is a subsidiary of a foreign-based Dealer who is regulated in its home jurisdiction. The ADGM Dealer has one resident executive director appointed as the SEO, who has 5 years of relevant experience and heads the dealing function. The ADGM Dealer has another director based overseas. The ADGM Dealer will meet the criteria if it employs an additional resident full-time employee/professional to conduct dealing activities, and this employee will be required to have at least five 5 years of relevant experience.

                  Appendix 2: Minimum Compliance Arrangements

                  Category Compliance Arrangements
                  Retail Dealer
                  •   The Dealer should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.
                  •   Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel.
                  Institutional Dealer
                  •   The Dealer should have an independent compliance function with staff who are suitably qualified and independent from the front office.
                  •   The Dealer may, depending on the size and scale of the business:
                  (i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or
                  (ii) engage an external service provider to support its compliance arrangements. The Dealer should ensure that the service provider is competent and familiar with the regulatory requirements for Dealers in ADGM. The service provider should be able to provide meaningful onsite presence at the Dealer.
                  In either case, the Dealer should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement;
                  Restricted Dealer

                  Appendix 3 — Internal Audit Arrangements

                  Category Internal Audit Arrangements
                  Retail Dealer
                  •   The Dealer should have an independent and dedicated internal audit function.
                  •   The internal audit function may be undertaken by an internal audit team within the Dealer, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.
                  Institutional Dealer
                  •   The internal audit function may be undertaken by an internal audit team within the Dealer independent from the business functions, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.
                  •   Where the Dealer does not have a dedicated internal audit function, the adequacy of the Dealer's internal audit arrangements should be assessed against the context of the Dealer's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by other control functions such as risk management and compliance.
                  Restricted Dealer
                  •   The SEO and Board of the Dealer are ultimately responsible for ensuring there are adequate internal controls within the Dealer and should take reasonable measures to ensure that the internal controls are complied with.

            • Supplementary Guidance — Authorisation for Investment Management Activities [10 April 2017]

              • Supplementary Guidance — Authorisation of Digital Investment Management ("Robo-advisory") Activities [16 July 2019]

                Click herehere to view PDF

                • 1. 1. Purpose

                  • 1.1

                    This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the ADGM Rulebooks.

                  • 1.2

                    The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Managing Assets or Managing a Collective Investment Fund (collectively referred to as "Investment Management Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant. The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

                  • 1.3

                    Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

                • 2. 2. Consideration and Assessment of Applications

                  • 2.1

                    As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:

                    (a) has adequate and appropriate resources, including financial resources;
                    (b)is fit and proper;
                    (c) is capable of being effectively supervised; and
                    (d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

                  • 2.2

                    In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without investment management track record may seek authorisation to conduct Investment Management Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.


                    1 A "Start-up" entity is:

                    (a) any newly set up business entity which is not part of a Group subject to financial services regulation; or
                    (b) any existing business entity which, or whose Group is not subject to financial services regulation.

                  • 2.3

                    The Regulator will apply a risk-based assessment according to the categories of investment management companies ("Manager") as set out in Table 1 below.

                    Table 1 — Categories of Managers

                    Category Permissible Activities
                    Retail Manager Carrying on business in investment management activities with all types of Clients, including Retail Clients.
                    Restricted Manager Carrying on business in investment management activities with Professional Clients only, without restriction on the number of Professional Clients.
                    Start-up Manager Carrying on business in investment management with no more than 30 Professional Clients (which may be in the form of funds or other investment vehicles) and the total value of the assets under management ("AUM")2 does not exceed US$250 million.

                    2 In determining the value of the AUM:

                    (a) Moneys committed by investors but not drawn down should be excluded from the Manager's AUM.
                    (b) AUM should be based on the net value of the assets being managed. Any leverage to which the managed assets are exposed should be excluded from the Manager's AUM.

                  • 2.4

                    For the purpose of the clientele restrictions, a "look through" approach is adopted. For instance, an investment vehicle that is not wholly owned by Professional Clients or in which not all the beneficiaries are Professional Clients will not qualify as a Professional Client. Restricted and Start-up Managers should not target Retail Clients through the use of investment structures that circumvent clientele class restrictions.

                • 3. 3. Minimum Criteria for Authorisation

                  • 3.1

                    Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the investment management or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.

                  • 3.2

                    To be a Retail Manager, the applicant should have a total Group AUM of at least US$1 billion.

                  • 3.3

                    Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.

                  • 3.4

                    Competency of Key Individuals — A Manager should ensure that the minimum competency criteria, set out in Appendix 1, are met.

                  • 3.5

                    Capital Requirements — As set out in section 3 of the PRU Rulebook, a Manager must satisfy a Base Capital Requirement or Expenditure-Based Capital Minimum, whichever is higher.

                    The table below sets out the Base Capital Requirement for the different categories of Managers.

                    Regulated Activity Base Capital Requirement
                    Managing Assets US$250,000
                    Managing a Public Fund US$150,000
                    Managing an Exempt Fund or Qualified Investment Fund US$50,000

                    The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.

                    Use of shareholders' loans to meet Capital Requirements. Under current rules, the Capital Requirement of a Manager can only be met by certain forms of capital instruments. Recognising that Managers in general have relatively simple capital structures, the Regulator may consider granting a waiver to allow Managers who do not hold client money to use shareholders' loans as eligible capital resources to meet Capital Requirement exceeding the BCR, subject to appropriate ring-fencing conditions.

                  • 3.6

                    Compliance Arrangements — A Manager shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Manager's Senior Executive Officer ("SEO") and Board of Directors.

                  • 3.7

                    Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Manager. It should be segregated from and independent of the investment management function. The Manager should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.

                  • 3.8

                    Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Manager, an internal audit team from the head office of the Manager, or outsourced to a third party service provider, as set out in Appendix 3.

                  • 3.9

                    Independent Custody — A Manager should ensure that assets under management are subject to independent custody3. The independent custodians should be suitably authorised in their respective jurisdictions.


                    3 Unless otherwise provided in the Rules.

                  • 3.10

                    Valuation & Reporting — A Manager should ensure that assets under management are subject to independent valuation and customer reporting. The Manager may have:

                    (a) a third party service provider, such as a fund administrator or custodian, perform the valuation; or
                    (b)an in-house asset valuation function4 that is segregated from the investment management function. Such arrangements may be adopted within larger financial services groups where there are sufficient resources and internal controls to provide for effective segregation of both functions.

                    The annual audit performed by the independent auditor is intended to serve as a periodic check on the valuation of the assets. Taken on its own, the annual audit will not fulfil the requirement for independent valuation.


                    4 Unless otherwise required in the Rules, e.g. Fund Managers of Property Funds pursuant to the FUNDS Rulebook.

                  • 3.11

                    Professional Indemnity Insurance ["PII"] — As set out in section 6.12 of the PRU Rulebook, a Manager shall maintain PII cover appropriate to the nature, size, and risk profile of the Manager's business. A Retail Manager should obtain a minimum PII coverage as set out in Appendix 4. For Restricted and Start-up Managers, we may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.

                    Appendix 1 — Minimum Competency Criteria

                      Start-Up Manager Restricted Manager Retail Manager
                    (i) Number of Licensed Directors:

                    A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.

                    Of these Directors,

                    •   Minimum years of individual relevant experience#:
                    •   Number of Directors resident in the U.A.E.
                    At least 2

                    5 years

                    At least 1
                    At least 2*

                    5 years

                    At least 1
                    At least 2*

                    5 years

                    At least 1
                    (ii) Number of Approved Persons residing in the U.A.E:

                    Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and Senior Executive Officer ["SEO"] of the Manager.

                    Minimum years of relevant experience#:
                    At least 2

                    5 years
                    At least 2

                    5 years
                    At least 3

                    5 years
                    (10 years for the SEO)
                    (iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:

                    Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Manager.
                    At least 2 At least 2 At least 3

                    #: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Manager. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting regulated activities in respect of discretionary portfolio management activities. Relevant experience may also include sector experience (e.g. corporate strategy and management of businesses), particularly for private equity and venture capital Managers. Directors/Partners, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.

                    *: For a Manager that is deemed as high impact or systemically important, the Regulator may require the Manager to have more than 2 directors.

                    •   The following are examples where the Regulator would consider a Start-up/Restricted Manager as having met the minimum competency criteria:

                    Example 1

                    The Manager has two resident Licensed Directors, one of whom is the SEO, who is responsible for the conduct of investment management activities. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and reporting (i.e. not conducting a regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Manager will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional, who will conduct investment management activities. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.

                    Example 2

                    The Manager has two Licensed Directors conducting investment management activities. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in investment management. One of the directors is the SEO. The Manager should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.

                    Example 3

                    The Manager in ADGM ("ADGM Manager") is a subsidiary of a foreign-based Manager who is regulated in its home jurisdiction. The ADGM Manager has one resident Licensed Director appointed as the SEO, who has 5 years of relevant experience and carries out investment management activities. The ADGM Manager has another director based overseas. The ADGM Manager will meet the criteria if it employs an additional resident full-time employee/professional to conduct the investment management activities, and this employee will be required to have at least five 5 years of relevant experience.

                    Appendix 2: Minimum Compliance Arrangements

                    Category Compliance Arrangements
                    Retail Manager
                    •   The Manager should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.
                    •   Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel.
                    Restricted Manager
                    •   A Manager should have an independent compliance function with staff who are suitably qualified and independent from the front office.
                    •   The Manager may, depending on the size and scale of the business:
                    (i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or
                    (ii) engage an external service provider to support its compliance arrangements. The Manager should ensure that the service provider is competent and familiar with the regulatory requirements for Managers in ADGM. The service provider should be able to provide meaningful onsite presence at the Manager.
                    In either case, the Manager should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement;
                    Start-up Manager
                    •   A Start-up Manager should ensure that it has adequate compliance arrangements appropriate to the scale, nature and complexity of its operations. This may take the form of an independent compliance function, compliance support from overseas affiliates and/or use of external service providers that meet the requirements set out above.

                    Appendix 3 — Internal Audit Arrangements

                    Category Internal Audit Arrangements
                    Retail Manager
                    •   The Manager should have an independent and dedicated internal audit function.
                    •   The internal audit function may be undertaken by an internal audit team within the Manager, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.
                    Restricted Manager
                    •   The internal audit function may be undertaken by an internal audit team within the Manager independent from the business functions, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.
                    •   Where the Manager does not have a dedicated internal audit function, the adequacy of the Manager's internal audit arrangements should be assessed against the context of the Manager's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by control functions such as risk management and compliance.
                    Start-up Manager
                    •   The SEO and Board of the Manager are ultimately responsible for ensuring there are adequate internal controls within the Manager and should take reasonable measures to ensure that the internal controls are complied with.

                    Appendix 4 — PII Coverage for Retail Managers

                    •   PII coverage — A Retail Manager should maintain a PII coverage as follows:
                    Min PII Remarks
                    0.15% x AUM
                    (subject to a cap of
                    US$15mil)
                    •   Copy of PII to be submitted to the Regulator on an annual basis.
                    •   Amount of PII deductible should not exceed 20% of the Manager's CET1 Capital.
                    •   Alternative PII — The Regulator may consider alternative forms of PII subject to the following conditions:
                    Type Conditions
                    Group PII
                    •   Minimum coverage to be at least 5 times the required quantum under a standalone non-hybrid PII.
                    •   If the deductible of the Group PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.
                    Hybrid PII
                    •   Sub-limits to be set for the non-PII sections of the hybrid PII.
                    •   Total coverage under the hybrid PII less the sub-limits for the non-PII sections should be at least equivalent to the required quantum under a standalone non-hybrid PII.
                    Group Hybrid PII
                    •   Sub-limits to be set for the non-PII sections of the Group hybrid PII.
                    •   Total coverage of the Group hybrid PII less the sub-limits for the non-PII sections has to be at least 5 times the required quantum under a standalone non-hybrid PII.
                    •   If the deductible of the Group hybrid PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.

              • Supplementary Guidance — Regulatory Framework for Fund Managers of Venture Capital Funds [15 May 2017]

                Click herehere to view PDF