The Dubai Financial Services Authority (DFSA) has published its Business Plan for 2021/22 (the Business Plan) setting out its areas of focus for the upcoming financial year.
Here we provide the key highlights, with particular focus on the matters that are of most relevance to litigators and DFSA-regulated institutions.
Strategic themes for managing risks
The DFSA has set out four strategic themes in respect of managing risks which have arisen or become more prominent as a result of Covid-19:
- Delivery – enhancements to the DFSA’s policy framework, with particular focus on the protection of client assets in order to maintain the integrity of the Dubai International Financial Centre (DIFC) financial services industry.
- Engagement – more active engagement with the regulated community as well as the DFSA’s peer regulators locally and internationally.
- Innovation – continuing to develop and utilise technology advances to address regulatory obligations and challenges, as well as facilitating the development and use of new technology within the DIFC.
- Sustainability – continuing to place a strong focus on the operational resilience of firms, including cyber-security risk.
The DFSA has indicated that it will continue to maintain its enforcement focus on conduct risk (rather than prudential risk), under the following headings.
In April 2020, the Financial Action Task Force published its fourth Mutual Evaluation Report on the UAE. Following that publication, the DFSA is placing greater focus on monitoring financial crime risk and taking enforcement action where required.
The DFSA will continue to assess the adequacy of regulated firms’ AML/CFT systems and controls, including assessing whether firms are taking a risk-based approach so that measures to prevent or mitigate money laundering and terrorist financing risks are commensurate with the identified risks.
The DFSA’s activities are intended to be proportionate where conducted in connection with evolving innovative sectors in the DIFC such as money services businesses (which include mobile technology-enabled payment providers authorised to conduct activities such as Account Information Services, Payment Initiation Services and Peer-to-Peer Payments).
Firms conducting regulated activities without authorisation
Enforcement action against entities engaging in unauthorised regulated activities will be prioritised.
Greater scrutiny will be placed on business models and activities taking place in substance within the DIFC, regardless of legal structure.
Operational resilience/cyber-security risk
As technology becomes ever more central to the operation of the financial markets following the pandemic, the DFSA expects firms to have sufficient safeguards in place to protect against a cyber-attack, while also maintaining appropriate means of responding to one should it occur. Third party service providers will also come under closer scrutiny given their increased usage.
Wealth management sector
In terms of sector focus, the DFSA has indicated that a key focus will be on conduct-related issues arising in the wealth management sector. The DFSA will aim to review whether firms are providing an appropriate level of protection for clients and counterparties given their knowledge, experience and understanding of financial products and related risks. The DFSA will continue to prioritise governance and assess onboarding processes, suitability of products and protection of client assets, and ensure communications and marketing materials are clear, fair and not misleading.
While the DFSA has focused on assessing these issues through supervision/thematic reviews, firms should expect that once these supervision activities have concluded, the DFSA will take enforcement action where appropriate.
Finally, the DFSA has indicated that it will continue to promote fair, transparent and efficient markets through ongoing monitoring of trading activity for any irregularities. The DFSA will also seek to raise awareness of the Code of Market Conduct to industry participants.
A specific focus will be on receiving timely and complete suspicious transaction and order reporting (STOR) from authorised firms in the DIFC.
Concluding comments – the DFSA in action
In 2020, the DFSA took five enforcement actions against firms and individuals. This is half the enforcement activity which took place in 2019, which saw ten enforcement actions taken. This reduced level of enforcement activity is most likely a result of the DFSA’s resources being refocused in 2020 to respond to Covid-19.
2020 enforcement actions covered issues such as: (i) failure to conduct proper client classification and enquiries; (ii) failure to comply with DFSA Rules relating to the safe custody of client assets; and (iii) conducting regulated activities outside the scope of permissions. Financial penalties imposed by the DFSA in 2020 ranged from USD 87,500 (approximately AED 321,000) for an individual to USD 612,790 (approximately AED 2,250,800) for a firm.
As the DFSA moves forward with the enforcement priorities stated in its Business Plan in the wake of the pandemic, we anticipate a similar level of enforcement activity in 2021.