DIFC is one of the world’s top eight onshore financial centers and offers a secure and efficient platform for businesses and financial institutions to reach into and out of the emerging markets of the region. The quality and independence of DIFC’s regulator, the prevailing common law framework, excellent infrastructure and tax efficiencies make it the perfect base to take advantage of the rapidly growing demand for financial and business services in the MENASA region.
DIFC fills the time-zone gap for a global financial centre between the leading financial centres of London and New York in the West and Hong Kong and Tokyo in the East.
How important is the compliance function?
The Dubai Financial Services Authority (DFSA) is the regulator of DIFC financial service firms. It authorizes and supervises financial entities that conduct activities across five licensed categories.
The DFSA mandates three (and in some cases, four) mandatory appointments for all firms that wish to carry out financial services from the DIFC. The Compliance function is one of them.
The DIFC is a well-regulated jurisdiction and hence the Compliance function is critical to the authorisation and ongoing operation of all financial firms registered in the centre. The DFSA places a lot of emphasis on Compliance with it’s extensive rules and regulations, including Conduct of Business, Prudential, Investment and Data Protection Rules. A licensed firm is expected to develop and maintain a culture of compliance, starting with the senior management and across all employees and stakeholders.
The repercussions of non-compliance can be severe, ranging from financial penalties to loss of reputation and even closing of the business. While compliance does not generate revenues for the firm, it forms the cornerstone of a successful financial business. In fact, robust compliance processes can result in increased efficiencies and lead to indirect revenue-generation for the firm.
Financial firms in the DIFC must appoint a Compliance Officer and a Money Laundering Reporting Officer (CO/MLRO) at the time of application to the DFSA. These functions are usually combined for smaller firms and so one individual can be proposed as the CO/MLRO. The DFSA expects an application from an individual with sufficient knowledge, experience, and seniority to perform the role effectively. Also, the Compliance Officer is expected to be resident in the UAE once licensed.
The Compliance Officer thus forms an integral part of the core team that the DFSA reviews and considers when making a authorisation decision.
What is an Authorised Individual?
Authorised Individuals are employees or responsible officers who carry out the mandatory Licensed Functions within firms authorised to conduct financial services in the DIFC. The Compliance and Money-Laundering Reporting function is one such mandatory licensed function, the others being the Senior Executive Officer and the Finance Officer.
The DFSA considers these functions are materially linked to the firm’s management and provision of financial services, and hence they expect that Authorised Individuals must meet certain standards relating to their experience, knowledge and qualifications.
Applicants have to submit a detailed online application to carry out the Compliance function, and this is usually done during the application process that the firm goes through before being licensed. Compliance Officers will also have to attend a formal interview with the DFSA before being authorised. The DFSA will have to be satisfied that the applicant Compliance Officer is Fit and Proper, and that the functions of their role will be conducted and managed in a sound and prudent manner.
What is a role of a compliance officer in the DIFC?
The Compliance officer will have the following primary responsibilities:
- Initiate, develop, maintain, and revise policies and procedures of the compliance framework and its related activities to prevent illegal, unethical, or improper conduct;
- Oversee the day-to-day implementation and operation of the compliance framework;
- Identify and asses the compliance risk associated with the Firm’s current and proposed future business activities, including new products, new business relationships and any extension of operations or network on an international level;
- Establish written guidelines to staff and service providers on the appropriate implementation of the laws, regulation, rules and standards through policies and procedures;
- Identify and keep an inventory available to all staff of essential laws and regulation pertinent to the Firm; provide advice with regards to the legislation;
- Assess the appropriateness of internal policies, procedures and guidelines by performing regular and comprehensive compliance risk assessment, monitoring and testing; report the result on a regular basis and promptly where deemed necessary to SEO and Board;
- Establish and/or supervise appropriate compliance checks and controls;
- Complete, check, verify clients’ due diligence and complete sanction screening at client on-boarding;
- Provide guidance to the business on permissible activities, new products and programs;
- Address any compliance audit remediation activities;
- Liaise with the DFSA on compliance matters;
- Centralise all information on compliance-related issues (breach of regulation, conflict of interest etc.);
- Respond to alleged violations of rules, regulations, and policies, procedures by evaluating or recommending the initiation of investigative procedures.
- Develop and oversee a system for uniform handling of such violations; exercise any specific legal responsibilities such as reporting suspicions transactions related to money laundering and the fight against terrorism financing;
- Maintain an effective compliance communication program for the organization, including promoting understanding of new and existing compliance issues and related policies and procedures;
- acting as a point of contact to receive Internal Suspicious Activity Reports (“Internal SAR”) from employees;
- taking appropriate action following the receipt of an Internal SAR;
- responding promptly to any request for information made by competent UAE authorities or the DFSA;
- receiving and acting upon any relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions; and
- establishing and maintaining an appropriate AML training program and adequate awareness arrangements.
Who does the Compliance officer report to?
A DFSA-authorised Compliance Officer has a dual-reporting structure. Operationally, the compliance officer reports to the SEO, but also has a reporting obligation to the Board of Directors, if the situation calls for it.
The DFSA also expects the compliance officer to get in touch with the supervision department of the regulator, in the event of a serious compliance breach.
Does the DFSA allow compliance outsourcing?
Yes, the DFSA does allow outsourcing of core functions such as Compliance, MLRO and Finance. However, the DFSA does consider the type of financial service, the projected volume of business, additional endorsements (such as endorsements enabling firms to deal with Retail Clients), and the overall team composition before issuing approvals to outsource these functions.
For higher categories, especially for Asset Managers and Brokerage houses, outsourcing may not be an option.
In these cases, we recommend that the firm opt for our compliance support services.
Do I hire a compliance officer before, or after authorisations?
Firms that apply for authorisation to the DFSA have to, at the time of application, identify the individuals that will carry out the Authorised Functions, including Compliance and Money-Laundering Reporting. While these individuals do not have to be employed by the firm yet, it would be unusual for a compliance officer to commit to carrying out the function while being in employment with another firm. In such cases, the compliance officer would usually resign from their current employment, and come on board the new firm once it is authorised.
However, in many instances, the authorisation process itself can take 4-6 months or even more. Hence the applicant firm can also request to make the identification of the compliance officer an In-Principle condition.
The third, and most-often opted for route is to outsource the compliance function. Here, the compliance outsourcing provider would second a competent (and mostly already authorised) individual to act as the Compliance and Money Laundering Reporting Officer at the time of application itself, thus speeding up the process.
We provide comprehensive compliance services for regulated firms in the DIFC. Starting from consulting on establishing in the centre, to assistance in authorisations, to assistance in preparation of all compliance documentation, 10 Leaves helps you navigate the DFSA Rulebook and submit an application that is comprehensive, complete and compliant.
Our services include:
- Reviewing the business model and advice on the applicable regulatory framework;
- Preparation of the Regulatory Business Plan and comprehensive financial projections;
- Preparation of all policies, processes and customised manuals required;
- Provision of Outsourced Compliance Officer and Outsourced Finance Officer services;
- Finalising the legal structure, including holding company setup and customisation of Memorandums; and
- Finalisation of leased space, bank account opening and obtaining Financial Services Permissions.
- Preparation of all compliance and legal documentation for operational purposes*
*through 10 Leaves Legability
- 10 Leaves Compliset* – a fully digital comprehensive library of policies and processes relevant to your business in the DIFC.
- Acting as the Outsourced Compliance officer.
- Maintenance and updating of all compliance documentation, including Compliance Manuals, Compliance Monitoring Plans and AML Manuals.
- Compliance Support Services.
- Regulatory filings and reporting.
- Risk Management.
- Business Continuity Planning and Management.
- Ongoing documentation review – marketing material, promotional literature, online privacy and access polices and terms and conditions.
- Ongoing compliance and AML training for employees.
Documentation that we prepare:
- Compliance Manual.
- AML and CTF Manual.
- Corporate Governance Policies and Charters.
- Operating Procedures Manual.
- Code of Ethics.
- Risk Management Policies and Framework.
- Business Continuity Manual.
- Information Technology and Cyber Security Manual.
- Internal Risk Assessment Process (IRAP).
- Internal Capital Adequacy Assessment Process (ICAAP).