DIFC is one of the world’s top eight onshore financial centers and offers a secure and efficient platform for businesses and financial institutions to reach into and out of the emerging markets of the region. The quality and independence of DIFC’s regulator, the prevailing common law framework, excellent infrastructure and tax efficiencies make it the perfect base to take advantage of the rapidly growing demand for financial and business services in the MENASA region.
DIFC fills the time-zone gap for a global financial centre between the leading financial centres of London and New York in the West and Hong Kong and Tokyo in the East.
Does the DFSA allow compliance outsourcing?
Yes, the DFSA does allow outsourcing of core functions such as Compliance, MLRO and Finance. However, the DFSA does consider the type of financial service, the projected volume of business, additional endorsements (such as endorsements enabling firms to deal with Retail Clients), and the overall team composition before issuing approvals to outsource these functions.
For Category 4 firms and Restricted Fund Managers, this should normally be a straightforward process. For higher categories, especially for Asset Managers and Brokerage houses, outsourcing may not be an option. In these cases, we recommend that the firm opt for our compliance support services.
What are the benefits of outsourcing the compliance function?
The comparison between in-house and outsourced compliance options follows the same reasoning as for any outsourcing option. Here are some factors that can help you decide.
The cost of hiring a full-time compliance officer in the DIFC can be high, especially for startup financial firms. Salaries range upwards of US$ 8,500 per month for a suitably qualified compliance officer, who has been previously licensed by the DFSA. Other direct costs include medical benefits, DEWS (end-of-service) registrations, and visa costs. Also add to that the costs of recruiting and the delay in joining due to notice periods from previous companies. Outsourcing, on the other hand, entails a fixed and lumpsum monthly fee, that is easy to budget for and manage. These costs increase as the firm grows, and at some point it will become more advantageous to hire someone in-house. In our experience, we have seen this to be at least 2-3 years for firms that clock an above-average rate of growth.
Another key factor of consideration is investment in tools that they Compliance Officer requires to discharge his/her duties. Financial services firms must continuously invest in new technologies and infrastructure to address evolving compliance needs. These costs are not borne by the firm in case of outsourcing the function.
Availability of talent:
One of the main reasons for outsourcing the compliance function in the DIFC is a lack of locally available resources. The supply of compliance specialists is small relative to the demand in the market.
An in-house Compliance Officer, like every other employee, will take leaves that he/she is entitled to, including a block leave of 20+ days once a year. It is not practical for a firm to provision for a deputy Compliance Officer just to manage this, and hence there are windows where the firm does not have an available Compliance Officer. This can be critical in some situations.
Outsourcing the function to a compliance consultant like 10 Leaves, ensures that the firm has round-the-year coverage, with no disruptions. A compliance officer is always available, since a secondary resource is assigned to the firm when the authorised compliance officer is on leave.
Managing regulatory compliance is a critical function, with serious repercussions in case of non-compliance. While in-house resources have an in-depth knowledge of the business, ongoing training and development is the onus of the firm and the individual. The rapid, continuous, global regulatory changes make knowledge upgrade and keeping up with these changes a task in itself.
A compliance outsourcing firm, on the other hand, makes skill and knowledge upgrade the centerpiece of it’s business processes. Regular training and development keeps outsourced compliance officers abreast with relevant information and updates not just in the jurisdiction where they operate, but in most key markets. Best practices are internally arrived at, based on learnings from a number of businesses and case studies.
The in-house compliance officer is an employee of the firm, and hence certain considerations may weigh in when evaluating transactions. An outsourced compliance officer is able to provide a more independent opinion, given that there is a consultancy agreement with the firm. We have seen compliance officers of smaller firms and startups being given operational responsibilities, given the lack of adequate use of their time (as per the firm). Hence, a purely independent view may be hard to come by.
Updated documents and resources:
Every authorised firm has to maintain a set of compliance and AML documents, including:
1. Compliance Manual;
2. Compliance Monitoring Plan; and
3. Anti-Money Laundering and CTF Manual
These manuals have to be updated as and when there are relevant changes in the regulatory framework of the DFSA and the UAE Central Bank. This process can be cumbersome for an individual. Outsourced compliance officers however, have access to the most updated documentation, given that this is a core function of their companies and part of the service agreement that is signed with the client firm. In case a firm has in-house compliance, they can opt for compliance support services, that will include updating of all relevant compliance and AML documentation on an ongoing basis.
How important is the compliance function?
The Dubai Financial Services Authority (DFSA) is the regulator of DIFC financial service firms. It authorizes and supervises financial entities that conduct activities across five licensed categories.
The DFSA mandates three (and in some cases, four) mandatory appointments for all firms that wish to carry out financial services from the DIFC. The Compliance function is one of them.
The DIFC is a well-regulated jurisdiction and hence the Compliance function is critical to the authorisation and ongoing operation of all financial firms registered in the centre. The DFSA places a lot of emphasis on Compliance with it’s extensive rules and regulations, including Conduct of Business, Prudential, Investment and Data Protection Rules. A licensed firm is expected to develop and maintain a culture of compliance, starting with the senior management and across all employees and stakeholders.
The repercussions of non-compliance can be severe, ranging from financial penalties to loss of reputation and even closing of the business. While compliance does not generate revenues for the firm, it forms the cornerstone of a successful financial business. In fact, robust compliance processes can result in increased efficiencies and lead to indirect revenue-generation for the firm.
Financial firms in the DIFC must appoint a Compliance Officer and a Money Laundering Reporting Officer (CO/MLRO) at the time of application to the DFSA. These functions are usually combined for smaller firms and so one individual can be proposed as the CO/MLRO. The DFSA expects an application from an individual with sufficient knowledge, experience, and seniority to perform the role effectively. Also, the Compliance Officer is expected to be resident in the UAE once licensed.
The Compliance Officer thus forms an integral part of the core team that the DFSA reviews and considers when making a authorisation decision.
Do I hire a compliance officer before, or after authorisations?
Firms that apply for authorisation to the DFSA have to, at the time of application, identify the individuals that will carry out the Authorised Functions, including Compliance and Money-Laundering Reporting. While these individuals do not have to be employed by the firm yet, it would be unusual for a compliance officer to commit to carrying out the function while being in employment with another firm. In such cases, the compliance officer would usually resign from their current employment, and come on board the new firm once it is authorised.
However, in many instances, the authorisation process itself can take 4-6 months or even more. Hence the applicant firm can also request to make the identification of the compliance officer an In-Principle condition.
The third, and most-often opted for route is to outsource the compliance function. Here, the compliance outsourcing provider would second a competent (and mostly already authorised) individual to act as the Compliance and Money Laundering Reporting Officer at the time of application itself, thus speeding up the process.
We provide comprehensive compliance services for regulated firms in the DIFC. Starting from consulting on establishing in the centre, to assistance in authorisations, to assistance in preparation of all compliance documentation, 10 Leaves helps you navigate the DFSA Rulebook and submit an application that is comprehensive, complete and compliant.
Our services include:
- Reviewing the business model and advice on the applicable regulatory framework;
- Preparation of the Regulatory Business Plan and comprehensive financial projections;
- Preparation of all policies, processes and customised manuals required;
- Provision of Outsourced Compliance Officer and Outsourced Finance Officer services;
- Finalising the legal structure, including holding company setup and customisation of Memorandums; and
- Finalisation of leased space, bank account opening and obtaining Financial Services Permissions.
- Preparation of all compliance and legal documentation for operational purposes*
*through 10 Leaves Legability
- 10 Leaves Compliset* – a fully digital comprehensive library of policies and processes relevant to your business in the DIFC.
- Acting as the Outsourced Compliance officer.
- Maintenance and updating of all compliance documentation, including Compliance Manuals, Compliance Monitoring Plans and AML Manuals.
- Compliance Support Services.
- Regulatory filings and reporting.
- Risk Management.
- Business Continuity Planning and Management.
- Ongoing documentation review – marketing material, promotional literature, online privacy and access polices and terms and conditions.
- Ongoing compliance and AML training for employees.
Documentation that we prepare:
- Compliance Manual.
- AML and CTF Manual.
- Corporate Governance Policies and Charters.
- Operating Procedures Manual.
- Code of Ethics.
- Risk Management Policies and Framework.
- Business Continuity Manual.
- Information Technology and Cyber Security Manual.
- Internal Risk Assessment Process (IRAP).
- Internal Capital Adequacy Assessment Process (ICAAP).
Get in touch today! to know more about benefits of outsourcing compliance services in the difc