Back Custom print

You need the Flash plugin.

Download Macromedia Flash Player



  • GUIDANCE & POLICY STATEMENTS

    • FSRA Confidentiality Policy

      Click here to view PDF

      • FSRA Confidentiality Policy

        • 1. DEALING WITH CONFIDENTIAL INFORMATION

          • 1.1 Introduction

            • 1.1.1

              This Confidentiality Policy provides guidance concerning the obligations and requirements on the Financial Services Regulatory Authority (the "Regulator") when using and disclosing non-public information provided by third parties in the course of regulating financial services in the Abu Dhabi Global Market ("ADGM"). Unless expressly provided in this Confidentiality Policy, definitions for capitalized terms may be found in the Financial Services Markets Regulations (2015) (the "FSMR").

          • 1.2 Regulatory Approach

            • 1.2.1

              When dealing with Confidential Information, the Regulator employs best practice, consistent with international standards set by organisations such as the Basel Committee on Banking Supervision ("BCBS"), the International Organisation of Securities Commissions ("IOSCO"), the Financial Action Task Force ("FATF") and the Islamic Financial Services Board ("IFSB").

            • 1.2.2

              With the application of international best practice standards, the Regulator is obligated to:

              (a) ensure compliance with and enforce applicable financial services legislation, consistent with the Basel Core Principles for Effective Banking Supervision, the IOSCO Objectives and Principles of Securities Regulation and the FATF Recommendations on combating money laundering, the financing of terrorism and proliferation of weapons of mass destruction;
              (b) assist financial services regulators in other jurisdictions to the best possible extent regarding co-operation and the exchange of Confidential Information consistent with the obligations contained and in the manner prescribed in the IOSCO Multilateral Memorandum of Understanding;
              (c) use all reasonable efforts to ensure that neither ADGM regulations nor foreign laws relating to confidentiality and secrecy prevent the Regulator from gathering, protecting or disclosing Confidential Information where required for lawful regulatory purposes;
              (d) limit the disclosure of Confidential Information to other financial services regulators and enforcement agencies to the extent required for ensuring compliance with, and enforcement of, applicable financial services and criminal legislation;
              (e) to adopt and implement internal control systems and procedures for the handling, storing, processing and securing of Confidential Information that meet international best practices; and
              (f) to comply with all applicable laws and ADGM regulations which govern the Regulator's collection and dissemination of Confidential Information.

          • 1.3 Applicable legislation

            • 1.3.1

              The main legislative provisions governing the use of Confidential Information by the Regulator are set out in Abu Dhabi Law No. (4) of 2013, Part 16 of the FSMR, the Data Protection Regulations (2015) and the UAE Penal Code (Federal Law No. (3) of 1987).

        • 2. REGULATORY POWERS TO OBTAIN CONFIDENTIAL INFORMATION

          • 2.1 Background

            • 2.1.1

              The Regulator may be provided with information which is confidential in two ways:

              (a) voluntarily (that is, information obtained on a voluntary basis); and
              (b) under compulsion, including through:
              i. the exercise of the Regulator's supervisory and investigative powers (see section 2.2 below); and
              ii. the exercise of the Regulator's information gathering powers at the request, and on behalf, of Non-ADGM Regulators (see section 2.3 below).

          • 2.2 Regulator's Supervisory and Investigative Powers

            • 2.2.1

              The Regulator has comprehensive powers under the FSMR to carry out its duties and responsibilities. These include the power to require reports, conduct on-site inspections of business premises of authorised entities within the ADGM, interview individuals, as well as compel the production of documents, testimony and other information — see, for example, sections 201 and 206 of the FSMR.

            • 2.2.2

              The Regulator has in place internal procedures to monitor and manage access to and the use of Confidential Information and documents obtained during the course of its regulatory activities. These procedures include the use of manual and electronic document storage and retrieval systems.

              For example, the Regulator limits access to confidential documents obtained to those members of the Regulator's staff engaged with the relevant matter to which the documents are related by use of secure filing of physical documents and restricted computer drives containing confidential documents in electronic form.

            • 2.2.3

              The Regulator may obtain information relating to regulated entities from third parties including intermediaries and companies that perform outsourced functions for regulated entities.

            • 2.2.4

              As the Regulator's mandate is to regulate all financial services provided in and from the ADGM, the Regulator has broad access to compel the disclosure of Confidential Information from individuals and firms participating in or connected to the provision of financial services in or from the ADGM. This includes, without limitation, all market participants, listed companies, reporting entities and their respective officers and directors.

              For example, an ADGM-based fund manager which manages a fund organized in and sold to investors in a foreign jurisdiction will be subject to the jurisdiction of the Regulator and all books and records relating to the fund and its unitholders will be subject to examination by the Regulator upon request.

          • 2.3 Powers to cooperate with, assist and support Non-ADGM Regulators

            • 2.3.1

              The Regulator may also exercise its information gathering powers at the request, and on behalf, of regulators and authorities in other jurisdictions, solely to assist them in performing their regulatory or enforcement functions.

              Amended on (18 April, 2019).

            • 2.3.2

              The following sections of the FSMR give the Regulator specific authority to exercise some of its specific powers on behalf of other authorities:

              (a) section 215 enables the Regulator to co-operate with other persons (in ADGM or elsewhere) who have functions (i) similar to those of the Regulator or (ii) in relation to the prevention or detection of Financial Crime. Co-operation may include the sharing of information which the Regulator is not prevented from lawfully disclosing;
              (b) section 216 gives the Regulator specific authority to exercise its Own-Initiative Powers at the request, or on behalf, of Non-ADGM Regulators; and
              (c) section 217 gives the Regulator specific authority to exercise its Investigative Powers at the request of Non-ADGM Regulators. In deciding whether or not to exercise its Investigative Powers, section 217(2) sets out a non-exhaustive list of factors that the Regulator may take into account.

            • 2.3.3

              If the Regulator decides to exercise its powers at the request, or on behalf, of a Non-ADGM Regulator, Confidential Information gathered as result of the Regulator exercising its powers under sections 215, 216 or 217 can only be disclosed to that Non-ADGM Regulator in accordance with the provisions of sections 198 or section 199 of the FSMR.

              Amended on (18 April, 2019).

        • 3. REGULATOR'S OBLIGATION OF CONFIDENTIALITY

          • 3.1 Background

            • 3.1.1

              The Regulator's powers to obtain, use and disclose Confidential Information in order to discharge its functions and powers are subject to statutory limitations. These have been imposed to protect individual privacy and to assure regulated firms and individuals and their respective clients, that any Confidential Information they provide to the Regulator will be dealt with in confidence and used only for lawful purposes.

          • 3.2 Overriding Duty of Confidentiality

            • 3.2.1

              The Regulator must keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, subject to the exceptions set out in section 3.3 below.

            • Abu Dhabi Law No. (4) of 2013

              • 3.2.2

                This duty of confidentiality is set out in Article 12 of Abu Dhabi Law No. (4) of 2013 and requires the Regulator to keep confidential any Confidential Information received by or disclosed to it in the course of performing its functions, unless disclosure is permitted in accordance with ADGM regulations.

              • 3.2.3

                The relevant ADGM regulations impacting on the Regulator's duty of confidentiality are the FSMR and the Data Protection Regulations 2015.

            • FSMR

              • 3.2.4

                Similarly to the duty of confidentiality in Abu Dhabi Law No. (4) of 2013, section 198 of the FSMR also prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of it, subject to exceptions set out in section 3.3 below.

                Amended on (18 April, 2019).

            • Data Protection Regulations 2015

              • 3.2.5

                Certain duties and obligations contained within the Data Protection Regulations 2015 apply to the Regulator when dealing with personal data, concerning accuracy and the duty to ensure security of processing when personal data is being collected and maintained.

              • 3.2.6

                The Regulator is excused from certain obligations set out in the Data Protection Regulations in circumstances where compliance with such duties would be likely to prejudice the proper discharge of the Regulator's powers or functions to protect the public from financial loss due to improper conduct, unfitness or incompetence of persons engaging in offering financial services.

            • The UAE Penal Code (Federal Law No. (3) of 1987)

              • 3.2.7

                As the UAE criminal laws apply in the ADGM, Article 379 of the UAE Penal Code provides for criminal penalties for disclosure of Confidential Information in cases other than those lawfully permitted. Public officials, or those persons in charge of a public service, are subject to more severe penalties than the general persons for unlawful disclosure of Confidential Information — namely, imprisonment of up to five (5) years.

            • Regulator's internal practices and procedures

              • 3.2.8

                The above-mentioned statutory obligations requiring all Regulator's employees, agents and independent contractors to keep all Confidential Information confidential is further reinforced by requiring all Regulator's employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause.

          • 3.3 Exceptions to the Duty of Confidentiality

            • With prior consent under section 198(1) of FSMR

              Amended on (18 April, 2019).

              • 3.3.1

                Section 198(1) prohibits disclosure of Confidential Information by the Regulator, its employees, agents or by any person coming into possession of Confidential Information unless they have the prior consent of—

                (a) the person from whom the Confidential Information was obtained; and,
                (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)).
                Amended on (18 April, 2019).

            • The exceptions under section 199(1) of FSMR

              • 3.3.2

                Section 199 of the FSMR provides certain exceptions from the overriding restriction on disclosure of Confidential Information in section 198. Specifically, subsection 199(1) enables the Regulator to disclose Confidential Information for the purpose of facilitating the carrying out of a Public Function, subject to section 199(2), if the disclosure is —

                (a) permitted or required under any enactment applicable to the Regulator, including, for the avoidance of doubt, any applicable international obligations; or
                (b) made to —
                (i) the ADGM Registrar of Companies;
                (ii) a Non-Abu Dhabi Global Market Regulator;
                (iii) a governmental or regulatory authority exercising powers and performing functions relating to anti-money laundering, counter-terrorist financing or sanctions compliance, whether in the ADGM or otherwise;
                (iv) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services, whether in the ADGM or otherwise;
                (v) a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings;
                (v) a civil law enforcement agency or body, whether in the Abu Dhabi Global Market, U.A.E or otherwise;
                for the purpose of assisting the performance by any such person of its functions and powers; or
                (c) made in good faith for the purposes of the exercise of the functions and powers of the Regulator or in order to further the Regulator's objectives.
                Amended on (18 April, 2019).

              • 3.3.3

                The provisions in section 199(2) relate specifically to Confidential Information originating in another governmental or regulatory authority, or Confidential Information that is CRD Information, and provide for and are consistent with the exchange of information and professional secrecy requirements in the European Union's Capital Requirements Directive. For the purposes of section 199(2):

                (a) 'CRD Information' is defined as Confidential Information received or obtained by the Regulator from the EEA Competent Authority by virtue of the Capital Requirements Directive; and
                (b) 'EEA Competent Authority' means a public authority or body officially recognised by national law of a jurisdiction within the EEA and empowered by that national law to supervise institutions as part of the supervisory system.
                Added on (18 April, 2019).

              • 3.3.4

                Section 199(2) provides that paragraphs 198(1)b)(i), (ii), (iii), (iv), (vi) and 1(c) do not permit the Regulator to disclose this Confidential Information unless—

                (a) the governmental or regulatory authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
                (b) where the Confidential Information is CRD Information:
                (i) the EEA Competent Authority that has disclosed the Confidential Information to the Regulator has given its prior written consent to the disclosure; and
                (ii) if such consent was given for a particular purpose, the disclosure by the Regulator is solely for that purpose.
                Added on (18 April, 2019).

            • Disclosure to a criminal law enforcement agency

              • 3.3.5

                Importantly, disclosure of Confidential Information by the Regulator to a criminal law enforcement agency, whether in the U.A.E or otherwise, for the purpose of any criminal investigation or criminal proceedings under paragraph 199(1)(b)(v) is not subject to the requirements under section 199(2).

                Added on (18 April, 2019).

          • 3.4 Admissibility of compelled testimony in criminal proceedings

            • 3.4.1

              In addition to the overriding duty of confidentiality set out in section 198, section 207(2) of the FSMR prohibits the Regulator from disclosing a statement made by a person to an investigator at an interview conducted pursuant to section 206(1)(a) to any law enforcement agency for the purpose of criminal proceedings against that person unless:

              (a) the person consents to the disclosure; or
              (b) the Regulator is required by law or court order to disclose the statement.

          • 3.5 The effect of foreign secrecy laws

            • 3.5.1

              Foreign banking secrecy laws lack extraterritorial effect and thus do not apply in the ADGM; entities regulated by the Regulator and their clients are not prevented from complying with obligations to disclose information related to financial services activities conducted in or from the ADGM.

            • 3.5.2

              Similarly, a request from the Regulator for disclosure of confidential client account information (if the client's business is booked, held, serviced and managed exclusively in a foreign jurisdiction) shall be governed by and be subject to the secrecy laws, if any, of that jurisdiction.

          • 3.6 Criminal prosecutions in the UAE Courts [Deleted]

            • 3.6.1 [Deleted]

          • 3.7 The effect of foreign secrecy laws [Deleted]

            • 3.7.1 [Deleted]

            • 3.7.2 [Deleted]

        • 4. DISCLOSURE OF CONFIDENTIAL INFORMATION

          • 4.1 Making a request for disclosure of Confidential Information

            • 4.1.1

              Every request to disclose Confidential Information, will be assessed by the Regulator on a case-by-case basis, whether this information was obtained voluntarily, in the course of the Regulator exercising its own functions and powers or exercising its powers on behalf of other authorities.

              Amended on (18 April, 2019).

            • 4.1.2

              In deciding whether to comply with a request to disclose Confidential Information, the Regulator would satisfy itself that there are legitimate reasons for the request and that the authority requesting the information has the appropriate policies and procedures in place for dealing with Confidential Information.

              Amended on (18 April, 2019).

            • 4.1.3

              Section 199(3) of the FSMR enables the Regulator to, among other things:

              (a) impose conditions on the information disclosed, which may relate to, among other things, the obtaining of consents or, where appropriate, subjecting information received to restrictions on disclosure that are at least equivalent to those set out in section 198, per paragraph 199(3)(a); and
              (b) restrict the uses to which the Confidential Information disclosed may be put.
              Added on (18 April, 2019).

            • 4.1.4

              Where the disclosure by the Regulator is made subject to conditions, the person to whom the Confidential Information has been disclosed may not use the Confidential Information in breach of any such condition, as set out in section 199(4) of the FSMR.

              Added on (18 April, 2019).

          • 4.2 Disclosure to governmental and regulatory authorities in section 199 of the FSMR

            Amended on (18 April, 2019).

            • 4.2.1

              Section 199(1)(b) gives the Regulator specific authority to disclose Confidential Information to the authorities listed therein so that they may properly carry out their function, subject to section 199(2).

              Amended on (18 April, 2019).

            • 4.2.2

              Where the Confidential Information (in whole or in part) originates in another governmental or regulatory authority, the Regulator may only disclose that Confidential Information in accordance with section 199(2), as set out in paragraphs 3.3.3 – 3.3.4 above, subject to paragraph 3.3.5.

              Amended on (18 April, 2019).

            • 4.2.3

              As set out in paragraphs 4.1.3 and 4.1.4 above, in disclosing any Confidential Information under section 199(1), the Regulator may require the requesting authority to comply with certain conditions or agree to restrict the uses to which the Confidential Information may be put, insofar as the Regulator considers appropriate.

              Amended on (18 April, 2019).

            • 4.2.4

              In addition, should a memorandum of understanding be in place between the Regulator and a Non-ADGM Regulator concerning the sharing of Confidential Information, subject to the limitations contained in the FSMR, the Regulator will conduct itself in accordance with section 199(2) and the terms of such memorandum of understanding. For example, the Regulator may include a provision that each party's consent is required to be obtained prior to disclosing any Confidential Information to a third party (unless the information is required for the purpose of a criminal investigation or criminal proceedings, as discussed in paragraph 3.3.5).

              For example, on receipt of a legitimate request for Confidential Information in possession of the Regulator from a Non-ADGM Regulator ("the requestor"), made for the purpose of facilitating the carrying out of a Public Function, the Regulator:

              a) may disclose the Confidential Information to the requestor subject to conditions, including that:—
              i. the requestor may only use the Confidential Information for their own lawful purpose as identified in the request;
              ii. the requestor may not voluntarily disclose the Confidential Information to a third party (including other regulatory entities in their home jurisdiction) without the further consent of the Regulator; and
              iii. if the requestor is compelled to disclose the Confidential Information by court order or subpoena, it must give notice to the Regulator prior to disclosure unless such notice would violate applicable laws.
              b) will generally not notify affected parties of the request for Confidential Information. Notice to the affected party/parties will only be considered where such notification would not be contrary to the public interest and would not frustrate or prejudice the purpose of the disclosure to the requestor.
              Amended on (18 April, 2019).

            • 4.2.5

              When the Regulator receives a request from an authority to disclose Confidential Information (other than compelled testimony – see paragraph 4.5), the Regulator will generally comply with such request if made in good faith for the specific purpose of fulfilling the performance of the requesting party's functions and powers, as contemplated by section 199(1).

              Added on (18 April, 2019).

          • 4.3 Disclosure for use in civil litigation

            • 4.3.1

              In other circumstances, such as where Confidential Information is sought by a party other than a governmental or regulatory authority, such as, for example, as evidence for use in civil litigation, the Regulator will require prior consent of—

              (a) the person from whom the Confidential Information was obtained; and,
              (b) if different, the person to whom the duty of confidentiality is owed (paragraphs 198(1)(a) and (b)),
              consistent with its general duty of confidentiality, as contemplated by section 198(1) of the FSMR.

              Amended on (18 April, 2019).

            • 4.3.2

              The Regulator will, to the extent permitted by applicable law, provide the person whose interests are likely to be adversely affected by the proposed disclosure with the information necessary to enable the person to make submissions to the Regulator. These may include the following:

              (a) whether the factual and legal conditions justifying the disclosure are met;
              (b) the scope of the disclosure of Confidential Information; and
              (c) whether any conditions should apply to the disclosure.

            • 4.3.3

              If a person would be adversely affected by the proposed disclosure of Confidential Information and the purpose for the request is to use the information in civil proceedings in the ADGM Court, the person requesting the Confidential Information would be required to obtain an order of the ADGM Court compelling the Regulator to disclose the Confidential Information.

            • 4.3.4

              Upon receipt of such an order, the Regulator would generally notify the person adversely affected by the proposed disclosure of Confidential Information of this so that the person has an opportunity to challenge the request according to the rules of the Court.

            • 4.3.5 [Deleted]

          • 4.4 Disclosure to a court

            • Civil proceedings in the ADGM Court

              • 4.4.1

                The ADGM Court's enabling legislation, Abu Dhabi Law No. (4) of 2013, gives it exclusive judicial jurisdiction in the ADGM and over ADGM bodies, including the Regulator. Therefore, the Regulator may be obliged to disclose Confidential Information if it is compelled to do so under an order from the ADGM Court.

              • 4.4.2

                If the Regulator is required to disclose Confidential Information received from a government or Regulatory Authority (for example, information received under a Memorandum of Understanding), the Regulator will ordinarily:

                (a) notify the Regulatory Authority that provided the Confidential Information of the receipt of the legally enforceable demand, in accordance with section 199(2); and
                (b) where appropriate, assert any legal rights or privileges to protect the Confidential Information (for example, Public Interest Immunity — see paragraph 4.6 below).

            • Criminal prosecutions in the UAE Courts

              • 4.4.3

                All activities in the ADGM remain subject to UAE criminal laws by virtue of the Federal Law No. 8 of 2004 concerning Financial Free Zones. Accordingly, the Regulator is obliged, under Article 78, Part 2 of the UAE Penal Procedures Law (Federal Law No. 35) of 1992, to comply with any legally enforceable demand or order from a competent authority responsible for administering the criminal laws of the UAE. This includes orders or demands to disclose Confidential Information.

              • 4.4.4

                As in the case of legally enforceable demands in civil or commercial matters discussed at paragraph 4.4.2 above, the Regulator will, where appropriate, assert any legal rights or privileges to protect the Confidential Information and resist disclosure (for example, Public Interest Immunity – see paragraph 4.6 below).

          • 4.5 Compelled testimony in criminal proceedings

            • 4.5.1

              If the Regulator receives a request from a law enforcement agency for a person's answers in an interview conducted under section 206(1)(a) of the FSMR for the purpose of criminal proceedings against the person, the Regulator will, in accordance with section 207(2) of the FSMR, generally notify the person concerned of such request (so that the person has an opportunity to either consent to the disclosure or challenge the request), unless the Regulator is required by law or court order to disclose the statement.

          • 4.6 Public Interest Immunity

            • 4.6.1

              Public Interest Immunity ("PII") is an immunity from the production of documents or information where their disclosure would be against the public interest. PII is a common law doctrine, developed to allow the courts to reconcile any potential conflict between the following two public interests—

              (a) the interest in the administration of justice which demands that relevant material is available to the parties to litigation; and
              (b) the interest in maintaining the confidentiality of certain documents whose disclosure would be damaging to the public interest.

            • 4.6.2

              When a PII claim is asserted, a court would be required to balance between whether the public interest in disclosing certain information is outweighed by the public interest in preserving the confidentiality of that information.

            • 4.6.3

              A claim of PII, for example, may be appropriate in the circumstances where disclosure would prejudice or otherwise unduly interfere with the Regulator's ability to perform its functions and exercise its powers (including if the disclosure would adversely affect its ability to cooperate with and receive Confidential Information from other Regulatory Authorities).

    • Guidance & Policies Manual (GPM)

      Click here to view PDF

      • Guidance & Policies Manual (GPM)

        • 1. INTRODUCTION

          • 1.1 General

            • 1.1.1

              This document is called the Guidance and Policies Manual ("GPM"). The GPM is for information purposes only and explains how we may regulate and supervise financial services firms and markets that operate in ADGM. The GPM has purposely been written in plain English. The GPM contains guidance on:

              (a) our regulatory policies;
              (b) our risk-based approach to authorisation, supervision and enforcement; and
              (c) what we consider and take into account when exercising our powers.

            • 1.1.2

              The GPM is meant to assist persons operating or intending to operate financial services or a market in the ADGM and should be read in conjunction with the Financial Services and Markets Regulations ("FSMR") and the ADGM Rulebooks.

            • 1.1.3

              The GPM is not meant to be all of our guidance and policies on how we will operate and exercise our powers and we are not bound to follow it on all occasions. It is merely an informative document, which sets how we may act when exercising our powers.

          • 1.2 Defined terms

            • 1.2.1

              Where we have used a defined term in the GPM, these are identified by the capitalisation of the word or a phrase capitalised. You can find meanings of these defined terms in the Glossary module ("GLO") of the ADGM Rulebook. There are also defined terms in the FSMR. If there is no capitalisation of the initial letter, the word or phrase has its normal common day meaning.

          • 1.3 Updating the GPM

            • 1.3.1

              We will make amendments to the GPM when we make changes in our policies or processes to ensure it remains current.

          • 1.4 Our mandate

            • 1.4.1

              We are committed to foster, promote and maintain a fair, efficient and responsive regulatory environment for our market participants and stakeholders.

            • 1.4.2

              We have adopted and apply international standards, such as those set out by the Basel Committee on Banking Supervision, the International Association of Insurance Supervisors, the International Organisation of Securities Commissions, the Financial Stability Board and the Financial Action Task Force.

        • 2. BECOMING REGULATED

          • 2.1 Our approach to authorisation

            • Introduction

              • 2.1.1

                This chapter outlines our approach when assessing if an applicant or registrant can become:

                (a) an Authorised Firm;
                (b) a Recognised Body;
                (c) a Representative Office;
                (d) an Approved Person; or
                (e) a Principal Representative.

              • 2.1.2

                Before submitting an application, an applicant or registrant should contact our Authorisation Team at authorisation@adgm.com.

            • Prohibition and by way of business

              • 2.1.3

                The FSMR impose a prohibition on all persons who carry on an activity regulated by us in the ADGM "by way of business" unless the person is an Authorised Firm, Recognised Body or an Exempt Person.

              • 2.1.4

                Whether or not an activity is carried on by way of business is a question of fact that takes account several factors, including:

                (a) how often the activity is conducted;
                (b) whether there is a commercial element involved;
                (c) the size and proportion of non-regulated activities carried on by the same person; and
                (d) the nature, context and circumstances of the activity that is carried on.

            • Whether someone is carrying on his or her own business

              • 2.1.5

                Another aspect of the prohibition is that an employee will not breach the prohibition by carrying on an activity on behalf of his employer, as in such cases it is the employer who is carrying on that activity. The employee is simply carrying on the employer's business. This principle potentially also applies to agents and others who assist another to carry on that other's business.

            • General Prohibition and by way of business

              • 2.1.6

                The regulations impose a general prohibition on all persons who carry on a Regulated Activity in the ADGM "by way of business" unless the person is a firm, Recognised Body or an exempt person.

              • 2.1.7

                Whether or not an activity is carried on by way of business is a question of fact that takes account of several factors. These include:

                (a) the degree to which the activity is conducted with continuity, regularity and systemically;
                (b) the existence of a commercial element;
                (c) the scale proportion and impact which the activity bears to other activities carried on by the same Person but which are not regulated; and
                (d) the nature, context and circumstances of the particular activity that is carried on.

            • Regulated Activities and the need for a Financial Service Permission

              • 2.1.8

                Schedule 1 to the Financial Services and Markets Regulations contains a complete list of Regulated Activities. When determining whether an applicant will require a Financial Services Permission to engage in a specific Regulated Activity, the applicant should first, determine that such Regulated Activity will be carried on in or from the ADGM 'by way of business' as described in 2.1.6 and 2.1.7. If they are then the applicant will need to consider whether any of the applicable exclusions apply either (i) specified following the description of the relevant Regulated Activity or (ii) amongst the general exclusions contained in Chapter 18 of Schedule 1.

            • Combinations of Regulated Activities

              • 2.1.9

                Generally, we will rely upon the applicant's written application and discussions when considering which Regulated Activities should be included in any Financial Service Permission granted to the applicant. The Regulator will only include a Regulated Activity within a Financial Service Permission when it reasonably believes such Regulated Activity is required for the applicant to conduct its business. Applicants should consider each Regulated Activity as a distinct activity with a distinct Financial Service Permission.

              • 2.1.10

                While no Regulated Activity will require the Regulator to include a second Regulated Activity within the Financial Service Permission to enable the applicant to engage in the original Regulated Activity, certain Regulated Activities may be combined with other Regulated Activities. For example, where an applicant may be arranging transactions which arise from advice given to a client. This would be acceptable, provided (i) the applicant has requested both Regulated Activities to be included in its Financial Service Permission, (ii) the applicant satisfies the relevant criteria necessary to engage in both Regulated Activities and (iii) no conflicts arise as a consequence of the conduct of both Regulated Activities by a single person (see 2.1.10).

            • Conflicts between Regulated Activities

              • 2.1.11

                By their nature, certain combinations of Regulated Activities may be difficult for a single applicant to undertake without risk of a material conflict of interest. In such circumstances the Regulator will not grant a Financial Service Permission to engage in both Regulated Activities without being satisfied that both activities may be undertaken independently in a manner which addresses potential conflicting duties between clients or conflicts between the interests of the applicant and its clients.

              • 2.1.12

                The Regulator does not provide an exhaustive list of potential conflicting duties and interests and expects that each applicant will have reviewed the scope of those Regulated Activities it wishes to engage in, in order to identify and take steps to mitigate potential conflicts.

          • 2.2 Assessing the fitness and propriety of applicants

            • 2.2.1

              We expect applicants seeking authorisation/recognition to be fit and proper. This provides us with the assurance that applicants are willing and able to fulfil their obligations under the law. The onus is on each applicant to establish that they are fit and proper.

            • Reputation and standing

              • 2.2.2

                In assessing the reputation and standing of an applicant, we can take into consideration any relevant matters including:

                (a) any matter affecting the propriety of the applicant's conduct, whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of the law, or the institution of legal or disciplinary proceedings of whatever nature;
                (b) whether an applicant has ever been the subject of disciplinary procedures by a government body or agency or any self-regulatory organisation or other professional body;
                (c) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under it or made by a recognised self-regulatory organisation, non-ADGM financial services regulator or regulated exchange or clearing house;
                (d) whether an applicant has been refused, or had a restriction placed on, the right to carry on a trade, business or profession requiring a licence, registration or other permission;
                (e) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against or payment by an applicant;
                (f) whether an applicant has been censured, disciplined, publicly criticised or the subject of a court order at the instigation of any regulatory authority, or any officially appointed inquiry, or any other non-ADGM financial services regulator;
                (g) whether an applicant has been open and truthful in all its dealings with us; and
                (h) any other matter that we consider relevant.

            • Locations of offices

              • 2.2.3

                An applicant should be able to satisfy us that it will establish an office and maintain a presence in the ADGM based on the activities it will carry on.

            • Close Links

              • 2.2.4

                We need to be satisfied, as to who are the applicant's Close Links or where the applicants is closely related to another person (for example a parent or subsidiary company or someone who owns and controls 20% or more of the applicant). This is to make sure we are not prevented from effectively supervising the applicant.

            • Legal status of Firms and Recognised Bodies

              • 2.2.5

                We will only consider an application for authorisation or recognition where the legal status of the proposed ADGM entity is a Body Corporate or a Partnership. Individuals cannot make an application. In respect of the regulated activities of Effecting Contracts of Insurance or Carrying Out Contracts of Insurance as Principal, a firm can only be a Body Corporate.

              • 2.2.6

                In the case of non-ADGM persons other than companies limited by shares, we will consider whether the legal form is appropriate for the activities proposed.

              • 2.2.7

                If the applicant is seeking to branch in to the ADGM, we will take into account where the applicant's head office is located.

            • Ownership and Group

              • 2.2.8

                In relation to the ownership and Group structure of an applicant, we may have regard to:

                (a) the applicant's position within its group, including any other relationships that may exist between the applicant, controllers, associates and other persons that may be considered a close link;
                (b) the financial strength of the Group and its implications for the applicant;
                (c) whether the Group has a structure which makes it possible to:
                (i) exercise effective supervision;
                (ii) exchange information among regulators who supervise group members; and
                (iii) determine the allocation of responsibility among the relevant regulators;
                (d) any information provided by other regulators or third parties in relation to the applicant or any entity within its Group; and
                (e) whether the applicant or its group is subject to any adverse effect or considerations arising from a country or countries of incorporation, establishment and operations of any member of its group. In considering these matters, we may also have regard to the type and level of regulatory oversight in the relevant country or countries of the group members and the regulatory infrastructure and adherence to internationally held conventions.

            • Controllers

              • 2.2.9

                In relation to the controllers of an applicant, we may, taking into account the nature, scale and complexity of the firm's business and organisation, have regard to:

                (a) the background, history and principal activities of the applicant's controllers, including that of the controller's directors, partners or other officers associated with the applicant, and the degree of influence that they are, or may be, able to exert over the applicant and/or its activities;
                (b) where the Controller will exert significant management influence over the applicant, the reputation and experience of the controller or any individual within the controller;
                (c) the financial strength of a controller and its implications for the applicant's ability to ensure the sound and prudent management of its affairs, in particular where a controller agrees to contribute any funds or other financial support such as a guarantee or a debt subordination agreement in favour of the Firm or Recognised Body; and
                (d) whether the applicant is subject to any adverse effect or considerations arising from the country or countries of incorporation, establishment or operations of a controller. In considering such matters, we may have regard to, among other things, the type and level of regulatory oversight, which the controller is subject to in the relevant country or countries and the regulatory infrastructure and adherence to internationally held conventions and standards.

              • 2.2.10

                Where we have any concerns relating to the fitness and propriety of an applicant for a Financial Services Permission stemming from a Controller of such a Person, we may consider imposing conditions on the Financial Services Permission designed to address such concerns. For example, we may impose, in the case of a start-up, a condition that there should be a shareholder agreement that implements an effective shareholder dispute resolution mechanism.

            • Resources, systems and controls

              • 2.2.11

                We will have regard to whether the applicant has sufficient resources, including the appropriate systems and controls, such as:

                (a) the applicant's financial resources and whether it complies, or will comply, with any applicable financial rules, and whether the applicant appears to be in a position to be able to comply with such rules;
                (b) the extent to which the applicant is or may be able to secure additional capital in a form acceptable to us where this appears likely to be necessary at any stage in the future;
                (c) the availability of sufficient competent human resources to conduct and manage the applicant's affairs, in addition to the availability of sufficient Approved Persons to conduct and manage the applicant's activities;
                (d) whether the applicant has sufficient and appropriate systems and procedures in order to support, monitor and manage its affairs, resources and regulatory obligations in a sound and prudent manner;
                (e) whether the applicant has appropriate anti-money laundering procedures and systems designed to ensure full compliance with applicable money laundering and counter terrorism legislation, and relevant UN Security Council and applicable sanctions and resolutions, including arrangements to ensure that all relevant staff are aware of their obligations;
                (f) the impact of other members of the applicant's group on the adequacy of the applicant's resources and, in particular, though not exclusively, the extent to which the applicant is or may be subject to consolidated prudential supervision by us or another non-ADGM financial services regulator;
                (g) whether the applicant is able to provide sufficient evidence about the source of funds available to it, to our satisfaction. This is particularly relevant in the case of a start-up entity; and
                (h) the matters specified in paragraph 2.2.88(c).

            • Firms and Recognised Persons: Collective suitability of individuals or other Persons connected to the firm

              • 2.2.12

                Although individuals performing Controlled and Recognised Functions are required to be Approved Persons and/or Recognised Persons and that a firm is required to appoint certain Approved and Recognised Persons to certain functions, we will also consider:

                (a) the collective suitability of all of the firm's staff taken together, and whether there is a sufficient range of individuals with appropriate knowledge, skills and experience to understand, operate and manage the firm's affairs in a sound and prudent manner;
                (b) the composition of the Governing Body of the firm. The factors that would be taken into account by us in this context include, depending on the nature, scale and complexity of the firm's business and its organisational structure, whether:
                (i) the governing body has a sufficient number of members with relevant knowledge, skills and expertise among them to provide effective leadership, direction and oversight of the firm's business. For this purpose, the members of the governing body should be able to demonstrate that they have, and would continue to maintain, including through training, the necessary skills, knowledge and understanding of the firm's business to be able to fulfil their roles;
                (ii) the individual members of the governing body have the commitment necessary to fulfil their roles, demonstrated, for example, by a sufficient allocation of time to the affairs of the firm and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, we will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the firm and its customers and stakeholders; and
                (iii) there is a sufficient number of independent members on the governing body. We will consider a member of the governing body to be "independent" if he is found, on reasonable grounds by the governing body, to be independent in character and judgement and able to make decisions in a manner that is consistent with the best interests of the Firm;
                (c) the position of the Firm in any Group to which it belongs;
                (d) the individual or collective suitability of any person or persons connected with the firm;
                (e) the extent to which the firm has robust human resources policies designed to ensure high standards of conduct and integrity in the conduct of its activities;
                (f) whether the firm has appointed Auditors, actuaries and advisers with sufficient experience and understanding in relation to the nature of the firm's activities; and
                (g) whether the remuneration structure and strategy adopted by the firm is consistent with the requirements in GEN 3.3.42(1).

            • Recognised Bodies: other considerations

              • 2.2.13

                In determining whether a Recognised Body has satisfied its recognition requirements set out in MIR Chapter 2 and GEN Chapter 3, we will consider:

                (a) its arrangements, policies and resources for fulfilling its obligations under the recognition requirements as set out in MIR 4.2.1;
                (b) its arrangements for managing conflicts and potential conflicts between its commercial interest and applicable regulatory requirements;
                (c) the extent to which its constitution and organisation provide for effective governance;
                (d) the arrangements made to ensure that the Governing Body has effective oversight of its regulatory functions;
                (e) the fitness and propriety of its Approved Persons and the access the approved persons have to the Governing Body;
                (f) the size and composition of the Governing Body including:
                (i) the number of independent members on the Governing Body;
                (ii) the number of members of the Governing Body who represent members of the Recognised Body or other persons and the types of persons whom they represent; and
                (iii) the number and responsibilities of any members of the governing body with executive roles within the Recognised Body;
                (g) the structure and organisation of its Governing Body, including any distribution of responsibilities among its members and committees;
                (h) the integrity, relevant knowledge, skills and expertise of the members of the governing body to provide effective leadership, direction and oversight of the Recognised Body's business. For this purpose, such individuals should be able to demonstrate that they have, and would continue to maintain, including through training, necessary skills, knowledge and understanding of the Recognised Body's business to be able to fulfil their roles;
                (i) the commitment necessary by the members of the governing body to fulfil their roles effectively, demonstrated, for example, by a sufficient allocation of time to the affairs of the Recognised Body and reasonable limits on the number of memberships held by them in other boards of directors or similar positions. In particular, the Regulator will consider whether the membership in other boards of directors or similar positions held by individual members of the governing body has the potential to conflict with the interests of the Recognised Body and its stakeholders;
                (j) the integrity, qualifications and competence of its approved persons;
                (k) its arrangements for ensuring that it employs individuals who are honest and demonstrate integrity;
                (l) the independence of its regulatory departments from its commercial departments; and
                (m) whether the remuneration structure and strategy adopted by the Recognised Body is consistent with the requirements in GEN 3.3.42(1).

              • 2.2.14

                We will consider a Director to be "independent" if the Director is found, on the reasonable determination of the Governing Body, to:

                (a) be independent in character and judgement; and
                (b) have no relationships or circumstances which are likely to affect or could appear to affect the director's judgement in a manner other than in the best interests of the Recognised Body.

              • 2.2.15

                In forming a determination the Governing Body should consider the length of time the director has served as a member of the Governing Body and whether the relevant director:

                (a) has been an employee of the Recognised Body or group within the last five years;
                (b) has or has had, within the last three years, a material business relationship with the Recognised Body, either directly or as a partner, shareholder, director or senior employee of a body that has such a relationship with the Recognised Body;
                (c) receives or has received, in the last three years, additional remuneration or payments from the Recognised Body apart from a director's fee, participates in the Recognised Body's share option, or a performance- related pay scheme, or is a member of the Recognised Body's pension scheme;
                (d) is or has been a director, partner or employee of a firm which is the Recognised Body's auditor;
                (e) has close family ties with any of the Recognised Body's advisors, directors or senior employees;
                (f) holds cross directorships or has significant links with other directors through involvement in other bodies; or
                (g) represents a significant shareholder.

          • 2.3 Assessing the fitness and propriety of Approved Persons, Recognised Persons and Principal Representatives

            • Introduction

              • 2.3.1

                This section sets out the matters which we take into consideration, and expect the firm or Recognised Body to take into consideration, when assessing the fitness and propriety of:

                (a) In the case of a firm, an Approved Person, Recognised Person under GEN 5.3 and GEN 5.4 and Principal Representative under 9.8;
                (b) In the case of a Recognised Body, an Approved Person under MIR 7.2.

              • 2.3.2

                Applications for approved person status in respect of the controlled functions of Senior Executive Officer, Licensed Director and Licensed Partner shall be made by the firm and approved by us. We may reject an application for an Approved Person status or grant an Approved Person status with or without conditions and restrictions.

              • 2.3.3

                In relation to applications for Recognised Persons status the firm or Recognised Body will approve the Recognised Functions of Finance Officer, Compliance Officer, Senior Manager, Money Laundering Reporting Officer and Responsible Officer, and notify us of such appointments. The onus is on the firm or Recognised Body to carry out proper due diligence to ensure that the person is fit and proper to carry out the function, and to maintain the necessary supporting documentation for its due diligence.

              • 2.3.4

                We expect a firm and Recognised Body to continually ensure that all Approved and Recognised Persons are fit and proper for the controlled and or recognised Functions that they have been appointed to.

              • 2.3.5

                When assessing whether an individual meets the fitness and propriety criteria to be able to perform the role of an Approved Person or Recognised Person, we take the following considerations into account, as set out in paragraphs 2.3.6 to 2.3.8 below.

            • Integrity

              • 2.3.6

                In determining whether an individual has met the fitness and propriety criteria with respect to his/her integrity, the following matters may be taken into account:

                (a) the propriety of an individual's conduct whether or not such conduct may have resulted in the commission of a criminal offence, the contravention of a law or the institution of legal or disciplinary proceedings of whatever nature;
                (b) a conviction or finding of guilt in respect of any offence, other than a minor road traffic offence, by any court of competent jurisdiction;
                (c) whether the individual has ever been the subject of disciplinary proceedings by a government body or agency or any recognised self-regulatory organisation or other professional body;
                (d) a contravention of any provision of financial services legislation or of rules, regulations, statements of principle or codes of practice made under or by a recognised self-regulatory organisation, Recognised Body, regulated exchange or regulated clearing house or non-ADGM Financial Services Regulator;
                (e) a refusal or restriction of the right to carry on a trade, business or profession requiring a licence, registration or other authority;
                (f) a dismissal or a request to resign from any office or employment;
                (g) whether an individual has been or is currently the subject of or has been concerned with the management of a Body Corporate which has been or is currently the subject of an investigation into an allegation of misconduct or malpractice;
                (h) an adverse finding in a civil proceeding by any court of competent jurisdiction of fraud, misfeasance or other misconduct, whether in connection with the formation or management of a corporation or otherwise;
                (i) an adverse finding or an agreed settlement in a civil action by any court or tribunal of competent jurisdiction resulting in an award against the individual;
                (j) an order of disqualification as a director or to act in the management or conduct of the affairs of a corporation by a court of competent jurisdiction or regulator;
                (k) whether the individual has been a director, or concerned in the management of, a body corporate which has gone into liquidation or administration whilst that individual was connected with that body corporate or within one year of such a connection;
                (l) whether the individual has been a partner or concerned in the management of a partnership where one or more partners have been made bankrupt whilst that individual was connected with that partnership or within a year of such a connection;
                (m) whether the individual has been the subject of a complaint in connection with a financial service, which relates to his integrity, competence or financial soundness;
                (n) whether the individual has been censured, disciplined, publicly criticised by, or has been the subject of a court order at the instigation of, us or any officially appointed inquiry, or Non-ADGM Financial Services Regulator; and
                (o) whether the individual has been candid and truthful in all his dealings with us.

            • Competence and capability

              • 2.3.7

                We will take into account the individual's qualifications and experience, in determining the fitness and propriety criteria of competence and capability of an individual to perform a role as an Approved Person or Principal Representative.

            • Financial soundness

              • 2.3.8

                With respect to the financial soundness of an individual, we will take into account :

                (a) whether an individual is able to meet his debts as and when they fall due; and
                (b) whether an individual has been declared bankrupt, had a receiver or an administrator appointed, had a bankruptcy petition served on him, had his estate sequestrated, entered into a deed of arrangement (or any contract in relation to a failure to pay due debts) in favour of his creditors, or within the last 10 years, has failed to satisfy a judgement debt under a court order.

          • 2.4 Waivers during authorisation

            • 2.4.1

              An applicant for authorisation may request a waiver or modification when the application is made and being processed. In some circumstances, the applicant may need to work with us in developing the waiver or modification and may not be required to use the formal application process. However, the written consent to the waiver or modification will be required if the applicant is authorised.

          • 2.5 Start-up entities in the ADGM

            • What are "Start-up" entities?

              • 2.5.1

                This paragraph serves as a guide to assist Start-up entities that are interested in applying for a Financial Services Permission to conduct Regulated Activities in the ADGM. It sets out the information required to support an application and what criteria that we may consider in the authorisation process. Start-ups, as with any applicants, will be required to satisfy all of our requirements prior to being granted a Financial Services Permission.

              • 2.5.2

                A Start-up entity is:

                (a) any newly set up business entity which is not part of a group that is subject to financial services regulation; or
                (b) part of an existing business entity which it, or whose group is not subject to financial services regulation.

              • 2.5.3

                As a general position, we will not usually accept applications for start-up banks or insurers however each application will be considered on its merits. We will take into account such factors as the applicant's financial position, systems and controls and whether the Start-up entity is managed by persons who have the necessary expertise and knowledge to conduct such activities.

            • Our risk-based approach to Start-ups

              • 2.5.4

                Any consideration of an application for the granting of a Financial Services Permission to carry on a regulated activity is likely to involve an assessment of the risks posed to our objectives by the proposed regulated activity. Whilst the broad categories of risks for all applicants will be the same, the nature of those risks within start-ups can be amplified, as a start-up does not have a regulatory track record to deal with risks and upon which we may place reliance. In the case of a new business, even where senior management has substantial experience and relevant competence in the business sector, this does not necessarily imply an ability to create and sustain an adequate management control environment and compliance culture, particularly when faced with all the other issues of establishing a new business.

              • 2.5.5

                The broad categories of risk and some of the unique elements of those risk categories that apply to start-ups include financial risk, governance risk, business/operational risk and compliance risk.

            • Financial risk

              • 2.5.6

                All applicants are required to demonstrate they have a sound initial capital base and funding and must be able to meet the relevant prudential requirements of the ADGM laws, on an on-going basis. This includes holding enough capital resources to cover expenses even if expected revenue takes time to materialise. Start-ups can encounter greater financial risks as they seek to establish and grow a new business.

              • 2.5.7

                In addition to the risks associated with the financial viability of the start-up, particular attention may be given to the clarity and the verifiable source of the initial capital funding.

            • Governance risk

              • 2.5.8

                All applicants are required to demonstrate robust governance arrangements together with the fitness and integrity of all controllers, directors and senior management. We are aware that management control, in smaller start-ups especially, may lie with one or two dominant individuals who may also be amongst the owners of the firm. In such circumstances, we would expect the key business and control functions (i.e. risk management, compliance and internal audit) to be subject to appropriate oversight arrangements which reflect the size and complexity of the business. Applicants can assist us by describing in detail the ownership structure, high level controls and clear reporting lines which demonstrate an adequate segregation of duties.

              • 2.5.9

                We may request details of the background, history and ownership of the start-up and, where applicable, its Group. Similar details relating to the background, history and other interests of the directors of the start-up may also be required. Where it considers it necessary to do so, we may undertake independent background checks on such material. A higher degree of due diligence will apply to individuals involved in a start-up and there would be an expectation that the start-up itself will have conducted detailed background checks, which may then be verified by us.

            • Business/operational risk

              • 2.5.10

                All applicants are required to establish appropriate systems and controls to demonstrate that the affairs of the firm are managed and controlled effectively. The nature of the systems and controls may depend on the nature, size and complexity of the business. A start-up may wish to consider which additional systems and controls may be appropriate in the initial period of operation following launch, such as increased risk or compliance monitoring. Due to the unproven track record of a startup, we may, for example, impose restrictions on the business activities of the entity or a greater degree and intensity of supervision until such a track record is established.

            • Compliance risk

              • 2.5.11

                The Senior Executive Officer of a firm is expected to take full responsibility for ensuring compliance with the ADGM laws by establishing a strong compliance culture which is fully embedded within the organisation. A start-up will be required to appoint a U.A.E. resident as the senior executive officer as well as the compliance officer and money laundering reporting officer (MLRO) with the requisite skills and relevant experience in compliance and anti-money laundering duties. The individuals fulfilling the compliance and MLRO roles will be expected to demonstrate to us their competence to perform the proposed roles and adequate knowledge of the relevant sections of the ADGM laws and, in the case of the MLRO, the wider anti-money laundering laws.

            • Main information requirements

              • 2.5.12

                The main information requirements are the same for all applicants, including startups, and each application will be assessed on its own merits.

              • 2.5.13

                A key document will be the regulatory business plan submitted in support of the application. It will facilitate the application process if applicants cover the following areas within this submission:

                (a) an introduction and background;
                (b) strategy and rationale for establishing in the ADGM;
                (c) organisational structure;
                (d) management structure;
                (e) proposed resources;
                (f) high level controls;
                (g) risk management;
                (h) operational controls;
                (i) systems overview;
                (j) how the proposed activities are mapped against the Regulated Activities and why particular Regulated Activities are applied for; and
                (k) financial projections.

              • 2.5.14

                Start-up applicants may find it useful to include diagrams illustrating corporate structures, and, where applicable, group relationships, governance arrangements, organisational design, clear reporting lines, business process flows and systems environments.

              • 2.5.15

                Comprehensively addressing these areas and detailing how the key risks will be identified, monitored and controlled may significantly assist us in determining applications from a start-up.

          • 2.6 Application for carrying out a Regulated Activity with or for a Retail Client

            • 2.6.1

              GEN 5.2.3 outlines the requirements to be met by an applicant intending to carry on a Regulated Activity where the client is a Retail Client.

            • 2.6.2

              When assessing an application of this type we may consider the following:

              (a) the adequacy of an applicant's systems and controls for carrying on Regulated Activities with a Retail Client;
              (b) whether the applicant is able to demonstrate that its systems and controls (including policies and procedures) adequately provide for, among other things, compliance with the requirements specifically dealing with Retail Clients under the Conduct of Business Rulebook (COBS), in particular:
              (i) marketing materials;
              (ii) the content requirements for Client Agreements;
              (iii) the suitability assessment for recommending a financial product;
              (iv) the disclosure of fees and commissions, and any inducements; and
              (v) the segregation of Client Money and/or Client Investments, where relevant;
              (c) whether the applicant has adequate systems and controls to ensure, on an on-going basis, that its Employees remain competent and capable to perform the functions which are assigned to them, including any additional factors that may be relevant if their functions involve interfacing with Retail Clients; and
              (d) the adequacy of the applicant's Complaints handling policies and procedures. An applicant's policies and procedures must provide for fair, consistent and prompt handling of Complaints. In addition to the matters set out in GEN Chapter 7, the policies and procedures should explicitly deal with how the applicant ensures that:
              (i) Employees dealing with Complaints have adequate training and competencies to handle complaints, as well as impartiality and sufficient authority (see GEN 3.3.19, 7.2.7 and 7.2.8);
              (ii) a Retail Client is made aware of the firm's Complaints handling policies and procedures before obtaining its services (see COB 12.1.2(a)(viii)); and
              (iii) the applicant's Complaints handling policies and procedures are freely available to any Retail Client upon request (see GEN 7.2.11).

          • 2.7 Application to conduct Islamic Financial Business

            • 2.7.1

              A firm wishing to carry on Islamic Financial Business must have a Financial Services Permission authorising it to Conduct Islamic Financial Business either as an Islamic Financial Institution or by operating an Islamic Window.

            • 2.7.2

              A Firm that is granted a Financial Services Permission to operate an Islamic Window may conduct some of its Regulated Activities in a conventional manner while conducting its Islamic Financial Business through the Islamic Window.

            • 2.7.3

              We may grant a Financial Services Permission only if we are satisfied that the applicant has demonstrated that it has the systems and controls in place to undertake Islamic Financial Business. In determining whether to grant such a Financial Services Permission, we may consider, among other things, those matters set out in the IFR module of the ADGM Rulebook.

          • 2.8 Application to be a Representative Office

            • 2.8.1

              An applicant seeking to become a Representative Office will need to comply with requirements including those set out in GEN Chapter 9.

            • 2.8.2

              In assessing an application for a Representative Office, we will need to be satisfied that:

              (a) the proposed activities are that of marketing, which means providing information on investments or financial services; engaging in promotions of investments or financial services; or making introductions or referrals of investments or financial services. It does not include advising on investments or the receiving or transmitting of orders(see paragraph 67 of Schedule 1 of the FSMR); and
              (b) the applicant is incorporated and regulated by a Non-ADGM Financial Services Regulator and setting up in the ADGM as a branch.

          • 2.9 Application for a withdrawal of Financial Services Permission

            • 2.9.1

              In considering requests for the withdrawal of a Financial Services Permission, a firm will need to satisfy us that it has made appropriate arrangements with respect to its existing customers, including the receipt of any customers' consent where required and, in particular:

              (a) whether there may be a long period in which the business will be run-off or transferred;
              (b) whether deposits must be returned to customers;
              (c) whether money and other assets belonging to customers must be returned to them; and
              (d) whether there is any other matter which we would reasonably expect to be resolved before granting a request for the withdrawal of a Financial Services Permission.

            • 2.9.2

              In determining a request for the withdrawal of a Financial Services Permission, we may require additional procedures or information as appropriate, including evidence that the firm has ceased to carry on Regulated Activities.

            • 2.9.3

              A firm should submit detailed plans where there may be an extensive period of wind-down. It may not be appropriate for a firm to immediately request a withdrawal of its Financial Services Permission in all circumstances, although it may wish to consider reducing the scope of its Financial Services Permission during this period. Firms should discuss these arrangements with us.

            • 2.9.4

              We may also refuse a request for the withdrawal of a Financial Services Permission where:

              (a) the firm has failed to settle its debts owed to us; or
              (b) it is in the interests of a current or pending investigation by us, or by another regulatory body or a Non-ADGM Financial Services Regulator.

            • 2.9.5

              Some other matters which a firm should be mindful of in relation to the withdrawal of its Financial Services Permission include:

              (a) Where a firm's FSP is withdrawn, the approved status of its Approved Persons will also be withdrawn on the same date. However, this does not remove the obligation on a firm to provide a statement where an approved person has been dismissed or requested to resign (under GEN 8.7.3); and
              (b) Where a Fund Manager or the Trustee makes a request for withdrawal (under GEN 8.4.1), the Fund Manager or the Trustee will need to satisfy us that it has made appropriate arrangements in accordance with the requirements under the FUNDS Rules with respect to the continuing management of the Fund for which it is the Fund Manager or the Trustee, as the case may be.

            • Application for variation of a Financial Services Permission

              • 2.9.6

                Where a firm applies to change the scope of its Financial Services Permission, it should provide the following information:

                (a) a revised business plan as appropriate, describing the basis of, and rationale for, the proposed change;
                (b) details of the extent to which existing documentation, procedures, systems and controls will be amended to take into account any additional activities, and how the firm will be able to comply with any additional regulatory requirements; and
                (c) descriptions of the firm's senior management responsibilities (see GEN Chapter 5) where these have changed from those previously disclosed, including any updated staff organisation charts and internal and external reporting lines;
                (d) details of any transitional arrangements where the firm is reducing its activities and where it has existing customers who may be affected by the cessation of a Regulated Activity;
                (e) the appropriate financial reporting statement where the variation may result in a change to the firm's prudential category or the application of additional or different financial rules. If a capital increase is required in order to demonstrate compliance with additional financial rules but such capital is not paid up or available at the time of application, proposed or forecast figures may be used;
                (f) details of the effect of the proposed variation on the approved persons including, where applicable, submitting any written applications for individuals to perform additional or new controlled functions, or to remove existing controlled functions; and
                (g) revised pro forma financial statements.

              • 2.9.7

                In considering whether a Firm or Recognised Body is fit and proper with respect to a change in the scope of its Financial Services Permission, we may take into account the matters set out in Chapter 2 of this document, which provides guidance on assessing fitness and propriety for firms and Recognised Bodies.

        • 3. SUPERVISION: BEING REGULATED

          • 3.1 Our approach to supervision

            • Supervision philosophy

              • 3.1.1

                We adopt a risk-based approach to the regulation and supervision of all regulated firms in order to concentrate our resources on the mitigation of risks to our objectives. We will work with a regulated entity to identify, assess, mitigate and control these risks where appropriate.

              • 3.1.2

                Our supervisory risk-based approach involves:

                (a) establishing the supervisory intensity of a given firm based on the combination of its size and complexity (impact rating) and its risk profile (risk rating), see paragraphs 3.1.8–3.1.11 below). The higher the impact and/or risk profile of the firm, the higher the supervisory intensity and the resources deployed by us;
                (b) continuous risk management cycle, utilising sectoral and firm-specific data, notifications by the firm, risk assessments and the risk and impact ratings;
                (c) using appropriate supervisory tools; and
                (d) where applicable, considering any lead or consolidated supervision which a firm or its Group may be subject to in other jurisdictions, taking into account our relationship with other regulators and the extent to which it or they meet appropriate regulatory criteria and standards.

              • 3.1.3

                We believe a firm's culture and behaviour affects both its overall financial condition and its interaction with individual customers and market counterparties. Our aim is to reduce the risk and impact of a failure or inappropriate conduct by requiring our regulated firms to have sound risk management systems and adequate internal controls.

            • Risk management cycle

              • 3.1.4

                We adopt a structured risk management cycle. This comprises the identification, assessment, prioritisation, mitigation and monitoring of risks. It ensures appropriate action is taken upon the identification and/or materialisation of risks.

              • 3.1.5

                We will identify and collate a comprehensive set of indicators on a regular basis which provides insights into the financial position and business activities of all our regulated entities. This data set allows us to assess the specific risk profile of regulated entities, sectoral risks by types of entities, and systemic risks posed by the firms to other market counterparties and the wider financial system.

              • 3.1.6

                Based on the analysis of this data set, we will prioritise and step up our supervision with respect to certain firms as appropriate, or use thematic reviews to target certain products, services or practices across a set of firms, to mitigate any emerging, specific or systemic risks.

              • 3.1.7

                We will monitor and use this data, amongst other factors, to review the effectiveness of our mitigation plans, and set organisational risk tolerances to allocate our supervisory resources.

            • Impact and risk ratings

              • 3.1.8

                The impact and risk rating is an assessment of the potential adverse consequences that could follow from the failure of, or significant misconduct by, a firm. The potential adverse consequences include not only the direct financial impact on such firm's customers, counterparties and stakeholders, but also the potential for damage to our reputation and objectives.

              • 3.1.9

                In assessing the impact rating, we will consider a variety of factors such as:

                (a) the complexity of the firm's activities and structure, which is dependent on the nature and type of Regulated Activities it conducts. For instance, a firm that holds customers' deposits and assets will be operationally more complex and more difficult to resolve any issues or to supervise into compliance, as opposed to a Regulated Activity that does not involve accepting / holding customers' assets;
                (b) the scale of the firm's activities and its linkages with other financial institutions and the wider financial system.

              • 3.1.10

                The risk rating is an assessment of the firm's level of risk exposure or probability of failure across a wide range of risk factors. It takes into consideration a number of broad risk groups, including:

                (a) Financial Strength
                (b) Liquidity
                (c) Credit Risk
                (d) Market Risk
                (e) AML/CFT and Financial Crime
                (f) Conduct Risk
                (g) Operational Risk
                (h) Corporate Governance
                (i) Internal Control System
                (j) Business Model Risk

              • 3.1.11

                The combination of the risk and the impact will determine the level and intensity of supervision. Firms with higher ratings will be subject to higher supervisory intensity. Our supervisory oversight of these firms will entail more frequent and routine engagements and on-site visits to oversee the activities and developments in the firm. These engagements would typically involve discussions with the board and senior management, business and compliance heads, auditors and risk managers of the firm and, in the case of overseas financial Groups, its head office staff and home country regulators.

            • Risk mitigation

              • 3.1.12

                Whenever appropriate, we may inform the firm of the steps it needs to take in relation to specific risks. We then expect the firm to demonstrate that it has taken appropriate steps to mitigate these risks.

              • 3.1.13

                Where necessary, risk mitigation programmes may be developed for a firm in order to mitigate or remove identified areas of risk.

            • Our relationship with firms

              • 3.1.14

                In order to meet our objectives, we require an open, transparent and co-operative relationship with our regulated firms. We expect to establish and maintain an on-going dialogue with the firm's senior management in order to develop and sustain a thorough understanding of the firm's business, systems and controls and, through this relationship, to be aware of all areas of risk to our objectives.

              • 3.1.15

                We seek to reinforce the responsibilities of senior management for the risk oversight and governance of the firm's activities, to ensure financial soundness, fair dealing and compliance with regulatory standards.

              • 3.1.16

                We seek to maintain an up-to-date knowledge of a firm's business. However, a firm is also required to keep us informed of significant events, or anything related to the firm of which we would reasonably expect to be notified (as set out below).

            • Notifications to us

              • 3.1.17

                GEN 8.10 sets out the requirements on a firm to notify us of specified events, changes or circumstances a firm (other than a Representative Office) may encounter. The list of notifications outlined in GEN 8.10 is not exhaustive and there are other areas of the Rulebooks that also specify additional notification requirements. (See appendix A)

            • Co-operation with other regulators

              • 3.1.18

                We view co-operation with other regulators as an important component of our supervisory activities. Effective co-operation arrangements with other regulators will provide for prompt exchange of information in relation to supervision, investigation and enforcement matters. The information exchange may enhance, for example, our understanding of the operations of a firm's Group and the effect on our firm.

              • 3.1.19

                We may also exercise our powers for the purposes of assisting other regulators or agencies, see sections 215 – 217 of the FSMR.

          • 3.2 Supervision of Firms

            • Group supervision

              • 3.2.1

                When we authorise a firm, we take into consideration the relationship the firm has within its Group, with related parties or other parties closely linked to it. We may also take into account lead or consolidated supervision to which a firm or its Group may be subject to in another jurisdiction.

              • 3.2.2

                A firm is expected to provide information as required or reasonably requested relating to the Authorised Person and, where applicable, its consolidated or lead regulatory arrangements. This information may include:

                (a) prudential information;
                (b) reports on systems and controls relating to a firm's Group;
                (c) internal and external audit reports;
                (d) details of disciplinary proceedings or any matters which may have financial consequences, reputational impact or pose any significant risk to the ADGM or to the firm; and
                (e) the group-wide corporate governance practices and policies, and the remuneration structure and strategies adopted.

              • 3.2.3

                This information may be taken into account as part of our fit and proper test as set out in Chapter 2.2 0 above and the supervision of the firm. Further Rules and Guidance with regard to obtaining information from a Representative office's lead regulator are set out in GEN 9.15.3.

              • 3.2.4

                We have an interest in the relationship of a firm with other regulators, particularly in order to determine the level of reliance we may place on a regulator in another jurisdiction concerning any lead supervision arrangements. Depending on the legal structure of a firm and our relationship with the regulator in question, we may place appropriate reliance on the supervision undertaken by this regulator.

            • Domestic Firm's Group with ADGM head office

              • 3.2.5

                We will usually be the lead and consolidated regulator of any Group headquartered as a Domestic Firm in the ADGM. Members of the Group, that is, any of the firm's Subsidiaries or Branches, will be either subject to our exclusive supervision or, where members of the Group are located in a jurisdiction outside the ADGM, generally subject to lead or consolidated supervision by us in co-operation with another regulator, provided we are satisfied that it meets appropriate regulatory criteria and standards.

            • Subsidiary of a non-ADGM firm

              • 3.2.6

                We will be the host regulator for the purpose of prudential supervision of a firm which is an ADGM incorporated Subsidiary of a non-ADGM firm.

              • 3.2.7

                Where a firm is a Subsidiary of a regulated non-ADGM parent company, we take into account any consolidated prudential supervision arrangements to which the firm is subject and will liaise with other regulators as necessary to ensure that these are adequately carried out, taking into account the firm's activities. We may place appropriate reliance on the firm's consolidated regulator in another jurisdiction if we are satisfied that it meets appropriate regulatory criteria and standards.

              • 3.2.8

                A firm carrying on Regulated Activities as a Subsidiary of an unregulated non-ADGM parent company may be subject to our consolidated prudential supervision, taking into account the parent's activities.

            • Branch of a non-ADGM firm

              • 3.2.9

                A firm carrying on Regulated Activities through a Branch will be subject to supervision by both us and the regulator in its head office jurisdiction.

              • 3.2.10

                We will have regard to any lead or consolidated prudential supervision arrangements to which a firm is subject. We may place appropriate reliance on a firm's lead regulator in another jurisdiction and, where appropriate, it's consolidated prudential regulator if we are satisfied that it meets appropriate regulatory criteria and standards. Where a firm is subject to lead regulation arrangements with a foreign regulator, we will usually not seek to impose consolidated prudential supervision on the firm's Group.

              • 3.2.11

                In determining the level of regulatory and supervisory oversight required for a specific firm, we will consider:

                (a) the degree of home country regulation and supervision by the home regulator;
                (b) the fitness and propriety of the head office and its Controllers;
                (c) the strength of support, both financial and managerial, which the head office is capable of providing to the branch, taking into account the branch's activities and the adequacy of, among other things, the corporate governance framework and practices at the head office; and
                (d) the risk and control mechanisms within the Branch itself.

              • 3.2.12

                Based on this assessment, we may consider granting a waiver or modification notice in respect of specific prudential or other regulatory requirements relating to a Branch.

            • Periodic returns for Firms

              • 3.2.13

                A firm is required to submit periodic returns. In addition, a firm may be required to submit copies of its Group's annual interim and audited accounts. We may also require a firm to provide copies of Group returns which are sent to any other regulator.

              • 3.2.14

                Collecting this data in a timely and accurate manner is imperative to our risk management cycle.

            • Review of risk management systems

              • 3.2.15

                Under GEN 3.3.4, a firm must ensure that its risk management systems provide the firm with the means to identify, assess, mitigate, monitor and control its risks. In addition to undertaking our own assessment of the firm, we may review the firm's internal risk self-assessment and determine the extent to which each of the firm's risks impacts on our objectives, the likelihood of the risk occurring, and the controls and mitigation programmes the firm has in place.

            • Desktop reviews

              • 3.2.16

                We may undertake desktop analyses to review a firm's business activities and compliance with our laws. A desktop review may involve analysing information provided by the firm through periodic returns, internal management information, ad-hoc questionnaires, published financial information or specially requested information. Through monitoring key indicators and the development of the firm's business, we seek to detect emerging issues for further in-depth reviews through meetings with the firm's management, onsite examinations, or otherwise. Apart from reports such as regular prudential returns, we may from time to time also request from a firm additional supplementary information and documents, including non-financial information such as a firm's internal policies on particular areas of risk and compliance.

            • On-site visits

              • 3.2.17

                On-site visits provide us with an overview of the firm's operations and enable us to form a first-hand view of the personnel, systems and controls and compliance culture within the firm as well as identifying and evaluating the risks to our objectives, taking into account any mitigation by the firm. They enable us to test the soundness of the firm's systems and controls and the extent to which we can continue to rely on them and the firm's senior management to prevent or mitigate risks to our objectives. On-site visits will also assist us to assess the extent of supervision and the use of other supervisory tools required to address certain key risk areas.

            • Periodic communications

              • 3.2.18

                We are committed to open and transparent communication with firms. From time to time, we may issue letters to Senior Executive Officers or equivalent persons across the ADGM. Frequently, these letters will be issued as a means of communicating findings arising from thematic visits, emerging trends and risks in the financial sector, or in response to any major events or developments.

              • 3.2.19

                From time to time, we may consider a particular item of communication to a firm to be of key regulatory importance. For this reason, it may be necessary to issue such communications directly to a senior member of staff at the board level of the ADGM entity copied (where appropriate) to the group's home regulator. For entities established as a Branch in the ADGM, these communications will likely be delivered to the Chairman of the Board at the ADGM Branch entity's head or Parent office. For ADGM incorporated entities, these communications will likely be delivered directly to the Chairman of the firm's board or head office. These communications may include, for example, the findings of our risk assessment visits where a risk mitigation plan has been sent that contains significant matters of concern to our objectives.

            • External Auditor reports, statements and meetings

              • 3.2.20

                An Auditor of a firm is required to provide reports to us addressing the matters outlined in section 191 of the FSMR. As part of an audit, we would expect an Auditor to review any relevant correspondence between us and the firm (e.g. on matters of regulatory concern) and ensure that appropriate follow-up actions have been taken by the firm. We may also require the firm to commission the auditor to conduct a special purpose audit to certify and ensure that any risk mitigation plan has been appropriately implemented. Further, we may from time to time, request tripartite meetings between the firm's senior management, the Auditor, and ourselves.

            • Controllers — Our approval

              • 3.2.21

                A person who proposes to become a Controller of a Domestic Firm or an existing Controller who proposes to increase the level of control which that person has in a domestic firm beyond the threshold of 20%, 30% or 50% is required to obtain our prior approval before doing so. Our assessment of a proposed acquisition or increase in control of a domestic firm is a review of such a firm's continued fitness and propriety and ability to conduct business soundly and prudently, and takes into account considerations set out in para 2.2.8.

              • 3.2.22

                Under GEN Rule 8.8.5(1), a person who proposes either to acquire or increase the level of control in a Domestic Firm must provide written notice to us in such form as we shall set. We may approve of, object to or impose conditions relating to the proposed acquisition or the proposed increase in the level of control of the firm. If the information in the written application lodged with us is incomplete or unclear, we may in writing request further clarification or information. We may do so at any time during the processing of such an application. The period of 90 days within which we will make a decision will not commence until such clarification or additional information is provided to our satisfaction. We may, in our absolute discretion, agree to a shorter period for processing an application where an applicant requests for such a period, provided all the information required is available to us.

              • 3.2.23

                Where we propose to object to or impose conditions relating to a proposed acquisition of or increase in the level of control in a domestic firm, we will first notify the applicant in writing of its proposal to do so and its reasons. We will take into account any representations made by an applicant before making our final decision.

              • 3.2.24

                We may consider whether a person has become an unacceptable Controller as a result of any notification given by a firm, including under GEN Rule 8.8.11(2) or as a result of our own supervisory work. The considerations which we will take into account in assessing whether a person is an acceptable Controller are those set out in paragraphs 3.2.21 above.

              • 3.2.25

                We may request, in writing, any further information required to enable us to complete our assessment of the application no later than the 50th Business Day of the assessment period.

          • 3.3 Supervision of Representative Offices

            • 3.3.1

              As part of our risk-based approach to supervising firms we may undertake periodic visits to Representative Offices and may also include Representative Offices in our thematic visits.

            • 3.3.2

              Onsite visits to Representative Offices are likely to focus on issues including:

              (a) confirming that activities undertaken by the Representative Office are allowed under its Financial Services Permission;
              (b) reviewing the adequacy of its systems and controls to comply with its responsibilities;
              (c) reviewing the material distributed by the Representative Office to ensure it is clear, fair and not misleading;
              (d) any solvency concerns with the head office or Group; and
              (e) the firm's disclosure of its regulated status.

            • 3.3.3

              The onsite visit is likely to include interviews with the Principal Representative and a review of relevant records.

          • 3.4 Supervision of Recognised Bodies

            • Introduction

              • 3.4.1

                The FSMR and the Rules establishes a principles-based framework for the recognition and supervision of Recognised Bodies and for taking regulatory action against those recognised institutions. This framework is supplemented by supervisory powers and other requirements in MIR and MKT rulebooks.

            • Group supervision

              • 3.4.2

                When we recognise a Recognised Body, we take into consideration the relationship with any wider group to which the Recognised Body may belong or with other Persons closely linked to it. We will also take into account lead or consolidated supervision to which a Recognised Body or its Group may be subject in another jurisdiction to the extent it is satisfied that it meets appropriate regulatory criteria and standards. This may lead to us placing some reliance on the supervisory arrangements in another jurisdiction or creating and participating in special arrangements for the supervision of the Recognised Body and its Group. The Recognised Body is expected to provide information required or reasonably requested in relation to these consolidated or lead supervisory arrangements before final supervisory arrangements are established.

              • 3.4.3

                Each relationship will be considered on a case by case basis and according to the risks posed by the Recognised Body's activities identified during supervisory arrangements. Such supervisory arrangements may include a process to be agreed by us, the Recognised Body itself and other relevant regulators.

              • 3.4.4

                Effective co-operation with regulators will provide for prompt exchange of information and co-operation in relation to supervision and enforcement between jurisdictions. This may include exchanges of information and co-operation in respect of activities conducted by a Recognised Body. Usually co-operation arrangements will be in the form of memoranda of understanding. The information exchange will enhance our understanding of the operations of the Group and the impact (if any) on the Recognised Body.

            • Application for a change in control

              • 3.4.5

                GEN 8.8 sets out the requirements relating to a change in control. See also paragraphs 3.2.21 to 3.2.25 above.

            • Directions power

              • 3.4.6

                MIR Chapter 6 empowers us to give a Recognised Body certain directions in relation to the Recognised Body's duties under the laws. It also gives us the power to direct a Recognised Body to do specified things, including closing the market, suspending transactions and prohibiting trading in Investments. MIR Chapter 6 also empowers us to exercise the powers contained in the Recognised Body's rules for participants as though it was the Recognised Body where we consider that the Recognised Body has not exercised the powers under those rules.

              • 3.4.7

                In considering whether to exercise such powers, we may take into account the following factors:

                (a) what steps the Recognised Body has taken or is taking in respect of the issue being addressed in the planned direction;
                (b) the impact on our objectives if a direction were not issued; or
                (c) whether it is in the interests of the ADGM.

              • 3.4.8

                The written notice given by us will specify what a Recognised Body is required to do under the exercise of such directions. Though we are not required to do so under MIR, in most cases we will endeavour to contact the Recognised Body prior to issuing such a direction.

              • 3.4.9

                Part 14 of the FSMR and MIR 6.1 allow us to direct a Recognised Body to suspend or delist Securities from its Official List. Such directions may take effect immediately or from a date and time as may be specified in the direction. MKT Chapter 2 contains details in this regard.

        • 4. SUPERVISORY AND ENFORCEMENT POWERS

          • 4.1 Introduction

            • 4.1.1

              This chapter sets out how we may exercise our supervisory and enforcement powers. We can exercise these powers in respect of any person who has been approved or recognised by us, including persons in senior positions.

            • 4.1.2

              Chapter 5 of this document describes how we will exercise additional powers when conducting enforcement activities.

            • 4.1.3

              The range of powers available to us includes the power to:

              (a) require information or documents (FSMR section 201 and 206);
              (b) require a firm to provide a report from a skilled person (FSMR section 203);
              (c) impose requirements on a firm (FSMR section 35);
              (d) issue a direction to a firm or an Affiliate for prudential purposes (FSMR section 202);
              (e) impose conditions on an Approved Person on our own initiative (FSMR section 48); and
              (f) suspend the Financial Services Permission of a firm (FSMR section 33).

            • 4.1.4

              In exercising a power specified in this Chapter (except when requesting information and/or documents; or a skilled person report), we will generally follow the decision making procedures set out in Chapter 7 of this document.

          • 4.2 Power to request information and documents

            • 4.2.1

              In order to supervise the conduct and activities of a firm, a Recognised Body, any director, officer, employee or agent of such firm or Recognised Body, we require access to a broad range of information relating to a Person's business. In particular, firms, Recognised Bodies, Approved Persons or Recognised Persons are expected to deal with us in an open and co-operative manner and disclose to us any information of which we would reasonably expect to be notified.

            • 4.2.2

              We may require a person referred to in paragraph 4.2.1 above to give information and produce documents about its business (including reports prepared by external parties such as consultants appointed by the firm or Recognised Body), transactions or employees to us. When we require the giving of information or production of documents, it will give the person a written notice specifying what is required to be given or produced.

            • 4.2.3

              We may exercise this power either within, or outside, the ADGM.

          • 4.3 Power to require a report

            • 4.3.1

              We may require a firm or Recognised Body to provide it with a report from a skilled person on specified matters, in circumstances where:

              (a) we have concerns about the adequacy of systems and controls (such as compliance, internal audit, anti-money laundering, risk management and record keeping);
              (b) we seek verification of information submitted by it; or
              (c) we require remedial action to ensure the firm or Recognised Body complies with the laws.

            • 4.3.2

              GEN 8.12 sets out various requirements relating to the appointment of a skilled person, including:

              (a) give written notification to the firm or Recognised Body, by us, concerning the purpose of the proposed report, the scope, the timetable for completion and any other relevant matters;
              (b) specify the nature of the concerns, by us, that led to the decision to appoint a skilled person and the uses we may have for the results of any skilled person's report;
              (c) the skilled person must be appointed by the firm or Recognised Body and be nominated or approved by us;
              (d) a firm or Recognised Body is required to ensure it provides all assistance that the skilled person may reasonably require and ensure that the skilled person co-operates with us; and
              (e) a firm or Recognised Body is required to pay for the services of the skilled person.

          • 4.4 Power to impose requirements on a firm or Recognised Body

            • 4.4.1

              We may impose a requirement on a firm or Recognised Body under FSMR section 35, so as to:

              (a) require a firm or Recognised Body to take action specified by us; or
              (b) require a firm or Recognised Body to refrain from taking action specified by us.

            • 4.4.2

              Examples of requirements that we may consider imposing include, among other things, a requirement:

              (a) not to take on new business;
              (b) not to hold or control Client Money;
              (c) not to trade in certain categories of Specified Investment;
              (d) prohibiting or restricting the disposal of, or other dealing with, any of the firm's or Recognised Body's assets (whether in the ADGM or elsewhere); and
              (e) that all or any of the firm's assets (or all or any assets belonging to investors but held by the firm or Recognised Body) must be transferred to a trustee approved by us.

            • 4.4.3

              We may exercise our power under paragraph 4.4.1 above in certain circumstances, as set out in FSMR section 35(2) and GEN 8.13.1, including where:

              (a) the firm or Recognised Body is failing, or is likely to fail, to satisfy the Threshold Conditions when it was first granted a Financial Services Permission including:
              (i) having adequate and appropriate resources;
              (ii) being fit and proper to carry on a activity regulated by us for which it has an authorisation or recognition;
              (iii) capability of being effectively supervised; and
              (iv) having adequate compliance arrangements to enable it to comply with all applicable legal requirements.
              (b) the firm or Recognised Body has committed a contravention of the FSMR, Rules or other enactments or subordinate legislation administered by us;
              (c) the firm or Recognised Body has failed, during the period of at least 12 months, to carry on an activity regulated by us to which the Financial Services Permission relates; or
              (d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.

            • 4.4.4

              In determining whether to exercise our power under section 35 of the FSMR, we may take into account relevant facts and circumstances including, the following:

              (a) whether we have concerns about the fitness and propriety of the firm or Recognised Body;
              (b) whether the firm's or Recognised Body's resources are adequate for the scale or type of activity which the firm is authorised to undertake;
              (c) whether the firm or Recognised Body has conducted its business in compliance with the FSMR and the Rules;
              (d) whether the firm or Recognised Body has ensured full compliance with applicable money laundering or counter terrorism legislation; and
              (e) whether the firm's or Recognised Body's management is able to address the Regulator's concerns about the firm or Recognised Body, or the way the business is being or has been run.

            • 4.4.5

              When exercising this power, we will have regard to the principle that any restriction imposed on a firm or a Recognised Body should be proportionate to the objectives which we are seeking to achieve.

          • 4.5 Power to cancel a Financial Services Permission or revoke recognition

            • At the request of a firm

              • 4.5.1

                On application of the firm or Recognised Body (in such firm as we shall prescribe), we may exercise our powers to vary or cancel a firm's Financial Services Permission or a Recognised Body's recognition (See FSMR section 32(2)).

              • 4.5.2

                Depending on the circumstances, we may need to consider whether we should first use our powers to impose requirements on a firm or Recognised Body or to vary a firm's Financial Services Permission or Recognised Body's recognition, before going on to cancel or revoke the Financial Services Permission.

            • On our own initiative

              • 4.5.3

                We may exercise our powers to cancel a Financial Services Permission to carry on one or more Regulated Activities, or to revoke recognition in respect of a Recognised Body (see FSMR sections 33 and 134(2)), respectively where:

                (a) firm or Recognised Body is failing, or is likely to fail, to satisfy the threshold conditions;
                (b) firm or Recognised Body has committed a contravention of the laws administered by us;
                (c) firm or Recognised Body has failed, during the period of at least 12 months, to carry on a Regulated Activity to which the Financial Services Permission or recognition relates; or
                (d) we consider that the exercise of the power is necessary or desirable in the pursuit of one or more of our objectives.

              • 4.5.4

                Circumstances when we may exercise our powers to cancel a Financial Services Permission or revoke a recognition include, among other things, where:

                (a) we have serious concerns about the manner in which the business of the firm or Recognised Body has been or is being conducted;
                (b) we consider it necessary to protect regulated entities and customers in the ADGM;
                (c) the firm or Recognised Body has failed to have or maintain adequate financial resources or a failure to comply with regulatory capital requirements;
                (d) the firm or Recognised Body has not submitted regulatory returns in a timely fashion or has provided false information in regulatory returns;
                (e) as a result of withdrawal of authorisation in relation to one or more Regulated Activities, the firm or Recognised Body is no longer authorised to carry on a Regulated Activity;
                (f) whether the firm or Recognised Body no longer satisfies the relevant criteria in respect of the fitness and propriety to carry on a Regulated Activity or hold a Financial Services Permission or recognition order (set out in GEN, Chapter 5 and MIR Chapters 2 and 4);
                (g) the firm or Recognised Body has repeatedly contravened the FSMR or the Rules.

          • 4.6 Power to impose conditions on the status of an Approved Person

            • 4.6.1

              We may at any time by a written notice to an Approved Person and the relevant firm:

              (a) impose conditions on the grant of Approved Person status (FSMR section 48); and
              (b) vary or withdraw conditions imposed on the grant of such status (FSMR section 46).

            • 4.6.2

              We may exercise this power in circumstances where:

              (a) the Approved Person has not exercised the expected level of skill, care and diligence in carrying out the Controlled Function;
              (b) the conduct of the Approved Person is inconsistent with the requirements and standards expected; or
              (c) we have concerns about the fitness and propriety of the Approved Person (but not such as to warrant the suspension or withdrawal of an Approved Person's status pursuant to section 46 of FSMR).

          • 4.7 Power to withdraw the status of an Approved Person

            • 4.7.1

              Under section 46 of the FSMR, we may withdraw an individual's Approved Person status given under section 45 of FSMR, if we consider that the Approved Person is no longer fit and proper to perform the Controlled Function in question, including for example, where:

              (a) the individual is in breach of an obligation applicable as a result of their Approved Person status;
              (b) the Financial Services Permission of the relevant firm is withdrawn;
              (c) the individual becomes bankrupt;
              (d) the individual is convicted of an offence that would be considered relevant to his integrity and honesty, or his ability to perform his functions;
              (e) the individual becomes incapable, through mental or physical incapacity, of managing his affairs; or
              (f) the individual or the relevant firm asks us to withdraw the relevant status.

            • 4.7.2

              In determining whether to exercise its power under section 46 of FSMR, we will have regard to all relevant matters including, but not limited to:

              (a) the criteria for assessing the fitness and propriety of an Approved Person as set out in GEN Chapter 5 (GEN 5.2.9) and paragraph 2.3 of this document;
              (b) the commission of any offences involving dishonesty, fraud or a Financial Crime by the Approved Person;
              (c) whether other enforcement action should be taken, or has already been taken, against the Approved Person by us or by other enforcement agencies;
              (d) the particular Controlled Function the Approved Person is or was performing;
              (e) the nature and activities of the firm concerned;
              (f) the markets in which the firm operates; and
              (g) the severity of the risk which the individual poses to consumers and to confidence in the ADGM financial system.

            • Disqualification of Auditors and actuaries under section 233 of the FSMR

              • 4.7.3

                We recognise that the use of our powers to disqualify Auditors and actuaries from being an Auditor of, or acting as an actuary for, a firm will have serious consequences for the Auditors or actuaries concerned and their clients.

              • 4.7.4

                In deciding whether to exercise our power to disqualify an Auditor or actuary under section 233(3) of FSMR, and what the scope of any disqualification will be, we will take into account all the circumstances of the case, including:

                (a) the nature and seriousness of any contravention of the FSMR or Rules and the effect of that contravention;
                (b) whether any contravention of the FSMR or Rules, or any failure to disclose information to us, has resulted in, or is likely to result in:
                (i) loss to customers;
                (ii) damage to the reputation of the ADGM; or
                (iii) an increased risk that an firm, Recognised Body or Reporting Entity may be used for the purposes of Financial Crime;
                (c) any action taken by the Auditor or actuary to remedy the contravention;
                (d) any disciplinary action taken (or to be taken) against the Auditor or actuary by a relevant professional body, and whether that action adequately addresses the particular contravention; and
                (e) the previous compliance record of the Auditor or actuary concerned, and whether the relevant regulatory body or professional body has imposed any previous disciplinary sanctions on the firm, Recognised Body, Reporting Entity or individual concerned.

        • 5. ENFORCEMENT

          • 5.1 Our approach to enforcement

            • Introduction

              • 5.1.1

                This Chapter sets out our approach to enforcement including how we may commence and conduct investigations and exercise our powers to address any misconduct or contravention of the FSMR or Rules. Our approach to imposing a penalty can be found in Chapter 6 of this document.

              • 5.1.2

                The fair and proportionate use of our enforcement powers plays a critical role in fulfilling our objectives as set out in section 1(3) of FSMR.

              • 5.1.3

                There are a number of principles underlying our approach to the exercise of our enforcement powers, including:

                (a) the effectiveness of the regulatory regime depends on the maintenance of an open and co-operative relationship between us and those we regulate;
                (b) we adopt a risk-based approach to regulation, focusing our efforts on those activities that we perceive as posing the greatest risk to the furtherance of our objectives;
                (c) we will act fairly, openly, accountably and proportionally in the exercise of our enforcement powers;
                (d) we will act swiftly and decisively to stop conduct which threatens the integrity of the ADGM or the stability of the financial services industry in the ADGM, minimise its effects, and prevent such conduct re-occurring;
                (e) we aim to:
                (i) deter or reduce the likelihood of future non-compliance;
                (ii) reduce or eliminate any financial gain or benefit from non-compliance; and
                (iii) where appropriate, remedy the harm caused by the non-compliance.

          • 5.2 Enforcement framework

            • Introduction

              • 5.2.1

                Enforcement is one of a number of regulatory tools available to us. We will take enforcement action in line with our objectives and approach to enforcement and may conduct investigations where there is a suspected contravention.

              • 5.2.2

                As a risk-based regulator, priority will be given to those areas which pose the biggest risk to achieving our objectives.

              • 5.2.3

                The proactive supervision and monitoring of Authorised Persons and an open and cooperative relationship between such Authorised Persons and their supervisors may, in some cases where a contravention of the FSMR or Rules has taken place, lead us to decide against taking formal disciplinary action. In those cases, we would expect the firm or person to act promptly in taking the necessary remedial action agreed with its supervisors to deal with our concerns. If the firm or person does not take such action, we may then proceed to take formal enforcement action.

            • General contravention provisions

              • 5.2.4

                Pursuant to section 218 of FSMR, a person commits a contravention if he:

                (a) does an act or thing that the person is prohibited from doing by or under the FSMR or Rules;
                (b) does not do an act or thing that the person is required or directed to do by or under the FSMR or Rules;
                (c) fails to comply with a requirement or condition imposed by or under the FSMR or the Rules; or
                (d) otherwise contravenes a provision of the FSMR or Rules.

            • Involvement in contravention

              • 5.2.5

                If a person is Knowingly Concerned in a contravention of the FSMR or Rules committed by another person then, under section 220 of FSMR, both persons may be held liable for committing a contravention.

              • 5.2.6

                A person is "Knowingly Concerned" in a contravention if the person:

                (a) has aided, abetted, counselled or procured the contravention;
                (b) has induced, whether by threats or promises or otherwise, the contravention;
                (c) has in any way, by act or omission, directly or indirectly, been knowingly involved in or been party to, the contravention; or
                (d) has conspired with another or others to commit the contravention.

            • Enforcement assessment: Threshold Conditions cases

              • 5.2.7

                We may take enforcement action against an Authorised Person who no longer meets the Threshold Conditions. . We view the Threshold Conditions as being fundamental requirements for a firm operating within the ADGM under a Financial Services Permission.

            • Decision to take action

              • 5.2.8

                We will make an assessment on a case by case basis whether to carry out a formal investigation, having considered all the available information, including:

                (a) elements of suspected contravention of the FSMR or Rules;
                (b) the Authorised Person's willingness to co-operate with us;
                (c) whether confidentiality obligations prevent individuals from providing information unless we compel them to do so by using our formal powers; and
                (d) whether the Authorised Person concerned has undertaken, or offered to undertake, remedial action.

            • Enforcement process

              • 5.2.9

                When taking enforcement action, we will generally adopt the following process:

                (a) Step 1 — Assessment of complaints and referrals (paragraph 5.3);
                (b) Step 2 — Commencement of an investigation (paragraph 5.4);
                (c) Step 3 — Information gathering (paragraph 5.5);
                (d) Step 4 – Analysis of information provided (paragraph 5.7);
                (e) Step 5 — Assessment of remedies (paragraph 5.8); and
                (f) Step 6 — Conclusion of the investigation (paragraph 5.19).

          • 5.3 Step 1 — Assessment of complaints and referrals

            • 5.3.1

              Assessment of complaints and referrals concerning suspected misconduct or suspected contraventions is a key function of our regulatory remit and enforcement framework. Every complaint and referral, regardless of source, is assessed to determine whether an investigation or other action ought to take place.

            • Sources of complaints and referrals

              • 5.3.2

                We may become aware of suspected misconduct or suspected contraventions from a variety of sources, including:

                (a) members of the public;
                (b) our supervisory activities; and
                (c) other external regulatory authorities or law enforcement agencies.

            • Complaints

              • 5.3.3

                Complaints received by us from members of the public which relate to:

                (a) any conduct of, or dissatisfaction with, any person regulated by us;
                (b) a potential contravention of the FSMR or Rules; or
                (c) any conduct that causes, or may cause, damage to the reputation of the ADGM or the financial services industry in the ADGM;

                are classified as regulatory complaints and are assessed through our complaints management function.

              • 5.3.4

                A person wishing to lodge a regulatory complaint with us should, where possible, do so in writing. A complaint can be lodged:

                (a) by email to: supervision@adgm.com;
                (b) by sending the complaint to Financial Services Regulatory Authority, Abu Dhabi Global Market PO Box 111999, Abu Dhabi, United Arab Emirates; or
                (c) delivering the complaint to us at Financial Services Regulatory Authority, Abu Dhabi Global Market Square, Al Maryah Island Abu Dhabi, United Arab Emirates.

              • 5.3.5

                When a complaint is received, we will send an acknowledgement letter to the complainant which will include the contact details of our complaints management function.

              • 5.3.6

                If, during the assessment of a regulatory complaint, we identify suspected misconduct or a suspected contravention, we will refer the complaint to the relevant staff member. After that, the relevant department assumes responsibility for the complaint and undertakes further consideration of the complaint.

              • 5.3.7

                All complaints lodged with us are held in confidence in accordance with the FSMR. However, in order to assess a complaint properly, we may need to speak to third parties including any person who is the subject of the complaint.

            • Referrals

              • 5.3.8

                There are two types of referrals — internal and external.

                (a) Internal referrals

                Internal referrals originate from our supervisory activities. Our supervisory framework is designed to detect and mitigate risks to the ADGM and the financial services industry in the ADGM.

                An internal referral occurs when our supervision division refers a matter to our enforcement department, when the supervisory department has identified possible contraventions.

                When the enforcement division receives an internal referral, the referring division may continue to be responsible for the on-going supervision of the firm who may be the subject of the referral.
                (b) External referrals

                We may also receive allegations of misconduct through an external referral from other regulatory authorities and law enforcement agencies or any other person.

                Such allegations may be received pursuant to the IOSCO or IAIS Multilateral Memoranda of Understanding (MMoU), or bilateral arrangements for the exchange of information between us and other regulatory and enforcement agencies.

          • 5.4 Step 2 — Commencement of investigations

            • Introduction

              • 5.4.1

                On receipt of an internal or external referral, the allegation will be assessed to determine if there is a suspicion of a contravention. If a suspicion arises and it is appropriate and expedient, we may start an investigation.

                Section 205 of FSMR empowers us to conduct investigations if we consider there is good reason to do so, including investigations into reasonable suspicions of contraventions of FSMR and Rules.

              • 5.4.2

                In determining whether to commence an investigation, we will consider a number of factors including:

                (a) the nature and seriousness of the suspected contravention;
                (b) whether the suspected contravention is on-going;
                (c) whether the suspected contravention affects, or has the potential to affect, our objectives;
                (d) whether those involved in the suspected contravention are likely to cooperate;
                (e) the disciplinary record and compliance history of the person(s) involved in the suspected contravention;
                (f) whether, if proven, a suitable remedy is available;
                (g) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter;
                (h) the nature of any request for assistance made by another regulator or body under sections 216 or 217of FSMR; and
                (i) whether any party who may have suffered a detriment as a result of the suspected contravention is able to take his own remedial action.

              • 5.4.3

                Whether we "reasonably suspect" a contravention is a question which we will determine on the facts and circumstances available at the time of the determination to commence investigation.

              • 5.4.4

                While we are not bound to disclose to any party that an investigation has commenced or is on-going, or the basis on which an investigation is commenced, we may where necessary or desirable to do so, notify a person who is the subject of an investigation that an investigation has commenced, and the nature of our investigation.

              • 5.4.5

                We will not normally make public the fact that we are investigating a matter. We also expect that the person who is the subject of an investigation will treat the matter as confidential. However, subject to the restrictions on disclosure of confidential information in sections 197 and 198 of the FSMR, this does not stop the person under investigation from seeking professional advice or making their own enquiries into the matter, giving their Auditors appropriate details of the matter or making notifications required by law.

          • 5.5 Step 3 — Information gathering

            • Introduction

              • 5.5.1

                Once an investigation has commenced, we may exercise our powers to gather information to advance our objectives.

              • 5.5.2

                Our information-gathering powers may only be exercised by the Chief Executive or his delegate(s). The delegation need not be limited to our employees and can extend to other, non FSRA staff who are able to assist the investigation.

            • Power to require documents or information

              • 5.5.3

                During an investigation, the investigator may obtain relevant information and/or documents either: on a compulsory basis, principally through the exercise of its powers under section 206(1)(b) and (c) of FSMR, and/or on a voluntary basis.

              • 5.5.4

                Our compulsory information gathering powers are divided into two broad categories – supervisory and investigative. When we require the giving of information or production of documents, we will generally give the Person a written notice specifying what is required to be given or produced.

              • 5.5.5

                Under our supervisory powers, we may require a Person to give us information and produce documents about its business under section 201 of the FSMR. The power of section 201 of FSMR permits us to request information and documents from an Authorised Person, Recognised Body, Issuer of Securities admitted to the Official List and any director, officer, employees or agent of such Authorised Person, Recognised Body or Issuer, which we consider is necessary or desirable to meet our objectives.

              • 5.5.6

                Under our investigative powers, we also have the power to require documents or information under section 206(1)(b) and (c) of the FSMR. Unlike the supervisory power under s201, the powers under section 206 may only be used:

                (a) for the purposes of an investigation; and
                (b) in circumstances where the investigator considers that a person is or may be able to give information or produce a document which is or may be relevant to an investigation.

            • Power to Inspect and copy documents

              • 5.5.7

                The section 206(1)(e) of FSMR permits the investigator to enter the business premises of the person under investigation for the purpose of inspecting and copying documents.

              • 5.5.8

                The investigator will generally not provide prior notice of an inspection in circumstances where the provision of prior notice may prejudice the investigation.

              • 5.5.9

                When exercising this power, the investigator may:

                (a) require any appropriate person to:
                (i) make available any relevant information stored at the business premises for inspection or copying; or
                (ii) convert any relevant information into a physical form capable of being copied; and
                (b) use the facilities of the occupier of the business premises where appropriate and necessary, free of charge, to make copies.

            • Power to require production of information

              • 5.5.10

                Section 206(1)(c) of FSMR empowers the investigator to require a person to give, or procure the giving of, information. The term "information" should be interpreted broadly, in accordance with its ordinary meaning, and may include

                (a) knowledge communicated or received concerning a particular matter, fact or circumstance;
                (b) knowledge gained through work, commerce, study, communication, research or instruction;
                (c) data obtained as output from a computer by means of processing input data with a program or any data at any stage of processing including input, output, storage or transmission data;
                (d) an explanation or statement about a matter;
                (e) the identification of a person, matter or thing; or
                (f) the provision of a response to a question.

            • Power to require production of documents

              • 5.5.11

                Section 206(1)(b) of FSMR empowers the investigator to require a person to produce, or procure the production of, specified documents or documents of a specified description. Specified documents may include, for example, any record of information, including:

                (a) anything on which there is writing;
                (b) anything on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them;
                (c) anything from which sounds, images or writings can be reproduced with or without the aid of anything else; or
                (d) a map, plan, drawing or photograph.

              • 5.5.12

                Section 206(1)(b) of FSMR empowers the investigator to require production of original documents or copies.

              • 5.5.13

                When exercising his powers under section 206(1)(b) of FSMR, the investigator may retain possession of any original document for as long as is necessary for the investigation to which the notice relates. When a person is unable to produce documents in compliance with a requirement made by the investigator, the investigator may require the person to state, to the best of that person's knowledge or belief, where the documents may be found and who last had possession, custody or control of those documents.

            • Time for responding to information and document requirements

              • 5.5.14

                As delays in the provision of information and/or documents can have an adverse impact on the efficient and effective progression of an investigation, we expect persons to respond to information and document requests within the timeframe required by us, in particular where a deadline for submission has been imposed.

            • Power to require a Person to attend an interview

              • 5.5.15

                Section 206(1)(a) of FSMR empowers the investigator has the power to require a person (the interviewee) to attend before us (the interviewer) for an interview to provide oral evidence relevant to an investigation we are conducting.

              • 5.5.16

                A person attending an interview will first be served with a written notice requiring his attendance. Pursuant to section 206(5) of FSMR, an interviewee is not entitled to refuse or fail to answer a question on the basis that his answers may incriminate him, make him liable for a penalty or reveal communications made in confidence (subject to section 209(6) of the FSMR).

              • 5.5.17

                An interview will be conducted in private and the interviewer may give directions to the interviewee regarding:

                (a) who may be present during the interview;
                (b) swearing an oath, or giving an affirmation, that the answers provided will be true;
                (c) what, if any, information may be disclosed by the interviewee or any other person present at the interview to any third party;
                (d) the conduct of any person and the manner in which they will participate during the interview; and
                (e) answering any question which is relevant to the investigation.

              • 5.5.18

                An interviewee is entitled to legal representation during the course of an interview.

            • Power to require a Person to provide assistance

              • 5.5.19

                Section 206(1)(d) of FSMR empowers the investigator to require a person to provide assistance in relation to an investigation, which may include requiring a person to do a physical act or provide information to advance an investigation. For example, it may require a person to assist in the location of specific documents.

              • 5.5.20

                This power can be used independently, or in conjunction with, the exercise of other investigative powers. For example, the investigator can exercise its powers under section 206(1)(a) of FSMR to require a person to attend an interview and under section 206(1)(d) of FSMR, to require the interviewee to provide reasonable assistance during or after the interview. For example, the interviewee may be required, during the interview, to explain the context of a document shown to him, or, after the interview, to locate and later produce a document referred to during the interview.

          • 5.6 Power to enter the premises for the purposes of an investigation

            • 5.6.1

              For the purposes of an investigation conducted under section 205 of FSMR, we may require any Authorised Person or Recognised Body to allow entry on to the premises (during normal business hours or at any other time as may be agreed) for the purpose of inspecting and copying information or documents (at the relevant person's expense).

            • 5.6.2

              We will provide reasonable notice to an Authorised Person, Recognised Body, or other person when we seek information, documents or access to premises. In exceptional circumstances, such as where any delay may be prejudicial to the interests of the ADGM, we may seek access to premises without the giving of prior notice.

            • Confidentiality

              • 5.6.3

                When carrying out our regulatory functions, we must maintain confidentiality of information, unless disclosure is permitted by section 199 of FSMR. We have issued a separate policy statement on Confidentiality and it is available on our website.

              • 5.6.4

                We may also impose obligations of confidentiality in respect of information and documents provided during the exercise of an investigator's powers under section 206(1) of FSMR.

              • 5.6.5

                The investigator can make directions to protect the confidentiality of information and documents which are part of an interview, in accordance with section 206(4)(b) of FSMR.

              • 5.6.6

                We or our investigator conducting an interview pursuant to section 206(1)(a) of FSMR may direct any person present during the interview from disclosing any information provided to the interviewee or questions asked by the interviewer during the interview.

              • 5.6.7

                Directions under section 206(4) of FSMR are made to ensure that an investigation is not prejudiced by the disclosure of the nature of the information sought or the questions asked during an investigation. In each case, we need to consider whether or not such directions are appropriate in the circumstances of that matter.

            • Protections

              • 5.6.8

                Parties who are required to comply with a requirement made by us during the course of an investigation, and persons who are the subject of an investigation, may benefit from certain protections in the FSMR, including:

                (a) section 198, which provides that confidential information provided to us must not be disclosed except in certain limited circumstances;
                (b) section 207(2), which provides that where a person takes part in an interview, any statements made during the interview cannot be disclosed by the investigator to a law enforcement agency for the purpose of criminal proceedings unless the person consents to the disclosure or the investigator is required by law or court order to disclose the statement; and
                (c) claims of legal professional privilege and other protections (see paragraph 5.6.9 – 5.6.10 below)

            • Claims of privilege and other protections

              • 5.6.9

                As set out in sections 210 and 211 of FSMR, there are a number of limitations on our powers to require documents and information.

              • 5.6.10

                we will recognise a valid claim for Legal Professional Privilege (LPP), made by:

                (a) the privilege holder, or
                (b) a third party seeking to assert the LPP claim on behalf of the privilege holder.

            • Non-compliance with requirements

              • 5.6.11

                Pursuant to section 214 of FSMR, a person must not, without reasonable excuse, engage in conduct that is intended to obstruct us in the exercise of our investigative powers by any means, including:

                (a) the failure to attend at a specified time and place to answer questions;
                (b) the falsification, concealment or destruction of documents;
                (c) the failure to give or produce information or documents specified by us
                (d) the failure to provide assistance in relation to an investigation which the person is able to give.

              • 5.6.12

                We will regard any breach of a requirement under Part 17 of FSMR as serious and take appropriate action where necessary.

            • Return of information and documents

              • 5.6.13

                Where, during the course of an investigation, we have obtained original documents, we will usually return these to the person from whom the documents were received, as soon as practicable after the conclusion of the investigation or related proceedings.

              • 5.6.14

                Where information or documents have been produced to us in the course of an investigation to assist another regulator or agency, we may release the information or documents to that other regulator or agency. The information and documents will usually be returned to the person from whom the information and documents were received, as soon as practicable after receiving them back from the other regulator or agency.

          • 5.7 Step 4 — Analysis of information provided

            • 5.7.1

              On completion of the information gathering step, we will carefully consider all the relevant facts and circumstances of the matter to determine:-

              (a) whether there has been a contravention of the FSMR or the Rules; and
              (b) if so, if there is a regulatory benefit of pursuing the contravention in question.

            • 5.7.2

              The effective and proportionate use of our powers to enforce the requirements of the FSMR and the Rules will play an important role in our pursuit of our objectives as set out in section 1(3) of the FSMR. Imposing financial penalties, public censures and other disciplinary measures shows that we are upholding regulatory standards and helps to maintain market confidence and deter financial crime.

            • 5.7.3

              However, they are not the only tools available to us, and there will be instances of non-compliance which we consider appropriate to address without the use of such tools. For example, consistent with our risk-based approach to regulation, activities that are not seen as posing a significant risk to the furtherance of our objectives may not attract the same remedies as activities which we are seeking to prioritise.

            • 5.7.4

              At the conclusion of an investigation, we may:

              (a) take no further action;
              (b) commence a settlement negotiation;
              (c) accept a settlement;
              (d) accept an enforceable undertaking;
              (e) refer a matter for determination to a delegated decision-maker, e.g. for the
              (i) imposition of a financial penalty;
              (ii) imposition of a public censure;
              (iii) variation or cancellation of a Financial Services Permission;
              (iv) imposition of conditions on an Approved Person;
              (v) suspension or withdrawal of an Approved Person's Approval; or
              (vi) revocation of recognition of a Recognised Body;
              (f) commence Court proceedings; or
              (g) exercise a power on behalf of another regulator.

          • 5.8 Step 5 — Assessment of Remedies

            • 5.8.1

              There is a range of remedies which we may pursue to achieve our objectives, including:

              (a) financial penalties;
              (b) public censure;
              (c) private warning; and
              (d) injunctions and other court orders.

            • 5.8.2

              We may, in any matter, pursue more than one remedy.

            • 5.8.3

              We do not have criminal jurisdiction. Should criminal conduct be identified, it will be referred to the appropriate law enforcement agency.

          • 5.9 Financial penalties

            • 5.9.1

              We may seek to impose a financial penalty under section 232 of FSMR on a person whom we consider has contravened a provision of the FSMR or the Rules. We may impose a financial penalty in any amount considered appropriate, provided such amount is not less than 5,000 UAE Dirhams and not exceeding the higher of 50 million UAE Dirhams or 10% of the value of the relevant transaction.

            • 5.9.2

              In determining whether to impose a financial penalty, and the quantum of the financial penalty, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in Chapter 6 of this document.

            • 5.9.3

              Prior to making a decision, we will follow the procedures set out in Part 21 of the FSMR (see also Chapter 7 of this document for guidance).

          • 5.10 Public censure

            • 5.10.1

              We may, under section 231 of FSMR, seek to publicly censure a person whom we consider has contravened a provision of the FSMR and Rules.

            • 5.10.2

              In determining whether to publicly censure a person, we will take into consideration the circumstances of the conduct and will be guided by the penalty guidance set out in paragraph 6.3 of this document.

          • 5.11 Private warnings

            • 5.11.1

              In certain cases, despite concerns about a person's behaviour or evidence of a breach of the FSMR or the Rules, we may decide that it is not appropriate, having regard to all the circumstances of the case, to bring formal action for a financial penalty or public censure, or that an alternative regulatory outcome is preferable in light of the circumstances of the case. This is consistent with our risk-based approach to enforcement.

            • 5.11.2

              Private warnings is a non-statutory tool, primarily used by us as an enforcement tool, but they may also be used in other departments. Whilst a private warning is not intended to be a determination by us as to whether the recipient has breached a provision of the FSMR or the Rules, private warnings, together with any comments received in response, will form part of the person's compliance history.

            • Instances where we may issue a private warning

              • 5.11.3

                We may give a private warning rather than take formal action where the matter giving cause for concern is minor, or where the person has taken full and immediate remedial action. In any event, we will take into account all the circumstances of the case before deciding whether a private warning is appropriate.

                Generally, we would expect to use private warnings in the context of Authorised Person, Recognised Bodies and Approved Persons. However, we may also issue private warnings in circumstances where the persons involved may not necessarily be authorised or approved, including, for example, in potential cases of Market Abuse.

          • 5.12 Injunctions and orders

            • 5.12.1

              We have a broad power to make an application to the ADGM Court for injunctive relief and other orders (see FSMR, sections 236 — 238). The ADGM Court may make one or more of the following orders:

              (a) an order restraining a person that is engaging in conduct that would constitute a contravention;
              (b) an order requiring a person to do an act or thing to remedy a contravention or to minimise loss or damage; or
              (c) any other order as the Court sees fit, including an order restraining the transfer of assets or the departure of individuals from the jurisdiction of the court.

            • 5.12.2

              In deciding whether an application for an injunction is appropriate, we will consider all relevant circumstances including:

              (a) the nature and seriousness of the contravention;
              (b) whether the contravention is on-going;
              (c) whether the contravention affects, or has the potential to affect, our objectives;
              (d) where we consider it necessary to protect regulated entities and clients in the ADGM;
              (e) whether there is a danger of assets being dissipated or removed from the jurisdiction of the Court;
              (f) whether there is a danger that a person or persons may leave the jurisdiction and, if so, the effect that his or their absence may have on the effectiveness of the court's orders;
              (g) costs we would incur in applying for and enforcing an injunction and the likely effectiveness of such an injunction or other order;
              (h) the disciplinary record and compliance history of the person;
              (i) whether the losses suffered are substantial;
              (j) whether the assets at risk are substantial;
              (k) whether the number of clients at risk is significant;
              (l) whether the conduct in question can be adequately addressed by other disciplinary measures;
              (m) the extent to which another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter in question; and
              (n) whether there is a reason to believe that the person who is the subject of the possible application is or has been involved in money laundering, terrorist financing or other form of financial crime or criminal conduct.

          • 5.13 Actions for damages

            • 5.13.1

              Section 242 of FSMR provides that where a person:

              (a) intentionally, recklessly or negligently commits a breach of duty, requirement, prohibition, obligation or responsibility imposed under the FSMR; or
              (b) commits fraud or other dishonest conduct in connection with the matter arising under the FSMR;

              the person is liable to compensate any other person for any loss or damage caused to that other person as a result of such conduct.

            • 5.13.2

              Section 242 of FSMR gives us, and any aggrieved persons, broad powers to make application for recovery of damages where there has been an identified contravention of the FSMR or Rules administered by us. An aggrieved person may exercise rights provided under section 242 of FSMR independently of, or contemporaneously with, us.

            • 5.13.3

              In determining whether to commence proceedings, we will take into account all relevant circumstances, including:

              (a) the nature and seriousness of the suspected contravention;
              (b) whether the suspected contravention is on-going;
              (c) whether the contravention affects, or has the potential to affect, our objectives;
              (d) whether a party who may have suffered detriment as a result of the alleged contravention is able to take his own remedial action;
              (e) in circumstances where more than one person has suffered loss or damage:
              (i) the number of those that have suffered loss or damage and the amount of loss or damage involved; and
              (ii) whether it is convenient or possible for a class of aggrieved persons to commence a proceeding;
              (f) the cost we would incur in applying for or enforcing any order that it is successful in obtaining;
              (g) whether the conduct in question can be adequately addressed by the use of other regulatory powers;
              (h) whether redress is available elsewhere or through another Non-ADGM Financial Services Regulator;
              (i) whether there is a reason to believe that the person is or has been, involved in money laundering, terrorist financing or other form of financial crime or criminal conduct;
              (j) whether the profits are quantifiable;
              (k) whether the person is solvent; and
              (l) whether we have a reasonable prospect of success in the relevant proceedings.

            • Determining the amount of restitution

              • 5.13.4

                In determining the amount of compensation payable in accordance with section 241 of FSMR, we may obtain information relating to the amount of profits made and/or losses or any other adverse effects resulting from the conduct of Authorised Person, Recognised Bodies or unauthorised persons.

              • 5.13.5

                As well as obtaining information through the use of our information gathering powers, we may consider using our powers under section 203 of FSMR to require an Authorised Person or Recognised Body to provide a report prepared by a Skilled Person, or appoint a Skilled Person ourselves to prepare a report. A Skilled Person's report may be requested to assist us to determine:

                (a) the amount of profits which have been made by the Authorised Person or Recognised Body;
                (b) whether the conduct of the Authorised Person or Recognised Body has caused any losses or other adverse effects to persons and/or the extent of such losses; or
                (c) how any amounts to be paid by the Authorised Person or Recognised Body are to be distributed between persons.

          • 5.14 The compulsory winding-up of a regulated entity

            • 5.14.1

              We may apply to the ADGM Court for the winding up of a company which is, or has been, an Authorised Person or Recognised Body, or operating in breach of the General Prohibition, where we consider it is just and equitable and in the interests of the ADGM, in accordance with section 244 of FSMR.

            • 5.14.2

              In deciding whether such an application is just and equitable and is in the interests of the ADGM, we will consider all relevant circumstances, including:

              (a) whether the company has operated in accordance with the FSMR and Rules;
              (b) where the company has contravened the FSMR or Rules:
              (i) the nature, scale and seriousness of the contravention;
              (ii) whether the contravention is on-going;
              (iii) whether the contravention affects, or has the potential to affect, our objectives;
              (iv) what other steps the person could take or other orders a court could make to remedy the contravention;
              (c) the need to protect a firm's clients, particularly in cases where an Authorised Person holds or controls Client Assets;
              (d) whether the needs of those operating in the ADGM and the interests of the ADGM are best served by the company ceasing to operate;
              (e) in the case of an Authorised Person, where we consider that our Financial Services Permission should be withdrawn or, where it has been withdrawn, the extent to which there is other business that the firm carries on without authorisation;
              (f) whether there is reason to believe that the firm or person is or has been involved in money laundering, terrorist financing or other form of financial crime or other criminal conduct;
              (g) where there is a significant cross-border or international element to the business being carried on by the company, the impact on the business in other jurisdictions and whether another law enforcement agency or Non-ADGM Financial Services Regulator can adequately address the matter; or
              (h) the extent to which the firm or person company has co-operated with us.

          • 5.15 Injunctions and restitution orders in cases of market abuse

            • 5.15.1

              Sections 238 and 240 of FSMR provide that the ADGM Court, on application by us, may make one of a range of orders in relation to a person, irrespective of whether a contravention has occurred, if it is satisfied that it is in the interests of the ADGM for such an order to be made.

            • 5.15.2

              We may seek a range of orders from the ADGM Court, including:

              (a) an order requiring that trading in any Investments cease, either permanently or for such period as is specified in the order;
              (b) an order requiring that a disclosure be made to the market;
              (c) an order prohibiting a person from making offers of Securities in or from the ADGM; or
              (d) an order prohibiting a person from being involved in Reporting Entities, Listed Funds or Securities within the ADGM.

            • 5.15.3

              Before we make an application for an order (whether interim, ex parte or final), we must be satisfied that such an order would be in the interests of the ADGM and will take into account all relevant circumstances, including:

              (a) the nature and extent of the conduct or any other matters in question;
              (b) the effect of the conduct on the market and our objectives;
              (c) whether the market is informed of all material information;
              (d) what steps the relevant person has taken in respect of the conduct or any other matters being considered;
              (e) what other form of relief (if any) is available to us; and
              (f) whether the conduct in question could have a significant impact on the integrity of, or confidence in, the ADGM.

          • 5.16 Intervention power

            • 5.16.1

              We may intervene as a party in any proceeding in the ADGM Court where we consider such intervention appropriate to meet our objectives (section 243 of FSMR). Where we intervene, it shall be subject to any other law, and have all the rights, duties and liabilities of such a party.

            • 5.16.2

              This provision does not affect our ability to seek leave to appear in proceedings as Amicus Curiae (i.e. someone not a party to the case, who volunteers to offer information to assist a court in deciding a matter before it, to make submissions on an issue of significance to the ADGM, or to place material before the Court that may otherwise not be available).

            • 5.16.3

              We will generally only exercise this right of intervention where we form the view that we will not be able to meet our objectives by simply appearing as Amicus Curiae and that, to serve the interests of the ADGM fully, it is necessary to join the proceeding as a party and stay involved in the matter throughout.

          • 5.17 Settlement guidance

            • 5.17.1

              A settlement is a resolution, between us and a person who is subject to potential enforcement action, to agree an outcome resulting from an investigation. A person who is or may be the subject of any form of enforcement action arising out of, or during the course of, an investigation may enter into settlement discussions with us. The possibility of a settlement does not, however, change the fact that enforcement action is, and continues to be, one of the tools available to us to secure our objectives under section 1(3) of the FSMR.

            • 5.17.2

              We generally consider that early settlement of an investigation advances our objectives in that it may result in, for example, consumers obtaining compensation sooner, the saving of our and industry resources and the promotion of good business and regulatory practices.

            • 5.17.3

              However, we will only consider settlement when we are confident we have sufficient understanding of the nature and gravity of the suspected misconduct to make a reasonable assessment of the appropriate outcome.

            • 5.17.4

              We will conduct all settlement discussions on a "without prejudice" basis; namely, that no party to the discussions may subsequently rely upon any admissions or statements made during the course of the settlement discussion or on any document recording those discussions.

            • 5.17.5

              We will only settle when the agreed terms result in what we consider to be an appropriate and proportionate regulatory outcome.

            • 5.17.6

              In the interests of efficiency and effectiveness, we will set clear and reasonable timetables for settlement discussions to ensure they do not unreasonably delay settlement or a regulatory or enforcement outcome. Where we have concerns that a party to settlement discussions is using negotiations as a means to delay or frustrate us with no genuine intention to settle, we, having made our concerns known to the other party, may bring the settlement discussions to an end and pursue other appropriate enforcement action.

            • 5.17.7

              Settlement in particular circumstances should not be regarded as binding precedent for future settlement discussions. Whilst we recognise the importance of consistency in its decision-making, we recognise that the facts of two enforcement cases are seldom identical. For this reason, and to ensure that we are able to respond to the demands of a changing and principles-based regulatory environment, it is important for us to be able to take a different view to that taken in an earlier case. However, any decision to depart from the earlier approach will only be made after careful consideration of the reasons for doing so.

            • Factors we will consider when contemplating settlement

              • 5.17.8

                In deciding whether a proposed settlement is acceptable, and in accordance with meeting our objectives, we will consider a number of factors, including:

                (a) the nature and seriousness of the conduct or suspected contravention the subject of the proposed settlement;
                (b) whether the suspected contravention is continuing;
                (c) whether the person is prepared to publicly acknowledge our concerns about the conduct or suspected contravention that is the subject of the proposed settlement;
                (d) the necessity for protective or corrective action;
                (e) the prospects for a swift resolution of the matter;
                (f) whether the suspected contravention that is the subject of the proposed settlement was:
                (i) inadvertent; or
                (ii) the result of the conduct of one or more individual officers or employees of the Authorised Person (and their level of seniority);
                (g) whether the person has co-operated with us (e.g. by providing complete information about the conduct or suspected contravention, taking any remedial action);
                (h) whether the settlement will achieve an effective outcome for those who have been adversely affected by the suspected contravention;
                (i) whether the person is likely to comply with the terms of the settlement;
                (j) the person's disciplinary record and compliance history; and
                (k) whether the settlement promotes general deterrence.

            • Form of settlement

              • 5.17.9

                We will generally only settle an enforcement matter on the basis of either:

                (a) a Final Notice setting out the action taken (see paragraph 5.17.10); and/or
                (b) an Enforceable Undertaking (see paragraph 5.17.11).

                A settlement which results in a notice of decision will be documented in the form of a legally enforceable agreement executed by all parties to the settlement.

            • Final Notice

              • 5.17.10

                The outcome of a settlement with us may result in a Final Notice (in accordance with section 251 of FSMR), which promotes consistency of regulatory outcomes and transparency of approach to enforcement decision-making.

            • Enforceable Undertakings

              • 5.17.11

                An Enforceable Undertaking ("EU") is a form of settlement that we may accept, under section 235 of FSMR as an alternative to other remedies available to us to influence behaviour and encourage a culture of compliance.

              • 5.17.12

                An EU involves a written undertaking from a person against whom action could be taken under the FSMR or any Rules made under the FSMR, to do or refrain from doing a specified act or acts. It may, amongst other things, include remedial actions that are not otherwise available under a notice of decision.

              • 5.17.13

                An EU may be offered by a person and accepted by us at any time, either before, during or after an investigation, the making of a decision or the commencement of proceedings in the court. Entry into an EU is voluntary. We do not have the power to require a person to enter into an EU, nor can a person compel us to accept an EU.

              • 5.17.14

                We will generally only consider accepting an EU that we consider to be necessary or desirable in pursuit of our objectives and where the EU contains:

                (a) an admission or acknowledgement of any contraventions or our concerns;
                (b) undertakings addressing our concerns; and
                (c) an agreement to make the EU public, and
                (d) an agreement not to make public statements conflicting with the spirit of the EU.

              • 5.17.15

                A person offering us an EU may also undertake in the EU to pay a pecuniary penalty and/or our costs, including any costs associated with compliance with the EU.

            • Variation or withdrawal

              • 5.17.16

                Once accepted by us, an EU can only be withdrawn or varied with our consent in writing. We will only consider a request to vary an undertaking if:

                (a) the variation will not alter the spirit of the original undertaking;
                (b) compliance with any one or more terms of the undertaking is subsequently found to be impractical or impossible; or
                (c) there has been a material change in the circumstances which led to the undertaking being given.

            • Compliance with an EU or decision

              • 5.17.17

                If we consider that a person has not complied with a term of the EU or a decision, we may:

                (a) apply to the ADGM Court for appropriate orders;
                (b) publish the fact of the application to the ADGM Court and any subsequent orders of the court; and
                (c) seek the costs of the application.

          • 5.18 Costs

            • Litigation Costs

              • 5.18.1

                We will generally seek litigation costs orders from the ADGM Court where we have commenced a proceeding and been successful in achieving all or part of the outcome sought.

            • Costs in proceedings before the ADGM Appeals Panel

              • 5.18.2

                The ADGM Appeals Panel, on conclusion of any proceedings before it, may make an order (under section 229(2)€ of the FSMR) requiring a party to the appeal to pay a specified amount, being all or part of the costs of the proceedings, including those of any party to the proceedings.

            • Investigation Costs

              • 5.18.3

                Where a person is found by the Court to have contravened the FSMR or Rules, the ADGM Court may order that person to pay or reimburse us in respect of the whole or a specified part of the costs and expenses of the investigation, including the remuneration of a Person involved in the investigation.

          • 5.19 Step 5 — Conclusion of an investigation

            • 5.19.1

              We will conclude an investigation when:

              (a) we have decided to take no further action in response to the suspected contraventions which are the subject of the investigation (due to, for example, insufficiency of evidence); or
              (b) all remedies and obligations resulting from an investigation are concluded and fulfilled.

          • 5.20 Publicity

            • Publicity of enforcement actions

              • 5.20.1

                We will generally publish, in a manner we consider appropriate and proportionate, information and statements relating to enforcement actions, including public censures and any other relevant matters. The publication of enforcement outcomes is consistent with our commitment to open and transparent processes and our objectives.

              • 5.20.2

                In all cases we retain the discretion to take a different course of action, where it furthers our ability to achieve our objectives or is otherwise in the public interest to do so. For example, if we issue a private warning, rather than taking formal action, we may decide not to publish this if it furthers our ability to achieve our objectives. Please refer to paragraph 5.11 for further details about how we use private warnings.

            • Commencement and conclusion of investigations

              • 5.20.3

                We will generally not publish information about the commencement, conduct or conclusion of the investigative phase of our enforcement actions.

              • 5.20.4

                Where we do publish the fact that we are conducting an investigation and no enforcement action results, we may issue a press release confirming the conclusion of the investigation and that no action is to be taken.

            • Commencement of proceedings

              • 5.20.5

                We expect to publish information about the commencement or hearing of enforcement proceedings, unless otherwise required not to by the relevant body or it is not in the public interest to do so and would not achieve our objectives.

          • Disclosure of decisions

            • 5.21 Executive Decisions

              • 5.21.1

                We will generally make public any enforcement administrative decision made by our Executive and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Regulatory Committee has expired or appeal process has come to an end, unless it is not in the public interest to do so and would not achieve our objectives.

              • The Regulatory Committee's Decisions

                • 5.21.2

                  We will generally make public any decision made by the ADGM Regulatory Committee and will do so in a timely manner after any relevant period to institute a referral of the decision to the ADGM Appeals Panel has expired or appeal process has come to an end, unless otherwise required not to by the ADGM Regulatory Committee, or it is not in the public interest to do so and would not achieve our objectives.

              • Appeals Panel or Court Decisions

                • 5.21.3

                  FSMR requires all ADGM Appeals Panel hearings to be heard in public unless the Appeals Panel orders otherwise or its rules of procedure provide otherwise. The Appeals Panel may exercise its discretion not to make public any decisions it may make. Where it does determine to publish a decision or interim decision, the Appeals Panel will publish these on its website.

                • 5.21.4

                  Following hearings and decisions by the ADGM Appeals Panel, we expect to make timely public disclosure of the Appeals Panel's decisions, including any interim decisions, unless otherwise ordered.

                • 5.21.5

                  Decisions made by the ADGM Courts will be publicised by us in a timely manner, unless ordered otherwise.

                • 5.21.6

                  This approach is adopted on the basis that any delay in disclosure may hinder and unfairly prejudice us in achieving some of our primary objectives. For example, non-disclosure may potentially prejudice users and prospective users of financial services in the ADGM if they are acting unaware of facts known in the enforcement action.

              • Disclosure of settled enforcement actions

                • 5.21.7

                  We expect to disclose publicly the outcome of any settlement of an enforcement action, including the notice of decision or EU, to ensure all stakeholders and the general public are clearly informed of the outcome.

                • 5.21.8

                  Settlement agreements which result in a Final Notice or an EU will result in the publication of the relevant notice of decision or EU on our website as well as an associated press release.

                • 5.21.9

                  We may be ordered, or required by law, not to publish information regarding a settlement. For example, disclosure may not occur if a third party has commenced proceedings in the courts in respect of the same conduct and the publication of the undertaking or settlement may prejudice that party's case in the courts. However, simply because a third party has commenced proceedings does not preclude us from publishing our settlements, including the notice of decision or EU.

              • Content and mode of publication

                • 5.21.10

                  Where appropriate, we may comment publicly on investigations, enforcement actions and other formal regulatory decisions publishing final notices of regulatory decision, EUs or other enforcement actions. In doing so, we will take into account:

                  (a) any privileged or sensitive information when considering the content of our publications; and
                  (b) the possibility that any publication may potentially affect the rights of a third party and, if so, will endeavour to give that third party notification of the publication and an opportunity to make representations on the publication.

                • 5.21.11

                  Publication may take any one or more forms including a media release, a statement on our website or any other forums as determined suitable by us.

        • 6. PENALTY GUIDANCE

          • 6.1 Approach to imposing a penalty

            • 6.1.1

              This chapter sets out the matters that will be taken into account by us when determining a "penalty", which includes a financial penalty, public censure or any other enforcement action.

            • 6.1.2

              We may also refer to matters described in this chapter when determining an appropriate penalty in settlement agreements, including an EU.

          • 6.2 Deciding to take action

            • 6.2.1

              When determining a penalty, we will consider all relevant facts and circumstances, including the factors listed below that may be relevant for this purpose:

              (a) our objectives;
              (b) the deterrent effect of the penalty on:
              (i) persons that have committed or may commit the contraventions; and
              (ii) other persons that have committed or may commit similar contraventions;
              (c) the nature, seriousness, duration and impact of the contravention, including:
              (i) whether the contravention was deliberate or reckless;
              (ii) the duration and frequency of the contravention;
              (iii) whether the contravention reveals serious or systemic weaknesses of the management systems or internal controls relating to all or part of a person's business;
              (iv) the impact (actual or potential) of the contravention on the orderliness of markets, including whether confidence in those markets has been damaged or put at risk;
              (d) if the contravention involved a number of persons, the degree of involvement and specific role of each Person;
              (e) the benefit gained (whether direct or indirect, pecuniary or non-pecuniary) or loss avoided as a result of the contravention;
              (f) the conduct of the person after the contravention, including:
              (i) how quickly, effectively and completely the person brought the contravention to our attention;
              (ii) the degree of cooperation the person showed during the investigation of the contravention;
              (iii) any remedial steps the person has taken in respect of the contravention;
              (iv) the likelihood that the same type of contravention (whether on the part of the person or others) will recur if no action is taken;
              (v) the nature and extent of any false or inaccurate information given by the person and whether the information appears to have been given in an attempt to knowingly mislead us;
              (g) the difficulty in detecting and investigating the contravention that is the subject of the penalty;
              (h) whether the person committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
              (i) the disciplinary record and compliance history of the person on whom the penalty is imposed, including whether we have taken any previous disciplinary action against the person;
              (j) where the person reasonably believed that their behaviour did not amount to a contravention and whether they undertook reasonable precautions and diligence to avoid committing such a contravention;
              (k) whether the person acted in accordance with our guidance and other published materials;
              (l) action taken by us in previous similar cases; and
              (m) action taken by other domestic or international regulatory authorities. Where other regulatory authorities propose to take action in respect of the contravention which is under consideration by us, or one similar to it, we will consider whether the other authority's action would be adequate to address our concerns, or whether it would be appropriate for us to take our own action.

            • Actions against Approved Persons and Recognised Persons

              • 6.2.2

                In addition to the general factors listed in paragraph 6.2.1, there are some additional considerations that may be relevant when we decide whether to take action against an Approved or Recognised Person. The list is not exhaustive; not all of these factors may be applicable in a particular case, and there may be other factors, not listed that are relevant. The factors include:

                (a) the approved or recognised person's position and responsibilities. We may take into account the responsibility of those exercising important functions in the firm. The more senior the person responsible for the misconduct, the more seriously we are likely to view the misconduct, and the more likely it is to take action against the Approved or Recognised Person;
                (b) whether disciplinary action against the firm rather than the person would be a more appropriate regulatory response; and
                (c) whether disciplinary action would be a proportionate response to the nature and seriousness of the contravention by the person.

          • 6.3 Financial penalty, public censure or other enforcement action

            • 6.3.1

              We will consider all the relevant circumstances of the case when deciding whether to impose a financial penalty, or other enforcement action. As such, the factors set out in paragraph 6.2 are not exhaustive. Not all of the factors may be relevant in a particular case and there may be other factors, not listed, that are relevant.

            • 6.3.2

              The criteria for determining whether it is appropriate to issue a public censure or other enforcement action (rather than impose a financial penalty) include those factors that we will consider in determining the amount of a financial penalty, as set out in paragraphs 6.5 to 6.7. In particular, considerations that may be relevant when we determine the penalty are:

              (a) whether deterrence may be effectively achieved by issuing a public censure;
              (b) whether the person has brought the contravention to our attention;
              (c) whether the person has admitted the contravention and provides full and immediate co-operation to us, and takes steps to ensure that those who have suffered loss due to the contravention are fully compensated for those losses; and
              (d) our approach to previous similar cases — we will aim for a consistent approach.

            • 6.3.3

              Some particular considerations that may be relevant when we determine whether to issue a financial penalty rather than impose a public censure or other enforcement action are:

              (a) if the person has made a profit or avoided a loss as a result of the contravention, on the basis that a person should not be permitted to benefit from its contravention;
              (b) if the contravention is more serious in nature or degree, on the basis that the sanction should reflect the seriousness of the contravention; other things being equal, the more serious the contravention, the more likely we are to impose a financial penalty; and
              (c) if the person has a poor disciplinary record or compliance history, on the basis that it may be particularly important to deter future cases.

          • 6.4 Determining the appropriate level of financial penalty

            • 6.4.1

              Our penalty-setting regime is based on three principles:

              (a) disgorgement: a firm or individual should not benefit from any contravention;
              (b) sanction: a firm or individual should be penalised for wrongdoing; and
              (c) deterrence: any penalty imposed should deter the firm or individual who committed the contravention, and others, from committing further or similar contraventions.

            • 6.4.2

              The total amount payable by a person subject to enforcement action may be made up of two elements:

              (a) disgorgement of the benefit received as a result of the contravention; and
              (b) a financial penalty reflecting the seriousness of the contravention.

            • 6.4.3

              These elements are incorporated in a five-step framework, which can be summarised as follows:

              (a) Step 1: the removal of any economic benefit derived from a contravention;
              (b) Step 2: the determination of a figure which reflects the seriousness of the contravention;
              (c) Step 3: an adjustment made to the step 2 figure to take account of any aggravating and mitigating circumstances;
              (d) Step 4: an adjustment made to the step 3 figure, where appropriate, to ensure that the penalty has an appropriate deterrent effect; and
              (e) Step 5: if applicable, an adjustment for cooperation/early settlement may be made.

            • 6.4.4

              These steps will apply in all cases, although the details of Steps 1 to 4 will differ for cases against firms (paragraph 6.5), and cases against individuals (paragraph 6.6).

            • 6.4.5

              The lists of factors and circumstances in paragraphs 6.5 and 6.6 are not exhaustive. Not all of the factors or circumstances listed will necessarily be relevant in a particular case and there may be other factors or circumstances not listed which are relevant.

            • 6.4.6

              We will not, in determining our policy with respect to the amount of penalties, take account of expenses which we incur, or expect to incur, in discharging its functions.

          • 6.5 Financial penalties imposed on a firm

            • Step 1: Disgorgement

              • 6.5.1

                We will seek to deprive a firm of the economic benefits derived from a contravention (which may include the profit made or loss avoided) where it is practicable to quantify this.

            • Step 2: The seriousness of the contravention

              • 6.5.2

                We will determine a financial penalty figure that reflects the seriousness of the contravention, taking into the following factors:

                (a) factors relating to the impact of a contravention;
                (b) factors relating to the nature of a contravention;
                (c) factors tending to show whether a contravention was deliberate; and
                (d) factors tending to show whether a contravention was reckless.

              • 6.5.3

                Factors relating to the impact of a contravention committed by a firm include:

                (a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the firm from the contravention;
                (b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;
                (c) the loss or risk of loss caused to individual clients, investors or other market users;
                (d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;
                (e) the distress or inconvenience caused to clients; and
                (f) whether the contravention had an adverse effect on the orderliness of, or confidence in, markets and, if so, how serious that effect was.

              • 6.5.4

                Factors relating to the nature of a contravention by a firm include:

                (a) the nature of the FSMR or Rules contravened;
                (b) the frequency of the contravention;
                (c) whether the contravention revealed serious or systemic weaknesses in the firm's procedures or in the management systems or internal controls relating to all or part of the firm's business;
                (d) whether the firm's senior management were aware of the contravention;
                (e) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;
                (f) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;
                (g) whether the firm failed to conduct its business with integrity; and
                (h) whether the firm, in committing the contravention, took any steps to comply with the FSMR and Rules, and the adequacy of those steps.

              • 6.5.5

                Factors tending to show the contravention was deliberate include:

                (a) the contravention was intentional, in that the firm's senior management, or a responsible individual, intended, could reasonably have foreseen, or foresaw that the likely or actual consequences of their actions or inaction would result in a contravention;
                (b) the firm's senior management, or a responsible individual, knew that their actions were not in accordance with the firm's internal procedures;
                (c) the firm's senior management, or a responsible individual, sought to conceal their misconduct;
                (d) the firm's senior management, or a responsible individual, committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
                (e) the firm's senior management, or a responsible individual, were influenced to commit the contravention by the belief that it would be difficult to detect; and
                (f) the contravention was repeated.

              • 6.5.6

                Factors tending to show the contravention was reckless include:

                (a) the firm's senior management, or a responsible individual, appreciated that there was a risk that their actions or inaction could result in a contravention and failed to adequately mitigate that risk; and
                (b) the firm's senior management, or a responsible individual, were aware that there was a risk that their actions or inaction could result in a contravention but failed to check if they were acting in accordance with the firm's internal procedures.

            • Step 3: Mitigating and aggravating factors

              • 6.5.7

                We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

              • 6.5.8

                The following list of factors may have the effect of aggravating or mitigating the contravention:

                (a) the conduct of the firm in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);
                (b) the degree of cooperation the firm showed during the investigation of the contravention to us, or any other regulatory authority allowed to share information with us;
                (c) where the firm's senior management were aware of the contravention or of the potential for a contravention, whether they took any steps to stop the contravention, and when these steps were taken;
                (d) the nature, timeliness and adequacy of the firm's responses to any supervisory interventions by us and any remedial actions proposed or required by us;
                (e) whether the firm has arranged its resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;
                (f) whether the firm had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;
                (g) whether the firm had previously undertaken not to perform a particular act or engage in particular behaviour;
                (h) whether the firm concerned has complied with any requirements or rulings of another regulatory authority relating to the contravention;
                (i) the previous disciplinary record and general compliance history of the firm;
                (j) action taken against the firm by other domestic or international regulatory authorities that is relevant to the contravention in question;
                (k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials; and
                (l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention.

            • Step 4: Adjustment for deterrence

              • 6.5.9

                If we consider the figure arrived at after Step 3 is insufficient to deter the firm or person who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:

                (a) where we consider the absolute value of the financial penalty too low in relation to the contravention to meet our objective of credible deterrence;
                (b) where our previous action in respect of similar contravention has failed to improve industry standards;
                (c) where we consider it is likely that similar contraventions will be committed by the firm or by others in the future in the absence of such an increase to the financial penalty; and
                (d) where we considers that the likelihood of the detection of such a contravention is low.

            • Step 5: Adjustment for cooperation/early settlement

              • 6.5.10

                We and the firm upon whom a financial penalty is to be imposed may seek to agree the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the firm's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the firm concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.

          • 6.6 Financial penalties imposed on an individual

            • Step 1: Disgorgement

              • 6.6.1

                We will seek to deprive an individual of the economic benefits derived from the contravention (which may include the profit made or loss avoided) where it is possible to quantify this. We will ordinarily also charge interest on the benefit.

            • Step 2: The seriousness of the contravention

              • 6.6.2

                We will determine a financial penalty figure that reflects the seriousness of the contravention. In determining such a figure, we will take into account the following factors relating to:

                (a) the impact of the contravention;
                (b) the nature of the contravention;
                (c) whether the contravention was deliberate; and
                (d) whether the contravention was reckless.

              • 6.6.3

                Factors relating to the impact of a contravention committed by an individual include:

                (a) the level of benefit gained or loss avoided, or intended to be gained or avoided, by the individual from the contravention;
                (b) the loss or risk of loss, as a whole, caused to clients, investors or other market users in general;
                (c) the loss or risk of loss caused to individual clients, investors or other market users;
                (d) whether the contravention had an effect on particularly vulnerable people, whether intentionally or otherwise;
                (e) the distress or inconvenience caused to clients; and
                (f) whether the contravention had an adverse effect on orderliness of, or confidence in, markets and, if so, how serious that effect was.

              • 6.6.4

                Factors relating to the nature of a contravention by an individual include:

                (a) the nature of the FSMR or Rules contravened;
                (b) the frequency of the contravention;
                (c) the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the contravention;
                (d) the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the contravention;
                (e) whether the individual failed to act with integrity or abused a position of trust;
                (f) whether the individual committed a contravention of any professional code of conduct;
                (g) whether the individual caused or encouraged other individuals to commit contraventions;
                (h) whether the individual held a prominent position within the industry;
                (i) whether the individual is an experienced industry professional;
                (j) whether the individual held a senior position with the firm;
                (k) the extent of the responsibility of the individual for the product or business areas affected by the contravention, and for the particular matter that was the subject of the contravention;
                (l) whether the individual acted under duress; and
                (m) whether the individual took any steps to comply with Regulatory rules, and the adequacy of those steps.

              • 6.6.5

                Factors tending to show the contravention was deliberate include:

                (a) the contravention was intentional, in that the individual intended, could reasonably have foreseen or foresaw that the likely or actual consequences of his actions or inaction would result in a contravention;
                (b) the individual intended to benefit financially from the contravention, either directly or indirectly;
                (c) the individual knew that his actions were not in accordance with his firm's internal procedures;
                (d) the individual sought to conceal his misconduct;
                (e) the individual committed the contravention in such a way as to avoid or reduce the risk that the contravention would be discovered;
                (f) the individual was influenced to commit the contravention by the belief that it would be difficult to detect;
                (g) the individual knowingly took decisions relating to the contravention beyond his field of competence; and
                (h) the individual's actions were repeated.

              • 6.6.6

                Factors tending to show the contravention was reckless include:

                (a) the individual appreciated there was a risk that his actions or inaction could result in a contravention and failed to adequately mitigate that risk; and
                (b) the individual was aware there was a risk that his actions or inaction could result in a contravention but failed to check if he was acting in accordance with the firm's internal procedures.

            • Step 3: Mitigating and aggravating factors

              • 6.6.7

                We may increase or decrease the amount of the financial penalty arrived at after Step 2 (excluding any amount to be disgorged as set out in Step 1), to take into account factors which aggravate or mitigate the contravention. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

              • 6.6.8

                The following list of factors may have the effect of aggravating or mitigating the contravention:

                (a) the conduct of the individual in bringing (or failing to bring) quickly, effectively and completely the contravention to our attention (or the attention of other regulatory authorities, where relevant);
                (b) the degree of co-operation the individual showed during the investigation of the contravention by us, or any other regulatory authority allowed to share information with us;
                (c) whether the individual took any steps to stop the contravention, and when these steps were taken;
                (d) any remedial steps taken since the contravention was identified, including whether these were taken on the individual's own initiative or that by us or another regulatory authority;
                (e) whether the individual has arranged his resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;
                (f) whether the individual had previously been told about our concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;
                (g) whether the individual had previously undertaken not to perform a particular act or engage in particular behaviour;
                (h) whether the individual has complied with any requirements or rulings of another regulatory authority relating to the contravention;
                (i) the previous disciplinary record and general compliance history of the individual;
                (j) action taken against the individual by other domestic or international regulatory authorities that is relevant to the contravention in question;
                (k) whether our guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials;
                (l) whether we publicly called for an improvement in standards in relation to the behaviour constituting the contravention or similar behaviour before or during the occurrence of the contravention; and
                (m) whether the individual agreed to undertake training subsequent to the contravention.

            • Step 4: Adjustment for deterrence

              • 6.6.9

                If we consider the figure arrived at after Step 3 is insufficient to deter the individual who committed the contravention, or others, from committing further or similar contraventions then we may increase the financial penalty. Circumstances where we may do this include:

                (a) where we considers the absolute value of the penalty too small in relation to the contravention to meet our objective of credible deterrence;
                (b) where our previous action in respect of similar contraventions has failed to improve industry standards. This may include similar contraventions relating to different products;
                (c) where we consider it is likely that similar contraventions will be committed by the individual or by other individuals in the future; and
                (d) where we consider that the likelihood of the detection of such a contravention is low.

            • Step 5: Adjustment for cooperation/ early settlement

              • 6.6.10

                We and the individual on whom a penalty is to be imposed may seek to agree on the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, and of the individual's cooperation with us, paragraph 6.8 provides that the amount of the financial penalty which might otherwise have been payable may be reduced to reflect the stage at which we and the individual concerned reached an agreement. Any adjustment for early settlement does not apply to the disgorgement of any benefit calculated at Step 1.

          • 6.7 Serious financial hardship

            • 6.7.1

              Our approach to determining financial penalties described in paragraphs 6.5 and 6.6 is intended to ensure that financial penalties are proportionate to the contravention. We recognise that financial penalties may affect Persons differently, and that we should consider whether a reduction in the proposed financial penalty is appropriate, including if such penalty would cause the subject of enforcement action serious financial hardship.

            • 6.7.2

              Where an individual or firm claims that payment of the financial penalty proposed by us will cause them serious financial hardship, we will consider whether to reduce the proposed financial penalty only if:

              (a) the individual or firm provides verifiable evidence that payment of the financial penalty will cause them serious financial hardship;
              (b) the individual or firm provides full, frank and timely disclosure of the verifiable evidence, and co-operates fully in answering any questions asked by us about their financial position; and
              (c) the onus is on the individual or firm to satisfy us that payment of the financial penalty will cause them serious financial hardship.

            • Individuals

              • 6.7.3

                In assessing whether a financial penalty would cause an individual serious financial hardship, we will consider the individual's ability to pay the financial penalty over a reasonable period, including agreeing to payment of the financial penalty by instalments where the individual requires time to realise his assets, for example, by waiting for payment of a salary or by selling property.

            • Firms

              • 6.7.4

                We will consider reducing the amount of a financial penalty if a firm will suffer serious financial hardship as a result of having to pay the entire financial penalty. In deciding whether it is appropriate to reduce the financial penalty, we will take into consideration the firm's financial circumstances, including whether the financial penalty would render the firm insolvent or threaten the firm's solvency. We will also take into account our statutory objectives, for example, in situations where clients would be harmed or market confidence would suffer. We may also consider if it is appropriate to reduce a financial penalty in order to allow a firm to continue in business and/or pay redress.

              • 6.7.5

                There may be cases where, even though the individual or firm has satisfied us that payment of the financial penalty would cause serious financial hardship, we consider the contravention to be so serious that it is not appropriate to reduce the financial penalty. We will consider all the circumstances of the case in determining whether this course of action is appropriate, including whether:

                (a) the individual or firm directly or indirectly derived an economic benefit from the contravention and, if so, the extent of that economic benefit;
                (b) the individual or firm acted fraudulently or dishonestly with a view to personal gain;
                (c) previous action by us in respect of similar contraventions has failed to improve industry standards; or
                (d) the individual or firm has spent money or dissipated assets in anticipation of enforcement action with a view to frustrating or limiting the impact of action taken by us or other authorities.

            • Withdrawal of authorisation or registration

              • 6.7.6

                We may withdraw a firm's Financial Services Permission, or the status of an Approved or Recognised Person or Principal Representative, as well as impose a financial penalty. Such action by us does not affect our assessment of the appropriate financial penalty in relation to a contravention.

              • 6.7.7

                However, the fact that we have withdrawn such Financial Services Permission or registration, as a result of which the firm or individual may have less earning potential, may be relevant in assessing whether the financial penalty will cause the firm or individual serious financial hardship.

          • 6.8 Adjustment for cooperation/early settlement

            • 6.8.1

              It is our policy to encourage and recognise cooperation. A cooperative approach to dealing with us will be taken into consideration when assessing what type of enforcement action to pursue and/or what remedy we will seek. Cooperation can take many forms, including but not limited to:

              (a) self-reporting any misconduct to us and disclosing all the relevant information;
              (b) assisting us voluntarily during the investigation;
              (c) admitting any misconduct that the person or firm had committed or was involved in committing.

            • 6.8.2

              For the avoidance of doubt, merely fulfilling the person's or firms legal obligations will not be considered as cooperation for the purpose of assessing any adjustment to the financial penalties imposed on a firm or an individual.

            • 6.8.3

              Subject to enforcement action, we may be prepared to agree on the amount of any financial penalty, and other conditions which we seek to impose by way of such action, for example, the amount or mechanism for the payment of compensation to consumers. We recognise the benefits of such agreements, in that they offer the potential for securing earlier redress or protection for clients and the saving of cost to the Person concerned, and us, in contesting the financial penalty. The financial penalty that might otherwise be payable, in respect of a contravention by the person concerned, may, therefore, be reduced to reflect the timing of any settlement agreement.

            • 6.8.4

              In appropriate cases our approach may be to negotiate with the person concerned to agree in principle on the amount of a financial penalty having regard to our policy as set out in Chapter 5 of this document. Where part of a proposed financial penalty specifically equates to the disgorgement of profit accrued or loss avoided, then the percentage reduction will not apply to that part of the financial penalty.

        • 7. DECISION MAKING

          • 7.1 Introduction

            • 7.1.1

              This chapter sets out our general approach to making decisions when exercising our discretionary powers.

          • 7.2 Who can exercise our powers?

            • 7.2.1

              Our powers can be exercised by the Chief Executive or any delegate of the Chief Executive, including:

              (a) to any employee to whom the Chief Executive has delegated his powers ("Regulatory officer"); and
              (b) to any panel or committee established by the Chief Executive for the purpose of making decisions; or
              (c) to any other delegated person.

          • 7.3 Our general approach to decision-making

            • Natural Justice and Procedural fairness principles

              • 7.3.1

                Our approach to decision-making is based on observance of natural justice and the procedural fairness principles, by:

                (a) acting without bias or conflict of interest;
                (b) giving the Person an opportunity to present his case; and
                (c) taking into account only those considerations which are relevant to the matter to be decided upon.

            • Acting without bias or conflict of interest

              • 7.3.2

                A decision maker called upon to make a decision is expected to act impartially in doing so. If the decision maker has a vested financial or personal interest in the matter, a conflict of interest may arise that prevents an impartial or unbiased decision being made. A decision maker who does have a financial or other personal interest in the matter is required to disclose this interest and, if the interest is material, would not be the decision maker in relation to that matter.

              • 7.3.3

                We may refer an executive decision to the ADGM Regulatory Committee for determination under section 225(5) of the FSMR in order to avoid the risk of bias or conflict of interest affecting any such decision.

            • Relevant considerations

              • 7.3.4

                The decision maker is expected to take into account all and only those considerations which are relevant to the matter to be decided upon. This requires the decision maker to:

                (a) ensure that it has all the material information that is necessary to be able to make the relevant decision (and, if necessary, obtain further information, including from any third party sources);
                (b) disregard any irrelevant information; and
                (c) have the relevant power to make the decision.

              • 7.3.5

                To meet its procedural fairness obligations, the key elements to our approach to decision-making include:

                (a) having adequate systems and controls to ensure that those making decisions on our behalf are impartial and not affected by conflicts of interests that may affect their decisions;
                (b) giving a person in respect of whom we propose to make a decision (in this Chapter, the "affected person") advance notice about our proposed action (with the exception of cases when we may take immediate action because any delay resulting from advance notice would be prejudicial to the interests of direct or indirect users of financial services in the ADGM or otherwise prejudicial to the interests of the ADGM);
                (c) giving the affected person clear reasons why we propose to take the relevant action;
                (d) giving the affected person a suitable opportunity to make representations (in person and in writing) with regard to the our proposed action;
                (e) taking into account any representations made by, or on behalf of, the affected person before making a final decision, i.e. making any consequential changes to the proposed action given the representations made or other additional material available to us, as appropriate;
                (f) taking into account only those considerations which are relevant to the matter to be decided upon;
                (g) giving, without undue delay, the affected person a clear statement in writing of our final decision, the reasons for that decision and the effective date;
                (h) informing the affected person what rights of review that person has in respect of our decision, and within what period those rights of review must be exercised; and
                (i) having in place adequate mechanisms to enable the affected person to have our decision properly and impartially reviewed.

              • 7.3.6

                In certain circumstances, including:

                (a) the issuing of a stop order under section 71 of FSMR; and
                (b) suspension of a Listed Entity's Securities from the Official List under section 180 of FSMR,

                We do not have to give an affected person advance notice of our proposed action and a right for that person to make prior representations before we make our final decision.

                In such circumstances, we are still obliged to give the affected person a right of representation within 14 days (or other longer period as may be agreed) from the date on which the decision is made and communicated to the affected person. We are obliged to consider any representations made by, or on behalf of, the affected person during that period.

              • 7.3.7

                Where a right to make representations is exercised by an affected person, we will communicate to the affected person whether we confirm our original decision, or otherwise we vary or withdraw that decision, given the representations made.

              • 7.3.8

                Where no representations are made by, or on behalf of, the affected person during the relevant period, our original decision will remain in effect and will be confirmed.

            • Categories of decisions

              • 7.3.9

                The decisions which are made by us fall into three broad categories:

                (a) decisions which are subject to the procedures in Part 21 of the FSMR ("Part 21 Decisions") e.g. a decision to cancel the Financial Services Permission of an Authorised Person or to revoke the recognition of a Recognised Body;
                (b) decisions which are not subject to the procedures set out in Part 21 of the FSMR ("Non Part 21 Decisions") e.g. the rejection of a new Controller of an Authorised Person; and
                (c) routine operational decisions that do not affect the rights, interests and liabilities of a person ("Operational Decisions") e.g. a decision to commence an investigation against a person.

          • 7.4 Part 21 Decisions

            • 7.4.1

              Where, on our own initiative, we propose to:

              (a) impose a public censure or financial penalty;
              (b) cancel the Financial Services Permission of an Authorised Person firm;
              (c) revoke the recognition of a Recognised Body; or
              (d) withdraw the approval of an Approved Person,

              the procedures must be exercised according to what is set out in Part 21 of the FSMR.

            • 7.4.2

              To facilitate a consistent approach to decision-making, Part 21 of the FSMR sets out the steps we are required to follow in relation to Part 21 Decisions.

            • 7.4.3

              The procedures set out in Part 21 are designed to ensure procedural fairness by giving:

              (a) advance notice of our proposed decision (the Warning Notice), except in the cases referred to in paragraph 7.5 and 7.6 and the reasons for proposing to make such a decision;
              (b) an opportunity to make representations relating to the proposed decision;
              (c) our final decision (the Decision Notice) and the reasons for that decision, including any changes made to the preliminary decision, taking into account any representations made for, or on behalf of, the affected person; and
              (d) notice of the affected person's right to have our decision reviewed by the Regulatory Committee, including the period within which that right can be exercised.

            • 7.4.4

              Prior to any issue of a Warning Notice, we will notify the person concerned and provide an opportunity to present enquiries and make representations, provided this would not result in a tip-off, prejudice the exercise of our powers or otherwise jeopardise our objectives.

              Figure 1: the Regulator's Decision Making Process for Part 21 Decisions

          • 7.5 Non Part 21 Decisions

            • 7.5.1

              Certain decisions are not subject to the procedures set out in Part 21 of the FSMR — for example our powers relating to Controllers of regulated firms and the power to approve or reject the Business Rules of a Recognised Body.

          • 7.6 Operational decisions

            • 7.6.1

              The remaining decisions, such as decisions made as part of our day-to-day supervision of regulated firms, do not invoke the procedures in Part 21 of the FSMR. Examples of these operational decisions include decisions to:

              (a) obtain additional information from an Authorised Person;
              (b) disclose information about an Authorised Person to a Non-ADGM Financial Services Regulator;
              (c) issue a risk mitigation plan stemming from any supervisory concerns identified in the course of firm visit; or
              (d) commence an investigation.

            • 7.6.2

              Operational decisions are generally not reviewable by the ADGM Regulatory Committee. In making these decisions, we are still subject to overarching administrative law principles of acting in good faith and acting in a proportionate and reasonable manner.

          • 7.7 The Regulatory Committee

            • 7.7.1

              Section 225(1) of FSMR provides that all of our decisions that may affect the rights or liabilities of a person or otherwise adversely affect the interests of a person (except operational decisions) may be referred to the ADGM Regulatory Committee for review. Upon a referral, the Regulatory Committee (which is independent of us) is required to conduct a full merits review of our decision.

            • 7.7.2

              To enable an affected person to exercise properly and effectively his right to have our original decision referred to the Regulatory Committee, we will provide to such a person a Decision Notice specifying:

              (a) our decision and the reasons for making that decision;
              (b) the date on which the decision is to take effect; and
              (c) the person's right to seek a review of the decision by the Regulatory Committee; and
              (d) by when the right referred to in paragraph (c) has to be exercised.

          • 7.8 The Appeals Panel

            • 7.8.1

              Any decision, order or direction made by the Regulatory Committee may in turn be referred to the Appeals Panel for review by the person in respect of whom the decision was made or by us, in accordance with section 228(1) of FSMR. A second full merits review may then be conducted by the Appeals Panel.

            • 7.8.2

              Decisions of the Appeals Panel may only be reviewed on judicial review basis. An application for judicial review of a decision of the Appeals Panel may be made to the ADGM Court on the grounds that the decision is wrong in law or is in excess of the Appeal Panel's jurisdiction.

        • 8. WAIVERS AND MODIFICATIONS

          • 8.1 Introduction

            • 8.1.1

              Part 2 chapter 2 of FSMR provides for the modification or waiver of Rules by us.

            • 8.1.2

              This chapter outlines our approach to evaluating applications to grant relief from the requirements imposed by the Rules, by either waiving or modifying the application of one or more Rules. Our powers to waive or modify the requirements imposed by ADGM legislation do not extend to regulations such as the FSMR.

            • 8.1.2

              To waive the application of a Rule is to give relief to a Person from the entire obligation contained in that Rule. A modification can either modify the way in which a Person can comply with an obligation in a Rule or can give relief from part of the obligation in a Rule. A detailed description of the process to seek a waiver or modification of the Rules may be found in Rule 8.2 of the GEN Rules.

          • 8.2 Power to issue relief

            • 8.2.1

              We may, on the application or with the consent of a Authorised Person or Recognised Body, direct that a Rule:

              (a) does not apply to a person; or
              (b) does apply to a person but with such modifications as are set out in a notice issued by us for this purpose.

            • 8.2.2

              Waivers and modifications may only be sought by an Authorised Person or Recognised Body, or an applicant seeking such status.

            • 8.2.3

              If an application is successful, we will issue its decision by means of written Direction provided to the applicant.

          • 8.3 Making an application

            • 8.3.1

              Prior to submitting an application to us, the applicant should contact their assigned supervisory contact to discuss the application.

            • 8.3.2

              If the applicant is not regulated by us at the time of application, contact should be made through our Supervision Division.

            • 8.3.3

              Before making an application, we expect that the applicant will carry out appropriate research on:

              (a) the intention behind the Rule in question and the regulatory outcomes that the Rule aims to achieve;
              (b) whether there are any precedents where we have previously granted relief, or not granted relief, from the Rule in question, including any conditions which may have been imposed; and
              (c) if relief has been granted in the past, the similarities and differences between the cases where relief has previously been granted and the applicant's case.

            • 8.3.4

              All applications for waivers or modifications should be made in such form as we shall prescribe.

            • 8.3.5

              The applicant will need to in its application form address the following:

              (a) set out the reasons for requesting the granting of a waiver or a modification;
              (b) explain the impact of the application of the provisions as it stands on the applicant;
              (c) attach any precedent relief supporting the application which may have been issued;
              (d) identify any risks associated with the relief being sought and how the applicant plans to mitigate such risks; and
              (e) in the case of an application to modify a Rule, propose wording for the modified Rule.

            • 8.3.6

              It is for the applicant to demonstrate a compelling case for granting relief, we do not make decisions lightly. The granting of a waiver or modification, including the specific wording of any modification and any conditions attached to the relief granted, is at our discretion and it will generally only grant relief where there is shown to be an appropriate and necessary reason for doing so.

            • 8.3.7

              On occasion, we may believe that the relief being sought by an applicant may be relevant to, and should be applied to, a number of persons (or a class of persons) similarly affected by the Rule in question. In these circumstances, instead of requiring the affected persons to individually apply for the same relief, we will publish a notice on its website and invite the relevant Persons to "consent" to the waiver or modification. This is simply done by notifying us that they wish the waiver or modification apply in relation to their activities.

          • 8.4 Considering an application

            • 8.4.1

              We will acknowledge receipt of an application for relief and may request further information, potentially including meeting with the applicant to discuss the need for the relief sought. The time taken by us to determine the application will depend upon the complexity of the issues it raises.

            • 8.4.2

              When considering each application, we assess the net regulatory benefit or detriment which would result from granting the relief sought on the conditions proposed and any risks posed by such relief. We will generally grant relief where:

              (a) it has formed the opinion that there is a net regulatory benefit; or
              (b) the regulatory detriment is minimal as the relief sought does not conflict with the policy intent of the Rule and the applicant has demonstrated that the associated risks would be adequately mitigated if relief was granted.

            • 8.4.3

              Relief will be given to overcome the disproportionate effects of Rules in exceptional cases, the anomalous effects of Rules in unique cases for which they were not created, and the unforeseen side effects of Rules.

              For example, changes in international standards may result in unforeseen differences between the Rules and the new standards. While the Rules would ordinarily adapt over time to reflect such changes, an Authorised Person or Recognised Body may seek a waiver or modification of a specific Rule to accommodate the evolution of the international standard. This may also represent a scenario where we may publish a notice to be made available to other affected persons within the ADGM upon their consent. Similarly, where material changes to a Rule may make it impractical for Authorised Persons or a Recognised Body to comply immediately, a request for a temporary waiver or modification may be granted.

            • 8.4.4

              We may impose such conditions on relief as it may see fit, and a notice may specify that the relevant waiver or modification may be available for only a specified period of time, after which time it will cease to apply.

            • 8.4.5

              If we decide not to grant relief, it will give reasons for the decision. An applicant may withdraw its application for relief at any time up until notification of our decision has been given to the applicant. In doing so, the applicant should give reasons for the withdrawal of the application.

          • 8.5 Publication of waivers and modifications

            • 8.5.1

              We will publish all Directions concerning waivers and modifications unless we are satisfied that it is inappropriate or unnecessary to do so.

            • 8.5.2

              We will publish all Directions concerning waivers and modifications in such a way that we consider appropriate for bringing the notice to the attention of:

              (a) those likely to be affected by it, such as clients of the applicant; and
              (b) others who may be likely to be affected by the same Rule and may seek a similar waiver or modification.

            • 8.5.3

              The principal method of publication of waivers and modifications Directions is by publication on our webpage. The fundamental principle behind publication is transparency. This allows any person dealing with the applicant, for example, its clients and competitors, to know to what extent the relevant provisions apply to the applicant.

            • 8.5.4

              If an applicant believes that it is inappropriate or unnecessary for us to publish the relief, or to publish it after a delay, or without disclosing the identity of the applicant, it should make this clear in its application. Decisions not to grant relief will not be published by us.

          • 8.6 Withdrawal or variation of waivers and modifications

            • 8.6.1

              Under section 9(5) of the FSMR, we may:

              (a) revoke a Direction; or
              (b) on the application of, or with the consent of, the Person to whom it applies, vary a Direction.

          • 8.7 Enforcement of waivers and modifications

            • 8.7.1

              If a Direction under section 9 of the FSMR states that a Rule is to apply to the applicant with modifications, then a contravention of the modified provision could lead to us taking enforcement action.

            • 8.7.2

              If relief is given subject to a condition, the relief will not apply to activities conducted in breach of the condition. Further, those activities, if in breach of the original provision, could lead to enforcement action.

          • 8.8 Expiry and extension of current waivers and modifications

            • 8.8.1

              Where relief has been granted for a limited period of time (see paragraph 9.4.4) it is the responsibility of the Person to whom the notice applies to monitor any expiry date.

            • 8.8.2

              There is no automatic renewal process for any relief granted by us for a limited period of time.

            • 8.8.3

              It is the responsibility of the person to whom a time-limited Direction applies to notify us within a reasonable period in advance of the expiry of the Direction of their intention to apply for an extension of the relief or explain how they intend to comply with the original Rule.

            • 8.8.4

              Notification should be made through the same contact point as described above, namely either the assigned supervisory contact, the dedicated contact portal or the Supervisory Division.

            • 8.8.5

              We will consider every application for extension of the term of the Direction in the same manner as an initial application and will not necessarily grant extensions as a matter of course.

    • FinTech Regulatory Laboratory Guidance

      Click here to view PDF

      • FinTech Regulatory Laboratory Guidance

        • 1. INTRODUCTION

          • 1.1

            This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the relevant FSRA Rulebooks where applicable.

          • 1.2

            The Guidance is applicable to the following Persons:

            (a) an applicant for a Financial Services Permission to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab in or from ADGM; and/or
            (b) a FinTech Participant.

          • 1.3

            This Guidance sets out the Financial Services Regulatory Authority's ("FSRA's" or the "Regulator's") approach to the Regulatory Laboratory ("RegLab") framework. In particular, this Guidance includes the eligibility and authorisation criteria applicants must satisfy to be authorised as FinTech Participants, the authorisation process, the types of restrictions that the Regulator may impose on the FinTech Participants' conduct, as well as the information that FinTech Participants may be required to produce to the Regulator.

          • 1.4

            This Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other parameters to address any specific risks posed by the proposed activities of the applicant to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

          • 1.5

            The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

          • 1.6

            Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

        • 2. OBJECTIVES OF THE REGLAB FRAMEWORK

          • 2.1

            FinTech allows the use of new technologies in the financial services industry to improve operational and customer engagement capabilities by leveraging analytics, data management and digital functions.

          • 2.2

            The fast evolving FinTech landscape where new and emerging FinTech solutions are becoming more diverse and sophisticated requires a responsive and progressive regulatory framework to facilitate the development, testing and adoption of promising FinTech innovations. In particular, the FinTech regulatory framework should encourage, rather than front-run innovation, should be tailored and proportionate to the materiality of the risks posed, and should be responsive to support time-to-market of new FinTech solutions in a cost-efficient environment.

          • 2.3

            In light of these considerations, FSRA has created the RegLab, which is a specially tailored regulatory framework that provides a controlled environment for FinTech Participants to develop and test innovative FinTech solutions without immediately being subject to all the regulatory requirements that would otherwise apply to Authorised Persons.

        • 3. THE REGLAB'S INTENDED PARTICIPANTS

          • 3.1

            FSRA's RegLab framework may apply to two categories of FinTech Participants:-

            (a) those who have a FinTech product that is untested in the UAE market, to enable the FinTech Participants to live-test the product in a clearly demarcated environment in ADGM with controlled scope and scale, without attracting the full suite of regulatory requirements; and
            (b) those who may already be offering their FinTech product in the market, but wish to continue researching and developing it, and to live-test and offer any product enhancements, variations or new features on a limited rollout basis within the confines of the RegLab.

          • 3.2

            The RegLab is not intended to be a platform for firms to launch an established FinTech product which complies with all relevant regulatory requirements to a wider market. Financial institutions wishing to pilot and launch their complying technological innovations can do so in the ADGM under the existing authorisation and supervisory regime under the FSMR, without the need for the RegLab authorisation.

        • 4. FEATURES OF THE REGLAB

          • Developing Financial Technology Services within the RegLab

            • 4.1

              FinTech Participants that qualify for authorisation under the RegLab framework will be granted an FSRA Financial Services Permission ("FSP") in accordance with section 30 of the FSMR to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

            • 4.2

              Developing Financial Technology Services within the RegLab means the Regulated Activity specified in paragraph 73A of Schedule 1 to the FSMR.

            • 4.3

              The FinTech Participant authorised under the RegLab will be required to establish a commercial presence in ADGM.

          • Blank-Sheet Approach

            • 4.4

              The legislative requirements applicable to FinTech Participants under the RegLab framework will be tailored according to the specific characteristics and risks associated with the FinTech Proposal. This approach is consistent with the Regulator's objective to offer a responsive and risk-appropriate regulatory framework.

            • 4.5

              The requirements that will apply to FinTech participants under the RegLab framework may be adapted from existing regulations (including but not limited to the FSMR) and the FSRA Rules, as applicable.

            • 4.6

              As such, generally, the regulatory requirements applicable to all Persons to whom the FSMR applies would initially apply to each applicant for an FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab.

            • 4.7

              On receipt of the RegLab application, the Regulator will work with the applicant to identify those Rules (or Rulebooks, as the case may be) that are not relevant to the applicant's FinTech Proposal. The Regulator may then waive or modify any of these Rules or Rulebooks (in part or entirely, as appropriate) by way of a waiver or a modification notice.

            • 4.8

              As certain Rules will be waived or modified for the FinTech Participant under the RegLab, the Regulator will, among other things:-

              (a) set client and exposure limits to limit the scope and scale of the FinTech Participant's test activities; and
              (b) impose boundaries/geographical restrictions to ensure that client impact is controlled and the clients' interests are protected.

              Please refer to section 5.2 below titled Authorisation Requirements for further details of the requirements that the Regulator may impose.

            • 4.9

              The Regulator may vary the applicable waivers and modifications as the FinTech Participants progress through different stages of testing of their FinTech solution. Variations will be subject to the changing risks that the FinTech Proposal may pose at any point.

            • 4.10

              The RegLab is not intended to create a risk-free FinTech environment — an acceptable degree of risk is unavoidable in all innovation and entrepreneurial endeavours. What the RegLab aims to achieve is a controlled environment that promotes FinTech innovation, yet minimises the risks of poor client outcomes posed by these innovative solutions.

          • Two-year validity period

            • 4.11

              The FSP granted under the RegLab will have a validity period of up to two years for the FinTech Participant to test its FinTech solution.

            • 4.12

              At the end of the two-year validity period (or earlier if the size, scale or progress of the FinTech Proposal warrants), the FinTech Participant will exit the RegLab and, if eligible, migrate to the full authorisation and supervisory regime under the FSMR.

            • 4.13

              To be eligible to migrate to the full authorisation and supervisory regime, the FinTech Participant will be required to demonstrate to the Regulator that it:-

              (a) has achieved its intended test outcomes under the RegLab so as to deploy the FinTech product on a broader scale, and
              (b) continues to be fit and proper to be an Authorised Person in the ADGM.

            • 4.14

              If the FinTech Participant is unable to satisfy the above criteria, it will be required to cease carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab. The deadline for ceasing the Regulated Activity will be upon the expiry of its RegLab FSP, or at such time as the Regulator varies or cancels the FSP in accordance with section 33 of the FSMR. Please refer to section 8 below for more details.

            • 4.15

              During the two-year validity period, the Regulator will engage with and support the FinTech Participant and ensure the FinTech Participant operates within the parameters as set and agreed to prior to the grant of the FSP.

            • 4.16

              The two-year validity period of the authorisation granted under the RegLab may be extended in exceptional circumstances only, determined at the Regulator's discretion on a case-by-case basis.

          • Dedicated FinTech supervisory team

            • 4.17

              The Regulator's dedicated FinTech supervisory team will provide tailored guidance and support to applicants interested in applying to the RegLab and guide them in, among other things:-

              (a) understanding the RegLab regulatory framework;
              (b) preparing their RegLab application;
              (c) drawing up a risk-appropriate testing parameters; and
              (d) meeting their ongoing regulatory requirements.

        • 5. REGLAB AUTHORISATION CRITERIA

          • Evaluation Criteria

            • 5.1

              To qualify for authorisation under the RegLab framework, the applicant must demonstrate how it satisfies the following evaluation criteria:

              (a) the FinTech Proposal promotes FinTech innovation, in terms of the business application and deployment model of the technology.
              (b) the FinTech Proposal has the potential to:
              i. promote significant growth, efficiency or competition in the financial sector;
              ii. promote better risk management solutions and regulatory outcomes for the financial industry; or
              iii. improve the choices and welfare of clients.
              (c) the FinTech Proposal is at a sufficiently advanced stage of development to mount a live test.
              (d) the FinTech Proposal can be deployed in the ADGM and the UAE on a broader scale or contribute to the development of ADGM as a financial centre, and, if so, how the applicant intends to do so on completion of the validity period.

          • Authorisation Requirements

            • 5.2

              In order to become authorised under the RegLab framework, the applicant must also demonstrate to the satisfaction of the Regulator that it:

              (a) satisfies, and will continue to satisfy, any Threshold Conditions made under section 7(2) of the FSMR, including but not limited to the following:
              i. the applicant has adequate and appropriate resources, including financial resources, to develop and test its FinTech Proposal;
              ii. the applicant is fit and proper; and
              iii. the applicant has relevant technical and business knowledge and experience to develop and test the FinTech Proposal;
              (b) is able to clearly define the FinTech Proposal's test parameters, control boundaries, key milestones and intended outcomes;
              (c) is able to propose an acceptable reporting schedule to report to the Regulator on the status and progress of development and testing of its FinTech Proposal;
              (d) is able to satisfactorily detail the safeguards that have been put in place, and demonstrate how they are appropriate to the FinTech Proposal being tested, the risks that are posed and the type of clients that are likely to be affected by the proposed innovation;
              (e) is able to set out a fair and proper exit strategy for clients should the FinTech Proposal be discontinued, completed or deployed on a broader scale outside the RegLab; and
              (f) is able to satisfy all applicable ADGM Regulations, Rules, conditions and/or limitations that the Regulator may prescribe.

        • 6. APPLICATION PROCESS FOR AUTHORISATION

          • 6.1

            If the applicant is suitable participant for the FSRA's RegLab framework (refer to section 3) and meets the authorisation criteria (set out in section 5 above), it can proceed to complete and submit the RegLab Application Form. A copy of the RegLab Application Form is attached at Appendix A to this Guidance and can be submitted to the Regulator by email at FinTech@adgm.com.

          • 6.2

            Once the applicant has submitted its RegLab application form, the Regulator will review the application and inform the applicant whether the FinTech Proposal potentially qualifies for the RegLab.

          • 6.3

            The Regulator will work with the applicant to determine the specific regulatory requirements and conditions (including test parameters and control boundaries) to be applied to the FinTech solution in question. The applicant will then assess if it is able to meet these requirements.

          • 6.4

            If the applicant is able and willing to meet the proposed regulatory requirements and conditions, the applicant will be granted an FSP in accordance with section 30 of the FSMR to carry on the Regulated Activity of "Developing Financial Technology Services within the RegLab".

          • 6.5

            Once the Regulator grants the FSP, the FinTech Participant will be able to develop and test its FinTech product within the parameters and control boundaries agreed upon with the Regulator.

          • 6.6

            Figure 1 overleaf depicts the RegLab application process.

            Figure 1: RegLab Application Process

        • 7. CONDITIONS / LIMITATIONS ON THE FINTECH PARTICIPANTS

          • 7.1

            On being granted the FSP to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab, the Regulator may impose limitations or conditions on the FinTech Participant in accordance with sections 30(4) and 35 of the FSMR. These may include, but are not limited to, any of the following:

            (a) the number and type of Clients with or for whom the FinTech Participant carries on, or intends to carry on the Regulated Activity of Developing Financial Technology Services within the RegLab;
            (b) the type and size of Client transactions that the FinTech Participant is permitted to enter into;
            (c) the suitability assessment and Clients' written consent required prior to carrying on the Regulated Activity of Developing Financial Technology Services within the RegLab;
            (d) the FinTech Participant's ability (if any) to hold or control Client Money and Client Investments;
            (e) the requirements surrounding the FinTech Participant's handling and protection of Client information;
            (f) the manner and type of financial promotion that the FinTech Participant may undertake and the associated disclosures that the FinTech Participant is required to make to Clients1;
            (g) the key information required to be contained in a Client Agreement;
            (h) the prevention of money laundering and countering the financing of terrorism measures that the FinTech Participant is required to implement2;
            (i) the FinTech Participant's capital requirements (if any)3;
            (j) the FinTech Participant's financial and other reporting requirements;
            (k) any other safeguards to protect the interests of Clients or maintain the safety and soundness of the financial system as the Regulator may prescribe.

            1Requiring appropriate disclosures to, and consent of clients willing to use the FinTech product in order for clients to make an informed decision.

            2If the Regulator has greater concerns regarding a FinTech solution, it may require the FinTech Participant to appoint an established financial institutions as a sponsor to undertake responsibility for compliance assurance or resolution of any client issue if a test does not perform as expected — e.g. the trial deployment of a robo-advisor may be excluded from Anti Money Laundering/Know Your Client due diligence if the consumer opens an investment account with a sponsor bank, which takes on the corresponding regulatory obligations.

            3For example, reducing or waiving capital requirements where the Regulator deems appropriate.

          • 7.2

            FSRA may, at any time through the life-cycle of the FinTech Proposal, by notice in writing to the FinTech Participant, cancel or vary any condition or restriction imposed on the FinTech Participant or impose such further condition or restriction as it may think fit in accordance with sections 33, 35 and 36 of the FSMR.

        • 8. EXITING THE REGLAB

          • 8.1

            At the end of the two-year validity period, the FSP for the RegLab will expire.

          • 8.2

            Unless an application to extend the two-year validity period is made at least three months before its expiry, or at such time as is otherwise agreed by the Regulator4, the FinTech Participant will have to exit the RegLab and choose to either:

            (a) migrate to the full authorisation and supervisory regime under the FSMR and deploy its FinTech solution on a broader scale; or
            (b) employ an exit strategy.

            4 Please refer to paragraphs 8.5–8.6 of this Guidance.

          • 8.3

            The exit strategy of a FinTech Participant may vary according to its commercial needs. For example, the FinTech Participant may choose to cease its business at the end of the validity period, or it may transfer its FinTech product and any clients to other authorised financial institutions.

          • 8.4

            The two-year validity period of the authorisation granted under the RegLab may only be extended in exceptional circumstances.

          • 8.5

            In applying for an extension of the validity period, the FinTech Participant shall provide the justifications for extension to the Regulator in such form and manner as FSRA may prescribe.

          • 8.6

            All applications for an extension of the validity period are to be determined at the Regulator's discretion on a case-by-case basis. The Regulator reserves the right to refuse an application for an extension of the validity period if it is of the view that it is desirable to do so in order to further one or more of its regulatory objectives.

          • Cancellation of the FSP

            • 8.7

              FSRA may cancel the FSP on the application of the FinTech Participant, in accordance with section 32 of the FSMR, or on the initiative of the Regulator, in accordance with section 33 of the FSMR, if it appears to the Regulator that:

              (a) the FinTech Participant is failing, or is likely to fail, to satisfy the Threshold Conditions made under section 7(2) of the FSMR and set out in paragraph 5.2(a) of this Guidance;
              (b) it is desirable to exercise this power to further one or more of the Regulator's objectives, including, for example, if:
              i. the FinTech Participant is failing, or is likely to fail, to satisfy the authorisation requirements set out in section 5.2(b)–(f) of this Guidance; or
              ii. the FinTech Participant is failing, or is likely to fail, to satisfy the limitations or conditions set out in section 7.1 of this Guidance; or
              (c) the FinTech Participant has committed a contravention of the FSMR or any Rules made under the FSMR.

    • Supplementary Guidance — Regulatory Framework for Fund Managers of Venture Capital Funds

      Click here to view PDF

    • Guidance — Regulation of Digital Security Offerings and Crypto Assets under the Financial Services and Markets Regulations

      Click here to view PDF

    • Guidance — Regulatory Framework for Private Financing Platforms

      Click here to view PDF

    • Supplementary Guidance — Authorisation for Investment Management Activities

      Click here to view PDF

      • Supplementary Guidance — Authorisation for Investment Management Activities

        • 1. Purpose

          • 1.1

            This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR and the ADGM Rulebooks.

          • 1.2

            The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Managing Assets or Managing a Collective Investment Fund (collectively referred to as "Investment Management Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant. The Regulator is not bound by the requirements set out in this Guidance and may waive or modify these requirements at its discretion where appropriate.

          • 1.3

            Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

        • 2. Consideration and Assessment of Applications

          • 2.1

            As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:

            (a) has adequate and appropriate resources, including financial resources;
            (b)is fit and proper;
            (c) is capable of being effectively supervised; and
            (d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

          • 2.2

            In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without investment management track record may seek authorisation to conduct Investment Management Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.


            1 A "Start-up" entity is:

            (a) any newly set up business entity which is not part of a Group subject to financial services regulation; or
            (b) any existing business entity which, or whose Group is not subject to financial services regulation.

          • 2.3

            The Regulator will apply a risk-based assessment according to the categories of investment management companies ("Manager") as set out in Table 1 below.

            Table 1 — Categories of Managers

            Category Permissible Activities
            Retail Manager Carrying on business in investment management activities with all types of Clients, including Retail Clients.
            Restricted Manager Carrying on business in investment management activities with Professional Clients only, without restriction on the number of Professional Clients.
            Start-up Manager Carrying on business in investment management with no more than 30 Professional Clients (which may be in the form of funds or other investment vehicles) and the total value of the assets under management ("AUM")2 does not exceed US$250 million.

            2 In determining the value of the AUM:

            (a) Moneys committed by investors but not drawn down should be excluded from the Manager's AUM.
            (b) AUM should be based on the net value of the assets being managed. Any leverage to which the managed assets are exposed should be excluded from the Manager's AUM.

          • 2.4

            For the purpose of the clientele restrictions, a "look through" approach is adopted. For instance, an investment vehicle that is not wholly owned by Professional Clients or in which not all the beneficiaries are Professional Clients will not qualify as a Professional Client. Restricted and Start-up Managers should not target Retail Clients through the use of investment structures that circumvent clientele class restrictions.

        • 3. Minimum Criteria for Authorisation

          • 3.1

            Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the investment management or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.

          • 3.2

            To be a Retail Manager, the applicant should have a total Group AUM of at least US$1 billion.

          • 3.3

            Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.

          • 3.4

            Competency of Key Individuals — A Manager should ensure that the minimum competency criteria, set out in Appendix 1, are met.

          • 3.5

            Capital Requirements — As set out in section 3 of the PRU Rulebook, a Manager must satisfy a Base Capital Requirement or Expenditure-Based Capital Minimum, whichever is higher.

            The table below sets out the Base Capital Requirement for the different categories of Managers.

            Regulated Activity Base Capital Requirement
            Managing Assets US$250,000
            Managing a Public Fund US$150,000
            Managing an Exempt Fund or Qualified Investment Fund US$50,000

            The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.

            Use of shareholders' loans to meet Capital Requirements. Under current rules, the Capital Requirement of a Manager can only be met by certain forms of capital instruments. Recognising that Managers in general have relatively simple capital structures, the Regulator may consider granting a waiver to allow Managers who do not hold client money to use shareholders' loans as eligible capital resources to meet Capital Requirement exceeding the BCR, subject to appropriate ring-fencing conditions.

          • 3.6

            Compliance Arrangements — A Manager shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Manager's Senior Executive Officer ("SEO") and Board of Directors.

          • 3.7

            Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Manager. It should be segregated from and independent of the investment management function. The Manager should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.

          • 3.8

            Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Manager, an internal audit team from the head office of the Manager, or outsourced to a third party service provider, as set out in Appendix 3.

          • 3.9

            Independent Custody — A Manager should ensure that assets under management are subject to independent custody3. The independent custodians should be suitably authorised in their respective jurisdictions.


            3 Unless otherwise provided in the Rules.

          • 3.10

            Valuation & Reporting — A Manager should ensure that assets under management are subject to independent valuation and customer reporting. The Manager may have:

            (a) a third party service provider, such as a fund administrator or custodian, perform the valuation; or
            (b)an in-house asset valuation function4 that is segregated from the investment management function. Such arrangements may be adopted within larger financial services groups where there are sufficient resources and internal controls to provide for effective segregation of both functions.

            The annual audit performed by the independent auditor is intended to serve as a periodic check on the valuation of the assets. Taken on its own, the annual audit will not fulfil the requirement for independent valuation.


            4 Unless otherwise required in the Rules, e.g. Fund Managers of Property Funds pursuant to the FUNDS Rulebook.

          • 3.11

            Professional Indemnity Insurance ["PII"] — As set out in section 6.12 of the PRU Rulebook, a Manager shall maintain PII cover appropriate to the nature, size, and risk profile of the Manager's business. A Retail Manager should obtain a minimum PII coverage as set out in Appendix 4. For Restricted and Start-up Managers, we may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.

            Appendix 1 — Minimum Competency Criteria

              Start-Up Manager Restricted Manager Retail Manager
            (i) Number of Licensed Directors:

            A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.

            Of these Directors,

            •   Minimum years of individual relevant experience#:
            •   Number of Directors resident in the U.A.E.
            At least 2

            5 years

            At least 1
            At least 2*

            5 years

            At least 1
            At least 2*

            5 years

            At least 1
            (ii) Number of Approved Persons residing in the U.A.E:

            Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and Senior Executive Officer ["SEO"] of the Manager.

            Minimum years of relevant experience#:
            At least 2

            5 years
            At least 2

            5 years
            At least 3

            5 years
            (10 years for the SEO)
            (iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:

            Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Manager.
            At least 2 At least 2 At least 3

            #: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Manager. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting regulated activities in respect of discretionary portfolio management activities. Relevant experience may also include sector experience (e.g. corporate strategy and management of businesses), particularly for private equity and venture capital Managers. Directors/Partners, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.

            *: For a Manager that is deemed as high impact or systemically important, the Regulator may require the Manager to have more than 2 directors.

            •   The following are examples where the Regulator would consider a Start-up/Restricted Manager as having met the minimum competency criteria:

            Example 1

            The Manager has two resident Licensed Directors, one of whom is the SEO, who is responsible for the conduct of investment management activities. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and reporting (i.e. not conducting a regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Manager will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional, who will conduct investment management activities. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.

            Example 2

            The Manager has two Licensed Directors conducting investment management activities. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in investment management. One of the directors is the SEO. The Manager should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.

            Example 3

            The Manager in ADGM ("ADGM Manager") is a subsidiary of a foreign-based Manager who is regulated in its home jurisdiction. The ADGM Manager has one resident Licensed Director appointed as the SEO, who has 5 years of relevant experience and carries out investment management activities. The ADGM Manager has another director based overseas. The ADGM Manager will meet the criteria if it employs an additional resident full-time employee/professional to conduct the investment management activities, and this employee will be required to have at least five 5 years of relevant experience.

            Appendix 2: Minimum Compliance Arrangements

            Category Compliance Arrangements
            Retail Manager
            •   The Manager should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.
            •   Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel.
            Restricted Manager
            •   A Manager should have an independent compliance function with staff who are suitably qualified and independent from the front office.
            •   The Manager may, depending on the size and scale of the business:
            (i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or
            (ii) engage an external service provider to support its compliance arrangements. The Manager should ensure that the service provider is competent and familiar with the regulatory requirements for Managers in ADGM. The service provider should be able to provide meaningful onsite presence at the Manager.
            In either case, the Manager should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement;
            Start-up Manager
            •   A Start-up Manager should ensure that it has adequate compliance arrangements appropriate to the scale, nature and complexity of its operations. This may take the form of an independent compliance function, compliance support from overseas affiliates and/or use of external service providers that meet the requirements set out above.

            Appendix 3 — Internal Audit Arrangements

            Category Internal Audit Arrangements
            Retail Manager
            •   The Manager should have an independent and dedicated internal audit function.
            •   The internal audit function may be undertaken by an internal audit team within the Manager, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.
            Restricted Manager
            •   The internal audit function may be undertaken by an internal audit team within the Manager independent from the business functions, a group internal audit team from the parent or related company of the Manager, or outsourced to a third party service provider.
            •   Where the Manager does not have a dedicated internal audit function, the adequacy of the Manager's internal audit arrangements should be assessed against the context of the Manager's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by control functions such as risk management and compliance.
            Start-up Manager
            •   The SEO and Board of the Manager are ultimately responsible for ensuring there are adequate internal controls within the Manager and should take reasonable measures to ensure that the internal controls are complied with.

            Appendix 4 — PII Coverage for Retail Managers

            •   PII coverage — A Retail Manager should maintain a PII coverage as follows:
            Min PII Remarks
            0.15% x AUM
            (subject to a cap of
            US$15mil)
            •   Copy of PII to be submitted to the Regulator on an annual basis.
            •   Amount of PII deductible should not exceed 20% of the Manager's CET1 Capital.
            •   Alternative PII — The Regulator may consider alternative forms of PII subject to the following conditions:
            Type Conditions
            Group PII
            •   Minimum coverage to be at least 5 times the required quantum under a standalone non-hybrid PII.
            •   If the deductible of the Group PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.
            Hybrid PII
            •   Sub-limits to be set for the non-PII sections of the hybrid PII.
            •   Total coverage under the hybrid PII less the sub-limits for the non-PII sections should be at least equivalent to the required quantum under a standalone non-hybrid PII.
            Group Hybrid PII
            •   Sub-limits to be set for the non-PII sections of the Group hybrid PII.
            •   Total coverage of the Group hybrid PII less the sub-limits for the non-PII sections has to be at least 5 times the required quantum under a standalone non-hybrid PII.
            •   If the deductible of the Group hybrid PII is greater than 20% of the applicant's base capital, an undertaking from the applicant's parent company to cover the excess in the event of a claim would be required.

    • Supplementary Guidance — Authorisation for Dealing Activities

      Click here to view PDF

      • Supplementary Guidance — Authorisation for Dealing Activities

        • 1. Purpose

          • 1.1

            This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with the FSMR, the ADGM Rulebook and other applicable Rules.

          • 1.2

            The Guidance sets out the Regulator's expectations on the minimum criteria for an applicant seeking a Financial Services Permission to carry on the regulated activities of Dealing in Investments as Principal, Dealing in Investments as Agent, or Arranging Deals in Investments (collectively referred to as "Dealing Activities"). The Guidance is not an exhaustive source of the Regulator's policy on the exercise of its statutory powers and discretions. In the discharge of its regulatory mandate, the Regulator may impose other requirements to address any specific risks posed to the objectives of the Regulator by the proposed activities of the applicant.

          • 1.3

            Unless otherwise defined or the context otherwise requires, the terms contained in the Guidance have the same meaning as defined in the FSMR and the GLO Rulebook.

        • 2. Consideration and Assessment of Applications

          • 2.1

            As set out in GEN Rule 5.2.7, the applicant shall demonstrate to the satisfaction of the Regulator that it:

            (a) has adequate and appropriate resources, including financial resources;
            (b)is fit and proper;
            (c) is capable of being effectively supervised; and
            (d)has adequate compliance arrangements, including policies and procedures, that will enable it to comply with all the applicable legal requirements.

          • 2.2

            In assessing the adequacy and appropriateness of an applicant's resources, systems and controls, the Regulator will consider the risks posed by the applicant taking into account the nature, size and complexity of the proposed activities. For instance, a Start-up entity1 without relevant track record may seek authorisation to conduct Dealing Activities, subject to certain restrictions and other conditions to limit the scale and impact of its activities.


            1 A "Start-up" entity is:

            (a) any newly set up business entity which is not part of a Group subject to financial services regulation; or
            (b) any existing business entity which, or whose Group is not subject to financial services regulation.

          • 2.3

            The Regulator will apply a risk-based assessment according to the categories of dealers ("Dealers") as set out in Table 1 below. The applicant should ensure that the category it chooses accommodates its needs over a reasonable timeframe.

            Table 1 — Categories of Dealers

            Category Permissible Activities
            Retail Dealer Dealing in investments with or for all types of Clients, including Retail Clients.
            Institutional Dealer Dealing in investments only with or for Professional Clients in the ordinary course of business.
            Restricted Dealer Dealing in investments only with or for Professional Clients and:
            •   does not carry any customers' positions or accounts on its own books2; and
            •   does not receive, hold or control Client Assets.

            2 This includes any intra-day positions pending settlement or undertaking of settlement risks.

        • 3. Minimum Criteria for Authorisation

          • 3.1

            Track Record — The applicant should demonstrate that it or its Group has a minimum 5-year proven track record in the dealing or related business, in a jurisdiction which has a regulatory framework that is comparable to ADGM. The applicant or its parent / related entities, where applicable, should be subject to proper supervision by a competent regulatory authority.

          • 3.2

            To be a Retail Dealer, the applicant should have a total Group shareholders' funds of at least US$200 million.

          • 3.3

            Where the applicant does not satisfy the 5-year track record requirement, the Regulator may take into account the (i) track record of the applicant's Controllers/substantial shareholders; and (ii) experience and qualifications of the applicant's key management staff, when assessing the application. In the case of a Start-up entity, the applicant should demonstrate that it has an effective resolution mechanism in the event of any shareholder dispute.

          • 3.4

            Competency of Key Individuals — A Dealer should ensure that the minimum competency criteria, set out in Appendix 1, are met.

          • 3.5

            Capital Requirements — As set out in section 3 of the PRU Rulebook, a Dealer must meet the following minimum capital requirements:

            Table 2 — Capital Requirement

            Category Capital Requirement
            Retail Dealer / Institutional Dealer (Dealing as principal)
            (a)Base Capital Requirement of US$2,000,000;
            (b)Expenditure-Based Capital Minimum; or
            (c)Risk Capital Requirement; whichever is higher.
            Retail Dealer / Institutional Dealer (Dealing as agent)
            (a)Base Capital Requirement of US$500,000;
            (b)Expenditure-Based Capital Minimum; or
            (c)Risk Capital Requirement; whichever is higher.
            Restricted Dealer3
            (a)Base Capital Requirement of US$10,000; or
            (b)Expenditure-Based Capital Minimum; whichever is higher.

            The applicant should make a reasonable assessment of the amount of additional capital buffer it needs, bearing in mind the scale and scope of its operations.


            3 As set out in section 6.12 of the PRU Rulebook, a Restricted Dealer shall maintain PII cover appropriate to the nature, size, and risk profile of its business. We may consider granting a waiver of the requirement under appropriate circumstances acceptable to the Regulator.

          • 3.6

            Compliance Arrangements — A Dealer shall have in place compliance arrangements that are appropriate to the nature, scale and complexity of its business. The minimum criteria in respect of compliance arrangements are set out in Appendix 2. While compliance support may be provided by a related entity and/or third party service providers, the ultimate responsibility for compliance with applicable laws and regulations lies with the Dealer's Senior Executive Officer ("SEO") and Board of Directors.

          • 3.7

            Risk Management — The risk management function should be subject to adequate oversight by the SEO and Board of the Dealer. It should be segregated from and independent of the front office function. The Dealer should have policies and procedures to ensure that management is kept informed of the risk exposures in a regular and timely basis. Staff of the risk management function should have adequate knowledge and expertise in risk management.

          • 3.8

            Internal Audit — The internal audit arrangements should be appropriate to the scale, nature and complexity of its operations. The internal audit may be conducted by the internal audit function within the Dealer, an internal audit team from the head office of the Dealer, or outsourced to a third party service provider, as set out in Appendix 3.

            Appendix 1 — Minimum Competency Criteria

              Restricted Dealer Institutional Dealer Retail Dealer
            (i) Number of Licensed Directors:

            A Licensed Director is a Controlled Function set out in GEN 5.3.3. Nominee directors such as legal advisers or corporate secretaries will not count towards meeting this requirement.

            Minimum years of relevant experience#:

            Of these Directors,

            •   Number of executive Directors:

            Executive Directors are employed full-time in the day-to-day operations of the company and should be resident in the U.A.E.
            •   Minimum years of relevant experience# of Senior Executive Officer ["SEO"]:

            The SEO is a Controlled Function set out in GEN 5.3.2.
            At least 2

            5 years

            At least 1

            5 years
            At least 2*

            5 years

            At least 1

            5 years
            At least 2*

            5 years

            At least 1

            10 years
            (ii) Number of Approved Persons residing in the U.A.E:

            Approved Persons (as set out in GEN 5.3) will include the Licensed Directors, Licensed Partners and SEO of the Dealer.

            Minimum years of relevant experience#:
            At least 2

            5 years
            At least 2

            5 years
            At least 3

            5 years
            (iii) Number of employees / professionals conducting the regulated activities residing in the U.A.E:

            Such employees / professionals may include the Approved Persons and Recognised Persons (as set out in GEN 5.4) of the Dealer.
            At least 2 At least 2 At least 3

            #: The relevance of an individual's experience should be assessed in the context of the role that the individual will perform in the Dealer. For example, experience in proprietary trading for financial institutions could be counted towards meeting the relevant experience criteria for a relevant professional conducting Dealing Activities on behalf of customers. Directors/Parnters, SEO and Senior Managers should have managerial experience or experience in a supervisory capacity as part of their relevant experience.

            *: For a Dealer that is deemed as high impact or systemically important, the Regulator may require the Dealer to have at least more than 2 directors.

            •   The following are examples where the Regulator would consider a Restricted/Institutional Dealer as having met the minimum competency criteria:

            Example 1

            The Dealer has two executive resident directors, one of whom is the SEO, who is responsible for dealing function. The other is the Chief Operating Officer, who is responsible for back office functions such as trade reconciliation and risk management (i.e. not engaged in regulated activity). Both directors have at least 5 years of relevant experience in their respective functions. The Dealer will meet the minimum competency criteria if it employs at least one additional resident full-time employee/professional on the dealing desk. There will not be any minimum experience criteria for this additional employee, although the employee should be suitably competent.

            Example 2

            The Dealer has two executive directors as dealers. Both directors are resident in the U.A.E and have at least 5 years of relevant experience in dealing activities. One of the directors is the SEO. The Dealer should appoint another Recognised Person independent of the front office to be the Compliance Officer / Finance Officer / Money Laundering Reporting Officer.

            Example 3

            The Dealer in ADGM ("ADGM Dealer") is a subsidiary of a foreign-based Dealer who is regulated in its home jurisdiction. The ADGM Dealer has one resident executive director appointed as the SEO, who has 5 years of relevant experience and heads the dealing function. The ADGM Dealer has another director based overseas. The ADGM Dealer will meet the criteria if it employs an additional resident full-time employee/professional to conduct dealing activities, and this employee will be required to have at least five 5 years of relevant experience.

            Appendix 2: Minimum Compliance Arrangements

            Category Compliance Arrangements
            Retail Dealer
            •   The Dealer should put in place an independent and dedicated compliance function in the U.A.E with staff who are suitably qualified and independent from the front office.
            •   Compliance staff may perform other non-conflicting and complementary roles such as that of an in-house legal counsel.
            Institutional Dealer
            •   The Dealer should have an independent compliance function with staff who are suitably qualified and independent from the front office.
            •   The Dealer may, depending on the size and scale of the business:
            (i) rely on compliance oversight and support from an independent and dedicated compliance team at its holding company or related entity; or
            (ii) engage an external service provider to support its compliance arrangements. The Dealer should ensure that the service provider is competent and familiar with the regulatory requirements for Dealers in ADGM. The service provider should be able to provide meaningful onsite presence at the Dealer.
            In either case, the Dealer should designate a senior staff independent from the front office (e.g. COO or CFO) to oversee the compliance arrangement;
            Restricted Dealer

            Appendix 3 — Internal Audit Arrangements

            Category Internal Audit Arrangements
            Retail Dealer
            •   The Dealer should have an independent and dedicated internal audit function.
            •   The internal audit function may be undertaken by an internal audit team within the Dealer, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.
            Institutional Dealer
            •   The internal audit function may be undertaken by an internal audit team within the Dealer independent from the business functions, a group internal audit team from the parent or related company of the Dealer, or outsourced to a third party service provider.
            •   Where the Dealer does not have a dedicated internal audit function, the adequacy of the Dealer's internal audit arrangements should be assessed against the context of the Dealer's overall business scale and control environment i.e. whether there are periodic checks similar to those performed by internal auditors, which are performed by other control functions such as risk management and compliance.
            Restricted Dealer
            •   The SEO and Board of the Dealer are ultimately responsible for ensuring there are adequate internal controls within the Dealer and should take reasonable measures to ensure that the internal controls are complied with.

    • Guidance — Regulation of Crypto Asset Activities in ADGM

      Click here to view PDF

      • Guidance — Regulation Of Crypto Asset Activities in ADGM

        • INTRODUCTION

          • 1

            This Guidance is issued under section 15(2) of the Financial Services and Markets Regulations 2015 ("FSMR"). It should be read in conjunction with FSMR, the relevant Rulebooks of the Financial Services Regulatory Authority ("FSRA"), the FSRA's Guidance & Policies Manual and its 'Guidance — Regulation of Initial Coin/Token Offerings (ICOs) and Crypto Assets under the FSMR'1 ("ICO Guidance").


            1 https://www.adgm.com/media/304700/guidance-icos-and-crypto-assets_20180625_v11.pdf

          • 2

            This Guidance is applicable to the following Persons:

            a) an Applicant for a Financial Services Permission ("FSP") to carry on the Regulated Activity of Operating a Crypto Asset Business ("OCAB") in or from the Abu Dhabi Global Market ("ADGM");
            b) an Authorised Person in respect of its carrying on the Regulated Activity of Operating a Crypto Asset Business in or from ADGM; or
            c) a Recognised Investment Exchange with a stipulation on its Recognition Order permitting it to carry on the Regulated Activity of Operating a Crypto Asset Business within ADGM.

          • 3

            This Guidance sets out the FSRA's approach to the regulation of Crypto Asset activities in ADGM, including activities conducted by Crypto Asset Exchanges, Crypto Asset Custodians and, as applicable, intermediaries engaged in Crypto Asset activities. This Guidance, together with the applicable ADGM Regulations and FSRA Rules governing Crypto Asset activities, is collectively referred to as the "Spot Crypto Asset Framework".

          • 4

            This Guidance is not an exhaustive source of the FSRA's policy on the exercise of its regulatory functions and powers. The FSRA is not bound by the requirements set out in this Guidance and may —

            a) impose additional requirements to address any specific risks posed by Crypto Asset activities; or
            b) waive or modify any of these requirements at its discretion where appropriate.

          • 5

            Unless otherwise defined or the context otherwise requires, the terms contained in this Guidance have the same meaning as defined in the FSMR and the FSRA Glossary Rulebook ("GLO").

          • 6

            For the purposes of this Guidance, an Authorised Person holding an FSP to carry on the Regulated Activity of Operating a Crypto Asset Business, or a Recognised Investment Exchange holding an OCAB stipulation on its Recognition Order (as set out in paragraph 93) are each referred to as an "OCAB Holder".

          • 7

            7) For more details on the process for authorisation as an OCAB Holder operating a Crypto Asset Exchange, please contact the FSRA at: MIP@adgm.com. For more details on the process for authorisation as an OCAB Holder for any other Crypto Asset business activities, please contact the FSRA at: authorisation@adgm.com.

        • BACKGROUND

          • 8

            Technological innovation is transforming the financial services industry. Constant advances in new technologies have provided opportunities for significant change and disruption to financial services and other related activities globally. Developments in distributed ledger technologies ("DLT") have led to the emergence of digital assets, such as virtual coins or tokens for capital raising, and crypto assets/currencies for the facilitation of economic transactions.

          • 9

            This Guidance focuses on FSRA's regulatory treatment of Crypto Assets. For the purposes of the Spot Crypto Asset Framework, the FSRA has defined Crypto Asset in the FSMR as follows:

            "Crypto Asset" means a digital representation of value that can be digitally traded and functions as (1) a medium of exchange; and/or (2) a unit of account; and/or (3) a store of value, but does not have legal tender status in any jurisdiction. A Crypto Asset is —

            (a) neither issued nor guaranteed by any jurisdiction, and fulfils the above functions only by agreement within the community of users of the Crypto Asset; and
            (b) distinguished from Fiat Currency2 and E-money3."

            2 "Fiat Currency" means government issued currency that is designated as legal tender in its country of issuance through government decree, regulation or law.

            3 "E-money" means a digital representation of Fiat Currency used to electronically transfer value denominated in Fiat Currency. The FSRA considers E-money activities to be covered by its payments regulatory framework.

          • 10

            The diagram and table below sets out the FSRA's regulatory approach in relation to different types of digital assets.

            Category of Digital Assets / Instruments Regulatory Approach
            "Security Tokens"

            (e.g., virtual tokens that have the features and characteristics of a Security under the FSMR (such as Shares, Debentures, Units in a Collective Investment Fund)).
            Deemed to be Securities pursuant to Paragraph 58(2)(b) of FSMR.

            All financial services activities in relation to Security Tokens, such as operating primary / secondary markets, dealing / trading / managing investments in or advising on Security Tokens, will be subject to the relevant regulatory requirements under the FSMR.

            Market intermediaries and market operators dealing or managing investments in Security Tokens need to be licensed / approved by FSRA as FSP holders, Recognised Investment Exchanges or
            "Crypto Assets"

            (e.g., non-fiat virtual currencies).

            As provided in paragraph 9, this Guidance is focused on Crypto Assets.
            Recognised Clearing Houses, as applicable.

            Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

            Pursuant to the Spot Crypto Asset Framework, however, market intermediaries (e.g. broker dealers, custodians, asset managers) and Crypto Asset Exchanges dealing in or managing Crypto Assets will need to be licensed / approved by FSRA as OCAB Holders. Only activities in Accepted Crypto Assets will be permitted.
            "Utility Tokens" or "Non-Security Tokens"

            (e.g., virtual tokens that do not exhibit the features and characteristics of a regulated investment / instrument under the FSMR).
            Treated as commodities and, therefore, not deemed Specified Investments under the FSMR.

            Unless such Utility Tokens are caught under the definition of Crypto Assets,, spot trading and transactions in Utility Tokens do not constitute Regulated Activities, activities envisaged under a Recognition Order (e.g., those of a Recognised Investment Exchange or Recognised Clearing House), or activities envisaged under the Market Rules (MKT).
            Derivatives and Collective Investment Funds of Crypto Assets, Security Tokens and Utility Tokens Regulated as Specified Investments under the FSMR.

            Market intermediaries and market operators dealing in such Derivatives and Collective Investment Funds will need to be licensed / approved by FSRA as FSP holders, Recognised Investment Exchanges or Recognised Clearing Houses, as applicable.

          • 11

            For clarification, the Spot Crypto Asset Framework is not intended to apply to initial token or coin offerings (ICOs), (whether Security or Utility tokens), or other capital raising purposes. For details on FSRA's regulatory treatment of ICOs, security tokens and utility tokens please refer to FSRA's ICO Guidance.

        • OBJECTIVES OF THE SPOT CRYPTO ASSET FRAMEWORK

          • 12

            Fiat currencies are created and issued by sovereign governments, and stored and transferred by banks and other regulated financial institutions on behalf of users. In contrast, the crypto asset ecosystem enables users to create, store and transfer Crypto Assets without the need for any third party. This creates a set of unique challenges for regulators worldwide. Without regulated entities controlling the creation and use of Crypto Assets, the system is open to significant Financial Crime and other risks.

          • 13

            The Spot Crypto Asset Framework is comprehensive in order to effectively address the key risks that spot trading of Crypto Assets poses. FSRA's view is that regulation of AML/CFT risks alone will not sufficiently mitigate certain wider Crypto Asset related risks. Given the increased use of Crypto Assets as a medium of financial transactions, and their connectivity to the mainstream financial system through Crypto Asset and Derivative exchanges and intermediaries, there is the increased potential of contagion risks impacting the stability of the financial sector. There is also currently no safety net that ensures that users will be able to recover their Crypto Assets in case of loss or theft.

          • 14

            Accordingly, the FSRA has addressed issues around consumer protection, safe custody, technology governance, disclosure/transparency, Market Abuse and the regulation of Crypto Asset Exchanges in a manner similar to the regulatory approach taken in relation to securities exchanges globally.

        • FEATURES OF THE SPOT CRYPTO ASSET FRAMEWORK

          • Regulated Activity of Operating a Crypto Asset Business

            • 15

              In accordance with section 30 of FSMR, Applicants that qualify for authorisation under the Spot Crypto Asset Framework will be granted an FSP to carry on the Regulated Activity of OCAB. The Regulated Activity of OCAB, and the relevant exclusions, are set out in sections 73B and 73C of Schedule 1 of FSMR, and in full below:

              'Operating a Crypto Asset Business

              (1) Operating a Crypto Asset Business is a specified kind of activity.
              (2) Operating a Crypto Asset Business involves undertaking one or more Crypto Asset activities in or from the Abu Dhabi Global Market.
              (3) For the purposes of sub-paragraph (2), Crypto Asset activities include —
              (a) Buying, Selling or exercising any right in Accepted Crypto Assets (whether as principal or agent);
              (b) managing Accepted Crypto Assets belonging to another person;
              (c) making arrangements with a view to another person (whether as principal or agent) Buying, Selling or providing custody of Accepted Crypto Assets;
              (d) marketing of Accepted Crypto Assets;
              (e) advising on the merits of Buying or Selling of Accepted Crypto Assets or any rights conferred by such Buying or Selling; and
              (f) operating —
              (i) a Crypto Asset Exchange; or
              (ii) as a Crypto Asset Custodian.
              (4) In sub-paragraph 3(f)(i), operating a Crypto Asset Exchange means the trading, conversion or exchange of —
              (a) Fiat Currency or other value into Accepted Crypto Assets;
              (b) Accepted Crypto Assets into Fiat Currency or other value; or
              (c) one Accepted Crypto Asset into another Accepted Crypto Asset.
              (5) In sub-paragraph 3(f)(ii), operating as a Crypto Asset Custodian involves —
              (a) safeguarding, storing, holding or maintaining custody of Accepted Crypto Assets belonging to another person; or
              (b) controlling or administering Accepted Crypto Assets for the purpose of sub-paragraph 5(a).

              Exclusions

              The following activities do not constitute Operating a Crypto Asset Business —

              (1) the creation or administration of Crypto Assets;
              (2) the development, dissemination or use of software for the purpose of creating or mining a Crypto Asset;
              (3) the transmission of Crypto Assets;
              (4) a loyalty points scheme denominated in Crypto Assets; or
              (5) any other activity or arrangement that is deemed by the Regulator to not constitute Operating a Crypto Asset Business, where necessary and appropriate in order for the Regulator to pursue its objectives.'

          • OCAB Holders as Authorised Persons

            • 16

              To be authorised as an OCAB Holder, an Applicant must satisfy FSRA that all applicable requirements of FSMR and the relevant FSRA Rulebooks have been, and will continue to be, complied with. Upon authorisation, an OCAB Holder, as a holder of an FSP, is considered by the FSRA to be an Authorised Person for the purposes of the FSMR and the FSRA Rulebook, and has the same regulatory status within ADGM as any other Authorised Person.

            • 17

              The principal Rules for Operating a Crypto Asset Business are set out in Chapter 17 of the FSRA Conduct of Business Rulebook ("COBS"). Though the requirements set out in COBS Rule 17.1.2 already apply to Authorised Persons generally, Rule 17.1.2 operates as an additional 'sign-post' Rule designed to draw the attention of Applicants and OCAB Holders to the fact that they must comply with all Rules applicable to Authorised Persons, including:

              a) all other relevant chapters of COBS;
              b) the FSRA General Rulebook (GEN);
              c) the FSRA Anti-Money Laundering and Sanctions Rules and Guidance (AML); and
              d) the FSRA Rules of Market Conduct (RMC).

            • 18

              The table below sets out the main risk areas, and the related mitigations for each of these risks areas, under the Spot Crypto Asset Framework.

              RISK MITIGANT
              1. AML/CFT/TAX The AML Rulebook applies in full to the Regulated Activity of OCAB.

              OCAB Holders will also need to consider their reporting obligations in relation to FATCA and the Common Reporting Standards.
              2. CONSUMER PROTECTION All material risks associated with Crypto Assets generally, Accepted Crypto Assets and OCAB products, services and activities must be appropriately disclosed.
              3. TECHNOLOGY GOVERNANCE Systems and controls must be in place in relation to:
              •   Crypto Asset wallets;
              •   Private keys;
              •   Origin and destination of Crypto Asset funds;
              •   Security; and
              •   Risk management and systems recovery.
              4. 'EXCHANGE-TYPE' ACTIVITIES Crypto Asset Exchanges will be regulated in a similar manner to how the FSRA regulates 'Multilateral Trading Facilities', and will be required to have in place, among other things, the following:
              •   Market surveillance;
              •   Settlement processes;
              •   Transaction recording;
              •   Transparency & public disclosure mechanisms; and
              •   Exchange-like operational systems and controls.
              5. CUSTODY Crypto Assets will be included as Client Assets and Investments, and accordingly will be subject to the safe custody provisions under the FSMR. Frequent reconciliations and reporting of Crypto Assets are required.

            • 19

              COBS Rule 17.1.3 operates such that an OCAB Holder is deemed to be operating an 'Investment Business', and that 'Client Investments' in GEN and 'Financial Instruments' in RMC are to be read to include Crypto Assets. This means that the various Rules using these terms throughout the FRSA Rulebooks are expanded to capture Crypto Assets and Crypto Asset activities, including in particular, the Rules contained in Chapters 3 and 6 of COBS.

          • Combination of Regulated Activities

            • 20

              Applicants approved by the FSRA to Operate a Crypto Asset Business will be granted an FSP that includes the Regulated Activity of OCAB. Applicants carrying on other Regulated Activities within ADGM in addition to OCAB will need to apply to add such other Regulated Activities to the FSP and comply with the requirements of the FSRA applicable to such other Regulated Activities.

            • 21

              Existing FSP holders carrying on a Regulated Activity that may incidentally involve the use of Crypto Assets, but who are not deemed as carrying on OCAB as defined under the FSMR, may not need to apply for the Regulated Activity of OCAB. In such circumstances, however, the FSP holder may be subject to relevant Rules in Chapter 17 of COBS (e.g., in relation to technology governance, disclosure requirements) to ensure appropriate use of Accepted Crypto Assets in supporting their non-OCAB Regulated Activities.

        • REGULATORY REQUIREMENTS FOR OPERATING A CRYPTO ASSET BUSINESS

          • Operating a Crypto Asset Business

            • 22

              Chapter 17 of COBS applies to all OCAB Holders, requiring compliance with all the requirements set out in COBS Rules 17.117.6. OCAB Holders that are Operating a Crypto Asset Exchange or Operating as a Crypto Asset Custodian are also required to comply with the additional requirements in COBS Rule 17.7 or 17.8 respectively.

          • Accepted Crypto Assets

            • 23

              COBS Rule 17.2.1 permits OCAB Holders to engage in Crypto Asset activities in relation to Accepted Crypto Assets only. The FSRA has a general power to determine each Accepted Crypto Asset that will be permitted in relation to OCAB activities within ADGM, in order to prevent higher-risk activities involving or relating to illiquid or 'immature' Crypto Assets.

            • 24

              A Crypto Asset that meets the FSRA's requirements will constitute an Accepted Crypto Asset. COBS Rule 17.2.2 states that for the purpose of determining whether, in its opinion, a Crypto Asset meets the requirements of being an Accepted Crypto Asset, the FSRA will consider:

              a) A maturity/market capitalisation threshold in respect of a Crypto Asset in accordance with COBS Rule 17.2.2(a). This market capitalisation threshold will be applied at the time of application for an FSP to engage in the Regulated Activity of OCAB. The FSRA considers Crypto Assets with a market capitalisation in excess of at least US$4billion4 as meeting this threshold. The FSRA does not prescribe the source for calculating the market capitalisation of a Crypto Asset and will consider certain recognised sources, as may be available from time to time.
              b) Other factors that, in the opinion of the FSRA, need to be taken into account in determining whether or not a particular Crypto Asset meets the requirements to be considered appropriate, as contemplated in COBS Rule 17.2.2(b). The FSRA will take into account a number of factors in relation to a particular Crypto Asset, including those set out below, none of which are to be considered definitive or binding:
              i. Security: consideration of whether the specific Crypto Asset is able to withstand, adapt, respond to, and improve on its specific risks and vulnerabilities, including relevant factors/risks relating to the on-boarding or use of new Crypto Assets (including size, testing, maturity, and ability to allow the appropriate safeguarding of secure private keys);
              ii. Traceability / monitoring: whether OCAB holders are able to demonstrate the origin and destination of the specific Crypto Asset, if the Crypto Asset enables the identification of counterparties to each trade, and if transactions in the Crypto Asset can be adequately monitored;
              iii. Exchange connectivity: whether there are (other) exchanges that support the Crypto Asset; the jurisdictions of these exchanges and whether these exchanges are suitably regulated;
              iv. Market demand / volatility: the sufficiency, depth and breadth of Client demand, the proportion of the Crypto Asset that is in free float and the controls/processes to manage volatility of a particular Crypto Asset;
              v. Type of Distributed Ledger: whether there are issues relating to the security and/or usability of a distributed ledger technology used for the purposes of the Crypto Asset; whether the Crypto Asset leverages an existing distributed ledger for network and other synergies; whether this a new distributed ledger that has been demonstrably stress tested;
              vi. Innovation / efficiency: for example, whether the Crypto Asset helps to solve a fundamental problem, addresses an unmet market need or creates value for network participants; and
              vii. Practical application/functionality: whether the Crypto Asset possesses real world, quantifiable, functionality.

              4 www.coinmarketcap.com

            • 25

              Though these factors may change from time to time, the FSRA will, in all cases, have regard to its objectives as a regulator, and the principles as set out in Section 1 of FSMR.

            • 26

              Applicants applying for an FSP will need to submit the details of each Accepted Crypto Asset that is proposed to be used for their OCAB activities. The use of these Accepted Crypto Assets will be approved as part of the formal application process for its FSP for Operating a Crypto Asset Business.

            • 27

              An Accepted Crypto Asset may be deemed suitable for use by all OCAB Holders, subject to each OCAB Holder satisfying the FSRA that it can suitably use each specific Accepted Crypto Asset. For example, a Crypto Asset Exchange is required by COBS Rule 17.7.45 to notify the FSRA of any new Accepted Crypto Asset proposed to be admitted to trading on its facilities. Though the Crypto Asset Exchange may propose to admit to trading a commonly used and traded Crypto Asset, the Crypto Asset Exchange's controls, for example, relating to identity/transaction monitoring of a certain distributed ledger may not yet be fully developed. In such circumstances, the FSRA may require the Crypto Asset Exchange to delay the commencement of trading until such time that suitable controls have been developed and implemented.


              5 Which requires notification to the FSRA under MIR Rule 5.4.1 (Item 26).

            • 28

              An OCAB Holder wishing to use a Crypto Asset(s) additional to the Accepted Crypto Asset(s) originally approved as part of its application process, must notify the FSRA of its intention to do so. This notification should include all relevant information relating to the use of the Crypto Asset, including the relevant controls the OCAB Holder has in place (or if not already in place, that it proposes to implement), in order to manage the risks specific to the Crypto Asset. In forming a view on the suitability of the proposed Crypto Asset(s), the FSRA will take into account whether the proposed Crypto Asset meets the requirements of being an Accepted Crypto Asset, as set out in COBS Rule 17.2.2 and paragraph 24 of this Guidance. The FSRA will notify the OCAB Holder of its determination.

            • 29

              The FSRA will not maintain a 'public' list of Accepted Crypto Assets, however it may provide this information to potential Applicants of an OCAB FSP, and OCAB Holders.

          • Capital Requirements

            • 30

              Given the nature of, and the risks associated with, Operating a Crypto Asset Business, COBS Rule 17.3 requires an OCAB Holder to hold capital resources in a manner consistent with MIR Rule 3.2.1, (being the requirements that a Recognised Investment Exchange must meet). Capital must be held in fiat form.

            • 31

              When applying COBS Rule 17.3 / MIR Rule 3.2.1 to OCAB Holders, the FSRA will apply proportionality in considering whether any additional capital buffer must be held, based on the size, scope, complexity and nature of the Crypto Asset activities and operations of the OCAB Holder and, if so, the appropriate amount of capital required as the additional buffer. An OCAB Holder that the FSRA considers to be high risk may attract higher capital requirements.

            • 32

              Subject to the above paragraph, in general:

              a) OCAB Holders operating a Crypto Asset Exchange, are required to hold capital resources equivalent to 12 months' operational expenses; and
              b) all other OCAB Holders are required to hold capital resources equivalent to 6 months' operational expenses.

            • 33

              Operational expenses, as set out in MIR Rule 3.2.1, broadly includes all of the overhead, non-discretionary costs (variable and exceptional items can be excluded) incurred (or forecast to be incurred) by an OCAB Holder in its operations over the course of a twelvemonth accounting period. Technology-related operational expenses, such as the use of IT servers and technology platforms, storage and usage of IT equipment and technology services required for the overall operability of the OCAB Holders' platform, are to be included. Development costs, such as research and intellectual property patenting can be excluded.

            • 34

              Where an OCAB Holder carries on one or more Regulated Activities not related to Crypto Asset activities (e.g., Dealing in Investments, Providing Credit or Providing Custody etc.), the FSRA will apply a capital requirement that is the higher of the:

              a) regulatory capital requirements applicable to the OCAB; or
              b) capital requirements applicable to the other Regulated Activities under the "Prudential — Investment, Insurance Intermediation and Banking Rules" ("PRU").

            • 35

              In addition, where an OCAB Holder is part of a wider financial group that is subject to consolidated supervision by the FSRA, a holistic view of regulatory capital treatment will apply across the businesses for the Group pursuant to Chapter 8 of PRU. The resulting level of the capital requirements for the consolidated Group will also be subject to review under the Supervisory Review and Evaluation Process (as outlined in Chapter 10 of PRU), whereby the FSRA will retain the ability to impose additional capital requirements, above and beyond that reflected in the 'higher of' approach to reflect any part of the higher risk profile of the Group that is not adequately captured in Chapter 8 of PRU.

          • Anti-Money Laundering and Countering Financing of Terrorism

            • 36

              Crypto Asset activities raise significant regulatory concerns for regulatory authorities and law enforcement agencies worldwide, particularly in relation to Money Laundering ("ML") and Financing of Terrorism ("TF"). International bodies, such as the International Monetary Fund, the Financial Action Task Force ("FATF"), the Bank for International Settlements and the International Organisation for Securities Commissions ("IOSCO"), have issued different Digital Asset (including Crypto Asset and ICO) warnings to investors and market participants advising of the significant risks, including ML and TF risks, and the possibility of Digital Assets being used for illegal purposes.

            • 37

              FATF has identified certain key risks associated with Crypto Assets6, which include the following:

              a) Digital Assets (and, in particular, Crypto Assets) usually provide greater anonymity than traditional non-cash payment methods. Crypto Assets can be traded via Internet platforms, are generally characterised by non-face-to-face Client relationships, and may permit anonymous funding and transfers (cash funding or third-party funding through 'virtual exchanges' that do not properly identify the source or destination of funds).
              b) The global reach of Crypto Assets increases the potential for ML/TF risks. Crypto Asset systems can be accessed via the Internet (including via mobile phones), and can be used to make cross-border payments and fund transfers.
              c) Crypto Asset platforms commonly rely on complex infrastructures utilising several entities, often spread across several countries, to transfer funds or execute payments. This segmentation of services means that responsibility for ML/TF compliance and supervision/enforcement may be unclear. Moreover, Client and transaction records may be held by different entities, often in different jurisdictions, making it more difficult for regulators and law enforcement agencies to access them. These issues are exacerbated by the rapidly evolving nature of 'decentralised' technologies used by Crypto Asset businesses, including the changing number and types/roles of participants providing services in the Crypto Asset ecosystem.
              d) Components of the Crypto Asset system may be located in jurisdictions that do not have adequate ML/TF controls.

              6 http://www.fatf-gafi.org/publications/fatfgeneral/documents/guidance-rba-virtual-currencies.html

            • 38

              In order to develop a robust and sustainable regulatory framework for Crypto Assets, FSRA is of the view that a comprehensive application of its Anti Money Laundering and Countering Financing of Terrorism "AML/CFT" framework should be in place, including full compliance with, among other things:

              a) UAE AML/CFT Federal Laws, including the UAE Cabinet Resolution No. (38) of 2014 Concerning the Executive Regulation of the Federal Law No. 4 of 2002 concerning Anti-Money Laundering and Combating Terrorism Financing;
              b) the FSRA AML and Sanctions Rules and Guidance ("AML Rules") or such other AML rules as may be applicable in ADGM from time to time; and
              c) the adoption of international best practices (including FATF Recommendations).

            • 39

              In considering Crypto Asset ML and TF risks, the importance of meeting global transparency and beneficial ownership standards, and the need to have proper mechanisms to exchange information with other regulators and counterparties, the FSRA requires that its AML Rules apply to all OCAB Holders.

            • 40

              Key considerations for AML/CFT compliance

              When considering the FATF Recommendations, in combination with the application of the AML Rules, the FSRA notes the following key principles that an OCAB Holder should consider:

              Principle 1: Risk Based Approach

              a) FATF expects countries, regulators, financial institutions and other concerned parties to adopt a 'Risk Based Approach' ("RBA"). OCAB Holders are expected to understand the risks associated with their activities and allocate proper resources to mitigate those risks. A RBA can only be achieved if OCAB Holders establish proper systems and controls, 'Know-Your-Client' ("KYC") and 'Client Due Diligence' ("CDD") processes, and build their policies and procedures to be risk focused and proportionate to their activities.
              b) OCAB Holders should, on a periodic basis, carry out a proper risk based assessment of their processes and activities. In order to implement the RBA, OCAB Holders are expected to have processes in place to identify, assess, monitor, manage and mitigate ML risks. The general principle is that in circumstances where there are higher risks of ML, OCAB Holders are required to implement enhanced measures to manage and mitigate those risks.
              c) One of the most challenging risks facing a financial institution is how the on-boarding of an OCAB Holder may affect its relationship with a foreign correspondent financial institution, as well as the views of the regulator of that foreign correspondent financial institution. In essence, a foreign correspondent financial institution relationship is built on the effectiveness of a financial institution's ML compliance program and ongoing monitoring capabilities.
              d) With the use of cryptology and block chain technologies at a nascent stage within financial services, a financial institution of an OCAB Holder must not only satisfy itself, but also its foreign correspondent financial institutions, that OCAB Holders are well regulated and have systems and controls to address ML, TF and sanctions risks. This should include robust processes to carry out CDD on customers and beneficial owners, monitor transactions for these risks, and be willing and able to provide complete transparency to their financial institution and its foreign correspondent financial institutions if and when required.

              Principle 2: Business Risk Assessment

              e) Chapter 6 of the AML Rules requires Relevant Persons to take appropriate steps to identify and assess the money laundering risks to which their businesses are exposed, taking into consideration the nature, size and complexity of their activities. When identifying and assessing these risks, several factors should be considered, including an assessment of the use of new technologies. Importantly, in the context of Crypto Assets, FATF Recommendation (15) states that:
              "Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. They should take appropriate measures to manage and mitigate those risks."
              f) Another aspect of assessing the business risk relevant to OCAB Holders is gaining familiarity with the characteristics and terminology7 of the Crypto Asset industry. Additionally, OCAB Holders, and their management and staff, should be aware of the possible misuse of Crypto Assets in criminal activities, as well as the technical and complicated nature of Crypto Assets (and the platforms they operate on).
              g) When making its assessment, an OCAB Holder must give consideration to all business risks. For example, while an issue may be identified in relation to cyber security (e.g., when dealing with hot wallets or using cloud computing to store data — being a 'technical' risk), the FSRA expects OCAB Holders to consider these risks from all perspectives to establish whether the risk triggers other issues for consideration (including ML/TF risks, technology governance, consumer protection, etc).

              Principle 3: Know Your Customer, Customer Due Diligence and Customer Risk Assessment

              h) The FSRA expects all OCAB Holders to have fully compliant Client on-boarding processes. Crypto Assets have been criticised by regulatory bodies globally due to their anonymity features, which makes tracking Client records and transactions more challenging for compliance officers and money laundering reporting officers.
              i) Clear KYC and CDD policies and procedures are required to be implemented. OCAB Holders should have a process to assess and rate their Clients according to that Client's risk profile (and taking into consideration the OCAB Holder's RBA). This process requires OCAB Holders to undertake CDD and comply in full with AML Rules 8.1 and 8.3 for each Client prior to transacting any business whatsoever. The FSRA does not consider it appropriate for OCAB Holders to use simplified CDD when conducting Crypto Asset activities.
              j) Due to issues surrounding the anonymity of Clients and transactions associated with Crypto Assets, when considering CDD and the treatment of third party funding of Client accounts, the FSRA draws OCAB Holders' particular attention to AML Rule 8.1.3 (Guidance paragraph 3)8 noting that the FSRA will apply the Rule such that there is no exception for simplified CDD.
              k) The FSRA understands that OCAB Holders may need to use new technology to improve Client on-boarding processes for the purpose of assessing and managing ML and TF risks. The use of suitable biometric technologies for non-face-to-face business activity may be acceptable to the FSRA in certain cases.
              l) The FSRA further understands that the proper use of such technologies (e.g., fingerprinting, retinal/eye scans, use of real-time video conference facilities to enable facial recognition) can assist with mitigation of the ML/TF risks associated with Crypto Asset activities. Technological features, such as secure digital signatures that allow the verification of a client's identity through a signed document, may also be acceptable to the FSRA. In all cases, an OCAB Holder should ensure that the use of these technologies will not lead to a simplified process where the required KYC and CDD requirements are not appropriately undertaken by an OCAB Holder.

              Principle 4: Governance, Systems and Controls

              m) OCAB Holders are required to implement an appropriate governance structure, especially in relation to Information Technology governance9, and provide for the development and maintenance of all necessary systems and controls to ensure appropriate ML and TF compliance.
              n) The FSRA expects that OCAB Holders may seek to utilise technologies and solutions available in the market to meet their regulatory obligations (e.g., KYC, detection of fraud, transaction identification and reporting) and risk management requirements (e.g., margin limits, large exposure monitoring).
              o) While FSRA cannot recommend particular vendors or providers, all technology solutions must be fit for purpose and OCAB Holders should consider using those with an established track record, and undertake their own due diligence/risk assessment to ensure competency and capability. The FSRA recognises that many of the (technology) solutions appropriate for mitigating Crypto Asset risks will be generated within the Crypto Asset industry itself.
              p) The FSRA expects OCAB Holders to develop, implement and adhere to a "Crypto Asset Compliance Policy", tailored to meet specific Crypto Asset business compliance requirements, and reflecting a clear comprehension of the OCAB Holder's understanding of its compliance responsibilities. The FSRA expects this policy to be well defined, comprehensive and as robust as possible. The policy can be separate or part of other compliance policies/manuals.
              q) Following the development of the Crypto Asset Compliance Policy, OCAB Holders' compliance officers are expected to establish a "Crypto Asset compliance monitoring program", requiring internal reviews to be conducted in an efficient way, and on a periodic basis.
              r) OCAB Holders must appoint a Money Laundering Reporting Officer ("MLRO") who will be responsible for the implementation and oversight of the OCAB Holder's compliance with the AML Rules. Consistent with the FSRA's expectation in relation to all other Authorised Persons, an OCAB Holder's MLRO should have an appropriate level of seniority and independence in order to be effective in the role.

              Principle 5: Reporting obligations

              s) OCAB Holders should familiarise themselves with their reporting obligations under the AML Rules, in particular in relation to the reporting of suspicious activities/transactions.
              t) OCAB Holders are required to establish sophisticated transaction monitoring systems to detect possible ML and TF activities. Systems should also be implemented to effectively identify any attempt to breach domestic and international sanctions. Such systems may rely on new technological solutions (including monitoring algorithms or Artificial Intelligence ("AI")).

              Principle 6: Record keeping

              u) As proper documentation is one of the main pillars of ensuring AML/CFT compliance, OCAB Holders are required to have policies and procedures in place to ensure proper record keeping practices.
              v) The FSRA understands that the transaction recording of many Crypto Asset transactions is linked to, or based on, blockchain technology. This requires an OCAB Holder to implement specific arrangements to ensure that, at a minimum, the OCAB Holder and the FSRA have access to all relevant information as necessary. An OCAB Holder may use a blockchain to store its data, provided it is able to provide this data, in an easily accessible format, to the FSRA when required.
              w) The FSRA views Crypto Asset activities that are linked to cash transactions as posing higher ML and TF risks, due to the source of funding being significantly more difficult to determine. OCAB Holders wishing to conduct cash transactions will be required to implement enhanced controls to mitigate the inherent risks of such transactions. Such controls may include, among other things, setting appropriate limits on cash deposits (e.g., daily, monthly, yearly limits), a prohibition on receiving cash directly, or prohibitions on the receipt of cash other than from bank accounts. In all cases, OCAB Holders will need to clearly demonstrate to the FSRA how their controls suitably mitigate the risks of cash transactions within their operations.
              x) FSRA expects all OCAB Holders to exercise due care, to the utmost extent possible, in their day-to-day operations and when dealing with clients or potential clients. An OCAB Holder's activities are expected to be in compliance with the AML Rules, ensuring that their activities do not pose regulatory risk or reputational damage to the ADGM Financial System.

              7 Examples of Digital Asset/Crypto Asset relevant terminology include: cold or hot storage, on/off ramps, dirty wallet, public key and private key.

              8 AML Rule 8.1.3 Guidance 3 states that 'Subject to the exception for Simplified Customer Due Diligence, whenever a Relevant Person comes into contact with a Customer with or for whom it acts or proposes to act, it must establish whether the Customer is acting on his own behalf or on behalf of another Person, and a Relevant Person must establish and verify the identity of both the Customer and any other Person on whose behalf the Customer is acting, including that of the Beneficial Owner of the relevant funds, which may be the subject of a Transaction to be considered, and must obtain sufficient and satisfactory evidence of their identities. A Relevant Person should obtain a statement from a prospective Customer to the effect that he is, or is not, acting on his own behalf. In cases where the Customer is acting on behalf of third parties, it is recommended that the Relevant Person obtain a written statement, confirming the statement made by the Customer, from the parties, including the Beneficial Owner.'

              9 Please also refer to the section on Technology Governance and Controls in this Guidance (page 18).

          • 41

            International Tax Reporting Obligations

            COBS Rule 17.4 requires OCAB Holders to consider and, if applicable, adhere to their tax reporting obligations including, as applicable, under the Foreign Account Tax Compliance Act ("FATCA") and the ADGM Common Reporting Standard Regulations 2017.

        • Technology Governance and Controls

          • 42

            While the FSRA adopts a technology-neutral approach to its regulation of Authorised Persons, Crypto Asset technology is widely considered to be in its early years of development and usage at scale. While it does not seek to regulate Crypto Asset technology directly, the FSRA expects OCAB Holders to meet particular requirements in terms of their technology systems, governance and controls.

          • 43

            Historic Crypto Asset business failures have often arisen as a result of the lack of adequate technology-related procedures, including for example, a lack of code version control, lack of testing or security policies, or a lack of an appropriate framework for decision making. The FSRA has therefore included specific Guidance regarding expected controls and processes to mitigate these issues.

          • 44

            GEN Rule 3.3 requires an OCAB Holder to establish systems and controls to ensure its affairs are managed effectively and responsibly, and to ensure such systems and controls are subject to regular review. COBS Rule 17.5 sets out additional requirements for appropriate technology governance and controls specific to OCAB Holders, with a focus on:

            a) Crypto Asset Wallets;
            b) Private Keys;
            c) Origin and destination of Crypto Asset funds;
            d) Security; and
            e) Risk Management.

          • 45

            When complying with GEN Rule 3.3 and COBS Rule 17.5, OCAB Holders should have due regard to the following key areas from a technology perspective:

            a) Careful maintenance and development of systems and architecture (e.g., code version control, implementation of updates, issue resolution, regular internal and third party testing);
            b) Security measures and procedures for the safe storage and transmission of data;
            c) Business continuity and Client engagement planning in the event of both planned and unplanned system outages;
            d) Processes and procedures specifying management of personnel and decision-making by qualified staff; and
            e) Procedures for the creation and management of services, interfaces and channels provided by or to third parties (as recipients and providers of data or services).

          • 46

            Maintenance and development of systems

            OCAB Holders are expected to have a clear, well-structured and deliberate approach for the implementation and upgrade of systems and software.

          • 47

            OCAB Holders should also have well-established policies and procedures for the regular and thorough testing of any system currently implemented or being considered for use (e.g., upgrades to a matching engine or opening of a new Application Programming Interface ("API") with a third party). This should include ensuring that the implementation of new systems, or upgrading of existing systems, is thoroughly checked by multiple members of technology staff.

          • 48

            All changes made to a codebase in use are to be tracked and recorded, with a clear audit trail for appropriate internal checks and sign-offs. The use of version control software which allows for the accurate timestamping and identification of the user responsible for relevant changes should be considered.

          • 49

            OCAB Holders should maintain a clear and comprehensive audit trail for system issues internally, including security issues and those with third parties, and their resolution.

          • 50

            OCAB Holders should conduct at least annual third-party audit of core systems being used. Crypto Asset Custodians and Crypto Asset Exchanges should have an annual review of their infrastructure undertaken by reputable third party cyber security consultants, producing a list of recommendations and areas of concern.

          • 51

            Security measures and procedures

            OCAB Holders should have measures and procedures in place which comply with network security best practices (e.g., the implementation of firewalls, the regular changing of passwords and encryption of data in transit and at rest). Updates and patches to all systems, particularly security systems, should be performed as soon as safely feasible after such updates and patches have been released.

          • 52

            Crypto Asset Exchange and Crypto Asset Custodian IT infrastructures are expected to provide strong layered security and seek the elimination of "single points of failure". IT infrastructure security policies are required to be maintained, describing in particular how strong layered security is provided and how "single points of failure" are eliminated. IT infrastructures should be strong enough to resist, without significant loss to customers, a number of scenarios, including but not limited to: accidental destruction or breach of a single facility, collusion or leakage of information by employees/former employees within a single office premise, successful hack of a cryptographic module or server, or access by hackers of any single set of encryption/decryption keys.

          • 53

            OCAB Holders should regularly test security systems and processes. Vulnerabilities are being introduced continually by malicious individuals and researchers, often via new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.

          • 54

            OCAB Holders should have in place policies and procedures that address information security for all personnel. A strong security policy sets the security tone for the whole entity and informs personnel what is expected of them. All personnel should be aware of the sensitivity of data and their responsibilities for protecting it.

          • 55

            The encryption of data, both at rest and in transit, including consideration of API security (e.g. OAuth 2.0) should be included in the security policy. In particular, encryption and decryption of Crypto Asset private keys should utilise encryption protocols, or use alternative algorithms that have broad acceptance with cyber security professionals. Critical cryptographic functions such as encryption, decryption, generation of private keys, and the use of digital signatures should only be performed within cryptographic modules complying with the highest, and ideally internationally recognised, applicable security standards.

          • 56

            OCAB Holders should conduct regular (at least annually) security tests of their systems, network, and connections.

          • 57

            Cryptographic Keys and wallet storage

            Distributed ledgers, which are considered to be the single source of truth regarding ownership of Crypto Assets, are often based on blockchain technology. The ability to send and receive Crypto Assets by recording new transactions on a distributed ledger is usually dependent on cryptographic keys — a public key and one or more private keys. The public key allows other users on a distributed ledger to send Crypto Assets to an address associated with that public key. The private key(s) provides full control of the Crypto Assets associated with the public key. As such, OCAB Holders need to have robust procedures and protective measures to ensure the secure generation, storage, backup and destruction of both public and private keys.

          • 58

            To be able to access Crypto Assets, the device on which the private key is held needs access to a network (which, in most cases, will be via the internet). A wallet where the private key is held on a network attached device is called a hot wallet. Hot wallets are vulnerable to hacking attempts and can be more easily compromised by viruses and malware. Crypto Assets that do not need to be immediately available should be held off line, in a 'cold wallet' to the extent feasible. Below is a non-exhaustive list of some of the measures that OCAB Holders should consider:

          • 59

            Password protection and encryption

            Both hot and cold wallets must be password protected and encrypted. The key storage file that is held on the online or offline device is generally encrypted. The user is therefore protected against theft of the file (to the degree the password cannot be cracked), but malware on the machine may still be able to gain access (e.g., a keystroke logger to capture the password).

          • 60

            OCAB Holders should consider the use of multi-signature wallets (e.g., where multiple private keys are associated with a given public key and a subset of these private keys, sometimes held by different parties, are required to authorise transactions). Noting that there is no way to recover stolen or lost private keys unless a copy of that key has been made, multi-signature wallets may offer more security because a user can still gain access to its Crypto Assets when two or more Private Keys remain available.

          • 61

            Off line storage of keys

            To mitigate the risks associated with hot wallets, private keys can be stored in a cold wallet, which is not attached to a network. OCAB Holders should implement cold wallet key storage where possible if they are offering wallet services to their Clients.

          • 62

            Air gapped key storage

            Wallets may also be stored on a secondary device that is never connected to a network. This device, referred to as an air-gapped device, is used to generate, sign, and export transactions. Care must be taken not to infect the air-gapped device with malware when, for example, inserting portable media to export the signed transactions. Hardware security modules emulate the properties of an air gap. A proper policy must be created to describe the responsibilities, methods, circumstances and time periods within which transactions can be initiated. Access and control of single private keys should be shared by multiple users to avoid transactions by a single user.

          • 63

            Password-derived keys

            Some wallet solutions enable cryptographic keys to be derived from a user-chosen password (the "seed") in a "deterministic" wallet. The most basic version requires one password per key pair. A Hierarchical Deterministic wallet derives a set of keys from a given seed. The seed allows a user to restore a wallet without other inputs. An OCAB Holder offering deterministic wallet solutions should ensure that users are provided with clear instructions for situations where keys, seeds or hardware supporting such wallet solutions are lost.

          • 64

            Origin and destination of Crypto Asset funds

            Crypto Asset transactions between public addresses take place on a public distributed ledger. Although it is normally possible to identify the public addresses of the parties to a transaction, it is often very difficult to establish the owner (whether natural or legal) of these addresses. This makes Crypto Assets attractive to money launderers, terrorist financers and other criminals.

          • 65

            The US Office of Foreign Asset Control (OFAC) has issued a statement requiring wallet addresses known to belong to individuals listed on the Specially Designated Nationals And Blocked Persons sanctions ("SDN") list to be reported. Further information is available on the OFAC website.10 Additionally, there are companies collecting "tainted" wallet addresses that have been used in hacks, "dark web" transactions and other criminal endeavours.


            10 https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_compliance.aspx

          • 66

            An OCAB Holder must have clear policies and procedures, consistent with the AML Rules applicable to it, to identify the source of funds and to ensure its compliance with COBS Rules 17.5(c) (Origins and destination of Crypto Asset funds) and 17.5(e) (Risk Management).

          • 67

            It is crucial that OCAB Holders perform due diligence on their Clients before opening an account so that wallet addresses can be identified as belonging to a specific user. If a transaction is detected that originates from or is sent to a "tainted" wallet address belonging to a known user, that user should be reported. OCAB Holders should maintain lists of tainted wallet addresses and consider the use of third party services to help identify such addresses.

          • 68

            Currently, there are technology solutions developed in-house and available from third party service providers which enable the tracking of Crypto Assets through multiple transactions to more accurately identify the source and destination of these Crypto Assets. OCAB Holders should consider using such solutions and other systems to adequately meet anti-money laundering, financial crime and know-your-customer requirements set out in the Spot Crypto Asset Framework.11


            11 For full details on these obligation, please refer to the earlier section of AML/CFT.

          • 69

            Planned and Unplanned system outages

            OCAB Holders should have a programme of planned systems outages to provide for adequate opportunities to perform updates and testing. OCAB Holders should also have multiple communication channels to ensure that its Clients are informed, ahead of time, of any outages which may affect them.

          • 70

            OCAB Holders should have clear, publicly available, procedures articulating the process in the event of an unplanned outage. During an unplanned outage, OCAB Holders should be able to rapidly disseminate key information and updates on a frequent basis.

          • 71

            Management of personnel and decision making

            OCAB Holders should implement processes and procedures concerning decision making and access to sensitive information and security systems.

          • 72

            A clear audit log of decision making should be kept. Staff with decision-making responsibilities should have the adequate expertise, particularly from a technological standpoint, to make such decisions.

          • 73

            Protective measures should be implemented to restrict access to critical and/or sensitive data to key personnel only. This includes both digital and physical access. OCAB Holders should have processes and procedures to track and monitor access to all network resources. Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimising the impact of a data compromise. The maintenance of logs allows thorough tracking, alerting, and analysis when issues occur.

          • 74

            Third party outsourcing

            OCAB Holders may use third party services for their systems. However, when doing so, the OCAB Holder (pursuant to GEN 3.3.31) retains full responsibility from a regulatory perspective for any issues that may result from the outsourcing including the failure of any third party to meet its obligations. The FSRA requires that certain core systems (for example, the matching engine of a Crypto Asset Exchange) are maintained by the OCAB Holder itself and will not generally permit these to be outsourced.

          • 75

            In its assessment of a potential third party service provider, an OCAB Holder must satisfy itself that the service provider maintains robust processes and procedures regarding the relevant service (including, for example, in relation to the testing and security required in this section on Technology Governance).

          • 76

            In all circumstances, including in relation to business activities that are outsourced, an OCAB Holder is expected to maintain a strong understanding of the third party service being provided and, for critical services, have redundancy measures in place where appropriate.

        • Crypto Asset Risk Disclosures

          • 77

            Given the significant risks to Clients transacting in Crypto Assets, OCAB Holders are required to have processes in place that enable them to disclose, prior to entering into an initial transaction, all material risks to their Clients in a manner that is clear, fair and not misleading.

          • 78

            COBS Rule 17.6 sets out a non-exhaustive list of risks that are required to be disclosed to Clients. OCAB Holders are expected to undertake a detailed analysis of the risks, and to make all necessary disclosures to their Clients. As this disclosure obligation is ongoing, and given the rapidly developing market for Crypto Assets, OCAB Holders are required to continually update this analysis and the resultant disclosures to its Clients to reflect any updated risks relating to:

            a) the OCAB Holder's products, services and activities12;
            b) Crypto Assets generally; and
            c) the specific Accepted Crypto Asset.

            12 These disclosures should cover any specific arrangements, or lack of arrangements, for any product, service and activity of an OCAB Holder. For example, in relation to custody of Client's Crypto Assets, where an OCAB Holder requires Clients to self-custodise their Crypto Assets, this must be fully disclosed to Clients upfront, and Clients must be informed that the OCAB Holder is not responsible for custody and protection of Clients' Crypto Assets.

          • 79

            For the purposes of interpreting the reference to "initial Transaction" in COBS Rule 17.6, OCAB Holders can meet the obligation in this Rule at any time prior to the 'initial Transaction'. For example, the introduction of a new Accepted Crypto Currency to trading on a Crypto Asset Exchange may require a further specific risk disclosure being made to Clients of the Crypto Asset Exchange in relation to the risks of trading in that new Accepted Crypto Asset (as assessed by the Crypto Asset Exchange).

          • 80

            The FSRA will need to understand the process by which an OCAB Holder will communicate the risks outlined in COBS Rule 17.6.2, as well as any other relevant material risks to its Clients. Where the Clients of an OCAB Holder are required to enter into a Client Agreement, the OCAB Holder may make its first such risk disclosure in that Client Agreement.

        • Market Abuse, Transaction Reporting and Misleading Impressions (FSMR)

          • 81

            As the Spot Crypto Asset Framework does not treat Crypto Assets as Financial Instruments / Specified Investments, certain FSMR provisions have been expanded to capture Crypto Asset activities within ADGM.

          • 82

            Importantly, the Market Abuse Provisions in Part 8 of FSMR specifically cover Market Abuse Behaviour in relation to Accepted Crypto Assets admitted to trading on a Crypto Asset Exchange. In this regard, the FSRA imposes the same high regulatory standards to Crypto Assets traded on Crypto Asset Exchanges as it does to Financial Instruments traded on Recognised Investment Exchanges, MTFs or OTFs in ADGM.

          • 83

            An important change to assist the FSRA with the prevention, monitoring and enforcement of these Market Abuse provisions is set out in FSMR Section 149. Similar to the reporting requirements imposed on Recognised Investment Exchanges and MTFs, Crypto Asset Exchanges are also required to report details of transactions in Accepted Crypto Assets traded on their platforms.13 The FSRA will expect Crypto Asset Exchanges to report on both a real-time and batch basis.


            13 The additional obligation of a Crypto Asset Exchange to undertake its own market surveillance is set out later in paragraph 90(d) of this Guidance.

          • 84

            In addition, the FSMR provisions on Misleading Statements apply to Accepted Crypto Assets. The FSRA expects that all communications (including advertising or investment materials or other publications) made by an Authorised Person will be made in an appropriate manner and that an Authorised Person will implement suitable policies and procedures to comply with the requirements of FSMR.

        • Application of particular Rules in COBS

          • 85

            For the purposes of the Spot Crypto Asset framework and OCAB Holders, the Rules referenced in COBS 17.1.4 apply to all transactions undertaken by an OCAB Holder. The Rules referenced in COBS 17.1.4 are as follows:

            a) COBS Rule 3.4 (Suitability);
            b) COBS Rule 6.5 (Best Execution);
            c) COBS Rule 6.7 (Aggregation and Allocation);
            d) COBS Rule 6.10 (Confirmation Notes);
            e) COBS Rule 6.11 (Periodic Statements); and
            f) COBS Chapter 12 (Key Information and Client Agreement)).

          • 86

            These requirements are relevant to the concept of 'Investment Business' within COBS, and are to be applied to the activities of all OCAB Holders. The FSRA appreciates that some of these individual obligations may not apply to certain OCAB Holders and will, where necessary and appropriate, consider granting modification or waiver relief to OCAB Holders.

        • CRYPTO ASSET EXCHANGES

          • 87

            Whilst multiple Crypto Asset activities can be conducted, and regulated by the FSRA within ADGM as set out in section 73B of Schedule 1 of FSMR, the FSRA considers the Crypto Asset activities undertaken by Crypto Asset Exchanges to be a key Crypto Asset activity in ADGM. For this reason, the Spot Crypto Asset Framework contains specific additional requirements applicable to Crypto Asset Exchanges. The approach taken by the FSRA to the regulation of Crypto Asset Exchanges is to treat them similarly to Multilateral Trading Facilities ("MTFs").

          • 88

            The FSRA considers that operating a Crypto Asset Exchange within ADGM cannot be undertaken by entities without a commitment of substantial resources, including a substantial commercial, governance, compliance, technical, IT and HR presence, within ADGM.

          • 89

            In addition to the requirements set out in COBS Rules 17.1 to 17.6, Crypto Asset Exchanges are also required to meet the additional Rules set out in COBS 17.7. COBS Rule 17.7.2 requires that a Crypto Asset Exchange comply with the requirements set out in Chapter 8 of COBS, being the principal Rules relevant to the operation of an MTF14.


            14 Chapter 8 of COBS also contains the requirements for the operation of an Organised Trading Facility (OTFs). The application of OTF Rules, however, are not relevant to the operation of a Crypto Asset Exchange.

          • 90

            Chapter 8 of COBS incorporates Rules from various other FSRA Rulebooks that must be complied with, including certain sections of the Market Infrastructure Rules ("MIR"). COBS Rule 8.2.1 sets out various Rules in MIR that OCAB Holders are required to comply with to the satisfaction of the FSRA, with the applicable Rules set out as follows:

            a) MIR Rule 2.6 (Operational systems and controls): MIR Rule 2.6.1 requires a Crypto Asset Exchange to 'establish a robust operational risk management framework with appropriate systems and controls to identify, monitor and manage operational risks that key participants, other [Crypto Asset Exchanges], service providers (including outsourcees) and utility providers might pose to itself.'
            i. In considering systems and controls, the FSRA has provided guidance on what it expects in relation to Technology governance controls in paragraphs 42 to 76 of this Guidance, such that the FSRA's expectations in this area are similar to what is expected of Recognised Investment Exchanges generally. The FSRA therefore requires a Crypto Asset Exchange to undertake its 'exchange-type' activities in compliance with these operational system and control requirements, in combination with the Technology governance controls outlined earlier in this Guidance.
            ii. The FSRA expects extensive due diligence and testing of a Crypto Asset Exchange's operational systems to be undertaken, with the relevant reports of such testing capable of being provided to the FSRA for review. Such testing should be undertaken by an officer of the Crypto Asset Exchange possessing the appropriate expertise. The testing reports need to confirm the robustness of the Crypto Asset Exchange's systems, and address any potential areas of failure. Testing should include the settlement processes for the movement of Crypto Assets between wallets, and the general connectivity of the Crypto Asset Exchange's systems with other parties. Testing should be ongoing, building in processes for the introduction of new Accepted Crypto Assets.
            iii. A Crypto Asset Exchange will need to provide policies and procedures that clearly evidence how it will effectively address a failure of its systems. Failures must be rectified as soon as practicable, with a Crypto Asset Exchange's business continuity plan including detailed and realistic response timeframes for failures or disruptions.
            b) MIR Rules 2.7.1 and 2.7.2 (Transaction recording): FSRA expects that the primary ledger technology systems and controls of a Crypto Asset Exchange (whether they be DLT or multiple-ledger technologies) will be such that transaction recording and reporting is easily facilitated, and that all FSRA requirements can be effectively complied with. Where reconciliations are required to be undertaken, for example, between a DLT and an internal ledger maintained by a Crypto Asset Exchange, the FSRA will need to be satisfied that the reconciliation process is robust, timely and efficient.
            c) MIR Rule 2.8 (Membership criteria and access): MIR Rule 2.8.1 requires that a Crypto Asset Exchange 'must ensure that access to its facilities is subject to criteria designed to protect the orderly functioning of the market and the interests of investors'.
            i. MIR Rules 2.8.2 to 2.8.6 support the operation of MIR Rule 2.8.1, and the FSRA expects that Crypto Asset Exchanges consider the application of the requirements across these Rules — for example, MIR Rule 2.8.5 contains substantive provisions that should apply, regardless of what model of 'access' a Crypto Asset Exchange utilises.
            ii. The FSRA recognises, however, that Crypto Asset Exchanges generally operate an 'access' model that does not include Members (e.g., access is granted directly to Clients of the Crypto Asset Exchanges). A Crypto Asset Exchange will, therefore, need to ensure that it has appropriate processes, controls and Rules to 'protect the orderly functioning' of the market, its facilities and the interests of its investors.
            iii. By not adopting a 'Member-access' model and allowing direct 'Client-access', Crypto Asset Exchanges lose one layer of regulatory/supervisory defense that Recognised Investment Exchanges have, in that they do not have Members assisting them by undertaking the necessary due diligence and compliance reviews of investors in their market. The FSRA, in these circumstances, requires Crypto Asset Exchanges to undertake their own CDD reviews for every client accessing (trading on) their market (something which a Recognised Investment Exchange may rely on its Members to do). Resultant AML/CFT obligations therefore also fall more directly on a Crypto Asset Exchange as well. The FSRA expects that the controls (and resultant resourcing needs) be appropriately accounted for by Crypto Asset Exchanges.
            iv. Depending on the model, controls and criteria to be adopted by a Crypto Asset Exchange, the FSRA may be minded to consider granting modification or waiver relief in relation to the specific 'Member' requirements in MIR Rule 2.8.
            d) MIR Rule 2.9 (Financial crime and market abuse): Crypto Asset Exchanges are required to operate an effective market surveillance program to identify, monitor, detect and prevent conduct amounting to market misconduct and Financial Crime. Given the significant risks, and the nascent nature and constant pace of development of the Crypto Asset industry, a Crypto Asset Exchange's surveillance system will need to be robust, and regularly reviewed and enhanced.
            i. The FSRA recognises that Crypto Asset Exchanges outside ADGM may not be subject to a similar regulatory standard as that which applies within ADGM. The FSRA recommends, therefore, that Crypto Asset Exchanges spend the time to consider the application of MIR Rules 2.9.1 to 2.9.3, which technology, systems and controls they propose to use for these purposes, and the associated resourcing needs required to undertake these functions appropriately.
            ii. The FSRA further reminds Crypto Asset Exchanges, and investors trading on a Crypto Asset Exchange, of the Market Abuse provisions applicable to the trading of Accepted Crypto Assets on a Crypto Asset Exchange.15
            e) MIR Rule 2.11 (Rules and consultation): To meet MIR Rules 2.11.1 to 2.11.11, a Crypto Asset Exchange must ensure that it has appropriate procedures in place for it to make rules, for keeping its rules under review, for consulting and for amending its rules. MIR Rule 2.11.2 requires any proposed rule changes be subject to FSRA approval.
            f) MIR Rule 3.3 (Fair and orderly trading): MIR Rules 3.3.1 to 3.3.4 establish the requirements a Crypto Asset Exchange must meet for providing fair and orderly trading across its market, and for having objective criteria for the efficient execution of orders. The FSRA considers these requirements to be fundamental to the operation of a Crypto Asset Exchange.
            g) COBS Rule 8.3.1 & MIR Rule 3.7 (Public disclosure): Any arrangements of a Crypto Asset Exchange used to make information public (including trading information required to be disclosed under COBS 8.3.1) must satisfy a number of conditions, including that it is reliable, monitored continuously, and made available to the public on a non-discriminatory basis. While a Crypto Asset Exchange can choose the format structure to be used for dissemination, MIR Rule 3.7.4 requires it to conform to a consistent and structured format.
            h) MIR Rule 3.8 (Settlement and Clearing Services): A Crypto Asset Exchange will need to have clear processes in place for the settlement (and if applicable, the clearing) of all Accepted Crypto Asset transactions. As noted in the AML and Technology Governance sections of this Guidance, extensive stress testing on capabilities to connect successfully with third parties, and in relation to the movement of Crypto Assets between wallets, will be required to be undertaken to the FSRA's satisfaction. The FSRA will not necessarily require a connection to a separate Recognised (or Remote) Clearing House where the Crypto Asset Exchange can demonstrate that it has in place 'satisfactory arrangements for the timely discharge, Clearing and settlement of the rights and liabilities of the parties to transactions effected' on the Crypto Asset Exchange.
            i) MIR Rule 3.10 (Default Rules): Depending on whether a Crypto Asset Exchange operates a 'Member-access' model or it allows direct 'Client-access' will determine the full, or partial, application of MIR Rules 3.10.1 to 3.10.3. The FSRA, at a minimum, expects Crypto Asset Exchanges to have in place both rules and a process to suspend or terminate access to its markets in circumstances where a Member/Client is unable to meet its obligations in respect of transactions relating to Accepted Crypto Assets.

            15 Refer to paragraphs 81 to 84 of this Guidance.

          • 91

            COBS Rule 17.7.4 specifies that certain notification requirements applicable to Recognised Investment Exchanges under MIR Rules 5.1, 5.3 and certain information requirements under MIR 5.4.1 apply to Crypto Asset Exchanges. These are specific requirements applicable to Crypto Asset Exchanges that are not applied to MTFs. Crypto Asset Exchanges will also need to comply with any other applicable notification requirements including those set out in paragraph 28 of this Guidance in relation to the use of additional Accepted Crypto Assets.

          • 92

            It is recognised that Crypto Asset Exchanges may take varying approaches in relation to the custody of fiat currencies and Crypto Assets. In some circumstances, a Crypto Asset Exchange may use third party custodians. However, to the extent that a Crypto Asset Exchange conducts its own custody activities, it will also be considered to be Operating as a Crypto Asset Custodian for the purposes of this framework, and will be required to comply with COBS Rule 17.8, and take guidance from the section below on "Crypto Asset Custodians".

          • Recognised Investment Exchanges Operating a Crypto Asset Exchange

            • 93

              Pursuant to MIR Rule 3.4.1A, a Recognised Investment Exchange may operate a Crypto Asset Exchange, as part of the Regulated Activity of Operating a Crypto Asset Business, provided that its Recognition Order includes a stipulation permitting it to do so. MIR Rule 3.4.2 requires that where such a stipulation is granted to a Recognised Investment Exchange, the Recognised Investment Exchange must meet the requirements of the Spot Crypto Asset Framework in relation to operation of the Crypto Asset Exchange while the remainder of its operations must be operated in compliance with the MIR Rules.

            • 94

              This means that a Recognised Investment Exchange can, where permitted by the FSRA and subject to MIR Rule 3.4.2, operate an MTF, OTF and/or Crypto Asset Exchange under its Recognition Order.

        • CRYPTO ASSET CUSTODIANS

          • 95

            Similar to the approach taken in relation to Crypto Asset activities undertaken by Crypto Asset Exchanges, the FSRA considers the Crypto Asset activities undertaken by Crypto Asset Custodians to be a key Crypto Asset activity within ADGM. Accordingly, the Spot Crypto Asset Framework contains specific additional requirements applicable to Crypto Asset Custodians.

          • 96

            In addition to having to meet the requirements set out in COBS Rules 17.1 to 17.6, Crypto Asset Custodians are required to meet the additional Rules set out in COBS 17.8. For the purposes of Operating a Crypto Asset Business, COBS Rule 17.8.2 requires that the existing definitions of "Providing Custody", "Client Assets" and "Client Investments" be read to include "Crypto Assets" and that "Investment Business" be read to include a "Crypto Asset Business". This approach has been taken by the FSRA to ensure that Crypto Assets are afforded the same protections as other similar products and activities under FSMR and the FSRA Rulebook.

          • 97

            The FSRA notes that there are broadly three types of custodial arrangements (for Crypto Assets) that OCAB Holders are likely to adopt:

            a) Type 1: The OCAB Holder is wholly responsible for custody of Client's Crypto Assets and provides this service "in-house" through its own Crypto Asset wallet solution. Such an arrangement includes scenarios where a Crypto Asset Exchange provides its own in-house proprietary wallet for Clients to store any Crypto Assets bought through that exchange or transferred into the wallet from other sources.
            b) Type 2: The OCAB Holder is wholly responsible for the custody of Client's Crypto Assets but outsources this service to a third-party Crypto Asset Custodian. Such an arrangement includes the scenario where a Crypto Asset Exchange uses a third party service provider to hold all its Clients' Crypto Assets (e.g., all or part of the Clients' private keys).
            c) Type 3: The OCAB Holder wholly allows Clients to "self-custodise" their Crypto Assets. Such an arrangement includes scenarios where some distributed Crypto Asset Exchanges require Clients to self-custodise their Crypto Assets. Such exchanges only provide the trading platform for Clients to buy and sell Crypto Assets; Clients are required to source and use their own third party Crypto Asset Custodians (which the distributed Crypto Asset Exchanges have no control over or responsibility for). This arrangement also includes the scenario where OCAB Holders (such as Crypto Asset Exchanges) provide an in-house wallet service for Clients, but also allow Clients to transfer their Crypto Assets out of this wallet to another wallet from a third party wallet provider chosen by the Client (and which the OCAB Holder does not control).

          • 98

            The FSRA considers scenarios where Clients are required to self-custodise their Crypto Assets as being a material risk given that the burden of protecting and safeguarding Crypto Assets falls wholly upon Clients, and that Crypto Assets face the constant risk of being stolen by malicious actors. As such, OCAB Holders requiring Clients to self-custodise Crypto Assets are required to disclose this fact fully and clearly upfront to Clients, and meet the disclosure standards elaborated in paragraphs 77 to 80 in the section of this Guidance above on "Crypto Asset Risk Disclosures". The FSRA will take the quality of these disclosures into account when assessing applications from OCAB Holders proposing to require Clients to self-custodise their Crypto Assets.

          • Protection of Client Money

            • 99

              Chapter 14 of COBS sets out various requirements that all Authorised Persons, including OCAB Holders, must comply with to ensure that they properly protect and safeguard any Client Money that they are holding or controlling on behalf of their Clients. In addition, COBS Rule 17.8 describes how the Client Money rules in Chapter 14 apply to Crypto Asset Custodians.

            • 100

              "Client Money" refers to money (e.g., fiat) of any currency which an Authorised Person holds on behalf of a Client or which an Authorised Person treats as Client Money, subject to the exclusions in COBS 14.2.6. In carrying out their activities, OCAB Holders may at certain junctures be holding or controlling Client Money when providing Crypto Asset-related products and services to their Clients.

            • 101

              The following are examples of situations where an OCAB Holder would be considered to be holding or controlling Client Money:

              a) Example 1: To fund his trading account at a Crypto Asset Exchange, a Client of the Crypto Asset Exchange transfers US dollars (in fiat) from his bank account to his account at the Crypto Asset Exchange. These US dollars held by the Crypto Asset Exchange for the Client — before they are used to purchase any Accepted Crypto Assets — would be considered Client Money.
              b) Example 2: A Client of a Crypto Asset Exchange holds bitcoins in his wallet at the Crypto Asset Exchange. He uses the Crypto Asset Exchange to sell these bitcoins in exchange for US dollars (in fiat). The US dollars are then credited to his account at the Crypto Asset Exchange and held by the Crypto Asset Exchange for him. These US dollars held in his account with the Crypto Asset Exchange would be considered Client Money.

            • 102

              A Crypto Asset Custodian that holds or controls Client Money must comply with all the relevant Client Money rules in Chapter 14 of COBS (read together COBS Rule 17.8) at all times. In particular, such Crypto Asset Custodians are required to carry out reconciliations of Client Money in Client Accounts as follows:

              a) Reconciliations with respect to COBS Rule 14.2.12(a) shall be carried out at least every week; and
              b) Reconciliations with respect to COBS Rule 14.2.12(d) shall be carried out within 5 days of the date to which the reconciliation relates.

          • Safe Custody of Clients' Crypto Assets

            • 103

              Chapter 15 of COBS sets out various requirements that all Authorised Persons, including OCAB Holders, must comply with to ensure that they properly protect and safeguard any Client Investments they are holding, controlling, providing custody for, or arranging custody for, on behalf of their Clients. Chapter 17 of COBS describes how the Safe Custody rules in Chapter 15 apply to Crypto Asset Custodians.

            • 104

              "Client Investments" in the context of Crypto Asset Custodians refer specifically to Crypto Assets such as bitcoin and not to money (in fiat) of any currency. Refer to paragraphs 99 to 102 above for guidance on how Crypto Asset Custodians are required to properly protect and safeguard Client Money (in fiat).

            • 105

              The following are examples of situations where a Crypto Asset Custodian would be considered to be holding, controlling, providing custody for, or arranging custody for, with respect to Accepted Crypto Assets, on behalf of its Clients:

              a) Example 1: A Client of a Crypto Asset Exchange uses US dollars (in fiat) to purchase bitcoins on the Crypto Asset Exchange. The Crypto Asset Exchange provides an integrated Crypto Asset wallet service to the Client, and holds the bitcoins for the Client in this wallet. The Crypto Asset Exchange may also allow the Client to transfer bitcoins from other wallets to the wallet held with the Crypto Asset Exchange, or from the Crypto Asset Exchange's wallet to these other wallets.
              b) Example 2: A Crypto Asset wallet provider (being a Crypto Asset Custodian) that is not a Crypto Asset Exchange offers a dedicated Crypto Asset wallet service, allowing the Client to transfer bitcoins purchased on a Crypto Asset Exchange or received from another person, to the wallet. The crypto wallet provider keeps these bitcoin in custody for the Client. Crypto Asset Exchanges may also outsource such service.

            • 106

              There are currently two main types of Crypto Asset wallets:

              a) Type 1: "Custodial Wallets" — the custodial wallet provider holds Crypto Assets (e.g., the private keys) as an agent on behalf of Clients, and has at least some control over these Crypto Assets. Most Crypto Asset Exchanges that hold Crypto Assets on behalf of their Clients would generally be offering Custodial Wallets and often offer multi-signature wallets (please see paragraph 60). Clients using custodial wallets do not necessarily have full and sole control over their Crypto Assets. In addition, there is a risk that should the custodial wallet provider cease operations or get hacked, Clients may lose their Crypto Assets.
              b) Type 2: "Non-Custodial (Self-Custody) Wallets"- the non-custodial wallet provider, typically a third-party hardware add/or software company, offers the means for each Client to hold their Crypto Assets (and fully control private keys) themselves. The non-custodial wallet provider does not control Client's Crypto Assets — it is the Client that has sole and full control over their Crypto Assets. Hardware wallets, mobile wallets, desktop wallets and paper wallets are generally examples of non-custodial wallets. Clients using non-custodial wallets have full control of and sole responsibility for their Crypto Assets, and the non-custodial wallet provider does not have the ability to effect unilateral transfers of Clients' Crypto Assets without Clients' authorization.

            • 107

              Only entities providing the custodial wallets as described in paragraph 106(a) above are considered to be carrying out the regulated activity of a Crypto Asset Custodian. With respect to the non-custodial wallets as described in paragraph 106(b) above, the wallet provider is merely providing the technology; it is the wallet user himself who has full control of and responsibility for his Crypto Assets.

            • 108

              An OCAB Holder that holds, controls, provides custody for, or arranges custody for, with respect to Crypto Assets, on behalf of their Clients, is considered a "Crypto Asset Custodian", and must comply with all the relevant Safe Custody rules in Chapter 15 of COBS (read together with Chapter 17 of COBS) at all times.

            • 109

              Crypto Asset Exchanges that provide an integrated Crypto Asset wallet would also need to comply with these Safe Custody rules. Crypto Asset Exchanges that outsource their Crypto Asset wallets to a third party may also be considered as "arranging custody", and may also need to comply with these Custody Rules, as applicable.

            • 110

              In addition to the two main Crypto Asset wallet types described above, the FSRA recognises that there may be alternative Crypto Asset wallet models in existence or which may emerge in future. Entities seeking to provide such alternative types of Crypto Asset wallets and who are unsure of the regulatory obligations they may attract are encouraged to contact the FSRA.

            • 111

              OCAB Holders operating as Crypto Asset Custodians are required to:

              a) Send out statements of a Client's Crypto Assets holdings to Retail Clients at least monthly (as required under COBS Rule 15.8.1(a)); and
              b) Carry out all reconciliations of a Client's Crypto Asset holdings at least every week (as required under COBS Rule 15.9.1).

        • FEES

          • 112

            The Fees applicable to OCAB Holders have been established in consideration of the risks involved in relation to Crypto Asset activities and the supervisory requirements placed on the FSRA to suitably regulate OCAB Holders and Crypto Asset activities in ADGM.

          • 113

            Pursuant to FEES Rule 3.14.1, an Applicant for an FSP to carry on the Regulated Activity of Operating a Crypto Asset Business must pay an initial authorisation fee of (as applicable):

            a) $20,000; or
            b) $125,000 if the Applicant is seeking to operate as a Crypto Asset Exchange.

          • 114

            Pursuant to FEES Rule 3.14.2, annual supervision fees are set as follows:

            a) $15,000; or
            b) $60,000 if the Applicant is seeking to operate as a Crypto Asset Exchange.

          • 115

            If an Applicant/OCAB Holder will be undertaking multiple OCAB Regulated Activities as part of its FSP, the fees attributable to that OCAB Holder will be cumulative. This means, for example, where an Applicant is seeking to operate as a Crypto Asset Exchange and a Crypto Asset Custodian, the $20,000 authorisation fee attributable to a Crypto Asset Custodian would be added to the $125,000 authorisation fee attributable to the Crypto Asset Exchange.

          • 116

            Noting the above paragraph, if an Applicant/OCAB Holder will be undertaking conventional Regulated Activities in addition to its OCAB activities, as noted in paragraph 20 a licence will be required to include the conventional Regulated Activities as well as the OCAB activities. The fees attributable to that OCAB Holder for its Regulated Activities, conventional and OCAB, will be cumulative.

          • 117

            Pursuant to FEES Rule 3.14.3, a Crypto Asset Exchange must pay to the FSRA a trading levy on a sliding scale basis (as set out in the table below), payable monthly in USD.

            Average Daily Value (ADV) ($USD) Levy
            ADV < 10m 0.0015%
            10m < ADV < 50m 0.0012%
            50m < ADV < 250m 0.0009%
            ADV > 250m 0.0006%

          • 118

            In circumstances where a Recognised Investment Exchange seeks to also operate a Crypto Asset Exchange, due to the risks and the 'substantial additional' regulatory burden imposed on FSRA, the Applicant/Recognised Investment Exchange will be subject, pursuant to FEES Rules 1.2.5 and 3.14.1(b), an additional fee of $125,000 for the application only.

    • Guidance — Regulation of Crypto Asset Activities in ADGM

      Click here to view PDF

    • Guidance — Regulation Of Crypto Asset Activities in ADGM (Explanatory Draft — comparison of 1st and 2nd editions of Guidance)

      Click here to view PDF