RPP 3-2 RPP 3-2 Supervision of Authorised Firms
Section 3.2 provides additional information in relation to
DFSA'sapproach to the supervision of an Authorised Firm. Where relevant, some of these requirements may apply to a Representative Office.
In supervising an
Authorised Firm, the DFSAexpects an Authorised Firmto comply with a number of high level principles in relation to its activities.
Authorised Firm, other than a Representative Office, must comply with the twelve principles set out in section 4.2 of the GEN module. In brief, these are:(a) Principle 1 — Integrity;(b) Principle 2 — Due skill, care and diligence;(c) Principle 3 — Management, systems and controls;(d) Principle 4 — Resources;(e) Principle 5 — Market Conduct;(f) Principle 6 — Information and Interests;(g) Principle 7 — Conflicts of Interest;(h) Principle 8 — Suitability;(i) Principle 9 — Customer assets and money;(j) Principle 10 — Relations with regulators;(k) Principle 11 — Compliance with high standards of corporate governance; and(l) Principle 12 — Remuneration practices.
DFSAlicenses an Authorised Firm, it takes into consideration the relationship with any wider Groupto which the firm may belong or with other Personsclosely linked to it. The DFSAmay also take into account lead or consolidated supervision to which an Authorised Firmor its Groupmay be subject in another jurisdiction.
Authorised Firmis expected to provide information as required or reasonably requested under legislation applicable in the DIFCrelating to the Authorised Firmand, where applicable, its consolidated or lead regulatory arrangements. This information may include prudential information, reports on systems and controls relating to an Authorised Firm's Group, internal and external audit reports, details of disciplinary proceedings or any matters which may have financial consequences, reputational impact or pose any significant risk to the DIFCor to the Authorised Firmand the group-wide corporate governance practices and policies and the remuneration structure and strategies adopted. This information may initially be taken into account as part of DFSA'sfit and proper test as set out in section 2.2 and may subsequently be utilised in the supervision of the Authorised Firm. Further Rulesand Guidancewith regard to obtaining information from an Authorised Firm'slead regulator are set out in GEN Rule 11.1.5.
DFSAhas an interest in the relationship of an Authorised Firmwith other regulators, particularly in order to determine the level of reliance the DFSAmay place on a regulator in another jurisdiction concerning any lead supervision arrangements. Depending on the legal structure of an Authorised Firmand the relationship of the DFSAwith the regulator in question, the DFSAmay place appropriate reliance on the supervision undertaken by this regulator.
Domestic Firm's Group With DIFC Head Office
DFSAwill usually be the lead and consolidated regulator of any Groupheaded by a Domestic Firm. Members of the Group, that is any of the Authorised Firm's Subsidiariesor branches, will be either subject to DFSA'sexclusive supervision or, where members of the Groupare located in a jurisdiction outside the DIFC, generally subject to lead or consolidated supervision by the DFSAin co-operation with another regulator.
Subsidiary of a Non-DIFC Firm
DFSAwill routinely be the lead regulator for the purpose of prudential supervision of an Authorised Firmwhich is a DIFCincorporated Subsidiaryof a non-DIFC firm.
Authorised Firmis a Subsidiaryof a regulated non-DIFC parent company, the DFSAmay have regard to any consolidated prudential supervision arrangements to which the Subsidiaryis subject and will liaise with other regulators as necessary to ensure that these are adequately carried out, taking into account the Subsidiary'sactivities. The DFSAmay place appropriate reliance on the Subsidiary'sconsolidated regulator in another jurisdiction if it is satisfied that it meets appropriate regulatory criteria and standards.
Authorised Firmcarrying on Financial Servicesas a Subsidiaryof an unregulated non-DIFC parent company may be subject to DFSA'sconsolidated prudential supervision, taking into account the parent's activities.
Branch of a Non-DIFC Firm
Authorised Firmcarrying on Financial Servicesthrough a Branchwill be subject to supervision by both the DFSAand the regulator in its head office jurisdiction.
DFSAwill have regard to any lead or consolidated prudential supervision arrangements to which a Branchis subject. The DFSAmay place appropriate reliance on a Branch'slead regulator in another jurisdiction and, where appropriate, its consolidated prudential regulator if it is satisfied that it meets appropriate regulatory criteria and standards. Where an Authorised Firmis subject to lead regulation arrangements with a foreign regulator, the DFSAwill usually not seek to impose consolidated prudential supervision on the Authorised Firm's Group.
During the authorisation process the
DFSAwill take into account the nature and scope of the regulation and supervision to which the applicant is subject in its head office jurisdiction. Notwithstanding that an Authorised Firmmay be subject to lead or consolidated regulatory arrangements, the DFSArequires it to remain fit and proper in respect of its Groupand Controllers. Certain changes or events will require notification to, or prior approval from, the DFSA.
DFSAwill determine the level of regulatory and supervisory oversight which is subsequently required for a specific Branch. As part of DFSA'srisk assessment process, during the authorisation process the DFSAundertakes a two-tier approach to the risks to its objectives posed by the Branch, thereby taking into account the characteristics of the applicant and its head office. The first part of this assessment includes a judgement on the degree of home country supervision and considers the strength of support, both financial and managerial, which the head office is capable of providing to the Branch, taking into account the Branch'sactivities and the adequacy of, among other things, the corporate governance framework and practices and remuneration structure and strategies adopted at the head office. The second part of the assessment considers the risk and control mechanisms within the Branchitself.
As a result of the assessment, the
DFSAmay consider granting a waiver or modification notice in respect of specific prudential or other regulatory requirements relating to a Branch.
Prudential Returns for Authorised Firms
Authorised Firmis required to submit periodic prudential returns. In addition, an Authorised Firmmay be required to submit copies of its Group'sannual interim and audited accounts. The DFSAmay also require an Authorised Firmto provide copies of Groupreturns which are sent to any other regulator.
Ongoing Risk Analysis
DFSAconducts an ongoing analysis of risks relating to each Authorised Firm, although the information required may vary from firm to firm. Authorised Firmswith a higher risk classification may be subject to closer regulatory attention and would typically be subject to supervisory reviews specifically designed to address particular causes of risk.
Authorised Firmswill be subject to an individual on-site risk assessment, except where more than one Authorised Firmbelongs to the same Group, in which case the DFSAmay decide to carry out a Grouprisk assessment.
The risk assessment process is ongoing and it is expected that the risks of each
Authorised Firmmay be reviewed on at least an annual basis. Notifications, reporting of information, an on-going dialogue with senior management and visits to the Authorised Firmwill ensure that the DFSAhas current information on key risk areas of the Authorised Firm.
There are also a number of trigger events which may affect the frequency of a risk assessment and the
Authorised Firm'soverall risk classification. Examples include:(a) a notification from a non-DIFC regulator or other authority of an issue concerning the Authorised Firmor its Group;(b) a material change in an Authorised Firm'sbusiness and new business activities;(c) a change in the Authorised Firm's Controllers;(d) an Authorised Firm'sdevelopment of high risk products or business lines;(e) an Authorised Firm'sdevelopment of business areas with characteristics such as unusual profitability;(f) an Authorised Firm'sappointment of new personnel in key business areas;(g) an Authorised Firm'sacquisition of new or revised information systems or new technology;(h) a rapid growth in specific areas of activity of an Authorised Firm;(i) an Authorised Firm'scorporate restructuring, merger or acquisitions;(j) an Authorised Firm'sexpansion or acquisition of non-DIFC operations including the impact of changes in related economic and regulatory environments; or(k) the DFSA'sresponse to industry-wide concerns or themes.
Review of Risk Management Systems
Pursuant to GEN Rule 5.3.4, an
Authorised Firmmust ensure that its risk management systems provide the Authorised Firmwith the means to identify, assess, mitigate and control its risks. In addition to undertaking its own assessment of the Authorised Firm, the DFSAmay review the results of the Authorised Firm'sinternal risk assessment and determine the extent to which each of the Authorised Firm'srisks impacts on DFSA'sobjectives, the likelihood of the risk occurring and then will consider the controls and mitigation programmes the firm has in place.
Desk Based Reviews
DFSAmay undertake desk based reviews in order to review compliance with legislation applicable in the DIFC. They assist the DFSA'sunderstanding of an Authorised Firm'soperations. For example, monitoring its financial position and detecting emerging problems or concerns to be explored in greater detail through prudential meetings, examinations, or otherwise. A desk based review may involve analysing information provided by the firm through supervisory returns, internal management information or published financial information.
DFSAmay, from time to time, issue a Controls questionnaire to Authorised Firmswho will be asked to complete and return this to the DFSA. A Controls questionnaire focuses on key areas of risk identified by the DFSAat that time. An Authorised Firmmust evaluate itself against each of the risk areas and score itself in terms of its own arrangements and the systems and controls it has in place for mitigating the particular risks.
On-site visits provide the
DFSAwith an overview of the Authorised Firm'soperations and enable it to form a first hand view of the personnel, systems and controls and compliance culture within the Authorised Firmas well as identifying and evaluating the risks to the DFSA'sobjectives, taking into account any mitigation by the Authorised Firm. They enable the DFSAto test the soundness of the Authorised Firm'ssystems and controls and the extent to which the DFSAcan continue to rely on them and the Authorised Firm'ssenior management to prevent or mitigate risks to the DFSA'sobjectives. On-site visits will also assist the DFSAto assess the extent of supervision and the use of other supervisory tools required to address certain key risk areas.
There are various types of on-site visits by the
DFSAto an Authorised Firmwhich differ in their objective and frequency:(a) Periodic visits are undertaken at frequencies determined by the DFSAand focus on the main risk areas within an Authorised Firm as well as providing the DFSAwith a thorough understanding of the Authorised Firm, its business and any major changes that have taken place within the Authorised Firmsince a previous visit or risk assessment and their probable effects;(b) Theme visits are designed to address a current or topical risk or issue either within a particular type of Authorised Firmor the market place in general. They tend to be short in duration and are focused in their approach. Examples of theme visits are anti money laundering, client assets and conflict management;(c) Follow-up visits are often required to assess the implementation of any action that may have been agreed as part of a risk mitigation programme or to satisfy the DFSAthat the Authorised Firmhas taken appropriate action arising from a previous visit or communication;(d) Special visits are unique to a particular Authorised Firmand are generally scheduled following a particular event or notification from an Authorised Firm. They are generally short, focused visits usually targeted to a particular area of an Authorised Firm. These visits allow the DFSAto review certain high risk areas of an Authorised Firm'sbusiness in isolation. Occasionally, special visits may be unannounced. These assist in keeping firms to the need to maintain a continuously high quality of compliance; and(e) The DFSAmay, from time to time, hold high level meetings with an Authorised Firm'ssenior management. Such meetings enable the DFSAto assess issues including any prudential concerns arising from desk based reviews or elsewhere.
DFSAis committed to open and transparent communication with Authorised Firms. From time to time, the DFSAmay issue letters to Senior Executive Officersor equivalent persons across the DIFC(commonly referred to as 'Dear SEO Letters'). Frequently, these letters will be issued as a means of communicating findings arising from completed thematic visits. However, they may also be issued in response to other major events or changes. For example, such a letter may include an update from relevant United Nations Security CouncilSanctions or Resolutions or the Financial Action Task Force, in relation to the prevention of money laundering and combating the financing of terrorism.
In addition to the
Senior Executive Officerletters, the DFSAmay issue s and warnings in response to particular matters of concern. An example of this could be in relation to matters concerning fraudulent activity that the DFSAhas become aware of.
DFSAholds outreach sessions from time to time, to interact with firms operating in the DIFC. These sessions are held to discuss regulatory matters in an open manner.
From time to time, the
DFSAmay consider a particular item of communication to an Authorised Firmto be of key regulatory importance. For this reason, the DFSAmay consider it necessary to issue such communications directly to a senior member of staff at the Boardlevel of the DIFCentity copied (where appropriate) to the group's home state regulator. For entities established as a Branchin the DIFC, these communications will likely be delivered to the Chairman of the Boardat the DIFC Branchentity's head or Parentoffice. For DIFCincorporated entities, communications will likely be delivered directly to the Chairman of the firm's Boardor head office. These communications may include, for example, the results of DFSA'srisk assessment visits where a risk mitigation plan has been sent that contains significant matters of concern to DFSA'sobjectives.
External Auditor Reports, Statements and Tripartite Meetings
DFSArequires an Authorised Firm'sregistered external auditor to co-operate with the DFSAin a number of ways, including the submission of specific audit reports and statements. As part of an audit, the DFSAwould expect an auditor to review any relevant correspondence between the DFSAand the Authorised Firm. Further, tripartite meetings between the Authorised Firm'ssenior management, the auditor, and the DFSAmay be requested at the DFSA'sinitiative. Finally, an auditor is required to disclose to the DFSAthose matters outlined in Article 104(3) of the Regulatory Law2004.
Requiring Information and Documents
Apart from reports such as regular prudential returns, the
DFSAmay from time to time also request from an Authorised Firmadditional supplementary information and documents, including non-financial information such as an Authorised Firm'sinternal policies on particular areas of risk or its organisational chart.
Requirements relating to a Change in Control
RPP 3-2-34 [Deleted]
RPP 3-2-35 [Deleted]
RPP 3-2-36 [Deleted]
Personwho proposes to become a Controllerof a Domestic Firmor an existing Controllerwho proposes to increase the level of control which that Personhas in a Domestic Firmbeyond the threshold of 30% or 50% is required to obtain the DFSA's prior approval before doing so. The DFSA's assessment of a proposed acquisition or increase in control of a Domestic Firmis a review of such a firm's continued fitness and propriety and ability to conduct business soundly and prudently. Accordingly, the DFSA takes into account the considerations specified in paragraph 2-2-12 relating to Controllerswhen making such an assessment.
Pursuant to GEN Rule 11.8.5(1), a
Personwho proposes either to acquire or increase the level of control in a Domestic Firmmust lodge with the DFSA an application for approval in the appropriate form in AFN. The DFSA may approve of, object to or impose conditions relating to the proposed acquisition or the proposed increase in the level of control of the Authorised Firm. If the information in the application form lodged with the DFSA is incomplete or unclear, the DFSA may in writing request further clarification or information. The DFSA may do so at any time during the processing of such an application. The period of 90 days within which the DFSA will make a decision will not commence until such clarification or additional information is provided to the satisfaction of the DFSA. The DFSA may, in its absolute discretion, agree to a shorter period for processing an application where an applicant requests for such a period, provided all the information required is available to the DFSA.
Where the DFSA proposes to object to or impose conditions relating to a proposed acquisition of or increase in the level of control in a
Domestic Firm, the DFSA will first notify the applicant in writing of its proposal to do so and its reasons. The DFSA will take into account any representations made by an applicant before making its final decision.
The DFSA may consider whether a
Personhas become an unacceptable Controlleras a result of any notification given by an Authorised Firmpursuant to Rule 11.8.11(2) or as a result of its own supervisory work. The considerations which the DFSA will take into account in assessing whether a Personis an acceptable Controllerare those set out in paragraph 3-2-34 above.
Application for a Change of Scope of Licence
Authorised Firmapplies to change the scope of its Licence, it should provide the following information:(a) a revised business plan as appropriate, describing the basis of, and rationale for, the proposed change;(b) details of the extent to which existing documentation, procedures, systems and controls will be amended to take into account any additional activities, and how the Authorised Firmwill be able to comply with any additional regulatory requirements; and(c) descriptions of the Authorised Firm'ssenior management responsibilities (see GEN chapter 5) where these have changed from those previously disclosed, including any up-dated staff organisation charts and internal and external reporting lines.(d) details of any transitional arrangements where the Authorised Firmis reducing its activities and where it has existing customers who may be affected by the cessation of a Financial Service;(e) the appropriate financial reporting statement where the variation may result in a change to the Authorised Firm'sprudential category or the application of additional or different financial rules. If a capital increase is required in order to demonstrate compliance with additional financial rules but such capital is not paid up or available at the time of application, proposed or forecast figures may be used;(f) details of the effect of the proposed variation on the Authorised Individualsincluding, where applicable, submitting any application forms for individuals to perform additional or new Licensed Functions, or to remove existing Licensed Functions; and(g) revised pro forma financial statements.
Insurerwhich wishes to vary its Licenceto remove the Financial Serviceof Effecting Contracts of Insuranceor to reduce the classes of insurance should refer to the run-off provisions in PIN chapter 9.
In considering whether an
Authorised Firmis fit and proper with respect to a change in the scope of its Licence, the DFSAmay take into account those matters in Chapter 2 of the RPP Sourcebook, which provides Guidanceon fitness and propriety for Authorised Firms.
Application for a Withdrawal of Licence
In considering requests under GEN Rule 11.4.1, an
Authorised Firmwill need to satisfy the DFSAthat it has made appropriate arrangements with respect to its existing customers, including the receipt of any customers' consent where required and, in particular:(a) whether there may be a long period in which the business will be run-off or transferred;(b) whether deposits must be returned to customers;(c) whether money and other assets belonging to customers must be returned to them; and(d) whether there is any other matter which the DFSAwould reasonably expect to be resolved before granting a request for the withdrawal of a Licence.
In determining a request for the withdrawal of a
Licence, the DFSAmay require additional procedures or information as appropriate including evidence that the Authorised Firmhas ceased to carry on Financial Services.
Authorised Firmshould submit detailed plans where there may be an extensive period of wind-down. It may not be appropriate for an Authorised Firmto immediately request a withdrawal of its Licencein all circumstances, although it may wish to consider reducing the scope of its Licenceduring this period. Authorised Firmsshould discuss these arrangements with the DFSA.
DFSAmay refuse a request for the withdrawal of a Licencewhere it appears that customers may be exposed to adverse effect.
DFSAmay also refuse a request for the withdrawal of a Licencewhere:(a) the Authorised Firmhas failed to settle its debts to the DFSA; or(b) it is in the interests of a current or pending investigation by the DFSA, or by another regulatory body or Financial Services Regulator.
Some other matters which an
Authorised Firmshould be mindful of in relation to the withdrawal of its Licenceinclude:(a) Under Article 63 of the Regulatory Law2004 where the DFSAgrants a request for the withdrawal of a Licence, the DFSAmay continue to exercise any power under the Regulatory Law2004 or Rulesin relation to an Authorised Firmor Authorised Individualfor two years from the date on which the Licencewas withdrawn;(b) Article 43(2) of the Regulatory Law2004 states that Licensed Functionsof an Authorised Firmshall be carried out by its Authorised Individuals. Accordingly, where an Authorised Firm's Licenceis withdrawn, the authorised status of its Authorised Individualswill also be withdrawn from the same date. However, this does not remove the obligation on an Authorised Firmto provide a statement under GEN Rule 11.7.3 where an Authorised Individualhas been dismissed or requested to resign; and(c) Where a Fund Manageror the Trusteemakes a request under GEN Rule 11.4.1, the Fund Manageror the Trusteewill need to satisfy the DFSAthat it has made appropriate arrangements in accordance with the requirements under the Collective Investment Law 2010 and the CIR module with respect to the continuing management of the Fundfor which it is the Fund Manageror the Trustee, as the case may be.
Notification to the DFSA Relating to a Major Acquisition
GEN Rule 11.10.8 provides that an
Authorised Firmwhich makes or proposes to make a Major Acquisitionas defined must comply with either GEN Rule 11.10.9 or 11.10.10, depending on whether it is a Domestic Firm.
Authorised Firmshould provide to the DFSAinformation that would enable the DFSAto consider factors noted in GEN Rule 11.10.9(3). Although the DFSAdoes not prescribe the form in which such information is to be provided to the DFSA, Authorised Firmsshould consider any relevant industry and international practices when providing information to the DFSAfor similar purposes.
The 45 day notice period referred to in GEN Rule 11.10.9(1) commences to run from the first business day after the date on which the
DFSAreceives the notification. However, if any critical information that the DFSArequires in order to assess the notification has not been provided to the DFSAat the time of the notification, the relevant notice period for considering that notification will only commence to run after the Authorised Firm has provided to the DFSAthat information upon a request made by the DFSAunder its powers in GEN Rule 11.10.11(1).
Upon the request of an
Authorised Firm, the DFSAmay, at its sole discretion, agree to consider a notification within a shorter period than the 45 days referred to above. The onus is on an Authorised Firmwhich wishes to obtain a DFSAdecision under this Rulewithin a shorter period to make a request to that effect to the DFSAand provide all the information that the DFSArequires to enable the DFSAto process the notification within a shorter timeframe.
DFSAexercises its powers under this provision to object to a proposed Major Acquisitionor impose any conditions relating to such a Major Acquisition, a Personaffected by such a decision may make an appeal relating to that decision to the DFSA's Regulatory Appeals Committee. Appeal provisions are in GEN Rule 11.10.12.
DFSAreceives a notification under GEN Rule 11.10.10(1)(b), it will to the extent necessary, liaise with the home regulator in taking any appropriate action relating to the proposed Major Acquisition.
Authorised Firmmust comply with those requirements in GEN Rules 5.3.21 and 5.3.22 when outsourcing functions or activities. In relation to Funds, there are additional outsourcing and delegation requirements applicable for Fund Managersand Trusteesin section 8.12 of the CIR module.
DFSArequires an Authorised Firmto notify it of any material outsourcing arrangements. An outsourcing arrangement would be considered to be material if it is a service of such importance that weakness or failure of the service would cast serious doubt on the Authorised Firm'scontinuing ability to remain fit and proper or comply with applicable Laws and Rules.
The outsourcing of functions or activities does not absolve management or
Governing Bodyof responsibility and accountability for ensuring proper administration and execution of these functions or activities.