Entire Section

RPP 3-2-1

Section 3.2 provides additional information in relation to DFSA's approach to the supervision of an Authorised Firm. Where relevant, some of these requirements may apply to a Representative Office.

RPP 3-2-2

In supervising an Authorised Firm, the DFSA expects an Authorised Firm to comply with a number of high level principles in relation to its activities.

RPP 3-2-3

An Authorised Firm, other than a Representative Office, must comply with the twelve principles set out in section 4.2 of the GEN module. In brief, these are:

RPP 3-2-4

A Representative Office must comply with the four principles set out in section 3.2 of the REP module. In brief, these are:

RPP 3-2-5

When the DFSA licenses an Authorised Firm, it takes into consideration the relationship with any wider Group to which the firm may belong or with other Persons closely linked to it. The DFSA may also take into account lead or consolidated supervision to which an Authorised Firm or its Group may be subject in another jurisdiction.

RPP 3-2-6

An Authorised Firm is expected to provide information as required or reasonably requested under legislation applicable in the DIFC relating to the Authorised Firm and, where applicable, its consolidated or lead regulatory arrangements. This information may include prudential information, reports on systems and controls relating to an Authorised Firm's Group, internal and external audit reports, details of disciplinary proceedings or any matters which may have financial consequences, reputational impact or pose any significant risk to the DIFC or to the Authorised Firm and the group-wide corporate governance practices and policies and the remuneration structure and strategies adopted. This information may initially be taken into account as part of DFSA's fit and proper test as set out in section 2.2 and may subsequently be utilised in the supervision of the Authorised Firm. Further Rules and Guidance with regard to obtaining information from an Authorised Firm's lead regulator are set out in GEN Rule 11.1.5.

RPP 3-2-7

The DFSA has an interest in the relationship of an Authorised Firm with other regulators, particularly in order to determine the level of reliance the DFSA may place on a regulator in another jurisdiction concerning any lead supervision arrangements. Depending on the legal structure of an Authorised Firm and the relationship of the DFSA with the regulator in question, the DFSA may place appropriate reliance on the supervision undertaken by this regulator.

RPP 3-2-8

The DFSA will usually be the lead and consolidated regulator of any Group headed by a Domestic Firm. Members of the Group, that is any of the Authorised Firm's Subsidiaries or branches, will be either subject to DFSA's exclusive supervision or, where members of the Group are located in a jurisdiction outside the DIFC, generally subject to lead or consolidated supervision by the DFSA in co-operation with another regulator.

RPP 3-2-9

The DFSA will routinely be the lead regulator for the purpose of prudential supervision of an Authorised Firm which is a DIFC incorporated Subsidiary of a non-DIFC firm.

RPP 3-2-10

Where the Authorised Firm is a Subsidiary of a regulated non-DIFC parent company, the DFSA may have regard to any consolidated prudential supervision arrangements to which the Subsidiary is subject and will liaise with other regulators as necessary to ensure that these are adequately carried out, taking into account the Subsidiary's activities. The DFSA may place appropriate reliance on the Subsidiary's consolidated regulator in another jurisdiction if it is satisfied that it meets appropriate regulatory criteria and standards.

RPP 3-2-11

An Authorised Firm carrying on Financial Services as a Subsidiary of an unregulated non-DIFC parent company may be subject to DFSA's consolidated prudential supervision, taking into account the parent's activities.

RPP 3-2-12

An Authorised Firm carrying on Financial Services through a Branch will be subject to supervision by both the DFSA and the regulator in its head office jurisdiction.

RPP 3-2-13

The DFSA will have regard to any lead or consolidated prudential supervision arrangements to which a Branch is subject. The DFSA may place appropriate reliance on a Branch's lead regulator in another jurisdiction and, where appropriate, its consolidated prudential regulator if it is satisfied that it meets appropriate regulatory criteria and standards. Where an Authorised Firm is subject to lead regulation arrangements with a foreign regulator, the DFSA will usually not seek to impose consolidated prudential supervision on the Authorised Firm's Group.

RPP 3-2-14

During the authorisation process the DFSA will take into account the nature and scope of the regulation and supervision to which the applicant is subject in its head office jurisdiction. Notwithstanding that an Authorised Firm may be subject to lead or consolidated regulatory arrangements, the DFSA requires it to remain fit and proper in respect of its Group and Controllers. Certain changes or events will require notification to, or prior approval from, the DFSA.

RPP 3-2-15

The DFSA will determine the level of regulatory and supervisory oversight which is subsequently required for a specific Branch. As part of DFSA's risk assessment process, during the authorisation process the DFSA undertakes a two-tier approach to the risks to its objectives posed by the Branch, thereby taking into account the characteristics of the applicant and its head office. The first part of this assessment includes a judgement on the degree of home country supervision and considers the strength of support, both financial and managerial, which the head office is capable of providing to the Branch, taking into account the Branch's activities and the adequacy of, among other things, the corporate governance framework and practices and remuneration structure and strategies adopted at the head office. The second part of the assessment considers the risk and control mechanisms within the Branch itself.

RPP 3-2-16

As a result of the assessment, the DFSA may consider granting a waiver or modification notice in respect of specific prudential or other regulatory requirements relating to a Branch.

RPP 3-2-17

An Authorised Firm is required to submit periodic prudential returns. In addition, an Authorised Firm may be required to submit copies of its Group's annual interim and audited accounts. The DFSA may also require an Authorised Firm to provide copies of Group returns which are sent to any other regulator.

RPP 3-2-18

The DFSA conducts an ongoing analysis of risks relating to each Authorised Firm, although the information required may vary from firm to firm. Authorised Firms with a higher risk classification may be subject to closer regulatory attention and would typically be subject to supervisory reviews specifically designed to address particular causes of risk.

RPP 3-2-19

All Authorised Firms will be subject to an individual on-site risk assessment, except where more than one Authorised Firm belongs to the same Group, in which case the DFSA may decide to carry out a Group risk assessment.

RPP 3-2-20

The risk assessment process is ongoing and it is expected that the risks of each Authorised Firm may be reviewed on at least an annual basis. Notifications, reporting of information, an on-going dialogue with senior management and visits to the Authorised Firm will ensure that the DFSA has current information on key risk areas of the Authorised Firm.

RPP 3-2-21

There are also a number of trigger events which may affect the frequency of a risk assessment and the Authorised Firm's overall risk classification. Examples include:

RPP 3-2-22

Pursuant to GEN Rule 5.3.4, an Authorised Firm must ensure that its risk management systems provide the Authorised Firm with the means to identify, assess, mitigate and control its risks. In addition to undertaking its own assessment of the Authorised Firm, the DFSA may review the results of the Authorised Firm's internal risk assessment and determine the extent to which each of the Authorised Firm's risks impacts on DFSA's objectives, the likelihood of the risk occurring and then will consider the controls and mitigation programmes the firm has in place.

RPP 3-2-23

The DFSA may undertake desk based reviews in order to review compliance with legislation applicable in the DIFC. They assist the DFSA's understanding of an Authorised Firm's operations. For example, monitoring its financial position and detecting emerging problems or concerns to be explored in greater detail through prudential meetings, examinations, or otherwise. A desk based review may involve analysing information provided by the firm through supervisory returns, internal management information or published financial information.

RPP 3-2-24

The DFSA may, from time to time, issue a Controls questionnaire to Authorised Firms who will be asked to complete and return this to the DFSA. A Controls questionnaire focuses on key areas of risk identified by the DFSA at that time. An Authorised Firm must evaluate itself against each of the risk areas and score itself in terms of its own arrangements and the systems and controls it has in place for mitigating the particular risks.

RPP 3-2-25

On-site visits provide the DFSA with an overview of the Authorised Firm's operations and enable it to form a first hand view of the personnel, systems and controls and compliance culture within the Authorised Firm as well as identifying and evaluating the risks to the DFSA's objectives, taking into account any mitigation by the Authorised Firm. They enable the DFSA to test the soundness of the Authorised Firm's systems and controls and the extent to which the DFSA can continue to rely on them and the Authorised Firm's senior management to prevent or mitigate risks to the DFSA's objectives. On-site visits will also assist the DFSA to assess the extent of supervision and the use of other supervisory tools required to address certain key risk areas.

RPP 3-2-26

There are various types of on-site visits by the DFSA to an Authorised Firm which differ in their objective and frequency:

RPP 3-2-27

The DFSA is committed to open and transparent communication with Authorised Firms. From time to time, the DFSA may issue letters to Senior Executive Officers or equivalent persons across the DIFC (commonly referred to as 'Dear SEO Letters'). Frequently, these letters will be issued as a means of communicating findings arising from completed thematic visits. However, they may also be issued in response to other major events or changes. For example, such a letter may include an update from relevant United Nations Security Council Sanctions or Resolutions or the Financial Action Task Force, in relation to the prevention of money laundering and combating the financing of terrorism.

RPP 3-2-28

In addition to the Senior Executive Officer letters, the DFSA may issue s and warnings in response to particular matters of concern. An example of this could be in relation to matters concerning fraudulent activity that the DFSA has become aware of.

RPP 3-2-29

The DFSA holds outreach sessions from time to time, to interact with firms operating in the DIFC. These sessions are held to discuss regulatory matters in an open manner.

RPP 3-2-30

From time to time, the DFSA may consider a particular item of communication to an Authorised Firm to be of key regulatory importance. For this reason, the DFSA may consider it necessary to issue such communications directly to a senior member of staff at the Board level of the DIFC entity copied (where appropriate) to the group's home state regulator. For entities established as a Branch in the DIFC, these communications will likely be delivered to the Chairman of the Board at the DIFC Branch entity's head or Parent office. For DIFC incorporated entities, communications will likely be delivered directly to the Chairman of the firm's Board or head office. These communications may include, for example, the results of DFSA's risk assessment visits where a risk mitigation plan has been sent that contains significant matters of concern to DFSA's objectives.

RPP 3-2-31

The DFSA requires an Authorised Firm's registered external auditor to co-operate with the DFSA in a number of ways, including the submission of specific audit reports and statements. As part of an audit, the DFSA would expect an auditor to review any relevant correspondence between the DFSA and the Authorised Firm. Further, tripartite meetings between the Authorised Firm's senior management, the auditor, and the DFSA may be requested at the DFSA's initiative. Finally, an auditor is required to disclose to the DFSA those matters outlined in Article 104(3) of the Regulatory Law 2004.

RPP 3-2-32

Apart from reports such as regular prudential returns, the DFSA may from time to time also request from an Authorised Firm additional supplementary information and documents, including non-financial information such as an Authorised Firm's internal policies on particular areas of risk or its organisational chart.

RPP 3-2-33

Article 64 of the Regulatory Law 2004 and section 11.8 of the GEN Module set out the DFSA's requirements governing Controllers of Authorised Firms.

RPP 3-2-34 [Deleted]

RPP 3-2-35 [Deleted]

RPP 3-2-36 [Deleted]

RPP 3-2-34

A Person who proposes to become a Controller of a Domestic Firm or an existing Controller who proposes to increase the level of control which that Person has in a Domestic Firm beyond the threshold of 30% or 50% is required to obtain the DFSA's prior approval before doing so. The DFSA's assessment of a proposed acquisition or increase in control of a Domestic Firm is a review of such a firm's continued fitness and propriety and ability to conduct business soundly and prudently. Accordingly, the DFSA takes into account the considerations specified in paragraph 2-2-12 relating to Controllers when making such an assessment.

RPP 3-2-35

Pursuant to GEN Rule 11.8.5(1), a Person who proposes either to acquire or increase the level of control in a Domestic Firm must lodge with the DFSA an application for approval in the appropriate form in AFN. The DFSA may approve of, object to or impose conditions relating to the proposed acquisition or the proposed increase in the level of control of the Authorised Firm. If the information in the application form lodged with the DFSA is incomplete or unclear, the DFSA may in writing request further clarification or information. The DFSA may do so at any time during the processing of such an application. The period of 90 days within which the DFSA will make a decision will not commence until such clarification or additional information is provided to the satisfaction of the DFSA. The DFSA may, in its absolute discretion, agree to a shorter period for processing an application where an applicant requests for such a period, provided all the information required is available to the DFSA.

RPP 3-2-36

Where the DFSA proposes to object to or impose conditions relating to a proposed acquisition of or increase in the level of control in a Domestic Firm, the DFSA will first notify the applicant in writing of its proposal to do so and its reasons. The DFSA will take into account any representations made by an applicant before making its final decision.

RPP 3-2-37

The DFSA may consider whether a Person has become an unacceptable Controller as a result of any notification given by an Authorised Firm pursuant to Rule 11.8.11(2) or as a result of its own supervisory work. The considerations which the DFSA will take into account in assessing whether a Person is an acceptable Controller are those set out in paragraph 3-2-34 above.

RPP 3-2-38

Where an Authorised Firm applies to change the scope of its Licence, it should provide the following information:

RPP 3-2-39

An Insurer which wishes to vary its Licence to remove the Financial Service of Effecting Contracts of Insurance or to reduce the classes of insurance should refer to the run-off provisions in PIN chapter 9.

RPP 3-2-40

In considering whether an Authorised Firm is fit and proper with respect to a change in the scope of its Licence, the DFSA may take into account those matters in Chapter 2 of the RPP Sourcebook, which provides Guidance on fitness and propriety for Authorised Firms.

RPP 3-2-41

When considering a change to the scope of a Licence, the DFSA may also consider one or more of the matters outlined in paragraphs 3-2-42 to 3-2-47 below relating to the withdrawal of a Licence.

RPP 3-2-42

In considering requests under GEN Rule 11.4.1, an Authorised Firm will need to satisfy the DFSA that it has made appropriate arrangements with respect to its existing customers, including the receipt of any customers' consent where required and, in particular:

RPP 3-2-43

In determining a request for the withdrawal of a Licence, the DFSA may require additional procedures or information as appropriate including evidence that the Authorised Firm has ceased to carry on Financial Services.

RPP 3-2-44

An Authorised Firm should submit detailed plans where there may be an extensive period of wind-down. It may not be appropriate for an Authorised Firm to immediately request a withdrawal of its Licence in all circumstances, although it may wish to consider reducing the scope of its Licence during this period. Authorised Firms should discuss these arrangements with the DFSA.

RPP 3-2-45

The DFSA may refuse a request for the withdrawal of a Licence where it appears that customers may be exposed to adverse effect.

RPP 3-2-46

The DFSA may also refuse a request for the withdrawal of a Licence where:

RPP 3-2-47

Some other matters which an Authorised Firm should be mindful of in relation to the withdrawal of its Licence include:

RPP 3-2-48

GEN Rule 11.10.8 provides that an Authorised Firm which makes or proposes to make a Major Acquisition as defined must comply with either GEN Rule 11.10.9 or 11.10.10, depending on whether it is a Domestic Firm.

RPP 3-2-49

An Authorised Firm should provide to the DFSA information that would enable the DFSA to consider factors noted in GEN Rule 11.10.9(3). Although the DFSA does not prescribe the form in which such information is to be provided to the DFSA, Authorised Firms should consider any relevant industry and international practices when providing information to the DFSA for similar purposes.

RPP 3-2-50

The 45 day notice period referred to in GEN Rule 11.10.9(1) commences to run from the first business day after the date on which the DFSA receives the notification. However, if any critical information that the DFSA requires in order to assess the notification has not been provided to the DFSA at the time of the notification, the relevant notice period for considering that notification will only commence to run after the Authorised Firm has provided to the DFSA that information upon a request made by the DFSA under its powers in GEN Rule 11.10.11(1).

RPP 3-2-51

Upon the request of an Authorised Firm, the DFSA may, at its sole discretion, agree to consider a notification within a shorter period than the 45 days referred to above. The onus is on an Authorised Firm which wishes to obtain a DFSA decision under this Rule within a shorter period to make a request to that effect to the DFSA and provide all the information that the DFSA requires to enable the DFSA to process the notification within a shorter timeframe.

RPP 3-2-52

Where the DFSA exercises its powers under this provision to object to a proposed Major Acquisition or impose any conditions relating to such a Major Acquisition, a Person affected by such a decision may make an appeal relating to that decision to the DFSA's Regulatory Appeals Committee. Appeal provisions are in GEN Rule 11.10.12.

RPP 3-2-53

Where the DFSA receives a notification under GEN Rule 11.10.10(1)(b), it will to the extent necessary, liaise with the home regulator in taking any appropriate action relating to the proposed Major Acquisition.

RPP 3-2-54

An Authorised Firm must comply with those requirements in GEN Rules 5.3.21 and 5.3.22 when outsourcing functions or activities. In relation to Funds, there are additional outsourcing and delegation requirements applicable for Fund Managers and Trustees in section 8.12 of the CIR module.

RPP 3-2-55

The DFSA requires an Authorised Firm to notify it of any material outsourcing arrangements. An outsourcing arrangement would be considered to be material if it is a service of such importance that weakness or failure of the service would cast serious doubt on the Authorised Firm's continuing ability to remain fit and proper or comply with applicable Laws and Rules.

RPP 3-2-56

The outsourcing of functions or activities does not absolve management or Governing Body of responsibility and accountability for ensuring proper administration and execution of these functions or activities.