Entire Section

  • AML 15 AML 15 DNFBP Registration and Supervision

    • AML 15 Guidance

      1. A DNFBP should ensure that it complies with and has regard to relevant provisions of the Regulatory Law. The Regulatory Law gives the DFSA a power to supervise DNFBPs' compliance with relevant AML laws in the State. The Regulatory Law requires a DNFBP to be registered by the DFSA to conduct its activities in the DIFC. AML Rule 15.1.2 sets out the criteria a DNFBP must meet to be registered. The Regulatory Law also gives the DFSA a number of other important powers in relation to DNFBPs, including powers of enforcement. This includes a power to obtain information and to conduct investigations into possible breaches of the Regulatory Law. The DFSA may also impose fines for breaches of the Regulatory Law or the Rules. It may also suspend or withdraw the registration of a DNFBP in various circumstances.
      2. The DFSA takes a risk-based approach to regulation of persons which it supervises. Generally, the DFSA will work with DNFBPs to identify, assess, mitigate and control relevant risks where appropriate. RPP describes the DFSA's enforcement powers under the Regulatory Law and outlines its policy for using these powers.
      3. AML Rule 3.2.1 defines a DNFBP by setting out a list of businesses or professions which, if carried on in or from the DIFC, constitute a DNFBP.
      4. In determining if a person is carrying on a business or profession in the DIFC that falls within the DNFBP definition, the DFSA will adopt a 'substance over form' approach. That is, it will consider what business or profession is in fact being carried on, and its main characteristics, and not just what business or profession the person purports, or is licensed, to carry on in the DIFC.
      5. The DFSA considers that "a law firm, notary firm or other independent legal business" in paragraph (1)(d) of the DNFBP definition, includes any business or profession that involves a legal service, including advice or services related to laws in the State or other jurisdictions. The DFSA does not consider it necessary for the purposes of the definition that:
      a. the relevant person is licensed to provide legal services in the State; or
      b. the individuals or employees providing the legal service are qualified or authorised to do so, whether in the State or in any other jurisdiction.
      6. The DFSA considers that "an accounting firm, audit firm or insolvency firm" in paragraph (1)(e) of the DNFBP definition, includes forensic accounting services that use accounting skills, principles and techniques to investigate suspected illegal activity or to analyse financial information for use in legal proceedings.
      7. The DFSA would also consider a tax advisory business carried on in or from the DIFC to be a DNFBP as it is likely to involve elements of both legal and accounting services i.e. advice on taxation law and the use of accounting skills to analyse financial records, and so fall within either paragraph (1)(d) or (e) of the DNFBP definition.
      Derived from RM117/2013 [VER9/07-13]
      [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
      [Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

    • AML 15.1 AML 15.1 Registration and Notifications

      • AML 15.1.1

        An applicant for registration as a DNFBP must apply to the DFSA by completing and submitting the appropriate form in the AFN Sourcebook.

        Derived from RM117/2013 [VER9/07-13]
        [Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • AML 15.1.2

        (1) To be registered as a DNFBP, an applicant must demonstrate to the DFSA's satisfaction that:

        (a) it is fit and proper to perform anti-money laundering functions; and
        (b) it has adequate resources and systems and controls, including policies and procedures, to comply with applicable anti-money laundering requirements under Federal AML legislation, the Regulatory Law and these Rules.

        (2) In assessing if an applicant is fit and proper under (1)(a), the DFSA may, without limiting the matters it may take into account under that paragraph, consider the applicant, its senior management, its beneficial owners, other entities in its Group and any other person with whom it has a relationship.

        (3) The DFSA will in assessing if an applicant is fit and proper, consider the cumulative effect of matters that, if taken individually, may be regarded as insufficient to give reasonable cause to doubt the fitness and propriety of the applicant.

        Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • Annual Information Return

        Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

        • AML 15.1.3

          A DNFBP must complete the annual information return in AFN for each calendar year and submit the return to the DFSA by 31 January of the following year.

          Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • Notification of changes

        Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

        • AML 15.1.4

          A DNFBP must promptly notify the DFSA of any change in its:

          (a) name;
          (b) legal status;
          (c) address;
          (d) MLRO; or
          (e) senior management; or.
          (f) beneficial ownership.
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM196/2016 (Made 7th December 2016). [VER13/02-17]
          [Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

    • AML 15.2 AML 15.2 Request to withdraw registration

      Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • AML 15.2.1 AML 15.2.1

        (1) A DNFBP must notify the DFSA in writing 14 days in advance of it ceasing to carry on its DNFBP business activities in or from the DIFC.

        (2) The notice must include a request to cancel its registration, an explanation of the reason for it ceasing business, and attached copies of any relevant documents.

        Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

        • AML 15.2.1 Guidance

          1. A DNFBP may request the withdrawal of its registration because, for example, it no longer meets the definition of a DNFBP, becomes insolvent or enters into administration, or proposes to leave the DIFC.
          2. In addition to being able to withdraw registration at a DNFBP's request, the DFSA may suspend or withdraw the registration of a DNFBP on its own initiative in various circumstances (see Article 71F of the Regulatory Law).
          Derived from RM117/2013 [VER9/07-13]
          [Amended] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]
          [Amended] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • AML 15.2.2 [Deleted]

        [Deleted] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • AML 15.2.3 [Deleted]

        [Deleted] DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • AML 15.2.4 [Deleted]

        [Deleted] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

      • AML 15.2.5 [Deleted]

        [Deleted] DFSA RM132/2014 (Made 21st August 2014). [VER10/06-14]

    • AML 15.3 AML 15.3 Disclosure of regulatory status

      • AML 15.3.1

        A DNFBP must not:

        (a) misrepresent its regulatory status with respect to the DFSA expressly or by implication; or
        (b) use or reproduce the DFSA logo without express written permission from the DFSA and in accordance with any conditions for use.
        Derived from RM117/2013 [VER9/07-13]

    • AML 15.3A Whistleblowing

      • Interpretation

        • AML 15.3A.1

          In this section:

          (a) “regulatory concern”, in relation to a DNFBP, means a concern held by any person that the DNFBP or an officer or employee of the DNFBP has or may have:
          (i) contravened a provision of legislation administered by the DFSA; or
          (ii) engaged in money laundering, fraud or any other financial crime;
          (b) “whistleblower” means a person who reports a regulatory concern to a person specified in Article 68A(3) of the Regulatory Law.

           

          Derived from DFSA RMI321/2021 (Made 27th October 2021). [VER19/04-22]

      • Policies and procedures

        • AML 15.3A.2

          (1) A DNFBP must have appropriate and effective policies and procedures in place:
          (a) to facilitate the reporting of regulatory concerns made by whistleblowers; and
          (b) to assess and, where appropriate, escalate regulatory concerns reported to it.
          (2) The policies and procedures required under (1) must be in writing.
          (3) A DNFBP must periodically review the policies and procedures to ensure they are appropriate, effective and up to date.

           

          Derived from DFSA RMI321/2021 (Made 27th October 2021). [VER19/04-22]

      • Record of whistleblowing reports

        • AML 15.3A.3 AML 15.3A.3

          A DNFBP must maintain a written record of each regulatory concern reported to it by a whistleblower, including appropriate details of the regulatory concern and the outcome of its assessment of the reported concern.

           

          Derived from DFSA RMI321/2021 (Made 27th October 2021). [VER19/04-22]

          • AML 15.3A.3 Guidance

            1. The requirements in this section apply only to a DNFBP, as other Relevant Persons are subject to similar requirements in other parts of the Rulebook – see, for example, GEN 5.4 and AUD 4.11.
            2. The DFSA expects a DNFBP to implement policies and procedures under AML Rule 15.3A.2 that are appropriate based on the nature, scale and complexity of the DNFBP’s business. For example, a larger or more complex DNFBP is expected to have more detailed and comprehensive policies and procedures in place.
            3. The policies and procedures should:
            a. include internal arrangements to allow for reports to be made by whistleblowers;
            b. include adequate procedures to deal with, assess and, where appropriate, escalate reports to the senior management of the DNFBP or, if necessary, to the DFSA or to any other relevant authority;
            c. include reasonable measures to protect the identity and confidentiality of whistleblowers;
            d. include reasonable measures to protect the whistleblower from suffering any detriment, as a result of the report;
            e. ensure that, where appropriate and feasible, feedback is provided to the whistleblower; and
            f. include reasonable measures to manage any conflicts of interest and ensure the fair treatment of any person who is the subject of an allegation in a report.
            4. A DNFBP’s whistleblowing policies and procedures should generally encourage reporting of concerns first to the DNFBP itself. However, the policies and procedures should also take into account that there may be circumstances where it is appropriate, or a whistleblower may prefer, to report the concerns directly to the DFSA or to another relevant authority.
            5. The records under Rule 15.3A.3 should include:
            a. the date the report was received;
            b. a summary of the concerns raised;
            c. the steps taken by the DNFBP in relation to the report until the matter is resolved;
            d. any steps taken to maintain the confidentiality of the whistleblower and to ensure fair treatment of the whistleblower;
            e. the list of persons who have knowledge of the report;
            f. the outcome of the assessment of the report including the rationale for the outcome and any decision on whether or not to disclose the report to the DFSA or any other relevant authority; and
            g. references or links to all documentation and review papers in relation to the report.
            6. A DNFBP may be required to make its records of whistleblowing reports available to the DFSA for inspection.
            7. In addition to the requirements in these Rules, Article 68A of the Regulatory Law provides legal protection to a whistleblower who discloses information about suspected misconduct in good faith to a specified person, such as the relevant DNFBP, the auditor of the DNFBP, the DFSA or other relevant authorities.
            8. The protection under the Regulatory Law applies to any person who makes such a disclosure. For example, the disclosure may be made by a person who is or has been an officer, employee or agent of a DNFBP, a Person who provides services or products to a DNFBP or a person who has no formal connection with the DNFBP.
            9. The protection under the Regulatory Law is from liability, dismissal or detriment for making that disclosure. However, it does not, for example, prevent a DNFBP from taking action against an employee for other legitimate reasons, such as if the employee has engaged in misconduct.
            10. A DNFBP should, as part of its policies and procedures, inform its officers and employees of the protection under Article 68A of the Regulatory Law.

             

            Derived from DFSA RMI321/2021 (Made 27th October 2021). [VER19/04-22]

    • AML 15.4 AML 15.4 Transitional

      Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

      • AML 15.4.1 AML 15.4.1

        (1) This Rule applies to a Person who, immediately before the commencement date, was registered as a DNFBP, other than a Person who was registered as a DNFBP by reason only of being a dealer in any saleable item of a price equal to or greater than $15,000. (2) The Person is on the commencement date taken to continue to be registered by the DFSA as a DNFBP. (3) The Person must, by no later than the end of the transitional period, certify in writing to the DFSA:

        (a) that it continues to carry on its DNFBP business or profession in or from the DIFC;
        (b) the names of the individuals who comprise its senior management;
        (c) details of its beneficial owners;
        (d) the name of the individual it has appointed as MLRO; and
        (e) that it has in place adequate resources and systems and controls to comply with applicable anti-money laundering requirements under the Law, these Rules and Federal AML legislation.

        (4) The DFSA may require the certification in (3) to be in such form and verified in such manner as it thinks fit.

        (5) In this Rule:

        (a) "commencement date" means the day on which the Regulatory Law Amendment Law 2018 comes into force; and
        (b) "transitional period" means the period starting on the commencement date and ending three months after that date.
        Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]

        • AML 15.4.1 Guidance

          If a DNFBP fails to provide the duly completed certification to the DFSA by the end of the transitional period, it will contravene these Rules. The DFSA may because of that failure take steps to suspend or withdraw the DNFBP's registration.

          Derived from DFSA RM223/2018 (Made 18th April 2018). [VER14/07-18]