The DFSA's Risk Based Approach to Start Up Entities: Broad Risk Categories
5. Any application for authorisation by the DFSA will involve an assessment of the risks posed to the objectives of the DFSA by the proposed activities of the applicant. Whilst the broad categories of risks for all applicants will be the same, the nature of those risks within start up entities will be unique, as start ups do not have a regulatory track record upon which the DFSA may place reliance. In the case of a new business, even where senior management have substantial experience and relevant competence in the business sector, this does not necessarily imply an ability to create and sustain an adequate management control environment and compliance culture, particularly when faced with all the other issues of establishing a new business. In the case of an existing, but previously unregulated business, any existing control environment and compliance culture will not have been subject to external independent regulatory scrutiny and the additional regulatory reporting requirements which apply to an authorised firm.
6. The broad categories of risk and some of the unique elements of those risk categories that apply to start up entities include:
6.1. All applicants are required to demonstrate a sound initial capital base and funding and to meet the relevant prudential requirements of the DFSA rulebook, on an ongoing basis. Inevitably, start up entities face greater financial risks as they seek to establish and grow a new business.
6.2. In addition to the risks associated with the financial viability of the start up entity, particular attention will focus on the clarity and the verifiable source of the initial capital funding. Start up entities will be required to disclose the source of their funds and the history of those funds for at least the previous 12 months.
6.3. All applicants are required to demonstrate robust governance arrangements together with the fitness and integrity of all controllers, directors and senior management. The DFSA is aware that management control, in smaller start ups especially, may lie with one or two dominant individuals who may also be amongst the owners of the firm. In such circumstances, the DFSA would expect the key business and control functions (i.e. risk management, compliance and internal audit) to be subject to appropriate oversight arrangements which reflect the size and complexity of the business. Applicants can assist the DFSA by describing in detail the ownership structure, high level controls and clear reporting lines which demonstrate an adequate segregation of duties.
6.4. The DFSA will request details of the background, history and ownership of the start up entity and, where applicable, its group. Similar details relating to the background, history and other interests of the directors of the start up entity may be required. Where it considers it necessary to do so, the DFSA may undertake independent background checks on such material. A higher degree of due diligence will apply to individuals involved in start up entities and there would be an expectation that the entity itself will have conducted detailed background checks, which may then be verified by the DFSA.
6.5. All applicants are required to establish an appropriate systems and control environment to demonstrate that the affairs of the firm are managed and controlled effectively. The nature of the systems and controls will depend on the nature, size and complexity of the business. Start up entities may wish to consider which additional systems and controls may be appropriate in the initial period of operation following launch, such as increased risk or compliance monitoring. Due to the unproven track record of start up entities, the DFSA may impose restrictions on the business activities of the entity or a greater degree and intensity of supervision until such a track record is established.
6.6. The Senior Executive Officer within all Authorised Firms is expected to take full responsibility for ensuring compliance with the DFSA rules by establishing a strong compliance culture which is fully embedded within the organisation. To this end, a start up entity will be required to appoint a UAE resident Compliance Officer and Money Laundering Reporting Officer (MLRO) with the requisite skills and relevant experience in compliance and anti money laundering duties. The individuals fulfilling these roles within start up entities will be expected to demonstrate to the DFSA, their competence to perform the proposed role and adequate knowledge of the relevant sections of the DFSA rulebook and, in the case of the MLRO, the wider anti-money laundering legislation and related provisions.