7. Exercising Powers for Other Authorities

7.1 As discussed earlier, Article 39 of the Regulatory Law gives the DFSA specific statutory authority to exercise its powers at the request, and on behalf, of Article 38/39 Authorities. As a matter of policy and further to its commitment to the principles in Part 2 above, the DFSA will exercise its powers under Article 39 unless:

(a) the request would require the DFSA to act in a manner that would violate applicable UAE criminal laws, DIFC laws or DFSA policies;
(b) a regulator making a request is not a Financial Services Regulator as defined in the Regulatory Law (for the purposes of this policy a Financial Services Regulator means a regulator whose principal mandate includes regulating one or more of securities, commodities, asset management, collective investment schemes, insurance and reinsurance, banking, investment services, trust service providers, Islamic finance and companies);
(c) the request is in relation to criminal or enforcement proceedings and criminal or enforcement proceedings have already been initiated in the DIFC or UAE relating to the same facts or same persons, or the same persons have already been penalised or sanctioned on substantively the same allegations or charges and to the same degree by the DFSA or the competent authorities in the UAE;
(d) the request would be prejudicial to the “public interest” of the DIFC;
(e) the requesting authority refuses to give corresponding assistance to the DFSA;
(f) complying with the request would be so burdensome as to prejudice or disrupt the performance of DFSA regulatory functions and duties; or
(g) the authority fails to demonstrate a legitimate reason for the request.

7.2 If the DFSA decides to obtain and disclose confidential information on behalf of another authority under Article 39, then it must do so in accordance with the provisions of Article 38. Generally though, for the DFSA to agree to provide confidential information in response to an Article 39 request, the authority will be required to:

(a) make the request in writing, or if urgent make the request orally and, unless otherwise agreed, confirm it in writing within ten business days;
(b) describe the confidential information requested and the purpose for which the authority seeks the information;
(c) provide a brief description of the facts supporting the request and the relevant legal powers authorising the request;
(d) specify whether the purpose of the request is for actual or possible criminal, civil or administrative enforcement proceedings relating to a violation of the laws and regulations administered by the authority;
(e) agree that it will not use the confidential information for any other purpose than that for which it was requested unless it has the express permission of the DFSA;
(f) indicate, if known, the identity of any persons whose rights or interests may be adversely affected by the disclosure of confidential information;
(g) indicate whether obtaining the consent of, or giving notice to, the person to whom the request for confidential information relates would jeopardise or prejudice the purpose for which the information is sought;
(h) specify whether any other authority, governmental or nongovernmental, is co-operating with the requesting authority or seeking information from the confidential files of the requesting authority;
(i) specify whether onward disclosure of confidential information is likely to be necessary and the purpose such disclosure would serve;
(j) agree to revert to the DFSA in the event that it seeks to use the confidential information for any purposes other than those specified in the request;
(k) agree to keep requested confidential information confidential, including the fact that a request for confidential information was made, except as it conforms to this policy or in response to a legally enforceable demand;
(l) agree, in the event of a legally enforceable demand, that it, the requesting authority, will notify the DFSA prior to complying with the demand, and will assert such appropriate legal exemptions or privileges with respect to such confidential information as may be available;
(m) agree that, prior to providing information to a self-regulatory organisation, the requesting authority will ensure that the self-regulatory organisation is able and will comply on an ongoing basis with the confidentiality provisions agreed to between the requesting authority and DFSA; and
(n) agree to use its best efforts to protect the confidentiality of confidential information received from the DFSA pursuant to the provisions in Articles 38 and 39 of the Regulatory Law, the Data Protection Law and this policy.
Example: In an international securities fraud or money laundering investigation the kind of documents the DFSA may provide to an Article 38/39 Authority may include, documents from contemporaneous records sufficient to reconstruct all securities, derivatives and bank transactions, records of all funds and assets transferred into and out of bank and brokerage accounts relating to these transactions, records that identify the beneficial owner and controller, and for each transaction, the account holder, the particulars of the transaction, and the individual and the authorised financial or market institution that handled the transaction. In a case where any of this confidential information has been provided to the DFSA by another authority, the DFSA will advise and consult that authority before disclosing it to a third party (Article 38/39 Authority).