Contact us

Month: July 2025

ADGM Company Service Provider Compliance with AML and Sanction Rules

Posted on by kashadmin

The Abu Dhabi Global Market (ADGM) Registration Authority (RA) has issued a direct and urgent reminder to all Company Service Providers (CSPs): meet your obligations or face enforcement.

In a letter dated 8 November 2024, the RA expressed serious concern that some CSPs are “not conducting business in a manner that is fully compliant with the requirements.” Following a targeted desk-based review of nearly 20% of licensed CSPs, the findings reveal a widespread failure to meet key conditions set out in the Commercial Licensing Regulations (Conditions of Licence and Branch Registration) Rules 2024, rules that have been in place since April and were updated significantly in 2023.

The RA’s message is clear: regulatory leniency is over. CSPs are gatekeepers to the ADGM business ecosystem and are now expected to demonstrate full adherence to both licensing and AML frameworks.

Ten Licensing Conditions of Every CSP Must Meet

The review was anchored around the following ten conditions under Schedule 1 of the 2024 Rules:

1. Fit and Proper Person – Senior managers, directors, and beneficial owners must meet clear fitness and propriety standards.

2. Policies, Procedures and Controls – Internal governance must be documented, up-to-date, and effective.

3. Appropriate Insurance Cover – Firms must maintain valid and sufficient insurance policies for business continuity.

4. Prudent Business Operation, Adequate Resources and Staff Certification – CSPs must ensure staff dealing directly or indirectly with clients or the Registrar are certified.

5. Staffing in the Abu Dhabi Global Market – Many CSPs had no certified staff physically present in ADGM during ordinary business hours, contrary to the Rules.

6. Anti-Money Laundering Officers – Designated officers must be appointed and actively maintain AML frameworks aligned with ADGM and UAE standards.

7. Compliance Officer – A qualified compliance officer must be appointed and able to demonstrate active oversight.

8. Minimum Regulatory Capital – Firms must maintain the minimum capital thresholds required under the CSP Framework.

9. Annual CSP Return – Returns were often found to be inaccurate, with firms declaring staff were certified or present when they were not.

10. Principles – Firms are expected to uphold high standards of integrity, transparency, and professional conduct.

AML Failures Compound the Risks

Alongside licensing non-compliance, the RA highlighted serious gaps in AML and sanctions compliance. CSPs, classified as Designated Non-Financial Businesses and Professions (DNFBPs), must adhere to the ADGM AML Rules (Chapters 1–9 and 11–15) and applicable UAE Federal AML laws, including Cabinet Decisions 10 of 2019 and 74 of 2020.

Firms are expected to conduct a full gap analysis of Chapters 4–9 and 11–14 within six months of receiving the letter and to retain evidence of findings and remedial action.

The RA warned it will not hesitate to escalate failings to Enforcement, including the imposition of penalties, licence suspensions or cancellations.

How Clarity Can Help CSPs

At Clarity, we work closely with CSPs in ADGM and other regulatory hubs, and the trends we’ve seen echo the RA’s concerns. Compliance is no longer a passive process — it’s a continual, strategic exercise in good governance.

We’re here to help you:

Draft and update tailored policies, procedures, and controls to meet current requirements

• Conduct independent reviews of your compliance systems and AML framework

• Perform your annual AML assessment, as required under Rule 4.1.1(4)

• Deliver bespoke AML training, face-to-face or online, designed around your team’s needs

• Guide your team through your next Annual CSP Return with confidence and clarity

Whether you’re concerned about your staff certification records, unsure about physical presence obligations, or simply haven’t revisited your insurance or capital adequacy levels, now is the time to act.

Contact Clarity for a confidential compliance check-up. Whether you’re an established CSP or preparing for launch in ADGM, we can help you ensure your framework is robust, compliant, and defensible.

DFSA Overhauls Client Assets Regime Ahead of 2026 Implementation

Posted on by kashadmin

  

The Dubai Financial Services Authority (DFSA) has unveiled a comprehensive update to its Client Assets regime, signalling a significant evolution in how authorised firms must manage, report on, and protect client money, investments, and crypto tokens within the Dubai International Financial Centre (DIFC). The new rules will come into effect on 1 January 2026, following consultation through CP160 and the associated Feedback Statement.

Published last week, the DFSA’s updated regime and accompanying Frequently Asked Questions (FAQ) highlight a series of structural and supervisory shifts aimed at improving investor protection, clarifying responsibilities for auditors and firms, and preparing the industry for crisis scenarios.

Key Reforms

At the heart of the overhaul are four core updates:

    Clarified obligations for firms that control but do not hold client assets, reducing ambiguity in the regulatory perimeter.

    Exclusion of Fund Property (including investments and crypto tokens) from the Client Assets regime, where those assets form part of a fund’s portfolio.

    • Introduction of a Client Asset Crisis Preparedness Pack, mandating firms to maintain essential information to facilitate asset return in the event of insolvency or disruption.

    New auditing responsibilities, requiring more specific reporting across client money, investments, and crypto token custody.

The revised framework comes amid a growing regional push to elevate financial infrastructure standards and align with global best practice. While most firms are expected to operate on a calendar-year basis, the DFSA has acknowledged transitional complexity for firms with non-calendar financial years, with dual reporting potentially required during the crossover period.

FAQs: What the Industry Needs to Know

The DFSA’s 24-question FAQ document, published alongside the online summary, offers detailed guidance for firms and auditors preparing for implementation. Key areas covered include:

    Timeline & Transitional Guidance: Confirmation that the current rules remain in effect until 31 December 2025, with dual compliance issues addressed for non-calendar-year firms.

    Audit and Reporting Requirements: Firms must submit Client Assets Auditor’s Reports — including separate reports for client money, safe custody of investments, and crypto tokens — within four months of their financial year-end. A further summary of non-compliance findings must follow within 30 days.

    Third-Party Agent (TPA) Assessments: Emphasis is placed on due diligence, creditworthiness evaluation, and diversification considerations when entrusting TPAs with client assets.

    Client Disclosure Rules: Firms must disclose insolvency regimes and depositor preference frameworks applicable in TPA jurisdictions.

    Reconciliation & Recordkeeping: Monthly reconciliations are the baseline, with more frequent checks expected depending on transaction volume and risk. Firms must also maintain robust TPA assessment records.

    Client Asset Crisis Preparedness Pack: A central innovation of the new regime, the Pack must be maintained by firms that hold or provide custody of client assets, but not by those that merely control them. It must be kept up to date within five business days of any material change and may be integrated into existing business continuity plans.

    Fund Management Exemptions: The rules explicitly exempt firms engaged solely in delegated fund management from holding a Client Assets endorsement, provided they do not also offer wealth management services.

Sector Response and Outlook

While the DFSA has committed to running outreach sessions ahead of implementation, firms are being urged to conduct gap analyses and update internal systems and controls without delay. Registered Auditors are similarly expected to revise their audit methodologies in line with the new scope and structure.

With its phased rollout and technical clarifications, the new Client Assets regime is positioned to provide greater certainty and security across the DIFC ecosystem, particularly as the market expands its exposure to crypto assets, cross-border custody, and outsourced operations.

The full FAQ and further details can be accessed via the DFSA’s website.

Need help preparing for the DFSA’s revised Client Assets regime?

At Clarity, we work with authorised firms and auditors to ensure full readiness ahead of the 1 January 2026 deadline. Whether you need help conducting a gap analysis, updating audit processes, reviewing your client disclosures, we’re here to support you.

Get in touch today to discuss how we can help you meet the new requirements with confidence.

  

  

DFSA Sounds Alarm on AI, Cyber and Quantum Risks in New Global Regulatory Report

Posted on by kashadmin

The Dubai Financial Services Authority (DFSA) has published a wide-ranging report spotlighting the escalating risks posed by artificial intelligence (AI), cyber threats, and quantum computing within global financial markets. The report draws on insights from the DFSA’s inaugural Cyber and AI Risk Regulatory College, convened in May 2025, and marks a call to action for greater international collaboration in navigating emerging technologies.

Attended by 70 senior officials from 18 financial authorities worldwide, the event facilitated candid discussion on how supervisory bodies can stay ahead of increasingly complex digital threats. The resulting report offers both a reflection on current vulnerabilities and a roadmap for regulatory evolution.

Mounting Cyber Threats and Supply Chain Weaknesses

The report underscores a rising volume and sophistication of cyberattacks, particularly through digital supply chains and third-party service providers. As financial institutions become more reliant on technology partners, regulators are urged to heighten scrutiny of interconnected risk exposures, especially in cross-border contexts.

The DFSA advocates proactive threat intelligence sharing and enhanced due diligence across the financial services ecosystem—both within and between jurisdictions.

AI: Opportunity Meets Accountability

Artificial intelligence, a cornerstone of modern financial innovation, is also identified as a significant regulatory blind spot. The report highlights concerns over explainability, model bias, data governance, and dependency on opaque third-party AI vendors.

In response, the DFSA calls for robust supervisory frameworks that can hold firms accountable for how AI is developed, deployed, and monitored—ensuring human oversight remains central even as automation advances.

Preparing for the Quantum Leap

One of the report’s more forward-looking themes is the risk posed by quantum computing. With current encryption standards potentially obsolete in the face of quantum breakthroughs, the DFSA stresses the urgency of transitioning to post-quantum cryptography (PQC). Financial institutions are advised to begin risk assessments and scenario planning now, well ahead of any mainstream quantum deployment.

Global Dialogue and the DFSA’s Role

Crucially, the report positions collaboration—not competition—as the cornerstone of digital risk regulation. It champions collective action via supervisory colleges, international forums, and knowledge exchange platforms.

For its part, the DFSA will continue investing in its Threat Intelligence Platform, enhancing AI risk capabilities, and supporting innovation hubs within the Dubai International Financial Centre (DIFC).

A Wake-Up Call

The DFSA’s publication is both a technical assessment and a strategic signal. At a time when regulatory frameworks often trail behind technological change, this report reinforces the need for agile supervision grounded in global cooperation. It also cements Dubai’s ambition to be not just a hub for financial innovation—but a thought leader in how it is governed.