Contact us

Category: Blog

DFSA Overhauls Client Assets Regime Ahead of 2026 Implementation

Posted on by kashadmin

  

The Dubai Financial Services Authority (DFSA) has unveiled a comprehensive update to its Client Assets regime, signalling a significant evolution in how authorised firms must manage, report on, and protect client money, investments, and crypto tokens within the Dubai International Financial Centre (DIFC). The new rules will come into effect on 1 January 2026, following consultation through CP160 and the associated Feedback Statement.

Published last week, the DFSA’s updated regime and accompanying Frequently Asked Questions (FAQ) highlight a series of structural and supervisory shifts aimed at improving investor protection, clarifying responsibilities for auditors and firms, and preparing the industry for crisis scenarios.

Key Reforms

At the heart of the overhaul are four core updates:

    Clarified obligations for firms that control but do not hold client assets, reducing ambiguity in the regulatory perimeter.

    Exclusion of Fund Property (including investments and crypto tokens) from the Client Assets regime, where those assets form part of a fund’s portfolio.

    • Introduction of a Client Asset Crisis Preparedness Pack, mandating firms to maintain essential information to facilitate asset return in the event of insolvency or disruption.

    New auditing responsibilities, requiring more specific reporting across client money, investments, and crypto token custody.

The revised framework comes amid a growing regional push to elevate financial infrastructure standards and align with global best practice. While most firms are expected to operate on a calendar-year basis, the DFSA has acknowledged transitional complexity for firms with non-calendar financial years, with dual reporting potentially required during the crossover period.

FAQs: What the Industry Needs to Know

The DFSA’s 24-question FAQ document, published alongside the online summary, offers detailed guidance for firms and auditors preparing for implementation. Key areas covered include:

    Timeline & Transitional Guidance: Confirmation that the current rules remain in effect until 31 December 2025, with dual compliance issues addressed for non-calendar-year firms.

    Audit and Reporting Requirements: Firms must submit Client Assets Auditor’s Reports — including separate reports for client money, safe custody of investments, and crypto tokens — within four months of their financial year-end. A further summary of non-compliance findings must follow within 30 days.

    Third-Party Agent (TPA) Assessments: Emphasis is placed on due diligence, creditworthiness evaluation, and diversification considerations when entrusting TPAs with client assets.

    Client Disclosure Rules: Firms must disclose insolvency regimes and depositor preference frameworks applicable in TPA jurisdictions.

    Reconciliation & Recordkeeping: Monthly reconciliations are the baseline, with more frequent checks expected depending on transaction volume and risk. Firms must also maintain robust TPA assessment records.

    Client Asset Crisis Preparedness Pack: A central innovation of the new regime, the Pack must be maintained by firms that hold or provide custody of client assets, but not by those that merely control them. It must be kept up to date within five business days of any material change and may be integrated into existing business continuity plans.

    Fund Management Exemptions: The rules explicitly exempt firms engaged solely in delegated fund management from holding a Client Assets endorsement, provided they do not also offer wealth management services.

Sector Response and Outlook

While the DFSA has committed to running outreach sessions ahead of implementation, firms are being urged to conduct gap analyses and update internal systems and controls without delay. Registered Auditors are similarly expected to revise their audit methodologies in line with the new scope and structure.

With its phased rollout and technical clarifications, the new Client Assets regime is positioned to provide greater certainty and security across the DIFC ecosystem, particularly as the market expands its exposure to crypto assets, cross-border custody, and outsourced operations.

The full FAQ and further details can be accessed via the DFSA’s website.

Need help preparing for the DFSA’s revised Client Assets regime?

At Clarity, we work with authorised firms and auditors to ensure full readiness ahead of the 1 January 2026 deadline. Whether you need help conducting a gap analysis, updating audit processes, reviewing your client disclosures, we’re here to support you.

Get in touch today to discuss how we can help you meet the new requirements with confidence.

  

  

DFSA Sounds Alarm on AI, Cyber and Quantum Risks in New Global Regulatory Report

Posted on by kashadmin

The Dubai Financial Services Authority (DFSA) has published a wide-ranging report spotlighting the escalating risks posed by artificial intelligence (AI), cyber threats, and quantum computing within global financial markets. The report draws on insights from the DFSA’s inaugural Cyber and AI Risk Regulatory College, convened in May 2025, and marks a call to action for greater international collaboration in navigating emerging technologies.

Attended by 70 senior officials from 18 financial authorities worldwide, the event facilitated candid discussion on how supervisory bodies can stay ahead of increasingly complex digital threats. The resulting report offers both a reflection on current vulnerabilities and a roadmap for regulatory evolution.

Mounting Cyber Threats and Supply Chain Weaknesses

The report underscores a rising volume and sophistication of cyberattacks, particularly through digital supply chains and third-party service providers. As financial institutions become more reliant on technology partners, regulators are urged to heighten scrutiny of interconnected risk exposures, especially in cross-border contexts.

The DFSA advocates proactive threat intelligence sharing and enhanced due diligence across the financial services ecosystem—both within and between jurisdictions.

AI: Opportunity Meets Accountability

Artificial intelligence, a cornerstone of modern financial innovation, is also identified as a significant regulatory blind spot. The report highlights concerns over explainability, model bias, data governance, and dependency on opaque third-party AI vendors.

In response, the DFSA calls for robust supervisory frameworks that can hold firms accountable for how AI is developed, deployed, and monitored—ensuring human oversight remains central even as automation advances.

Preparing for the Quantum Leap

One of the report’s more forward-looking themes is the risk posed by quantum computing. With current encryption standards potentially obsolete in the face of quantum breakthroughs, the DFSA stresses the urgency of transitioning to post-quantum cryptography (PQC). Financial institutions are advised to begin risk assessments and scenario planning now, well ahead of any mainstream quantum deployment.

Global Dialogue and the DFSA’s Role

Crucially, the report positions collaboration—not competition—as the cornerstone of digital risk regulation. It champions collective action via supervisory colleges, international forums, and knowledge exchange platforms.

For its part, the DFSA will continue investing in its Threat Intelligence Platform, enhancing AI risk capabilities, and supporting innovation hubs within the Dubai International Financial Centre (DIFC).

A Wake-Up Call

The DFSA’s publication is both a technical assessment and a strategic signal. At a time when regulatory frameworks often trail behind technological change, this report reinforces the need for agile supervision grounded in global cooperation. It also cements Dubai’s ambition to be not just a hub for financial innovation—but a thought leader in how it is governed.

Summary of Feedback on Consultation Paper 161 – Enhancing Proportionality in Prudential Regulation

Posted on by kashadmin

The Dubai Financial Services Authority has finalised a series of reforms to its prudential framework, following industry feedback on Consultation Paper 161 (issued in October 2024).

 

The Authority’s Board approved the rule changes on 30th April 2025, with revised rules published and coming into force on 1st July 2025. Certain new requirements will take effect after a transitional period, from 1st July 2026.

 

The reforms are designed to ensure capital and liquidity requirements are proportionate to firms’ size, complexity, and risk profile, supporting a more efficient and internationally aligned regulatory environment in the Dubai International Financial Centre.

 

Summary of Feedback

 

Removal of the Expenditure Based Capital Minimum – The Dubai Financial Services Authority’s proposal to remove the Expenditure Based Capital Minimum (EBCM) requirement for Category 3 firms (except those undertaking specific licensed activities) that do not hold client assets or insurance monies was broadly welcomed. Some respondents favoured maintaining a blanket requirement for all firms in this category, but the Authority confirmed that wind-down capital will now only be required for firms holding client assets or insurance monies, with ongoing risks addressed via a new activity-based capital requirement.

 

Liquidity Requirements – The Dubai Financial Services Authority clarified their proposal for firms in Category 3 to hold liquid assets in the form of their applicable Base Capital Requirement (BCR), even if they are no longer subject to the EBCM. This aligns with the current rules for most Category 4 firms and is meant to ensure firms remain financially sound.

 

Eligibility Criteria for Liquid Assets – Respondents supported widening the scope of liquid assets to improve flexibility. Based on feedback, the Authority expanded eligible currencies for government bonds used to meet liquidity requirements to include British pounds and euros, in addition to United States dollars and United Arab Emirates dirhams. Proposals to allow exchange-traded funds and securitisations were rejected due to their market and liquidity risk profiles.

 

Activity Based Capital Requirement – Industry respondents supported the introduction of an activity-based capital requirement to ensure firms maintain an appropriate level of loss-absorbing capital. Some firms requested further clarification on how specific components would apply to their business models. The Authority advised that firms should consult their supervisory contacts during the transitional period. Proposals to introduce additional factors, such as daily trading flow, were not adopted.

 

Matched Principal Dealers and Prudential Category Changes – The Authority’s decision to move firms dealing as matched principal from Category 3A to Category 2 was largely accepted. Some firms sought clarification on prudential implications. The Authority confirmed that these firms will continue to follow the Basel framework but will be exempt from requirements such as the leverage ratio and capital conservation buffer.

 

Removal of Internal Capital and Risk Assessment Processes – The removal of the requirement for internal capital and risk assessment processes for Category 3 firms was supported. The Authority emphasised that it retains the power to impose additional capital or liquidity requirements where justified by a firm’s risk profile.

 

Professional Indemnity Insurance Requirements – Opinions were divided. The Authority will proceed with its proposal to remove mandatory professional indemnity insurance for firms subject to the activity-based capital requirement, except where international standards suggest it should remain (for example, insurance intermediaries and financial advisers). The required cover period was reduced from continuous to four years.

 

Implementation Timeline – Respondents supported a phased approach. Easing measures, such as the removal of the Expenditure Based Capital Minimum, will take effect from 1 July 2025. New requirements, such as the activity-based capital requirement and revised professional indemnity insurance rules, will take effect from 1 July 2026.

 

What is Consultation Paper 161?

 

As a reminder, Consultation Paper 161, issued in October 2024 by the Dubai Financial Services Authority, proposed reforms to enhance the proportionality of prudential regulation for authorised firms operating in the Dubai International Financial Centre.

 

The reforms aim to ensure that capital and liquidity requirements are better aligned to firms’ size, complexity and risk profiles, reducing unnecessary regulatory burden while maintaining market integrity and client protection.

 

The changes particularly affect firms in Category 3 but also introduce targeted adjustments for firms in Categories 2 and 4. The proposals build on earlier reforms to the framework for Category 4 firms and draw on international standards, including those used in the European Union and the United Kingdom.

 

How Clarity Can Help

 

With the Dubai Financial Services Authority finalising key reforms under Consultation Paper 161, firms must review how the new capital, liquidity and reporting requirements will affect their business.

 

Clarity provides expert support to help firms interpret the revised rules, assess their capital planning, and prepare for both the 2025 and 2026 implementation milestones.

For expert assistance in adapting to the updated prudential regime, contact Clarity today.