Home   Browse contents   View updates   Search  
     Quick search
Go
   

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Laws
Rulebook Modules
General Module (GEN) [VER43/02-19]
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Notices
Financial Markets Tribunal
Archive

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • GEN 5 Management, Systems and Controls

    • GEN 5.1 Application

      • GEN 5.1.1

        (1) Subject to (5), this chapter applies to every Authorised PersonG with respect to the Financial ServicesG carried on in or from the DIFCG .
        (2) It also applies in a Prudential ContextG to a Domestic FirmG with respect to all its activities wherever they are carried on.
        (3) GEN Section 5.3 also applies to an Authorised FirmG in a Prudential ContextG with respect to its entire DIFCG branch's activities wherever they are carried on.
        (4) This chapter also applies to an Authorised Market InstitutionG , if it has an endorsed LicenceG authorising it to maintain an Official List of SecuritiesG , with respect to such maintenance.
        (5) GEN Rules 5.3.13, 5.3.14, 5.3.15, 5.3.23, 5.3.24, 5.3.30 and 5.3.31 do not apply to an Authorised ISPVG .
        (6) This chapter does not apply to a Representative OfficeG .
        Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
        [Amended] DFSA RM19/2005 (as from 19th April 2005). [VER3/04-05]
        [Amended] DFSA RM48/2007 (Made 1st October 2007). [VER16/10-07]
        [Amended] DFSA RM68/2009 (Made 3rd January 2010). [VER24/01-10]
        [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

        • GEN 5.1.1 Guidance

          1. The purpose of this chapter is to set out the requirements for the Governing BodyG and the senior management within an Authorised PersonG who are to take direct responsibility for the Authorised Person'sG arrangements on matters likely to be of interest to the DFSAG wherever they may give rise to risks to the DFSA'sG objectives or they affect the DFSA'sG functions under the legislation applicable in the DIFCG . See also the requirements relating to organisation in Rules 5.3.2 and 5.3.3.
          2. In relation to an Authorised Market InstitutionG , this chapter should be read in conjunction with the AMI module.
          3. In relation to an Authorised FirmG which is a Fund ManagerG or the TrusteeG , this chapter should be read in conjunction with the CIR module and construed to take into account any FundG which the Authorised FirmG operates or for which it acts as the TrusteeG .
          4. In relation to an Authorised PersonG which carries on Islamic Financial BusinessG in or from the DIFC, this chapter should be read in conjunction with the IFR module.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM19/2005 (as from 19th April 2005). [VER3/04-05]
          [Amended][VER8/04-06]
          [Amended]DFSA RM34/2006[VER11/08-06]
          [Amended] DFSA RM72/2010 (Made 11th July 2010) [VER26/07-10]
          [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]
          [Amended] DFSA RM105/2012 (Made 23rd December 2012). [VER32/12-12]

    • GEN 5.2 Allocation of significant responsibilities

      • Apportionment of significant responsibilities

        • GEN 5.2.1

          An Authorised PersonG must apportion significant responsibilities between the members of its Governing BodyG and its senior management and maintain such apportionment in such a way that:

          (a) it meets the corporate governance requirements in Rule 5.3.30;
          (b) it is appropriate with regard to:
          (i) the nature, scale and complexity of the business of the Authorised PersonG ; and
          (ii) the ability and qualifications of the responsible individuals;
          (c) it is clear who is responsible for which matters; and
          (d) the business of the Authorised PersonG can be adequately monitored and controlled by the Authorised Person'sG Governing BodyG and senior management.

          [Amended]DFSA RM43/2007 (Made 1st June 2007). [VER14/06-07]
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

        • GEN 5.2.2

          An Authorised PersonG must allocate to the Senior Executive OfficerG or to the individual holding equivalent responsibility for the conduct for the Authorised Person'sG business or the Governing BodyG , the functions of:

          (a) dealing with the apportionment of responsibilities; and
          (b) overseeing the establishment and maintenance of systems and controls.

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

          • GEN 5.2.2 Guidance

            Rules 5.2.1 and 5.2.2 do not derogate from the overall responsibility of the Governing BodyG in Rule 5.3.30(2).

            [Added]DFSA RM43/2007 (Made 1st June 2007). [VER14/06-07]
            [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

      • Recording of apportionment

        • GEN 5.2.3

          (1) An Authorised PersonG must establish and maintain an up-to-date record of the arrangements it has made to comply with Rules GEN 5.2.1 and GEN 5.2.2.
          (2) The record must show that the members of the Governing BodyG and the senior management are aware of and have accepted the responsibilities apportioned in accordance with GEN Rule 5.2.1.
          (3) Where a responsibility has been allocated to more than one individual, the record must show clearly how that responsibility is allocated between the individuals.
          (4) The record must be retained for six years from the date on which it was established or superseded by a more up-to-date record.

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

    • GEN 5.3 Systems and controls

      • General requirement

        • GEN 5.3.1

          (1) An Authorised PersonG must establish and maintain systems and controls, including but not limited to financial and risk systems and controls, that ensure that its affairs are managed effectively and responsibly by its senior management.
          (2) An Authorised PersonG must undertake regular reviews of its systems and controls.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM43/2007 (Made 1st June 2007). [VER14/06-07]

          • GEN 5.3.1 Guidance

            The nature and extent of the systems and controls of an Authorised PersonG will depend upon a variety of factors including the nature, scale and complexity of its business. While all Authorised PersonsG , irrespective of the nature, scale, and complexity of their business and legal structure or organisation need to comply with this chapter, the DFSAG will take into account these factors and the differences that exist between Authorised PersonsG when assessing the adequacy of an Authorised Person'sG systems and controls. Nevertheless, neither these factors nor the differences relieve an Authorised PersonG from compliance with its regulatory obligations.


            Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
            [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

      • Organisation

        • GEN 5.3.2

          (1) An Authorised PersonG must establish and implement, taking due account of the nature, scale and complexity of its business and structure, adequate measures to ensure that:
          (a) the roles and responsibilities assigned to its Governing BodyG and the members of that body, senior management and Persons Undertaking Key Control FunctionsG are clearly defined;
          (b) there are clear reporting lines applicable to the individuals undertaking those functions; and
          (c) the roles, responsibilities and reporting lines referred to in (a) and (b), are documented and communicated to all relevant EmployeesG .
          (2) An Authorised FirmG must ensure that any EmployeeG who will be delivering Financial ServicesG to its customers is clearly identified, together with his respective lines of accountability and supervision.
          (3) An Authorised FirmG which is conducting Investment BusinessG or the Financial ServicesG of Providing Fund AdministrationG or Providing Trust ServicesG , must ensure it makes publically available details of any EmployeeG who delivers Financial ServicesG to its customers, by including such information:
          (a) in a register, maintained by the Authorised FirmG at its place of business and open for inspection during business hours; or
          (b) on the website of the Authorised FirmG .
          (4) An Authorised FirmG referred to in (3), must have complete and up to date information on its register or website, including:
          (a) the date on which the relevant EmployeeG commenced delivering of Financial ServicesG to customers; and
          (b) the Financial ServicesG which that EmployeeG is permitted by the Authorised FirmG to deliver to customers.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended][VER10/06-06]
          [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]
          [Amended] DFSA RM96/2012 (Made 24th July 2012) [VER30/07-12]

          • GEN 5.3.2 Guidance

            1. The term EmployeeG is defined in the GLOG widely and includes members of the Governing BodyG or directors and senior managers of the Authorised FirmG . Therefore, the requirements relating to EmployeesG in Rules 5.3.3 and 5.3.6 apply to all EmployeesG including those across the organisation.
            2. The division of responsibilities between the Governing BodyG and the senior management should be clearly established and set out in writing. In assigning duties, the Governing BodyG should take care that no one individual has unfettered powers in making material decisions.
            3. Members of the Governing BodyG may include individuals undertaking senior management functions (such as the chief executive of the firm) and Persons Undertaking Key Control FunctionsG . In assigning specific functions to such individuals, care should be taken to ensure that the integrity and effectiveness of the functions they are to perform are not compromised. For example, if the ChairpersonG of the Governing BodyG is also the chief executive officer of the Authorised PersonG , the Governing BodyG should ensure that the performance assessment of that individual in his roles should be undertaken by a senior non-executive member of the Governing BodyG or an independent external consultant.
            4. Persons Undertaking Key Control FunctionsG are defined in GLOG in an inclusive manner to encompass PersonsG such as the heads of risk control, compliance and internal audit functions. In the case of an InsurerG , the actuary also is a PersonG who Undertakes a Key Control FunctionG .
            5. An example of an EmployeeG providing Financial ServicesG to a customer is a client relationship manager employed by an Authorised FirmG providing wealth management services. In contrast, an EmployeeG who may be employed in the back office of an Authorised FirmG with responsibility for setting up client accounts would not be client facing.
            [Added] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]
            [Amended] DFSA RM96/2012 (Made 24th July 2012) [VER30/07-12]

        • GEN 5.3.3

          An Authorised PersonG must ensure that key duties and functions are segregated. Such segregation must ensure that the duties and functions to be performed by the same individual do not conflict with each other, thereby impairing the effective discharge of those functions by the relevant individuals (such as undetected errors or any abuse of positions) and thus exposing the Authorised PersonG or its customers or users to inappropriate risks.

          [Added] DFSA RM96/2012 (Made 24th July 2012) [VER30/07-12]

      • Risk management

        • GEN 5.3.4

          An Authorised PersonG must establish and maintain risk management systems and controls to enable it to identify, assess, mitigate, control and monitor its risks.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

        • GEN 5.3.5

          An Authorised PersonG must develop, implement and maintain policies and procedures to manage the risks to which the Authorised PersonG and where applicable, its customers or users, are exposed.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

        • GEN 5.3.6

          (1) An Authorised PersonG must appoint an individual to advise its Governing BodyG and senior management of such risks.
          (2) An Authorised PersonG which is part of a GroupG should be aware of the implications of any GroupG wide risk policy and systems and controls regime.

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

      • Compliance

        • GEN 5.3.7

          An Authorised PersonG must establish and maintain compliance arrangements, including processes and procedures that ensure and evidence, as far as reasonably practicable, that the Authorised PersonG complies with all legislation applicable in the DIFCG .


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]
          [Amended] DFSA RM211/2018 (Made 22nd February 2018). [VER41/04-18]

        • GEN 5.3.8

          An Authorised PersonG must document the organisation, responsibilities and procedures of the compliance function.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.9

          An Authorised PersonG must ensure that the Compliance OfficerG has access to sufficient resources, including an adequate number of competent staff, to perform his duties objectively and independently of operational and business functions.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.10

          An Authorised PersonG must ensure that the Compliance OfficerG has unrestricted access to relevant records and to the Authorised Person'sG Governing BodyG and senior management.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.11

          An Authorised PersonG must establish and maintain monitoring and reporting processes and procedures to ensure that any compliance breaches are readily identified, reported and promptly acted upon.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.12

          An Authorised PersonG must document the monitoring and reporting processes and procedures as well as keep records of breaches of any of legislation applicable in the DIFCG .

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

          • [Deleted]

            [Deleted] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

      • Internal audit

        • GEN 5.3.13

          (1) An Authorised PersonG must establish and maintain an internal audit function with responsibility for monitoring the appropriateness and effectiveness of its systems and controls.
          (2) The internal audit function must be independent from operational and business functions.

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

          • GEN 5.3.13 Guidance

            The PersonG appointed as the Internal AuditorG of an Authorised Market InstitutionG is a Key IndividualG pursuant to AMI Rule 5.3.1.

            [Added] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.14

          An Authorised PersonG must ensure that its internal audit function has unrestricted access to all relevant records and recourse when needed to the Authorised Person'sG Governing BodyG or the relevant committee, established by its Governing BodyG for this purpose.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

        • GEN 5.3.15

          An Authorised PersonG must document the organisation, responsibilities and procedures of the internal audit function.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

      • Business plan and strategy

        • GEN 5.3.16

          (1) An Authorised PersonG must produce a business plan which enables it, amongst other things, to manage the risks to which it and its customers are exposed.
          (2) The business plan must take into account the Authorised Person'sG current business activities and the business activities forecast for the next twelve months.
          (3) The business plan must be documented and updated as appropriate to take account of changes in the business environment and to reflect changes in the business of the Authorised PersonG .

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

      • Management information

        • GEN 5.3.17

          An Authorised PersonG must establish and maintain arrangements to provide its Governing BodyG and senior management with the information necessary to organise, monitor and control its activities, to comply with legislation applicable in the DIFCG and to manage risks. The information must be relevant, accurate, comprehensive, timely and reliable.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

      • Staff and agents

        • GEN 5.3.18

          An Authorised PersonG must establish and maintain systems and controls that enable it to satisfy itself of the suitability of anyone who acts for it.

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

        • GEN 5.3.19

          (1) An Authorised FirmG must ensure, as far as reasonably practical, that its EmployeesG are:
          (a) fit and proper;
          (b) competent and capable of performing the functions which are to be assigned to those EmployeesG ; and
          (c) trained in the requirements of the legislation applicable in the DIFCG .
          (2) An Authorised FirmG must establish and maintain systems and controls to comply with (1). An Authorised FirmG must be able to demonstrate that it has complied with these requirements through appropriate measures, including the maintenance of relevant records.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] [VER10/06-06]
          [Amended] DFSA RM56/2008 (Made 1st July 2008). [VER19/07-08]

          • GEN 5.3.19 Guidance

            1.  When considering whether an EmployeeG is fit and proper, competent and capable, an Authorised FirmG should consider any training undertaken or required by an EmployeeG , the nature of the ClientsG to whom an EmployeeG provides Financial ServicesG , and the type of activities performed by an EmployeeG in the provision of such Financial ServicesG including any interface with ClientsG .
            2.  When assessing the fitness and propriety of EmployeesG , an Authorised FirmG should be guided by the matters set out in section 2.3 of the RPP Sourcebook and should also monitor conflicts or potential conflicts of interest arising from all of the individual's links and activities.
            3.  When assessing the competence and capability of an Authorised FirmG should:
            a.  obtain details of the skills, knowledge and experience of the EmployeeG relevant to the nature and requirements of the role;
            b.  take reasonable steps to verify the relevance, accuracy and authenticity of any information obtained;
            c.  determine, in light of the Employee'sG relevant skills, knowledge and experience, that the EmployeeG is competent and capable of fulfilling the duties of the role; and
            d.  consider the level of responsibility that the EmployeeG will assume within the Authorised FirmG , including whether the EmployeeG will be providing Financial ServicesG to Retail ClientsG in an interfacing role.
            4.  An Authorised FirmG should also satisfy itself that an EmployeeG :
            a.  continues to be competent and capable of performing its the role;
            b.  has kept abreast of market, product, technology, legislative and regulatory developments that are relevant to the role, through training or other means; and
            c.  is able to apply his knowledge.
            5. Refer to section 2.2.13 of the RPP Sourcebook for criteria for suitability of members of the Governing BodyG of the Authorised FirmG .
            Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
            [Amended] [VER10/06-06]
            [Amended] DFSA RM56/2008 (Made 1st July 2008). [VER19/07-08]
            Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]
            [Amended] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

      • Conduct

        • GEN 5.3.20

          An Authorised PersonG must establish and maintain systems and controls that ensure, as far as reasonably practical, that the Authorised PersonG and its EmployeesG do not engage in conduct, or facilitate others to engage in conduct, which may constitute:

          (a) market abuse, whether in the DIFCG or elsewhere; or
          (b) a financial crime under any applicable U.A.E.G laws.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]
          [Amended] DFSA RM184/2016 (Made 7th December 2016). [VER38/02-17]

          • GEN 5.3.20 Guidance [Deleted]

            [Deleted] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

      • Outsourcing

        • GEN 5.3.21

          (1) An Authorised PersonG which outsources any of its functions or activities directly related to Financial ServicesG to service providers (including within its GroupG ) is not relieved of its regulatory obligations and remains responsible for compliance with legislation applicable in the DIFCG .
          (2) The outsourced function under this RuleG shall be deemed as being carried out by the Authorised PersonG itself.
          (3) An Authorised PersonG which uses such third party providers must ensure that it:
          (a) has undertaken due diligence in choosing suitable service providers;
          (b) effectively supervises the outsourced functions or activities; and
          (c) deals effectively with any act or failure to act by the service provider that leads, or might lead, to a breach of any legislation applicable in the DIFCG .

          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]

        • GEN 5.3.22

          (1) An Authorised PersonG must inform the DFSAG about any material outsourcing arrangements.
          (2) An Authorised PersonG which has a material outsourcing arrangement must:
          (a) establish and maintain comprehensive outsourcing policies, contingency plans and outsourcing risk management programmes;
          (b) enter into an appropriate and written outsourcing contract; and
          (c) ensure that the outsourcing arrangements neither reduce its ability to fulfil its obligations to customers and the DFSAG , nor hinder supervision of the Authorised PersonG by the DFSAG .
          (3) An Authorised PersonG must ensure that the terms of its outsourcing contract with each service provider under a material outsourcing arrangement require the service provider to:
          (a) provide for the provision of information under section 11.1 in relation to the Authorised PersonG and access to their business premises; and
          (b) deal in an open and co-operative way with the DFSAG .
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]

          • GEN 5.3.22 Guidance

            1. An Authorised Person'sG outsourcing arrangements should include consideration of:
            a. applicable guiding principles for outsourcing in financial services issued by the Joint ForumG ; or
            b. any equivalent principles or regulations the Authorised PersonG is subject to in its home country jurisdiction.
            2. An outsourcing arrangement would be considered to be material if it is a service of such importance that weakness or failure of that service would cast serious doubt on the Authorised Person'sG continuing ability to remain fit and proper or to comply with DFSAG administered Laws and Rules.

      • Business continuity and disaster recovery

        • GEN 5.3.23

          (1) An Authorised PersonG must have in place adequate arrangements to ensure that it can continue to function and meet its obligations under the legislation applicable in the DIFCG in the event of an unforeseen interruption.
          (2) These arrangements must be kept up to date and regularly tested to ensure their effectiveness.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

          • GEN 5.3.23 Guidance

            1. In considering the adequacy of an Authorised Person'sG business continuity arrangements, the DFSAG will have regard to the Authorised Person'sG management of the specific risks arising from interruptions to its business including its crisis management and disaster recovery plans.
            2. The DFSAG expects an Authorised PersonG to have:
            a. arrangements which establish and maintain the Authorised Person'sG physical security and protection for its information systems for business continuity purposes in the event of planned or unplanned information system interruption or other events that impact on its operations;
            b. considered its primary data centres' and business operations' reliance on infrastructure components, for example transportation, telecommunications networks and utilities and made the necessary arrangements to minimise the risk of interruption to its operations by arranging backup of infrastructure components and service providers; and
            c. considered, in its plans for dealing with a major interruption to its primary data centre or business operations, its alternative data centres' and business operations' reliance on infrastructure components and made the necessary arrangements such that these do not rely on the same infrastructure components and the same service provider as the primary data centres and operations.

            Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]

      • [Deleted]

        [Deleted] DFSA RM56/2008 (Made 1st July 2008). [VER19/07-08]

        • GEN 5.3.24 [Deleted]

          [Deleted] DFSA RM56/2008 (Made 1st July 2008). [VER19/07-08]

          • [Deleted]

            [Deleted] DFSA RM56/2008 (Made 1st July 2008). [VER19/07-08]

      • Records

        • GEN 5.3.24

          (1) An Authorised PersonG must make and retain records of matters and dealings, including Accounting RecordsG and corporate governance practices which are the subject of requirements and standards under the legislation applicable in the DIFC.
          (2) Such records, however stored, must be capable of reproduction on paper within a reasonable period not exceeding 3 business days.
          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          [Amended] DFSA RM42/2007 (Made 15th February 2007). [VER13/02-07]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]
          [Amended] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.25

          Subject to GEN Rule 5.3.26, the records required by GEN Rule 5.3.24 or by any other rule in this RulebookG must be maintained by the Authorised PersonG in the English language.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]

        • GEN 5.3.26

          If an Authorised Person'sG records relate to business carried on from an establishment in a territory outside the DIFCG , an official language of that territory may be used instead of the English language as required by GEN Rule 5.3.25.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]

        • GEN 5.3.27

          An Authorised PersonG must have systems and controls to fulfil the Authorised Person'sG legal and regulatory obligations with respect to adequacy, access, period of retention and security of records.


          Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]

      • Fraud

        • GEN 5.3.28

          An Authorised PersonG must establish and maintain effective systems and controls to:

          (a) deter and prevent suspected fraud against the Authorised PersonG ; and
          (b) report suspected fraud and other financial crimes to the relevant authorities.
          [Added]DFSA RM43/2007 (Made 1st June 2007). [VER14/06-07]
          Amended in accordance with Notice of Amendments to Legislation April 2011 [VER27/02-11]

      • [Deleted]

        [Deleted] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

        • GEN 5.3.29 [Deleted]

          [Deleted] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

          • GEN 5.3.29 Guidance [Deleted]

            [Deleted] DFSA RM119/2013 (Made 14th July 2013). [VER33/07-13]

      • Corporate Governance

        • GEN 5.3.30

          (1) An Authorised PersonG must have a Governing BodyG and senior management that meet the requirements in (2) and (3) respectively.
          (2) The Governing BodyG of the Authorised PersonG must:
          (a) be clearly responsible for setting or approving (or both) the business objectives of the firm and the strategies for achieving those objectives and for providing effective oversight of the management of the firm;
          (b) comprise an adequate number and mix of individuals who have, among them, the relevant knowledge, skills, expertise and time commitment necessary to effectively carry out the duties and functions of the Governing BodyG ; and
          (c) have adequate powers and resources, including its own governance practices and procedures, to enable it to discharge those duties and functions effectively.
          (3) The senior management of the Authorised PersonG must be clearly responsible for the day-to-day management of the firm's business in accordance with the business objectives and strategies approved or set by the Governing BodyG .
          [Added] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

          • GEN 5.3.30 Guidance

            Scope of corporate governance

            1. Corporate governance is a framework of systems, policies, procedures and controls through which an entity:
            a. promotes the sound and prudent management of its business;
            b. protects the interests of its customers and stakeholders; and
            c. places clear responsibility for achieving (a) and (b) on the Governing BodyG and its members and the senior management of the Authorised PersonG .
            2. Many requirements designed to ensure sound corporate governance of companies, such as those relating to shareholder and minority protection and responsibilities of the Board of DirectorsG of companies, are found in the company laws and apply to Authorised PersonsG . Additional disclosure requirements also apply if they are listed companies. The requirements in this Module are tailored to Authorised PersonsG and are designed to augment and not to exclude the application of those requirements.
            3. Whilst Rule 5.3.30 deals with two aspects of corporate governance, the requirements included in other provisions under sections 5.2 and 5.3 also go to the heart of sound corporate governance by promoting prudent and sound management of the Authorised Person'sG business in the interest of its customers and stakeholders. These requirements together are designed to promote sound corporate governance practices in Authorised PersonsG whilst also providing a greater degree of flexibility for Authorised PersonsG in establishing and implementing a corporate governance framework that are both appropriate and practicable to suit their operations.
            4. Stakeholder groups of an Authorised PersonG , who would benefit from the sound and prudent management of firms, can be varied but generally encompass its owners (shareholders), customers (in the case of an AMIG , its members and investors), creditors, counterparties and employees, whose interests may not necessarily be mutually coextensive. A key objective in enhancing corporate governance standards applicable to Authorised PersonsG is to ensure that firms are soundly and prudently managed, with the primary regard being had to its customers.

            Proportionate application to firms depending on the nature of their business

            5. One of the key considerations that underpins how the corporate governance requirements set out in Rule 5.3.30 apply to an Authorised PersonG is the nature, scale and complexity of the Authorised Person'sG business, and its organisational structure.
            6. While requiring banks, insurers and dealers to have more detailed and complex corporate governance systems and controls, simpler systems and procedures could be required for other firms, depending on the nature and scale of their Financial ServicesG . For example, in the case of certain types of Category 4 Financial ServiceG providers such as arranging or advising only firms, less extensive and simpler corporate governance systems and procedures may be sufficient to meet their corporate governance obligations.
            7. For example, an Authorised PersonG which is a small scale operation with a tightly held ownership structure may not have a Governing BodyG which comprises members who are fully independent of the firm's business and from each other, nor be sufficiently large to be able to form numerous committees of the Governing BodyG to undertake various functions such as nomination and remuneration. In such cases, whilst strict adherence to such aspects of best practice would not be required, overall measures as appropriate to achieve the sound and prudent management of the business would be needed. For example, a firm with no regulatory track record would be expected to have additional corporate governance controls in place to ensure the sound and prudent management of its business, such as the appointment of an independent director (who has relevant regulatory experience) to its Governing BodyG .

            Application to Branches and Groups

            8. As part of the flexible and proportionate application of corporate governance standards to firms, whether a firm is a BranchG or a subsidiary within a GroupG is also taken into account. An Authorised PersonG which is a member of a GroupG may, instead of developing its own corporate governance policies, adopt group-wide corporate governance standards. However, the Governing BodyG of the Authorised PersonG should consider whether those standards are appropriate for the firm, and to the extent possible, make any changes as necessary.
            9. In the case of a BranchG , corporate governance practices adopted at the head office would generally apply to the BranchG and are expected to be adequate. The DFSAG considers, as part of its authorisation of a BranchG and on-going supervision, the adequacy of regulatory and supervisory arrangements applicable in the home jurisdiction, including a corporate governance framework adopted and implemented by the head office (see section 3.2.15 of the RPP Sourcebook).

            Best practice relating to corporate governance

            10. In addition to the considerations noted above, best practice that an Authorised PersonG may adopt to achieve compliance with the applicable corporate governance standards is set out in Guidance at Appendix 3.1. An Authorised PersonG may, where the best practice set out in App3.1 is not suited to its particular business or structure, deviate from such best practice or any aspects thereof. The DFSAG will expect the Authorised PersonG to demonstrate to the DFSAG , upon request, what the deviations are and why such deviations are considered by the Authorised PersonG to be appropriate.
            [Added] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

      • Remuneration structure and strategies

        • GEN 5.3.31

          (1) The Governing BodyG of an Authorised PersonG must ensure that the remuneration structure and strategy of the firm:
          (a) are consistent with the business objectives and strategies and the identified risk parameters within which the firm's business is to be conducted;
          (b) provide for effective alignment of risk outcomes and the roles and functions of the EmployeesG , taking account of:
          (i) the nature of the roles and functions of the relevant EmployeesG ; and
          (ii) whether the actions of the EmployeesG may expose the firm to unacceptable financial, reputational and other risks;
          (c) at a minimum, include the members of its Governing BodyG , the senior management, Persons Undertaking Key Control FunctionsG and any major risk-taking EmployeesG ; and
          (d) are implemented and monitored to ensure that they operate, on an on-going basis, effectively and as intended.
          (2) The Governing BodyG must provide to the DFSAG and relevant stakeholders sufficient information about its remuneration structure and strategies to demonstrate that such structure and strategies meet the requirements in (1) on an on-going basis.
          (3) For the purposes of this Rule, "major risk-taking EmployeesG " are EmployeesG whose actions have a material impact on the risk exposure of the Authorised PersonG .
          [Added] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]

          • GEN 5.3.31 Guidance

            Proportionate application to firms depending on the nature of their business

            1. Those considerations set out in Guidance items 5 – 7 under Rule 5.3.30 apply equally to the way in which the remuneration structure and strategies related requirement in Rule 5.3.31 is designed to apply to an Authorised PersonG . Accordingly, whilst most Category 4 firms may have simple arrangements to achieve the outcome of aligning performance outcomes and risks associated with remuneration structure and strategies, banks, insurers and dealers are expected to have more stringent measures to address such risks.

            Application to Branches and Groups

            2. As part of the flexible and proportionate application of corporate governance standards to firms, whether a firm is a BranchG or a subsidiary within a GroupG is also taken into account. As such, the considerations noted in Guidance items 8 – 9 under Rule 5.3.30 apply equally to the application of the remuneration related requirements for BranchesG and GroupsG . For example, where an Authorised PersonG is a member of a GroupG , its Governing BodyG should consider whether the Group wide policies, such as those relating to the EmployeesG covered under the remuneration strategy and the disclosure relating to remuneration made at the GroupG level are adequate to meet its obligations under Rule 5.3.31.

            Best practice relating to corporate governance

            3. In addition to the considerations noted above, best practice that an Authorised PersonG may adopt to promote sound remuneration structure and strategies within the firm is set out as Guidance at Appendix 3.2. Where such best practice or any aspects thereof are not suited to a particular Authorised Person'sG business or structure, it may deviate from such best practice. The DFSAG will expect the Authorised PersonG to demonstrate, upon request, what the deviations are and why such deviations are considered appropriate.

            Disclosure of information relating to remuneration structure and strategy

            4. The information which an Authorised PersonG provides to the DFSAG relating to its remuneration structure and strategies should be included in the annual report or accounting statements. The DFSAG expects the annual report of Authorised PersonsG to include, at a minimum, information relating to:
            a. the decision making process used to determine the firm-wide remuneration policy (such as by a remuneration committee or an external consultant if any, or by the Governing BodyG ):
            b. the most important elements of its remuneration structure (such as, in the case of performance based remuneration, the link between pay and performance and the relevant assessment criteria); and
            c. aggregate quantitative information on remuneration of its Governing Body, the senior management, Persons Undertaking Key Control FunctionsG and any major risk taking EmployeesG .
            5. The DFSAG may, pursuant to its supervisory powers, require additional information relating to the remuneration structure and strategy of an Authorised FirmG to assess whether the general elements relating to remuneration under Rule 5.3.31(1) are met by the firm. Any significant changes to the remuneration structure and strategy should also be notified to the DFSAG before being implemented. See Rule 11.10.20.
            6. The information included in the annual report is made available to the DFSAG and the shareholders, and in the case of a listed company, to the public. The Governing BodyG of the Authorised PersonG should also consider what additional information should be included in the annual report. In the case of banks, insurers and dealers, more detailed disclosure of remuneration structure and strategy and its impact on the financial soundness of the firm would be required. When providing disclosure relating to remuneration in its annual report, Authorised PersonsG should take account of the legal obligations that apply to the firm including the confidentiality of information obligations.
            [Added] DFSA RM95/2012 (Made 14th June 2012). [VER29/06-12]