Home   Browse contents   View updates   Search  
     Quick search
Go
   

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • Policy Statements

    Policy Statements indicate how the DFSA will administer the Regulatory Law, the Rulebook and other legislation for which it is responsible.

    • Policy Statement 1/2012 Policy Statement on Appointment of a Sponsor

      Sponsor Appointment

      1. The Market Rules of the DFSA Rulebook (MKT) requires an Applicant who makes or intends to make a Prospectus OfferG in the DIFC to appoint a sponsor in sufficient time to enable the sponsor to comply with the requirements of MKT Chapter 7.
      2. This statement describes the views of the DFSA on matters relating to sponsors, including:
      (a) the purpose and role of a sponsor;
      (b) what kind of knowledge, experience, qualifications and resources a sponsor should have;
      (c) what are the regulatory obligations of a sponsor; and
      (d) what are the obligations of an Applicant who makes a Prospectus OfferG regarding its sponsor.
      3. This statement applies to:
      (a) An Applicant who makes or intends to make a Prospectus OfferG of SharesG in the DIFC; and
      (b) A sponsor appointed under Chapter 7 of MKT
      4. The requirement for the appointment of a sponsor is designed to ensure that an Applicant who makes or intends to make a Prospectus OfferG is aware of, and complies with, all applicable conditions for the OfferG of SecuritiesG and any other relevant requirements under MKT.
      5. MKT Rule 7.1.8 provides that a sponsor has a duty of care to the Applicant who appoints the sponsor. A sponsor may also be bound by other obligations that flow from its contractual relationship with the Applicant who appointed it. This statement does not address those obligations.
      6. The DFSA believes that it is in the interests of the developing DIFC capital markets for an Applicant who makes or intends to make a Prospectus OfferG to have a sponsor to ensure the ProspectusG complies with regulatory requirements and that the offering itself proceeds properly. Rule 7.1.2 of MKT provides that the appointment of a sponsor remains in effect for the Offer PeriodG or such other period as the DFSA determines as appropriate.
      7. It is important to understand that although the requirement to have a sponsor is made under the law and that a sponsor has regulatory obligations of its own, the Applicant who makes or intends to make a Prospectus OfferG does not, and cannot, avoid or diminish its regulatory obligations simply because it has a sponsor. The responsibility for the Applicant making the Prospectus OfferG to comply with the MKT remains the responsibility of the Applicant who is making a Prospectus OfferG .
      8. A sponsor should be a person fully familiar with the MKT and who has appropriate knowledge, experience, qualifications and resources to be able to assist and guide an Applicant who makes or intends to make a Prospectus OfferG .
      9. The obligation is on the Applicant who makes or intends to make a Prospectus OfferG to demonstrate that its sponsor possesses the necessary knowledge, experience, qualifications and, resources, including systems and controls, to be able to advise the Applicant on its obligations under the MKT.
      10.The DFSA expects a sponsor to have a track record in providing advice on all applicable conditions for OfferG of SecuritiesG and other related matters to companies whose SecuritiesG trade publicly in the DIFC or in jurisdictions whose regulatory and legal regimes are broadly comparable to the DIFC.
      11. A sponsor may be a specialist corporate finance advisory firm, investment bank or a firm that provides legal, accounting or compliance services in the financial services field. The DFSA expects sponsors to be partnerships or corporations with significant financial services and compliance experience. The DFSA expects key employees of the sponsor to have professional training in accounting, finance, economics or law and at least 5 years of relevant experience. The DFSA may require a sponsor to be domiciled in the DIFC.
      12. A sponsor's regulatory obligations under the MKT are statutory obligations and are found under MKT Rule 7.1.6. Rule 7.1.6(a) prescribes the obligation on a sponsor to ensure it satisfies itself, through due and careful enquiry, that the Applicant making or intending to make a Prospectus Offer satisfies all applicable obligations under Markets Law 2012 and MKT.
      13.The sponsor should be proactive by making enquiries to ensure all applicable obligations will be satisfied.
      14. A sponsor's regulatory obligations flowing from the MKT should not be interpreted as imposing strict liability on a sponsor where the sponsor makes due and careful enquiry and exercises its duty of care. The DFSA's intention is not to impose strict liability on the sponsor in circumstances where the sponsor has taken all reasonable steps to ensure that the Applicant who makes or intends to make a Prospectus OfferG has complied with all applicable conditions related to the OfferG of SecuritiesG .
      15. Any breach of the sponsor's regulatory obligations in MKT Rule 7.1.6 will subject the sponsor to its own regulatory liability under MKT. Under these provisions, it is the obligation of the sponsor to, among other things:
      (a) provide to the DFSA any information that the DFSA may require for verifying that the MKT is being complied with;
      (b) to exercise a duty of care with respect to the Applicant which has appointed it;
      (c) notify the DFSA in the case of a failure by the Applicant to comply with its obligations under MKT; and
      (d) notify the DFSA of any non-co-operation by the Applicant who makes or intends to make the Prospectus OfferG , or its EmployeesG .
      16. An Applicant making a Prospectus OfferG in the DIFC has specific regulatory obligations in relation to its sponsor. These are found under MKT Rule 7.1.9. Under these provisions it is the obligation of the Applicant making a Prospectus OfferG to, among other things:
      (a) take all reasonable steps to ensure that the proposed sponsor has the required knowledge, experience, qualifications and resources to carry out its duties;
      (b) take reasonable steps to ensure that the relevant sponsor is independent and has managed conflicts of interest appropriately;
      (c) ensure the Applicant and its employees cooperate with the sponsor and do not interfere with the sponsor's ability to discharge its duties;
      (d) report to the sponsor any matter which may significantly affect the financial position of the Applicant or the price or value of the SecuritiesG ; and
      (e) promptly advise the DFSA in writing when a sponsor resigns or is terminated including providing details of all relevant facts and circumstances.

      Dubai Financial Services Authority
      July 2012

    • Policy Statement 2/2012 Policy Statement on Appointment of Compliance Adviser

      Compliance Adviser

      1. Pursuant to Rule 7.2.2 of the Markets Rules of the DFSA Rulebook (MKT), the DFSA has the discretion to require a Reporting EntityG to appoint a compliance adviser for a specified period to assist the Reporting EntityG to comply with its continuing obligations under the Markets Law 2012 and the MKT.
      2. This statement describes the view of the DFSA on matters relating to compliance advisers including
      (a) the purpose of a compliance adviser;
      (b) the kind of knowledge, experience, qualifications and resources a compliance adviser should have;
      (c) the circumstances in which the DFSA is likely to exercise its discretion and require a Reporting EntityG to appoint a compliance adviser;
      (d) the obligations of a Reporting EntityG regarding compliance advisers; and
      (e) the manner in which a compliance adviser can assist a Reporting EntityG to meet its continuing obligations.
      3. This statement applies to a Reporting EntityG that is required by the DFSA to appoint a compliance adviser under the MKT. A Reporting EntityG is defined in Article 38 of the Markets Law 2012.
      4. This statement will also be of interest to PersonsG who act as compliance advisers to Reporting Entities. Compliance advisers do not have or take on any regulatory obligations of their own if they agree to act as compliance advisers to Reporting Entities.
      5. When the DFSA decides that it is advisable for a Reporting EntityG to appoint a compliance adviser it will notify the Reporting EntityG of its decision in writing. The DFSA anticipates that before directing a Reporting EntityG to appoint a compliance adviser, it will discuss the proposed appointment with the Reporting EntityG to ensure the appointment is appropriate and that the proposed compliance adviser has the requisite expertise and resources to act. The Reporting EntityG will then be obliged to enter a contract for services with a person who has the appropriate expertise and resources to act as the Reporting Entity'sG compliance adviser.
      6. The purpose of a compliance adviser is to assist a Reporting EntityG , which in the opinion of the DFSA, is unable, or may have difficulty, on its own, complying with its continuing obligations under the Markets Law 2012. Rather than prohibiting a Reporting EntityG in these circumstances from participating in the DIFC capital markets, the DFSA may conclude that it is in the interests of the DIFC capital markets for the Reporting EntityG to retain persons with the necessary expertise and resources to help the Reporting EntityG meet its continuing obligations until it is able to do this on its own.
      7. It is important to understand that the compliance adviser's role and duties are based on its contractual obligations to the Reporting EntityG and not on any regulatory obligations. A Reporting EntityG does not, and cannot, avoid or diminish its regulatory obligations simply because it is required to have a compliance adviser. The responsibility for the Reporting EntityG to comply with its continuing obligations remains the sole regulatory responsibility of the Reporting EntityG . Thus, it is the Reporting Entity'sG obligation to:
      (a) demonstrate that its compliance adviser has the appropriate knowledge, experience, qualifications and resources, including systems and controls, to fulfil its advisory role;
      (b) give its compliance adviser unfettered access to the Reporting Entity'sG senior management and governing body including access to relevant information concerning the operations of the Reporting EntityG ; and
      (c) ensure its compliance adviser continues to fulfil its role until the DFSA advises the Reporting EntityG that the compliance adviser is no longer required.
      8. A compliance adviser appointed by a Reporting EntityG should be a person who is fully familiar with the Markets Law 2012 and MKT and who has appropriate knowledge, experience, qualifications and resources to be able to assist and guide a Reporting EntityG to comply with its continuing obligations.
      9. The DFSA expects a compliance adviser to have a track record in providing advice on continuous disclosure, corporate governance, director's duties and other related matters to companies whose securities trade publicly in the DIFC or in jurisdictions whose regulatory and legal regimes are broadly comparable to the DIFC. The DFSA may require a compliance adviser to be domiciled in the DIFC.
      10. A compliance adviser may be a specialist corporate finance advisory firm (i.e. investment bank) or a firm that provides legal, accounting or compliance services in the financial services field. The DFSA expects compliance advisers to be partnerships or corporations with significant financial services and compliance experience. The DFSA expects key employees of the compliance adviser to have professional training in accounting, finance, economics or law and at least 5 years relevant experience.
      11. The DFSA will carefully consider the circumstances of each case before it decides to require a Reporting EntityG to appoint a compliance adviser. While it is difficult to predict all of the scenarios in which the DFSA would conclude that it is advisable and appropriate to require a Reporting EntityG to appoint a compliance adviser, the DFSA would consider doing so where the DFSA is of the opinion that:
      (a) the Reporting EntityG is, or may be unable to or may have difficulty on its own in carrying out its continuing obligations unassisted; or
      (b) there is a reasonable expectation that the proposed compliance adviser, if appointed, will be able to assist the Reporting EntityG to meet its continuing obligations.
      12. The DFSA retains the discretion to direct a Reporting EntityG to appoint a compliance adviser in any other circumstances if it determines that it is appropriate to do so.
      13. All of the obligations in MKT in dealing with compliance advisers fall on the Reporting EntityG . This is reflected in Rule 7.2.5 of MKT. Under this provision, it is the obligation of the Reporting EntityG , who has been directed by the DFSA to appoint a compliance adviser to, amongst other things:
      (a) take reasonable steps to ensure that the compliance adviser has the required, knowledge, experience, qualifications and resources to carry out its duties;
      (b) take reasonable steps to ensure that the compliance adviser is independent and has managed conflicts of interest appropriately;
      (c) provide any information about the compliance adviser if requested to do so by the DFSA;
      (d) ensure the Reporting EntityG and its employees cooperate with the compliance adviser and do not interfere with the compliance adviser's ability to discharge its duties;
      (e) take reasonable steps to rectify any failure brought to the Reporting Entity'sG attention by the compliance adviser;
      (f) take reasonable steps to ensure that the compliance adviser cooperates in any investigation conducted by the DFSA as provided by Rule 7.2.7 of MKT; and
      (g) promptly advise the DFSA in writing when a compliance adviser resigns or is terminated including providing details of all relevant facts and circumstances.
      14. To assist a Reporting EntityG to meet its continuing obligations, particularly those prescribed in MKT, a compliance adviser may consider it useful, amongst other things, to:
      (a) accompany the Reporting EntityG to any meetings with the DFSA, unless otherwise requested by the DFSA; and
      (b) discuss with the Reporting EntityG ;
      (i). the disclosure of any Inside Information as required under MKT before such disclosure is made;
      (ii). a submission of non-disclosure notification as required under MKT before such submission is made;
      (iii). a transaction or event in MKT which may require disclosure before such event is contemplated;
      (iv). any material deviation from any forecast, estimate or other information in the Prospectus or equivalent document or in the Reporting Entity'sG annual report or financial statement
      (v). any change to the intended use of proceeds of an Offer as outlined in the Prospectus or equivalent document before any such use by the Reporting EntityG ;
      (vi). the Reporting Entity'sG operating performance and financial condition by reference to the Reporting Entity'sG business objectives and use of issue proceeds as stated in its Prospectus or equivalent document;
      (vii). the Reporting Entity'sG compliance with the terms and conditions of any waivers granted from the Markets Law and MKT;
      (viii). whether any profit forecast or estimate in the Prospectus or equivalent document will be or has been met by the Reporting EntityG and whether it is appropriate to notify the DFSA and make disclosure in a timely and appropriate manner;
      (ix). compliance with any undertakings provided by the Reporting EntityG and its directors at the time of becoming a Reporting EntityG and in the event of non-compliance, discuss the issue with the Reporting Entity'sG board of directors and make recommendations to the board regarding appropriate remedial steps; and
      (x). information to be provided by the Reporting EntityG further to a DFSA request.
      15. The above list is not mandatory or exhaustive, but merely a guide to highlight some of the continuing obligations of Reporting Entities and those for which compliance advisers will likely provide specific assistance.

      Dubai Financial Services Authority
      July 2012

    • Policy Statement 1/2013 Guidelines on the recognition of External Credit Assessment Institutions (ECAIs)

      Click here to view Policy Statement in PDF format.

      Click here to view Appendix — External Credit Assessment Institutions (ECAI's) recognized under the PIB module for the purposes of section 4.11 in PDF format.

      Guidelines on the recognition of External Credit Assessment Institutions (ECAIs)

      1. The PIB RulesG in PIB Section 4.11 and PIB 4.12 require Authorised FirmsG to use external credit ratings issued by External Credit Assessment InstitutionsG (ECAIsG ), to determine the risk weight of their exposures, provided the ECAIsG that produce those ratings have been recognised as eligible for that purpose by the DFSAG .
      2. The DFSAG will grant this recognition only if it assesses an ECAIG to meet the recognition criteria laid down in these guidelines. Where an ECAIG is registered as a credit rating agency (CRAG ) in accordance with relevant DFSAG RulesG , the DFSAG will consider the requirements of objectivity, independence, ongoing review and transparency with respect to its assessment methodology to be satisfied for the purposes of this recognition.
      3. The recognition of any ECAIG by the DFSAG , for the purposes of relevant PIB rules as referred above, does not in any way constitute a form of regulation of ECAIsG or a form of licensing of rating agencies to do business in or from the DIFC. Its sole purpose is to provide a basis for capital requirement calculations in the PIB RulesG .
      4. This guideline sets out the DFSA'sG approach to the recognition of eligible ECAIsG . This covers:
      •  The recognition process,
      •  The recognition criteria, and
      •  The criteria for 'mapping' external credit ratings of each of the recognised ECAIsG to the Credit Quality GradesG (CQG) referred in the PIB rules.
      5. The guidelines set out the agreed procedures for the application and assessment process. The DFSAG intends to employ two modes of supervisory recognition for ECAIsG : direct and indirect recognition. In direct recognition, the DFSAG will make its own evaluation of an ECAI'sG compliance with the recognition criteria detailed under these regulations. In indirect recognition, the DFSAG will recognise an ECAIG based on its recognition by another jurisdiction with equivalent standards, without carrying out their own evaluation process.
      6. The DFSAG propose to carry out an overall assessment of an ECAIG applying for recognition according to stated recognition criteria. The technical criteria laid out in part 2 of these guidelines, address the concepts of objectivity, independence, ongoing review and transparency.

      Background

      7. A recognised ECAIG is a credit rating agency, other than an Export Credit AgencyG , that has been assessed and determined by the DFSAG as being eligible for recognition under these guidelines. An Authorised FirmG must use only the credit ratings issued by a recognised ECAIG , apart from cases where the PIB RulesG allow the use of credit ratings or credit assessment scores from Export Credit AgenciesG , for the purposes of determining CRWsG under the PIB RulesG .
      8. A Registered Credit Rating AgencyG , registered under relevant DFSAG RulesG is also required to apply for, and obtain, the recognition by the DFSAG for use of its credit ratings for purposes referred in the PIB RulesG . All applications from ECAIsG for recognition must be supported by reasonable evidence that the credit ratings will be used for regulatory capital purposes under the PIB rules.
      9. As part of the recognition process, the DFSAG will seek an adequate level and amount of information from every applicant, required for their assessment. Upon receiving the required information, the DFSAG will assess the information provided by the applicant for recognition in accordance with the recognition criteria laid out in these guidelines. The purpose of the recognition criteria is to identify ECAIsG that produce external credit ratings of sufficiently high quality, consistency and robustness to be used by Authorised FirmsG for regulatory capital purposes under the PIB RulesG . The DFSAG will publish and maintain a list of all recognised ECAIsG at any point in time.
      10. Subsequent to the recognition of an ECAIG for the purposes of its use under the PIB RulesG , the DFSAG will publish the 'mapping' of its ratings to the Credit Quality GradesG referred in the PIB RulesG . The determination of this mapping will be achieved through an objective and consistent process, and based on both qualitative and quantitative factors. The process followed by the DFSAG for determining the mapping is entirely based on the guidance from BCBS, set out in Annex 2 of the Basel II framework published in June 2004. The process incorporates the use of three-year cumulative default rates together with qualitative analysis and appropriate flexibility of supervisory response.
      11. The DFSAG will carry out a separate mapping of credit ratings for securitisation positions, using both quantitative and qualitative factors, including quantitative factors such as default and loss rates, and qualitative factors such as the methodologies adopted by ECAIsG , the range of transactions assessed, and whether market participants view ECAIs'G ratings of securitisation products as being equivalent.
      12. The guidelines adopt a customised approach to the use of the credit ratings of Collective Investment FundsG (CIFs) in the PIB RulesG , in order to cover the wide variety of funds in the market. As per the guidelines, in order to be recognised for use under the PIB RulesG , a CIFG credit rating must depend primarily on the credit quality of the underlying assets of the CIFG . Credit ratings of CIFG will be mapped using these guidelines and will not be subject to a separate mapping approach.
      13. These guidelines are structured in four parts and an annex:
      •  Part 1 describes the process for recognition of an ECAIG and the process by which the DFSAG will handle applications for recognition from ECAIsG ;
      •  Part 2 sets out the criteria for assessing whether an ECAIG qualifies for recognition for the purposes of using its rating under the PIB RulesG ;
      •  Part 3 describes the process for determining the mapping of the credit ratings of recognised ECAIsG to Credit Quality GradesG referred in the PIB RulesG . This section also addresses specific issues relating to the mapping of credit ratings for short-term instruments and the credit ratings for securitisation positions and CIFsG .
      •  Part 4 provides clarification on the use of credit ratings from Export Credit AgenciesG for regulatory capital purposes in accordance with the PIB rules.
      •  Annex I lists the information requirements required as part of the application for recognition of ECAIsG .

      Part 1: The recognition process

      General principles

      14. The recognition of an ECAIG by the DFSAG is restricted to the purpose of qualifying its ratings for use under the PIB RulesG and should not be taken as indicating suitability for any other purpose, including but not limited to eligibility for registration as a CRAG under relevant regulations of the DFSAG .
      15. The DFSAG will accept applications for recognition from ECAIsG seeking recognition or from Authorised FirmsG that intend to use the ECAI'sG credit ratings for use under the PIB RulesG . In cases where the application is received from an ECAIG , the DFSAG will seek confirmation that at least one Authorised FirmG intends to use the ECAI'sG credit ratings for risk-weighting purposes. This could be achieved by including in the application the name of at least one Authorised FirmG that proposes or intends to use the ECAI'sG credit ratings, supported by reasonable evidence of its intention to do so. This will ensure that the DFSAG will need to consider applications only from ECAIsG whose credit ratings would actually be used under the PIB RulesG . An Authorised FirmG must not apply for recognition on behalf of, or use the credit ratings for the purposes of the PIB RulesG , from an ECAIG which is its subsidiary or is connected to the Authorised FirmG .
      16. The DFSAG will seek all material information it requires to assess whether an ECAIG meets the eligibility criteria listed in these regulations. Consequently, irrespective of who makes the application, the recognition process will require the full cooperation of the ECAIG , in terms of its willingness and promptness in providing necessary information. The recognition process and the criteria for determining eligibility for recognition apply equally to ECAIsG which are registered under the regulation on CRAsG .
      17. As explained in Part 2 below, an ECAI'sG application for recognition will be assessed separately for recognition in each of three main market segments: public sector entities, commercial entities (including corporates and financial institutions), and structured finance (including securitisation). Applications must indicate in which market segment recognition is being sought by the applicant, and whether recognition is being sought for use of credit ratings for the risk weighting of securitisation positions.
      18. All applications should be supported by comprehensive, transparent, and appropriately concise documentation, as indicated below. When applications are made by Authorised FirmsG that intend to use an ECAI'sG credit ratings, it is recommended that the ECAIsG ensure provision of all relevant and material information required for the purpose of ECAIG recognition, to the DFSAG .
      19. The recognition of an ECAIG may be sought at the group level or at the subsidiary level. The key factor considered by the DFSAG in providing recognition at the group or at the subsidiary level, will be whether a given credit rating is assessed as representing the same opinion on the credit quality of a given rated entity, regardless of the level of ECAIG at which the credit rating is issued.
      20. If an ECAIG group can demonstrate that each of the subsidiaries for which it seeks recognition adheres to practices and procedures that are set at a group-wide level, then it will not be required to make separate applications for each subsidiary. However, separate applications will be required if subsidiaries use credit assessment processes, methodologies, and rating benchmarks that are materially different from those of the group. This approach recognises the organisation of certain crossborder ECAIsG , which apply the same 'core' credit assessment methodology consistently throughout the group. The assessment will reflect the comparability of credit ratings undertaken in different countries, regardless of the legal structure of the ECAIG group and notwithstanding the fact that the process of assigning credit ratings may involve credit analysts and rating committees located in a wide range of geographical locations. However, the DFSAG will not permit 'group-level' applications to include 'affiliates' or joint ventures.
      21. The DFSAG intends to employ two major approaches for recognition of ECAIsG :
      -   direct recognition, in which the DFSAG will carry out its own assessment of the ECAI'sG compliance with the eligibility criteria as set out in this document; and
      -   Indirect recognition, in which the DFSAG will rely on the recognition of the ECAIG in another jurisdiction with equivalent standards without carrying out its own direct recognition process.
      22. The DFSAG believes that much of the information called for in the application pack will already be available in ECAIs'G existing documentation, and that they should therefore be able to provide concise answers. However, some additional information may be needed, in particular concerning default data and other quantitative tools on which ECAIsG base their opinion of the creditworthiness of an entity.

      Disclosure by the DFSA

      23. The DFSAG will disclose the name of each recognised ECAIG along with the mapping that the DFSAG has established between the ECAI'sG credit ratings and the Credit Quality GradesG referred in PIB RulesG . The disclosure will also include information on the market segments (where applicable) for which recognition has been provided and the mapping for each of those segments.

      On-going review of eligibility

      24. To ensure that the credit ratings used by Authorised FirmsG in calculating their capital requirements remain of sufficiently high quality, the DFSAG will assess the continued eligibility of the recognised ECAIsG on the basis of the stated eligibility criteria. The ongoing ratings of recognised ECAIsG will be limited to ensuring that they continue to meet the criteria that led to their initial recognition.
      25. The DFSAG may withdraw the recognition of any ECAIG that fails to comply with the stated eligibility criteria for recognition.

      Part 2: ECAI recognition criteria

      Section 1 General principles

      26. The DFSAG will recognise an ECAIG as eligible for the purposes of using its credit ratings under the PIB RulesG only if it is satisfied that its assessment methodology complies with the requirements of objectivity, independence, ongoing review and transparency, and that the resulting credit ratings meet the requirements of credibility and transparency.
      27. The main purpose of the recognition criteria is to enable the DFSAG to identify ECAIsG that produce credit ratings of sufficiently high quality, consistency and robustness so that they can be used by Authorised FirmsG for determining their regulatory capital requirements under the PIB RulesG . The DFSAG will assess whether an ECAIG has adequate processes and procedures in place to ensure that its credit ratings meet the standards stated above.
      28. In determining the eligibility of an ECAIG for recognition, the DFSAG will take into account the technical criteria set out in Section 2 of this part.
      29. The DFSAG will recognise an ECAIG as eligible for the purposes of calculating the risk-weighted assets of a securitisation position, only if it is satisfied that the ECAIG has complied with the requirements laid down in these guidelines, taking into account the technical criteria set out in section 2 of this part, and that the ECAIG has demonstrated ability in the area of securitisation which may be evidenced by a strong market acceptance. In addition, the credit ratings shall comply with the principles of credibility and transparency.
      30. The DFSAG will treat all ECAIsG equally in assessing their eligibility for recognition. However, given the different business models adopted by individual ECAIsG , the DFSAG may need to take a differentiated approach to assessing how an ECAIG satisfies the stated recognition criteria. Accordingly, the DFSAG may place different weights on the various criteria for different ECAIsG , if this serves the ultimate objective of establishing whether an ECAI'sG methodology and credit ratings are appropriate for use in the PIB RulesG . The DFSAG will also take into consideration the ability of the ECAIG to produce robust credit ratings, based on quantitative methods and a proven track record. The DFSAG will also take account of market indications of the ECAI'sG standing. For example, strong market acceptance and the existence of a long track record may be viewed as indications that the market has a favourable opinion of the ECAI'sG methodology and credit ratings. As indicated in paragraphs 26 to 29, the relevant threshold for eligibility is that the ratings are recognised as credible and reliable by market participants and users of ratings.
      31. In addition, the extent to which an ECAIG adheres to a code of conduct which is in line with market standards or to internationally recognised principles such as the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies, may contribute to satisfying the DFSAG that the ECAIG conforms to specific eligibility criteria like, the independence criterion. This could reduce the amount of analysis that the DFSAG need to undertake in order to verify the ECAI'sG eligibility in these areas.

      Section 2 The technical criteria

      Objectivity

      32. Core Criterion: The DFSAG will verify that the methodology for assigning credit ratings is rigorous, systematic, continuous, and subject to validation based on historical experience.
      33. This criterion aims to ensure that an ECAI'sG credit rating methodology produces an informed and wellfounded opinion on the creditworthiness of the rated entities, and that its credit ratings are based on all information deemed relevant and available at the time they are issued.
      34. In order to meet this criterion, an ECAIG will need to demonstrate that its methodology incorporates factors known to be relevant in determining an entity's creditworthiness. This demonstration should, to the fullest extent possible, be supported by statistical evidence that the methodology has produced accurate credit ratings in the past.
      35. The ECAIG must also implement and follow procedures which ensure that its pre-defined credit rating methodology is applied consistently in the formulation of all credit ratings in a given asset class, such that two identical entities would receive equivalent credit ratings, and different analysts or rating committees within the ECAIG would assign equivalent credit rating to any given entity.
      36. Some ECAIsG do not have a single credit rating. This is to some extent evidenced by their publication of numerous papers describing their credit rating methodologies for different asset classes (e.g. corporates versus financial institutions), for different sub-classes (e.g. real estate companies versus telecom companies) and for different geographical regions (e.g. European healthcare providers versus US healthcare providers).
      37. However, ECAIsG appear to apply a similar 'core' credit rating methodology within broad asset classes or market segments. The same factors are identified as significant in determining a credit rating for all entities within the broad asset class, although different emphasis may be put on the importance of individual factors when assessing different companies within that broad asset class.
      38. In defining broad asset classes and/or market segments, it is not necessary for the core rating factors to be evaluated in an identical and mechanical way for all entities within a group. Indeed, it is expected that an ECAIG will place different emphasis on the importance of individual rating factors when assessing different companies and/or markets, and will take such differences into account. It is critically important that the same core rating factors are always considered, to some extent, when assessing an entity within the given asset class and/or market segments.
      39. An ECAIG may seek recognition for use of its ratings related to a broad asset class or market segment. In such cases, the relevant asset class or market segment will form the basis of the ECAIG recognition process with separate assessment of the ECAI'sG rating methodology for that particular broad asset class or market segment. This is not intended to prevent ECAIsG from seeking recognition for a methodology which is more specifically focused, e.g. on retail Asset Backed SecuritiesG .
      40. When assessing an ECAI'sG methodology in any of these broad asset classes or market segments, the DFSAG will avoid making a direct judgment as to whether an ECAI'sG methodology is objectively correct. The recognition of an ECAIG should not be seen as an endorsement by the DFSAG of any particular type of methodology.
      41. The DFSAG will focus on assessing whether the credit rating processes adopted by the ECAIG produces credit ratings that embody a sufficient level of consistency and discrimination to provide the basis for determination of capital requirements under relevant PIB RulesG .
      42. This assessment will focus on three factors:
      (a) Quantitative evidence of the discriminatory power of the ECAI'sG credit rating methodology, using statistical techniques such as default studies and transition matrices to demonstrate the robustness and predictive power of its credit ratings over time and across different asset classes;
      (b) The ECAI'sG demonstration that it has processes in place to identify and assess rating factors driving creditworthiness and to ensure that these rating factors are incorporated into the credit assessment methodology; and
      (c) The ECAI'sG demonstration that it has procedures which ensure that its predefined methodology is applied consistently in the formulation of all credit ratings.
      43. Where appropriate, the DFSAG will use quantitative evidence of the consistency and predictive power of an ECAI'sG credit ratings as an indicator of the objectivity of its methodological processes. When ECAIsG have a demonstrable track record of producing robust credit ratings using quantitative methods such as default or transition studies, the DFSAG will recognise it as a good indication that its methodological processes are sufficiently objective for the purposes of the PIB rules.
      44. In cases where there is less quantitative evidence to support the robustness of an ECAI'sG credit ratings, the DFSAG will need to undertake a greater assessment of the ECAI'sG methodological process in order to satisfy itself that the ECAI'sG methodology meets the objectivity criterion. The DFSAG will not undertake a detailed assessment of the exact methodology used by the ECAIG , but will instead satisfy themselves that the credit rating factors used in the ECAI'sG methodology are sensible predictors of creditworthiness, and that the ECAI'sG internal procedures ensure that its pre-defined credit rating methodology is applied consistently in the formulation of all credit ratings within each broad asset class or market segment.
      45. The DFSAG will ensure that recognised ECAIsG validate their methodologies based on historical experience. As indicated above, quantitative validation will need to be based on the ECAI'sG credit ratings rather than on the methodology itself. ECAIsG should demonstrate that the methods they use in their quantitative assessment confirm the robustness, discriminatory power, and consistency of their credit ratings over time and across different market segments. In addition, ECAIsG should demonstrate that procedures are in place to ensure that systematic rating errors highlighted by back-testing will be incorporated into credit rating methodologies and corrected.

      Independence

      46. Core Criterion: The DFSAG will verify that the methodology is free from external political influences or constraints, and from economic pressures that may influence the credit rating.

      Independence of the ECAI'sG methodology will be assessed by the DFSAG on the basis of the following factors:
      (a) ownership and organisation structure of the ECAIG
      (b) financial resources of the ECAIG
      (c) staffing and expertise of the ECAIG
      (d) corporate governance of the ECAIG
      47. This criterion serves to ensure that all credit ratings issued by ECAIsG are independent and objective in all circumstances, including when conflicts of interest may arise. Conflicts of interest may arise as a result of external political or economic pressures. Examples include the following situations:
      (a) The ECAIG is owned by a government, trade association, or political body that has an interest in securing favourable credit ratings for its constituent entities.
      (b) The ECAIG is owned by a private company which could use its position to secure favourable credit ratings.
      (c) The ECAI'sG financial position depends on revenue from key customers who could seek to leverage their position to secure favourable credit ratings.
      (d) The ECAIG provides ancillary services to rated entities or has other business relationships with them that could undermine the objectivity of its credit ratings.
      (e) An ECAIG employee is in a managing position in a rated entity.
      (f) The ECAI'sG staff are compensated in a manner, or they have business relationships with the rated entities, that could lead to non-objective credit ratings.
      48. An Authorised FirmG will not be allowed to use for its own capital adequacy determination purposes, the credit ratings from an ECAIG which is its subsidiary.
      49. A recognised ECAIG must have adequate procedures in place to ensure that their methodologies are free from political influences or constraints and from economic pressures that may influence the credit ratings. In order to satisfy the DFSAG on this aspect, an ECAIG will need to demonstrate:
      (a) That it has adopted, monitored, and successfully applied internal procedures to ensure that all credit ratings are formulated in a consistent and objective manner, particularly in situations where conflicts of interest may arise and could threaten objectivity;
      (b) That they have mechanisms in place to identify actual and potential conflicts of interest and take reasonable measures to prevent, manage and eliminate them, so that they do not impair the production of independent, objective, and high-quality credit ratings.
      50. The DFSAG considers that ECAIsG are in the best position to design for themselves, internal procedures, fee policies, staff management practices, corporate governance rules, and internal codes of conduct that manage potential conflicts of interests and ensure that their credit assessment methodologies are free from political and economic influences. It should be demonstrated that ECAIsG have adopted appropriate internal practices and procedures in this respect, and in particular in the following areas:
      (a) A recognised ECAIG must demonstrate that it has put in place, and apply, adequate safeguards to ensure its independence from ownership, and to prevent external pressure or constraints (either political or economic) from jeopardising the objectivity of the credit rating process.
      (b) An ECAIG must demonstrate that its organisational structure separates its credit rating business—(operationally, personally and potentially legally)—from any other business, such as consulting services, that undermine the objectivity of the credit ratings.
      (c) An ECAIG should demonstrate that it has adequate financial resources, and has adequate safeguards in place to ensure independence from key customers and issuers, and prevent nonobjective credit ratings.
      (d) In terms of staffing and expertise, an ECAIG should demonstrate that its staff has the levels of skills and experience necessary to perform the tasks required of them—for example, that at least one person involved in the rating decision-making process has at least three years of experience as a rating analyst or in a comparable function (e.g. as an analyst in a credit firm). The ECAIG should also have enough resources to carry out consistent ratings and to have frequent contacts with the rated companies when this represents a necessary part of their methodology.
      (e) A recognised ECAIG should have an independent internal audit function or a function that plays the same role and carries out the same tasks.
      (f) The integrity of the credit rating process should be ensured by adequate written internal procedures, corporate governance rules, fee policies, and, where relevant, an internal code of conduct.
      (g) In order to promote independence through transparency and market scrutiny, an ECAIG should consider disclosing situations where conflicts of interest have arisen or may potentially arise, and the mechanisms in place to identify, prevent, manage, and eliminate conflicts of interest.

      On-going Review

      51. Core Criterion: A recognised ECAI'sG credit ratings are subject to ongoing review and should be responsive to changes in financial conditions. Such reviews should take place after all significant events, and at least annually. Before any recognition, the DFSAG will verify that the rating methodology for each market segment is established according to standards such as the following:
      (a) The back testing must be established for at least one year.
      (b) The regularity of the review process by the ECAIG must be able to be monitored by the DFSAG .
      (c) The DFSAG must be able to receive from the ECAIG the extent of its contact with the senior management of the entities which it rates.
      52. A recognised ECAIG must promptly inform the DFSAG about any material changes in the methodology they use for assigning credit ratings.
      53. The purpose of the ongoing review criterion is to ensure that the ECAI'sG external credit ratings remain appropriate over different periods of time and through changes in market conditions. The terms 'changes in financial conditions' or 'significant events are linked and they both refer to any event (financial or otherwise) that is large enough to potentially or actually change the credit rating assigned by an ECAIG to an entity.
      54. The DFSAG will not undertake any on-going review of the credit ratings of the ECAIG . The DFSAG will instead verify that ECAIsG have procedures in place to ensure that their credit ratings remain appropriate over different time periods and market conditions. In particular, the DFSAG will require ECAIsG to demonstrate that they have processes in place that:
      (a) Reliably detect changes in conditions facing a rated entity that are large enough to potentially change its assignment to a credit rating category, and
      (b) Ensure that a credit rating is indeed revised when the change in operating conditions is large enough to warrant a revision.
      55. A recognised ECAIG should demonstrate that it reviews each credit rating at least annually (regardless of whether a review has already been undertaken in response to a significant change in financial conditions). The ECAIG should provide a detailed summary on how these reviews are conducted, including the extent of contacts with the senior management of the rated entity.
      56. A recognised ECAIG must satisfy adequate back-testing requirements for achieving recognition. One year of back-testing has been deemed necessary to fulfil the criterion "subject to validation based on historical experience." ECAIsG will therefore be required to demonstrate and certify that their back-testing has been in place for at least one year.
      57. The term 'back-testing' means an analysis of 'outcomes' vis-à-vis rated entities/issues designed to assess the performance' (e.g. the discriminatory power) of the credit ratings. Back-testing is thus synonymous with the 'validation based on historical experience'. For the sake of consistency, back-testing should be undertaken for each of the 'market segments' for which an ECAIG is seeking recognition.
      58. The requirement for ECAIsG to inform the DFSAG of material changes in their credit rating methodology is intended to enable the DFSAG to assess whether the methodologies continue to meet the stated criteria on an on-going basis after initial recognition has been granted. The DFSAG requires ECAIsG to inform them immediately of any significant event that would change their performance on any criteria upon which initial recognition was granted. This should be construed to mean any change in methodology that could change a significant proportion of credit ratings in a given market segment.

      Transparency and Disclosure

      59. Core Criterion: The DFSAG will take the necessary measures to assure that the principles of the methodology employed by the ECAIG for the formulation of its credit ratings are publicly available as to allow all potential users to decide whether they are derived in a reasonable way.
      60. A recognised ECAIG should disclose the principles of their methodology to the public. This shall be an overall yet thorough description of their credit assessment methodologies, presented in a way that is easily understandable to potential users. For this purpose, a recognised ECAIG should use appropriate methods of disclosure to ensure public access to the above-mentioned information. These methods could include display in the public area of the ECAIs'G Internet website or free of charge distribution of written publications on request.

      Section 3 Criteria in respect of Individual credit ratings

      Credibility and Market Acceptance

      61. Core Criterion: A recognised ECAI'sG individual credit ratings must be recognised in the market as credible and reliable by the users of such credit ratings. Credibility will be assessed by the DFSAG according to following factors:
      (a) market share of the ECAIG ;
      (b) revenues generated by the ECAIG , and in general financial resources of the ECAIG ;
      (c) whether there is any pricing on the basis of the rating;
      (d) in case at least two banks use the ECAI'sG individual credit rating for bond issuing and/or assessing credit risks;
      (e) A credit rating issued by a recognised ECAIG may be used for purposes of PIB RulesG only if the DFSAG is satisfied that the ECAIG has a demonstrated ability in the area of securitisation, which may be evidenced by a strong market acceptance.
      62. For the purposes of this criterion, credibility and market acceptance shall be demonstrated for each market segment in which the ECAIG applies for recognition. Evidence of widespread use by market participants indicates that market participants have a favourable opinion of the credibility and reliability of the ECAI'sG credit ratings. Evidence that a large number of Authorised FirmsG plan to use an ECAI'sG credit ratings for purposes of compliance with PIB RulesG will also be seen as an indication of market credibility for the purpose of their recognition. An additional factor for assessing credibility and market acceptance is the number of years of experience of the ECAIG . In order to achieve a reliable level of market credibility and acceptance as a rating agency, an ECAIG should have produced ratings for an appropriate period (greater than five years) so that widespread and lasting confidence in such ratings could have developed amongst market participants. This should ensure that the quality, consistency and robustness of ratings which Authorised FirmsG use for prudential purposes can be assessed by the market (and by the DFSAG ) by using at least some historical data on the performance of an ECAI'sG ratings.
      63. However, less than five years' experience may be exceptionally deemed adequate in cases where the rating agency can provide a sufficiently broad database that enables market participants to assess the credibility and reliability of the rating agency's ratings. The fact that the market regards an ECAI'sG credit ratings as credible and reliable may provide the DFSAG with a significant degree of confidence as to the appropriateness of the credit ratings as the basis for capital requirement calculations under the PIB RulesG . In the case of an ECAIG applying for recognition with a lower degree of market standing or less than five years of experience in providing ratings, the DFSAG will undertake a greater level of assessment before it satisfies itself about the recognition requirements.

      Transparency and disclosure of individual credit ratings

      64. Core Criterion: The individual credit ratings issued by a recognised ECAIG should be accessible at equivalent terms at least to all Authorised FirmsG having a legitimate interest in these individual credit ratings.
      65. Credit ratings of securitisation positions should also be available publicly to the market. Credit ratings are considered to be publicly available only if they have been published in a publicly available forum and they are included in the ECAI'sG transition matrix. Credit ratings that are made available only to a limited number of entities are not considered to be publicly available.
      66. The transparency criterion is intended to create a level playing field by ensuring that all Authorised FirmsG 'having a legitimate interest' in credit ratings published by the recognised ECAIG (public credit ratings), have equal and timely access to them.
      67. For this purpose, Authorised FirmsG 'having a legitimate interest' are those Authorised FirmsG that need to use the ratings for complying with the PIB RulesG , and that intend to use the credit ratings of the respective ECAIG for risk weighting purposes. ECAIsG that wish to be recognised as eligible must make their public credit ratings accessible at least to all Authorised FirmsG fulfilling these criteria.
      68. At equivalent terms' does not mean that every Authorised FirmG must be provided access to the credit ratings on identical terms—and in particular, that there be no discrimination in terms of the pricing for access—but rather that under the same (economic) circumstances, there should be no undue (price) discrimination.
      69. A recognised ECAIG should not charge subscribers for access to their public credit ratings to ensure that a full list of their public credit ratings is available and updated whenever a new credit rating is issued or an old rating is revised. A recognised ECAIG can meet this requirement by publishing a full list of its public credit ratings in the public section of its Internet website and to update the list whenever such a credit rating is newly issued or revised. The recognised ECAIsG that permit only paying subscribers to access their credit ratings must ensure that the complete range of its public credit ratings is available to all subscribing Authorised FirmsG and that the list is updated as soon as such a credit assessment is newly issued or revised.

      Part 3: Mapping

      70. When determining which of the Credit Quality GradesG the relevant credit ratings of an eligible ECAIG are to be associated with, the DFSAG will apply the technical criteria laid down in this part. Objectivity and consistency in mapping are necessary in order to ensure appropriate levels of capital under the PIB RulesG , a level playing field for Authorised FirmsG , and fairness of treatment for ECAIsG .

      Section 1 General Principles

      71. The mapping process does not imply the imposition of additional eligibility requirements on ECAIsG . For the purposes of benchmarking and monitoring ECAIs'G credit ratings (other than for securitisation and structured transactions), the DFSAG will follow the guidance provided in the Basel II framework published in June 2004.
      72. The use of three-year Cumulative Default RatesG (CDRs) evaluated over the longer term and on an ongoing basis, is considered to provide an appropriate measure of the predictive power of credit ratings in relation to creditworthiness.
      73. Where significant amounts of quantitative data are available, they will form the central basis of the mapping process. However, the mapping process will also take into account qualitative factors which influence the comparability of the credit ratings' CDRsG with the benchmark CDRsG (e.g. differences in the definition of default, the methodology for calculating CDRsG , etc.).
      74. Where significant amounts of quantitative data are not available, the DFSAG will form their judgement based on both whatever quantitative information is available and an assessment of the meaning of the ECAI'sG rating scale in comparison with the benchmark. In this situation, the DFSAG may take into account the ECAI'sG own comparison. This judgement will use whatever quantitative information is available, but will be based mainly on a qualitative comparison, incorporating appropriate conservatism where uncertainty remains.
      75. The DFSAG will base its evaluation on the credit rating models, processes, and methodologies presented by the ECAIsG , and will in no way seek to influence or change these models, processes, or methodologies. The granularity of the mapping process is not linked to the granularity of the methodology used by an ECAIG . As long as an ECAIG uses the same rating scale (i.e. the same interpretation of the different rating categories) for their broad asset classes, the mapping need not be conducted separately.
      76. A recognised ECAIG must communicate its default rates and the data related to the mapping of securitisation positions annually to the DFSAG , in order to enable the DFSAG to assess whether the mapping of credit ratings to Credit Quality GradesG needs to be updated or changed.

      Section 2 Credit ratings of exposures other than securitisation positions

      77. The following paragraphs outline the quantitative and qualitative factors to be taken into consideration for the mapping process.

      Quantitative factors

      78. Quantitative data are the key to ensuring consistency between the credit ratings of different ECAIsG and to differentiating between the relative degrees of risk expressed by each credit rating. The DFSAG intends to use the long-term default rate associated with all items assigned the same credit rating, as relevant quantitative data. The DFSAG may also compare default rates for each credit rating category of a specific recognised ECAIG and compare them with a benchmark built on the basis on default rates experienced by other ECAIsG on a population of issuers that the DFSAG believes to present an equivalent level of credit risk.
      79. The DFSAG considers the work conducted to date by the Basel Committee on quantitative factors to be both relevant and appropriate, and proposes to adopt the benchmark and monitoring guidance set out in Annex 2 of the Basel II text. In this context, the key variable will be the "cumulative default rates" (CDRsG ) over a three-year period: that is, the sum of all defaults that have occurred in a given three-year period for all rated items belonging to the same bucket.
      80. A recognised ECAIG is required to provide the DFSAG with two separate measures of CDRsG : the ten-year average of the three-year CDRG as an indicator of the long-term default experience of its credit ratings, and the two most recent three-year CDRsG , where available. Using this data, the DFSAG will compare the most recent ten-year average of the three-year CDRG with the proposed long-run 'reference' three-year CDRsG in Table 2 of Annex 2 of the Basel II text. Additionally, the DFSAG will monitor the two most recent three-year CDRsG and compare them with the two different CDRG levels established in the Basel II text: the 'monitoring level' and the 'trigger level'. The DFSAG will follow the methodology laid out in Annex 2 of the Basel II text to assess whether the ECAI'sG default rates are materially and systematically higher than these benchmarks. Based on this assessment, the DFSAG will decide whether to assign a less favourable Credit Quality GradeG . If the ECAIG can demonstrate that higher observed or estimated CDRsG are not due to weaker assessment standards or miscalculations, the DFSAG may decide to leave the initial mapping unchanged.
      81. For recently established ECAIsG and those that have compiled only a short record of default data, the DFSAG will ask the ECAIG for its two most recent CDRsG and a projection of the ten-year average of the three-year CDRG , i.e. the value that the ECAIG believes to be the long-term default rate associated with all items assigned the same credit rating.
      82. The DFSAG will review the assessment referred above, on the basis of the availability of data and the methodology used by the ECAIG in question, comparing it with the methodology used to calculate the benchmark. Based on the consideration of such qualitative factors, the DFSAG may then adjust the mapping of the ECAIG accordingly. Where uncertainty remains, the DFSAG may incorporate appropriate conservatism into the final mapping.

      Qualitative factors

      83. For ECAIsG that adopt significantly different approaches, the DFSAG may adjust its assessment of consistency of the default rates with benchmarks, on the basis of qualitative factors as set out below. The DFSAG may consider qualitative factors such as the pool of issuers covered by the ECAIG , the range of credit ratings that it assigns, the meaning of each credit rating, and the ECAI'sG definition of default.
      84. Qualitative factors will play a crucial role in the mapping process in the following situations:
      (a) When the ECAIG uses methodologies (e.g. definition of default, etc.) similar to those used by the international entities upon which the Basel Committee constructed its benchmarks, the DFSAG will use qualitative factors to adjust their quantitative assessment before finalising the mapping of each of the ECAI'sG credit ratings to Credit Quality GradesG referred in the PIB RulesG .
      (b) When the ECAIG uses different methodologies, it will be required to provide its own assessment of whether and to what extent its methodology differs from that used to calculate the benchmarks specified in the Basel II text. This will help the DFSAG to get a better understanding of the ECAI'sG credit rating in terms of the risk level associated with it. This may lead to the DFSAG assigning similar CDRG data to different Credit Quality GradesG from those set out in the Basel text.
      (c) In the case of recently established ECAIsG and ECAIsG that have compiled only a short record of default data, the DFSAG will ask such ECAIsG to demonstrate to what extent they believe that the default data they use are a long-term default rate. Qualitative factors would be particularly important in making that demonstration.
      85. The DFSAG will take into account in its assessment, the following qualitative variables:
      (a) The definition of default. An ECAIG using a more stringent definition of default than that used in the international benchmark will report more default events, meaning that CDRsG could be overstated. The opposite situation could also occur in the case of an ECAIG using a less stringent definition of default.
      (b) The pool of issuers covered by the ECAIG . ECAIsG may use a static pool of issuers or adjust the pool periodically, for example for withdrawn credit ratings.
      (c) The statistical significance of ECAIs'G default rates. In particular, the number of rated issues should be sufficiently large to ensure the statistical significance of CDRsG . Particular attention will be paid to situations where the ECAIG is sectorally-focused or geographically specialised, or where the ECAIG rates portfolios for which default data are very scarce.
      (d) The meaning of the credit rating i.e. the substance of the opinion represented by a particular rating.
      (e) The variable used to weight default events. Different variables, such as the number of issues, the currency value of exposures rated, or other characteristics, can be used to weight default events. The choice of variable may have an impact on the results.
      (f) Geographic coverage: the use of regional or global data.
      (g) Dynamic properties and characteristics of the rating system or methodology (a 'point-in-time' rating system or a 'through the cycle' system).
      (h) The DFSAG may consider the mapping on the basis of additional information and analysis provided by the ECAIG .

      Section 3 Credit ratings of securitisation positions

      86. The mapping of credit ratings for securitisation issues and the mapping of credit ratings discussed above follow the same principles of objectivity and consistency. However, there are likely to be important differences. Securitisation transactions have unique characteristics, and the market is highly innovative and constantly evolving. Unlike the mapping of other ECAIG credit assessments, the DFSAG does not aim to establish a 'benchmark' for default rate comparison. The DFSAG may consider "quantitative factors, such as default rates and loss rates and qualitative factors such as the range of transactions assessed by the ECAIG and the meaning of the credit rating."
      87. The DFSAG will treat structured products as a single market segment for mapping purposes, and the mappings used for securitisation transactions will be those derived for all structured products. In mapping securitisation position credit ratings into the Credit Quality GradesG defined under PIB RulesG , the DFSAG will take into consideration quantitative factors and qualitative information, including those set out in the following paragraphs.

      Quantitative factors

      88. Quantitative factors will be a key consideration in mapping securitisation, as they are in mapping other credit ratings. The DFSAG recognises that many potential ECAIsG do not target quantitative outcomes for their ratings, seeking instead to achieve consistent rank ordinal ratings. Nonetheless, consideration of quantitative 'performance' studies of those ratings over time, in line with the Basel III benchmarks, is a key element in providing a mapping in a consistent and objective manner.
      89. The DFSAG will consider data relating to the default/impairment rates associated with different credit ratings. The DFSAG is willing to consider the extent to which impairment rates can provide an appropriate proxy for the measurement of the 'performance' of securitisation credit ratings over time in the absence of more complete recovery rate data. The DFSAG will also consider transition matrices when this provides additional useful information.
      90. In comparing default/impairment rates, the DFSAG will work with the ECAIsG in question to seek to understand fully the definition of default/impairment on the basis of which they carry out their data analysis. It will be important for the DFSAG to understand the ECAI'sG approach to this issue. In view of the long maturity of many securitisation transactions and the fact that contractual default/impairment may be tied to this long maturity, ECAIsG may use varying definitions of default/impairment as alternatives to or proxies for contractual default. It is expected that most ECAIsG will produce ratings performance data using a 'cohort' approach, which incorporates the effect of ratings migration in its analysis of ratings performance. While ECAIsG may also produce data based on an 'original rating' analysis, the DFSAG considers a 'cohort' approach is likely to be the most meaningful for the purposes of mapping securitisation ratings.
      91. In considering quantitative factors, the DFSAG will also consider the approach of the ECAIG to aspects such as 'curing' (the subsequent repayment of missed payments) and withdrawn credit ratings, and how these affect the ECAI'sG ratings 'performance' studies.
      92. 'Seasoning' is another factor that the DFSAG will consider. In particular, given the possible difference between the loss-distribution curve for asset-backed securities as compared with corporate and other debt, the period over which rating performance is considered—e.g. three years versus five years—may be significant. Different ECAIsG have different approaches to the meaning of their securitisation credit ratings. For example, some seek to produce a rating scale with respect to the loss that may be suffered by the tranche in question, while others base their rating scale on the likelihood of the tranche suffering first instance of impairment. Nonetheless, there seems to be a broad consensus that the question of loss is an important factor to be taken into consideration. At this stage in the development of the market, it seems likely that the amount of loss data available will continue to grow. The DFSAG will seek to take into account the loss/recovery rate data that are available in relation to the different ECAIsG ratings. It is expected that this data will improve in significance over time and that recovery rate studies will become an increasingly rich source of information.

      Qualitative factors

      93. The DFSAG will take into account qualitative as well as quantitative factors into consideration in mapping securitisation credit ratings into Credit Quality GradesG . The DFSAG believes that this is likely to be an important aspect, particularly when quantitative data are less than conclusive. In assigning securitisation credit ratings, ECAIsG often adopt a 'target rating' approach. That is, they indicate what is required in order for a particular tranche of a transaction to achieve a particular credit assessment level. This means that an ECAI'sG assignment methodology for ABS credit ratings can provide important insights in the mapping process. A notable feature in the development of the securitisation market over recent years has been the degree to which the market has been 'ratings-driven.' That is, the credit ratings assigned by ECAIsG have played an important role in the structuring and marketing of transactions and in the provision of investor information.
      94. In this context, the DFSAG thinks that it will be highly relevant to consider the way in which market participants view the published credit ratings of different ECAIsG . Accordingly, in mapping an ECAI'sG securitisation credit ratings to credit quality steps, the DFSAG will take into account market information concerning the degree to which the published credit ratings of the ECAIG in question are regarded as being similar in meaning, as an indicator of creditworthiness, to those of its peers. There is some evidence to indicate that market participants regard the published securitisation credit ratings of a number of relevant ECAIsG as being in many respects equivalent. It is expected that studies on market information—e.g. credit spreads on securitisations rated by an ECAIG as compared to its peers—will also become an increasingly rich source of information.

      Section 4 Short-term credit ratings

      95. The DFSAG propose to base the mapping of short-term credit ratings on the mapping of long-term credit ratings explained above, and on the internal mapping of short-term to long-term credit ratings undertaken by the ECAIG . Should any inconsistencies arise, the DFSAG will seek to adjust the mapping accordingly.

      Section 5 Credit Ratings of Collective Investment Funds (CIFs)

      96. Exposures in the form of CIFsG for which a credit rating by a nominated ECAIG is available must be assigned a CRWG in accordance with the mapping by the DFSAG of the credit ratings of recognised ECAIsG to the Credit Quality GradesG referred in the PIB rules. For CIFsG , however, ECAIsG usually issue several ratings with distinct meanings (e.g. ratings of the asset quality of a fund, of the quality of the management of the fund, or of the volatility of the fund). It has therefore been deemed necessary to define which of the ratings of a CIFG should be eligible for risk weighting purposes in the context of the PIB RulesG and how they should be mapped to the individual Credit Quality GradesG .

      Eligible ratings

      97. In order to be eligible for the purposes of use under PIB RulesG , credit ratings for CIFsG must fulfil the following criteria:
      (a) The assessment of the credit quality of the CIFG must depend primarily on the credit quality of the underlying assets.
      (b) Where other factors have a significant influence on the assessment, the DFSAG will consider the extent and nature of that influence in determining whether the rating remains a credit rating for these purposes and whether any adjustment to the mapping may be required.
      (c) Only ratings for fixed-income CIFsG should be eligible, since the PIB rules do not allow the use of credit ratings for other asset classes (e.g. equity).

      Mapping

      98. An assessment of the credit quality of a CIFG which meets the criteria set out above can be mapped similarly to the other fundamental credit ratings of the respective ECAIG . It is therefore not necessary to develop an alternative mapping approach for CIFG ratings.

      Part 4: Export Credit Agencies

      99. Authorised FirmsG are allowed to use Export Credit AgencyG credit ratings to calculate the risk weight of their exposures to central governments and central banks, in addition to ECAI'sG credit ratings for some categories of exposures as per the PIB rules A4.12 under the Simplified ApproachG . PIB rules provide that the credit ratings of an Export Credit AgencyG can be used for calculating capital requirements if either of two conditions are met:
      (a) The credit rating is a consensus risk score from an Export Credit AgencyG participating in the OECD Arrangement on Guidelines for Officially Supported Export Credits, or
      (b) The Export Credit AgencyG publishes its credit ratings and, the Export Credit AgencyG subscribes to the OECD agreed methodology, and the credit rating is associated with one of the eight minimum export insurance premiums (MEIP) that the OECD agreed methodology establishes.
      100. It has not been deemed necessary to set up a recognition process for Export Credit AgenciesG equivalent to the one required for ECAIsG . The DFSAG will simply ask the Authorised FirmsG that wish to use an Export Credit Agency'sG credit ratings to demonstrate that one of the above conditions is met. Thus, eligible credit ratings are either:
      (a) Consensus risk scores from the OECD Arrangements, or
      (b) Any credit ratings of participants in the OECD arrangements following the agreed methodology that are not consensus risk scores, regardless of whether the country in question has been assigned a consensus risk score.

      Annex 1—Basic Application Pack

      GENERAL INFORMATION

      •  The type of application—to use ECAIG credit ratings for determining capital requirements under PIB RulesG for credit exposures or for securitised exposures.
      •  The market segments for which the applicant is seeking recognition.
      •  The type of credit ratings provided: solicited or/and unsolicited, with a brief explanation of the rationale behind the policy.
      •  The countries where the applicant is active.

      Presentation of the ECAI

      •  An overview of the legal structure of the ECAIG and the group to which it belongs: ownership, major subsidiaries, ancillary or other services provided, etc. The information on ownership should include a list of shareholders that hold more than, for example, 10 percent of the ECAI'sG equity. This threshold may vary depending on the ownership structure of the ECAIsG .
      •  The total number of full-time employees.
      •  The total number and percentage of revenues from major customers and/or subscribers (e.g. customers or subscribers accounting for 5% or more of total revenues. The threshold may vary depending on the ECAIsG ).
      •  Financial information demonstrating the financial soundness of the ECAIG : the ECAI'sG financial statements from the past three years and forecasts for the next three years where applicable; alternatively, letter of support from the parent entity.
      •  Do you adhere to a code of conduct similar to market accepted standards or which is in line with internationally recognised principles?

      Technical criteria

      The applicant shall include in its application a description of the core rating process for each market segment or securitisation position and each geographical area in which it is seeking recognition. The applicant is not required to provide duplicate answers and information for this application pack, but will clearly indicate for each recognition criteria what differs from one area of recognition to another. The DFSAG are interested only in information that is relevant to the market segments and/or securitisation positions for which the application is made.

      METHODOLOGY

      1. Objectivity

      Question:

      How do you ensure that the methodology used for assigning credit ratings is rigorous, systematic and subject to validation based on historical experience?

      Minimum information required by the DFSAG to verify that the criterion is met:
      (a) A high-level description of the credit assessment methodology and processes and how the methodology is determined, implemented, and changed. This description shall include a description of processes in place to ensure the consistent application of the assessment methodologies across all credit ratings, in particular the role of rating committees and guidelines governing them, the extent of input from rated entities, the access to non-public information, etc.
      (b) For each of the asset groupings within which a core methodology is applied consistently (for example, structured finance, public finance, or commercial entities, as mentioned above), a high-level description of quantitative inputs: key variables, data sources, assumptions and quantitative techniques used, extent of input from rated entities, etc.
      (c) For each of the asset groupings within which a core methodology is applied consistently (for instance structured finance, public finance, commercial entities, as mentioned above), a high-level description of qualitative inputs in particular the scope of qualitative judgement e.g. regarding the strategy, business plans of the rated entities, etc.
      (d) A summary by geographical area of the major differences in the core methodologies.
      (e) A description of the methodology used to verify the accuracy, consistency, and discriminatory power of the rating systems, with details on the results and conclusions generated by such analysis.
      2. Independence

      Question:

      How do you ensure that the methodology used is free from external political influences or constraints and from economic pressures that could influence the credit assessment?

      Minimum information required by the DFSAG to verify that the criterion is met:
      (a) A description of the procedures aimed at ensuring fair and objective credit ratings: mechanisms to identify, prevent, manage and eliminate actual or potential conflicts of interest.
      (b) A detailed description of the safeguards in place when shareholders, subsidiaries, or other entities belonging to the group are rated.
      (c) Demonstration and self-certification of the existence of an internal audit function and/or that there are means to ensure that internal procedures are implemented effectively.
      (d) Demonstration and self-certification that members of the rating teams and committees have appropriate and requisite skills—including quantitative expertise—and experience in credit rating, and that these skills are maintained or improved over time through adequate training programmes.
      (e) A description of the main features of the ECAI'sG internal code of conduct.
      (f) Demonstration and self-certification that the remuneration policy of the staff involved in credit assessment does not affect the production of independent and objective credit ratings: e.g. certification that analysts' remuneration is not tied to credit rating decisions, fees from issuers, or revenues from investors or subscribers.
      (g) Details of the ECAI'sG fee policy.
      (h) Self-certification that the staff involved in the credit rating process are not engaged in any business relationships with rated entities which could hinder the issuance of independent and high-quality credit ratings.
      3. On-going review

      Questions:
      (a) Are your credit ratings subject to on-going review which is carried out at least annually and after all significant events?
      (b) To what extent are your credit ratings responsive to changes in the financial conditions?
      (c) Do you have procedures in place that ensure that the DFSAG are promptly informed of material changes, and if so, what are they?
      Minimum information required by the DFSAG to verify that the criterion is met:
      (a) General information on rating reviews: e.g. the process in place, main characteristics, scope, frequency, people/teams involved, means used, treatment, main phases of the monitoring process, data updates, information from rated entities taken into account, automatic warning systems, mechanisms that allow systematic errors in credit ratings to feedback into potential changes in ratings method, etc.
      (b) A summary of the outcome of the reviews carried out
      (c) Demonstration that a back-testing system is in place and has been up and running for at least one year.
      (d) The extent of contacts with the senior management of the rated entities (this information is to be provided upon request of the DFSAG ).
      4. Transparency and disclosure

      Question:

      How (by what means and in what language) and to whom do you disclose the principles of the methodology you use?

      Minimum information required by the DFSAG to verify that the criterion is met:
      (a) A demonstration that the principles of the methodology employed by the ECAIG for the formulation of its credit ratings are disclosed.
      (b) Descriptions of the ways used to make methodologies publicly available, and of the terms of access to the credit ratings by all potential users.
      (c) A description of transparency policy with regard to the types of credit assessment: solicited or unsolicited.

      Individual Credit Ratings

      5. Credibility and market acceptance

      Question:

      How could you prove your credibility and market acceptance?

      Minimum information required by the DFSA to verify that the criterion is met:

      Any evidence demonstrating market reliance on the credit ratings, such as market share, number of issuers, how long the ECAIG has been active in the market, the revenues generated by the rating activities, or any other proof.
      6. Transparency and disclosure Questions:
      (a) How do you ensure that credit ratings are accessible at equivalent terms at least to all Authorised FirmsG having a legitimate interest in them?
      (b) In particular, how do you ensure that credit ratings are accessible at equivalent terms to both domestic and non-domestic parties having a legitimate interest?
      Minimum information to be provided to the DFSA to enable them to verify that the criterion is met:

      A high-level description of the disclosure procedures in place.
      7. Mapping

      Minimum information required by the DFSA to perform the mapping the credit ratings of exposures other than securitisation positions:
      (a) The definition of default.
      (b) The CDRG over a three-year period for each credit rating category (to be provided annually if the ECAIG is recognised as eligible), at least the two most recent CDRsG , if available.
      (c) The ten-year average of the three-year CDRG . If not available, an indication of the ECAI'sG expectation concerning the long term default rate.
      (d) If a target probability of default is used, the target probability of default for each credit rating category.
      (e) Description of the methodology to calculate the CDRsG : selection of pool (static versus dynamic/adjusted), definition of default, aggregation of defaults (weighting mechanism).
      (f) The statistical significance of the default rates.
      (g) Dynamic characteristics of the rating methodology (point-in-time or through the cycle).
      (h) The meaning of the credit rating categories.
      (i) The range of credit ratings that the ECAIG assigns.
      (j) The time horizon of the credit rating.
      (k) Transition matrices.
      (l) Geographic coverage.
      Minimum information required by the DFSA to perform the mapping of securitisation positions
      (a) the definition of default/impairment on the basis of which the default/impairment rates are computed.
      (b) Ratings' performance data, accompanied by an explanation of its main features (e.g. the reasons underlying the determination of the time horizon over which the study has been carried out and how curing and withdrawn credit ratings impact the rating performance studies; how seasoning is taken into account).
      (c) loss/recovery data.
      (d) Information referred to point 8 to 12 in the previous paragraph.
      Additional information for CIFs
      (a) Presentation of the CIFG ratings considered as assessing primarily the credit quality of the underlying assets.
      (b) Description of the factors and the extent to which they have been taken into account.
      (c) Information referred to point 8 to 12 above.

      Appendix — External Credit Assessment Institutions (ECAI's) recognized under the PIB module for the purposes of section 4.11

      Long-term mapping

      Credit Quality Step Fitch's
      assessment
      Moody's
      assessment
      S&P's
      assessment
      1 AAA to AA- Aaa to Aa3 AAA to AA-
      2 A+ to A- A1 to A3 A+ to A-
      3 BBB+ to BBB- Baa1 to Baa3 BBB+ to BBB-
      4 BB+ to BB- Ba1 to Ba3 BB+ to BB-
      5 B+ to B- B1 to B3 B+ to B-
      6 CCC+ and below Caa1 and below CCC+ and below

      Short Term mapping process

      Credit quality step Fitch Moody's S&P
      1 F1+, F1 P-1 A-1+, A-1
      2 F2 P-2 A-2
      3 F3 P-3 A-3
      4 Below F3 NP Below A-3

      Long-term mapping for securitization Exposures as required under 4.14.31

      Credit Quality Step Fitch's
      assessment
      Moody's
      assessment
      S&P's
      assessment
      1 AAA to AA- Aaa to Aa3 AAA to AA-
      2 A+ to A- A1 to A3 A+ to A-
      3 BBB+ to BBB- Baa1 to Baa3 BBB+ to BBB-
      4 BB+ to BB- Ba1 to Ba3 BB+ to BB-
      5 B+ and below B1 and below B+ and below

      Short Term mapping process for Securitization exposures

      Credit quality step Fitch Moody's S&P
      1 F1+, F1 P-1 A-1+, A-1
      2 F2 P-2 A-2
      3 F3 P-3 A-3
      4 Below F3 NP Below A-3

    • Archive

      • Policy Statement 2/2005 Start Up Entities in the DIFC — as amended on 16 February 2006

        • Introduction

          1. The DFSA’s policy has been not to consider licence applications from start up entities. The DFSA has recently reconsidered this policy and from 1 January 2006 will accept applications to be considered individually on a risk based approach.
          2. This policy statement is designed to serve as a user friendly guide to assist start up entities which are interested in applying for authorisation by the DFSA to conduct financial services in or from the DIFC. It gives guidance as to the information required to support an application and indicates the criteria that the DFSA may apply in the authorisation process. Start ups, as with any other applicants, will be required to satisfy all relevant aspects of the DFSA’s rules and authorisation process prior to being granted a licence.
          3. Considering the restriction in Article 4(1) (a) of the Federal Law No 8 of 2004, the DFSA will not authorise a new entity proposing to form in the DIFC to carry out banking activities, unless it is a branch or a wholly owned subsidiary of an existing bank or a joint venture between parties, in which each party must be an existing bank. In formulating this policy the DFSA recognizes that it is not practical to provide guidance on the application of the policy to every possible scenario. Therefore, interested parties are invited to contact the DFSA if they have questions about the application of the policy to their particular circumstances. That said, the DFSA will give as much guidance as possible to circumstances that it has considered or will consider as application of the policy develops.

        • What are "Start up Entities"?

          4. Start up entities are, either:
          •   new financial services businesses; or
          •   existing financial services businesses which have never been subject to financial services regulation, for whatever reason.

        • The DFSA's Risk Based Approach to Start Up Entities: Broad Risk Categories

          5. Any application for authorisation by the DFSA will involve an assessment of the risks posed to the objectives of the DFSA by the proposed activities of the applicant. Whilst the broad categories of risks for all applicants will be the same, the nature of those risks within start up entities will be unique, as start ups do not have a regulatory track record upon which the DFSA may place reliance. In the case of a new business, even where senior management have substantial experience and relevant competence in the business sector, this does not necessarily imply an ability to create and sustain an adequate management control environment and compliance culture, particularly when faced with all the other issues of establishing a new business. In the case of an existing, but previously unregulated business, any existing control environment and compliance culture will not have been subject to external independent regulatory scrutiny and the additional regulatory reporting requirements which apply to an authorised firm.
          6. The broad categories of risk and some of the unique elements of those risk categories that apply to start up entities include:
          Financial Risk
          6.1. All applicants are required to demonstrate a sound initial capital base and funding and to meet the relevant prudential requirements of the DFSA rulebook, on an ongoing basis. Inevitably, start up entities face greater financial risks as they seek to establish and grow a new business.
          6.2. In addition to the risks associated with the financial viability of the start up entity, particular attention will focus on the clarity and the verifiable source of the initial capital funding. Start up entities will be required to disclose the source of their funds and the history of those funds for at least the previous 12 months.
          Governance Risk
          6.3. All applicants are required to demonstrate robust governance arrangements together with the fitness and integrity of all controllers, directors and senior management. The DFSA is aware that management control, in smaller start ups especially, may lie with one or two dominant individuals who may also be amongst the owners of the firm. In such circumstances, the DFSA would expect the key business and control functions (i.e. risk management, compliance and internal audit) to be subject to appropriate oversight arrangements which reflect the size and complexity of the business. Applicants can assist the DFSA by describing in detail the ownership structure, high level controls and clear reporting lines which demonstrate an adequate segregation of duties.
          6.4. The DFSA will request details of the background, history and ownership of the start up entity and, where applicable, its group. Similar details relating to the background, history and other interests of the directors of the start up entity may be required. Where it considers it necessary to do so, the DFSA may undertake independent background checks on such material. A higher degree of due diligence will apply to individuals involved in start up entities and there would be an expectation that the entity itself will have conducted detailed background checks, which may then be verified by the DFSA.
          Business/Operational Risk
          6.5. All applicants are required to establish an appropriate systems and control environment to demonstrate that the affairs of the firm are managed and controlled effectively. The nature of the systems and controls will depend on the nature, size and complexity of the business. Start up entities may wish to consider which additional systems and controls may be appropriate in the initial period of operation following launch, such as increased risk or compliance monitoring. Due to the unproven track record of start up entities, the DFSA may impose restrictions on the business activities of the entity or a greater degree and intensity of supervision until such a track record is established.
          Compliance Risk
          6.6. The Senior Executive Officer within all Authorised Firms is expected to take full responsibility for ensuring compliance with the DFSA rules by establishing a strong compliance culture which is fully embedded within the organisation. To this end, a start up entity will be required to appoint a UAE resident Compliance Officer and Money Laundering Reporting Officer (MLRO) with the requisite skills and relevant experience in compliance and anti money laundering duties. The individuals fulfilling these roles within start up entities will be expected to demonstrate to the DFSA, their competence to perform the proposed role and adequate knowledge of the relevant sections of the DFSA rulebook and, in the case of the MLRO, the wider anti-money laundering legislation and related provisions.

        • Main Information Requirements

          7. The main information requirements are the same for all applicants, including start ups, and each application will be assessed on its own merits. It may help if start up applicants consider the risk categories set out above and how they will address the particular risks raised by their start up proposition.
          8. A key document will be the Regulatory Business Plan submitted in support of the application. It will facilitate the application process if applicants cover the following areas within this submission:
          •   An Introduction and background
          •   Strategy and rationale
          •   Corporate structure
          •   Management and organisational structure
          •   Proposed resources
          •   High level controls
          •   Risk management
          •   Operational controls
          •   Systems overview
          •   Financial projections
          9. Start up applicants may find it useful to include diagrams illustrating corporate structures, and, where applicable, group relationships, governance arrangements, organisational design, clear reporting lines, business process flows and systems environments.
          10. Comprehensively addressing these areas and detailing how the key risks will be identified, monitored and controlled will significantly assist the DFSA in determining applications from start up entities.

      • Policy Statement 1/2006 Sponsors

        • Introduction

          1. OSR Rule 4.2.6 of the OSR Module requires a PersonG who makes or intends to make a Prospectus OfferG in the DIFCG ("Prospectus Offer") to appoint a sponsor in sufficient time to enable the sponsor to comply with the requirements of OSR Chapter 10 of the OSR Module.
          2. This Policy Statement describes the views of the DFSAG on matters relating to sponsors, including:
          (a) the purpose and role of a sponsor;
          (b) what kind of knowledge, experience, qualifications and resources a sponsor should have;
          (c) what are the regulatory obligations of a sponsor; and
          (d) what are the obligations of a PersonG who makes a Prospectus OfferG regarding its sponsor.
          3. This Policy Statement deals only with the mandatory sponsorship regime for Prospectus OffersG under the OSR Module. The Dubai International Financial Exchange (DIFX) has its own RulesG requiring a listing applicant to appoint a sponsor. Nothing in the OSR Module or this Policy Statement affects the DIFX requirements.

        • To whom does this Policy apply?

          4. This Policy Statement applies to:
          (a) a PersonG who makes or intends to make a Prospectus OfferG in the DIFC; and
          (b) a sponsor appointed under OSR Rule 4.2.6 of the OSR Module.
          5. Sponsors are not defined in the Markets Law 2004 or DFSAG RulesG .

        • What is the purpose and role of a sponsor?

          6. The requirement for the appointment of a sponsor is designed to ensure that a Person who makes or intends to make a Prospectus OfferG is aware of and complies with all applicable conditions for OfferingG SecuritiesG and other relevant requirements under the Markets Law 2004 and OSR Module.
          7. The DFSAG believes that it is in the interests of the developing DIFCG capital markets for a PersonG who makes or intends to make a Prospectus OfferG to have a sponsor to ensure the offering documents comply with regulatory requirements and that the offering itself proceeds properly. OSR Rule 4.2.6(2) provides that the appointment of a sponsor remains in effect for the period the Prospectus OfferG remains open.
          8. It is important to understand that although the requirement to have a sponsor is imposed by law and a sponsor has regulatory obligations of its own, the PersonG who makes or intends to make a Prospectus OfferG does not, and cannot, avoid or diminish its regulatory obligations simply because it has a sponsor. The responsibility of the PersonG making the Prospectus OfferG to comply with the Markets Law 2004 and OSR Module remains the responsibility of the PersonG who is making a Prospectus OfferG .

        • What kind of expertise and resources does the DFSA expect a sponsor to have?

          10. A sponsor should be a person fully familiar with the Markets Law 2004 and OSR Module and have appropriate knowledge, experience, qualifications and resources to be able to assist and guide a PersonG who makes or intends to make a Prospectus OfferG .
          11. The obligation is on the PersonG who makes or intends to make a Prospectus OfferG to demonstrate that its sponsor possesses the necessary knowledge, experience, qualifications and, resources, including systems and controls, to be able to advise the PersonG on its obligations under the Markets LawG and OSR Module.
          12. The DFSAG expects a sponsor to have a track record in providing advice on all applicable conditions for OfferingG SecuritiesG and other related matters to companies whose securities trade publicly in the DIFCG or in jurisdictions whose regulatory and legal regimes are relatively comparable to the DIFCG .
          13. A sponsor may be a specialist corporate finance advisory firm, investment bank or a firm that provides legal, accounting or compliance services in the financial services field. The DFSAG expects sponsors will be partnerships or corporations with significant financial services and compliance experience. The DFSAG expects key employees of the sponsor to have professional training in accounting, finance, economics or law and at least 5 years relevant experience. The DFSAG may require a sponsor to be domiciled in the DIFCG .

        • What are a sponsor's obligations?

          14. A sponsor's regulatory obligations under the OSR Module are statutory obligations and are found under Rules OSR 10.3, OSR 10.5.1, and OSR 10.6.2. OSR Rule 10.3 prescribes the obligation on a sponsor to ensure it satisfies itself, through due and careful enquiry, that the PersonG making or intending to make a Prospectus OfferG satisfies all applicable obligations under the Markets Law 2004 and OSR Module.
          15. The sponsor should be proactive by making enquiries to ensure all applicable obligations will be satisfied.
          16. OSR Rule 10.5.1 provides that a sponsor has a duty of care to the Person who appointed the sponsor. A sponsor may also be bound by other obligations that flow from its contractual relationship with the PersonG who appointed it. This Policy Statement does not deal with those obligations.
          17. However, a sponsor's regulatory obligations flowing from the OSR Module should not be interpreted as imposing strict liability on a sponsor where the sponsor makes due and careful enquiry and exercises its duty of care. The DFSA's intention is not to impose strict liability on the sponsor in circumstances where the sponsor has taken all reasonable steps to ensure that the PersonG who makes or intends to make a Prospectus OfferG has complied with all applicable conditions related to the OfferingG of SecuritiesG .
          18. Any breach of the sponsor's regulatory obligations in Rules OSR 10.3, OSR 10.5(1), and OSR 10.6.2 of the OSR Module will subject the sponsor to its own regulatory liability under the Markets Law 2004 and OSR Module. Under these provisions, it is the obligation of the sponsor to, among other things:
          (a) provide to the DFSAG any information that the DFSAG may require for verifying that the OSR Module is being complied with by both the OfferorG and IssuerG ;
          (b) to exercise a duty of care to the PersonG to which it is appointed;
          (c) notify the DFSAG in the case of a failure by a Reporting EntityG to comply with its obligations under the Markets Law 2004 and OSR Module; and
          (d) notify the DFSAG of any non co-operation by the OfferorG , IssuerG or their EmployeesG .

        • What are the obligations of Person making a Prospectus Offer regarding its sponsor?

          19. A PersonG making a Prospectus OfferG in the DIFCG has specific regulatory obligations in relation to its sponsor. These are found under Rules OSR 10.2, OSR 10.6 and OSR 10.7. Under these provisions it is the obligation of the PersonG making a Prospectus OfferG to, among other things:
          (a) take all reasonable steps to ensure that the proposed sponsor has the required knowledge, experience, qualifications and resources to carry out its duties;
          (b) take reasonable steps to ensure that the relevant sponsor is independent and has managed conflicts of interest appropriately;
          (c) ensure the PersonG and its employees cooperate with the sponsor and do not interfere with the sponsor's ability to discharge its duties;
          (d) report to the sponsor any matter which may significantly affect the financial position of the PersonG issuing the SecuritiesG or the price or value of the SecuritiesG ; and
          (e) promptly advise the DFSAG in writing when a sponsor resigns or is terminated including providing details of all relevant facts and circumstances.

          Dubai Financial Services Authority
          7 June 2006

      • Policy Statement 2/2006 Compliance Advisers to Reporting Entities

        • Introduction

          1. Under OSR Rule 8.4.3 of the OSR Module, the DFSAG has the discretion to require a Reporting EntityG to appoint a compliance adviser for a specified period to assist a Reporting EntityG to comply with its continuing obligations under the Markets Law 2004 and OSR Module ("continuing regulatory obligations").
          2. This Policy Statement describes the views of the DFSAG on matters relating to compliance advisers, including;
          (a) the purpose of a compliance adviser;
          (b) what kind of knowledge, experience, qualifications and resources a compliance adviser should have;
          (c) the circumstances in which the DFSAG is likely to exercise its discretion and require a Reporting EntityG to appoint a compliance adviser;
          (d) what are the obligations of a Reporting EntityG regarding compliance advisers; and
          (e) how a compliance adviser can assist a Reporting EntityG to meet its continuing regulatory obligations.

        • To whom does this Policy apply?

          3. This Policy Statement applies to Reporting EntitiesG that are required by the DFSAG to appoint a compliance adviser under OSR Rule 8.4.3 and OSR Chapter 11 of the OSR Module. Reporting EntityG is defined in the Schedule of the Markets Law 2004.
          4. This Policy Statement will also be of interest to entities who act as compliance advisers to Reporting EntitiesG . Compliance advisers are not defined in the Markets Law 2004 or DFSAG RulesG and do not have or take on any regulatory obligations of their own if they agree to act as compliance advisers to Reporting Entities.
          5. When the DFSAG decides that it is advisable for a Reporting EntityG to appoint a compliance adviser it will notify the Reporting EntityG of its decision in writing. The DFSAG anticipates that before directing a Reporting EntityG to appoint a compliance adviser, it will discuss the proposed appointment with the Reporting Entity to ensure the appointment is advisable and that the proposed compliance adviser has the appropriate expertise and resources to act.
          6. The Reporting EntityG will then be obliged to enter a contract for services with a person who has the appropriate expertise and resources to act as the Reporting Entity's compliance adviser.

        • What is the purpose and role of a compliance adviser?

          7. The purpose of a compliance adviser is to assist a Reporting EntityG , which in the opinion of the DFSAG , is unable, or has difficulty, on its own to comply with its continuing regulatory obligations. Rather than prohibiting a Reporting EntityG in these circumstances from participating in the DIFCG capital markets, the DFSAG may conclude that it is in the interests of the DIFC capital markets for the Reporting EntityG to retain persons with the necessary expertise and resources to help the Reporting EntityG meet its continuing regulatory obligations until it is able to do this on its own.
          8. It is important to understand that the compliance adviser's role and duties are based on its contractual obligations to the Reporting EntityG and not on any regulatory obligations. A Reporting EntityG does not, and cannot, avoid or diminish its regulatory obligations simply because it is required to have a compliance adviser. The responsibility for the Reporting EntityG to comply with its continuing regulatory obligations remains the sole regulatory responsibility of the Reporting Entity.
          9. This is why it is the Reporting Entity's obligation:
          (a) to demonstrate that its compliance adviser has the appropriate knowledge, experience, qualifications and resources, including systems and controls, to fulfil its advisory role;
          (b) to give its compliance adviser unfettered access to the Reporting Entity's senior management and governing body including access to relevant information concerning the operations of the Reporting EntityG ; and
          (c) to ensure its compliance adviser continues to fulfil its role until the DFSAG advises the Reporting EntityG that the compliance adviser is no longer required.

        • What kind of expertise and resources does the DFSA expect a compliance adviser to have?

          10. A compliance adviser should be a person fully familiar with the Markets Law 2004 and OSR Module and have appropriate knowledge, experience, qualifications and resources to be able to assist and guide a Reporting EntityG to comply with its continuing regulatory obligations.
          11. As stated above, the obligation is on the Reporting EntityG to demonstrate that its compliance adviser possesses the necessary knowledge, experience, qualifications and, resources, including systems and controls, to be able to advise the Reporting EntityG on its continuing regulatory obligations.
          12. The DFSAG expects a compliance adviser to have a track record in providing advice on continuous disclosure, corporate governance, director's duties and other related matters to companies whose securities trade publicly in the DIFCG or in jurisdictions whose regulatory and legal regimes are relatively comparable to the DIFCG . The DFSAG may require a compliance adviser to be domiciled in the DIFCG .
          13. A compliance adviser may be a specialist corporate finance advisory firm (i.e. investment bank) or a firm that provides legal, accounting or compliance services in the financial services field. The DFSAG expects compliance advisers will be partnerships or corporations with significant financial services and compliance experience. The DFSAG expects key employees of the compliance adviser to have professional training in accounting, finance, economics or law and at least 5 years relevant experience.

        • When will a Reporting Entity be required to appoint a compliance adviser?

          14. The DFSAG will carefully consider the circumstances of each case before it decides to require a Reporting EntityG to appoint a compliance adviser. While it is difficult to predict all of the scenarios in which the DFSAG would conclude that it is advisable and appropriate to require a Reporting EntityG to appoint a compliance adviser, the DFSAG anticipates considering doing so where the DFSAG is of the opinion that:
          (a) there is a reasonable expectation that the proposed compliance adviser, if appointed, will be able to assist the Reporting EntityG to meet its continuing regulatory obligations; or
          (b) the Reporting EntityG is, or may be unable, or has, or may have difficulty on its own to carry out its continuing regulatory obligations.
          15. The DFSAG retains the discretion to direct a Reporting Entity to appoint a compliance adviser in any other circumstances if it determines that it is advisable to do so.

        • What are a Reporting Entity's obligations regarding compliance advisers?

          16. All of the obligations in OSR Chapter 11 dealing with compliance advisers fall on the Reporting EntityG . This is reflected in Rules OSR 11.2.2, OSR 11.3, OSR 11.4 and OSR 11.5. Under these provisions, it is the obligation of the Reporting Entity, who has been directed by the DFSAG to appoint a compliance adviser to, among other things:
          (a) take reasonable steps to ensure that the compliance adviser has the required, knowledge, experience, qualifications and resources to carry out its duties;
          (b) take reasonable steps to ensure that the compliance adviser is independent and has managed conflicts of interest appropriately;
          (c) provide any information about the compliance adviser if requested to do so by the DFSAG ;
          (d) ensure the Reporting EntityG and its employees cooperate with the compliance adviser and do not interfere with the compliance adviser's ability to discharge its duties;
          (e) take reasonable steps to rectify any failure brought to the Reporting Entity's attention by the compliance adviser;
          (f) take reasonable steps to ensure that the compliance adviser cooperates in any investigation conducted by the DFSA as provided by OSR Rule 11.3.3; and
          (g) promptly advise the DFSAG in writing when a compliance adviser resigns or is terminated including providing details of all relevant facts and circumstances.

        • What can a compliance adviser do to assist a Reporting Entity?

          17. To assist a Reporting EntityG to meet its continuing regulatory obligations, particularly those prescribed in Rule 8, OSR App2, OSR App3 and OSR App4 of the OSRs, a compliance adviser may consider it useful, among other things, to:
          (a) accompany the Reporting EntityG to any meetings with the DFSAG , unless otherwise requested by the DFSAG ; and
          (b) discuss with the Reporting EntityG ;
          (i) the disclosure of any Material InformationG as required under OSR rule 8.2.1(1) before such disclosure is made;
          (ii) a submission of non-disclosure notification as required under OSR rule 8.3.1(1) before such submission is made;
          (iii) a transaction or event in OSR App2, OSR App3 and OSR App4 which may require disclosure before such event is contemplated;
          (iv) any material deviation from any forecast, estimate or other information in the ProspectusG or equivalent document;
          (v) any change to the intended use of proceeds of an OfferG as outlined in the ProspectusG or equivalent document before any such use by the Reporting EntityG ;
          (vi) the Reporting Entity's operating performance and financial condition by reference to the Reporting Entity's business objectives and use of issue proceeds as stated in its ProspectusG or equivalent document;
          (vii) the Reporting Entity's compliance with the terms and conditions of any waivers granted from the Markets Law and OSR Module;
          (viii) whether any profit forecast or estimate in the ProspectusG or equivalent document will be or has been met by the Reporting Entity and whether it is appropriate to notify the DFSAG and make disclosure in a timely and appropriate manner;
          (ix) compliance with any undertakings provided by the Reporting EntityG and its directors at the time of becoming a Reporting EntityG and in the event of non-compliance, discuss the issue with the Reporting Entity's board of directors and make recommendations to the board regarding appropriate remedial steps; and
          (x) information to be provided by the Reporting EntityG further to a DFSA request.
          The above list is not mandatory or exhaustive, but merely a guide to highlight some of the continuing regulatory obligations of Reporting EntitiesG and those for which compliance advisers will likely provide specific assistance.

          Dubai Financial Services Authority
          7 June 2006

      • Policy Statement 1/2010 Confidential Regulatory Information — replacing Policy Statement 1/2005

        Click here to view PDF

        • 1. Introduction

          1.1 The Dubai Financial Services Authority is the integrated regulator of all financial and ancillary services undertaken in or from the Dubai International Financial Centre.

          1.2 This Policy Statement describes how the DFSA protects, uses and discloses confidential information that it receives in the course of regulating financial services in the DIFC. Such information is referred to in this Policy Statement as “confidential information”.

        • 2. Principles

          2.1 The DFSA's mandate is to ensure that the DIFC is one of the best regulated international financial centres in the world—a centre based on principles of integrity, transparency and efficiency. To accomplish this, the DFSA operates to the international best practice standards that apply in the world's major financial centres such as London, New York, Hong Kong and Frankfurt.

          2.2 The international best practice standards adopted and applied by the DFSA in the DIFC are those set by leading international organisations such as IAIS (International Association of Insurance Supervisors), IOSCO (International Organisation of Securities Commissions), BIS (Bank for International Settlements) and FATF (Financial Action Task Force).

          2.3 The DFSA's commitment to these standards is a commitment:

          •   to enforce and ensure compliance with applicable financial services legislation, consistent with the IOSCO Objectives and Principles of Securities Regulation, the IAIS Core Principles for Effective Insurance Supervision; the Basel Core Principles for Effective Banking Supervision and the FATF Recommendations on Anti-Money Laundering and Counter Terrorism Financing;
          •   to provide the fullest mutual assistance to relevant counterpart international financial services regulators regarding cooperation and the exchange of confidential information according to standards and procedures that are equivalent to those prescribed in the IOSCO Multilateral Memorandum of Understanding;
          •   to seek to ensure that DIFC or foreign laws or regulations about confidentiality or secrecy do not prevent the DFSA from obtaining, securing or disclosing confidential information where required for lawful regulatory or enforcement purposes;
          •   to limit the disclosure of confidential information to relevant counterpart international financial services regulators and enforcement agencies to what is required for lawfully ensuring compliance with, and enforcement of, applicable financial services and criminal legislation;
          •   to apply international best practices in obtaining and disclosing confidential information;
          •   to implement robust internal control systems and procedures that meet international best practices for the handling, storing, processing, securing and retention of confidential information; and
          •   to implement data protection procedures that are equivalent to those prescribed in the European Union Directives so as to protect individual privacy rights according to international best practices.

          2.4 In addition, the DFSA strives to comply with the legislative requirements that govern its processes and procedures. The main legislative provisions governing the use of confidential information are set out in Dubai Law No. 9 of 2004, DIFC Regulatory Law No. 1 of 2004, the DIFC Data Protection Law No. 1 of 2007 and the UAE Penal Code Federal Law No. 3 of 1987.

        • 3. Powers to Obtain Confidential Information

          3.1 Like other financial services regulators, the DFSA has comprehensive statutory powers to carry out its authorisation, supervision and enforcement functions regarding financial services in the DIFC. The DIFC Regulatory Law confers powers to require reports, conduct on-site inspections of business premises of authorised entities and individuals, investigate and compel the production of documents, testimony and other information.

          3.2 The DFSA can also use its powers to obtain information from third party suppliers, including intermediaries and companies that have accepted outsourced functions for regulated entities. These include subsidiaries established in the DIFC and branches in the DIFC of firms authorised in other jurisdictions. The DFSA may also exercise these powers at the request, and on behalf, of foreign regulators and authorities to assist them in performing their regulatory or enforcement functions. Why, when and how this is permissible is described in more detail below.

          3.3 In short, because the DFSA's statutory mandate is to regulate all financial services provided in and from the DIFC, the DFSA has broad access to confidential information about individuals and firms participating in or connected to the provision of financial services in the DIFC. This includes all market participants, listed companies, reporting entities and their officers and directors.

          Example: This means that the DFSA will treat accounts that are booked and held in foreign jurisdictions, but serviced and managed in or from the DIFC the same as if the accounts were booked, held, serviced and managed entirely within the DIFC. Legally and practically the DFSA has complete access to the account information in both situations because the regulated financial service is provided in or from the DIFC. However, if a DIFC regulated financial institution books, holds, services and manages an account entirely in a foreign jurisdiction, the DFSA has no authority to access confidential client account information unless the laws of the foreign jurisdiction permit such access and disclosure.

        • 4. Confidentiality Obligations

          4.1 Although the DFSA has comprehensive powers to access confidential information so that it can properly discharge its regulatory functions, there are statutory limitations or restrictions on the way the DFSA uses and deals with confidential information. These limitations or restrictions are necessary to protect individual privacy and to assure regulated firms and individuals, and their clients, that the confidential information they provide to the DFSA will be dealt with in confidence and used only for lawful purposes.

          Dubai Law No. 9 of 2004

          4.2 Under Article 7 of Dubai Law No. 9 of 2004, which is the law under which the DFSA was established, the DFSA is required to keep confidential any confidential information obtained, disclosed or collected by it, in the course of performing its functions. The Article specifically prohibits the disclosure of confidential information to third parties except in circumstances permitted by DIFC laws and regulations.

          DIFC Regulatory Law

          4.3 Article 38(1) of the Regulatory Law parallels the above confidentiality provisions by prohibiting the DFSA, its employees, agents or any person from disclosing confidential information unless they have the consent of the person to whom the duty of confidentiality is owed or unless the disclosure is expressly authorised under Article 38(3) (see Part 5 below).

          DIFC Data Protection Law

          4.4 The DIFC Data Protection Law applies to everyone in the DIFC, including the DFSA. Its purpose is to protect privacy rights and to ensure an individual's personal information, which is presumed to be confidential information, is kept confidential and used only for the lawful purpose for which it was provided. The Data Protection Law only protects the privacy rights of individuals and not companies or other like entities.

          4.5 The Data Protection Law requires the DFSA as a data controller, which is a person who obtains, stores or processes an individual's personal information, to do so fairly, lawfully, securely and only for the specific purpose it was obtained. The personal information must not be kept longer than necessary and if inaccurate or incomplete must be rectified or erased.

          UAE Penal Code

          4.6 It is a criminal offence under Article 379 of the UAE Penal Code, Federal Law No. 3 of 1987, (which applies in the DIFC) for any person including the DFSA, its employees and agents to disclose confidential information to third parties without having the legal authority to do so. This Article applies to all persons, not just currently serving public officers. However, it imposes more severe penalties on public officers if they disclose such information in cases other than those permitted by the law.

        • 5. Statutory Gateways for Disclosure

          5.1 The Regulatory Law provides gateways by which the DFSA is permitted to disclose regulatory information for certain purposes and/or to certain persons. The relevant gateways are in Articles 38 and 39.

          Article 38 of the Regulatory Law

          5.2 Article 38 of the Regulatory Law governs use and disclosure of confidential information by the DFSA. Under Article 38(3), the DFSA may lawfully disclose confidential information where:

          (a) the information is already public;
          (b) the disclosure is for the purpose of assisting the following persons in the performance of their regulatory functions:
          (i) the DIFC Companies Registrar;
          (ii) a Financial Services Regulator;
          (iii) a governmental or regulatory authority in the UAE or elsewhere exercising powers and performing functions relating to anti-money laundering;
          (iv) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services;
          (v) a civil or criminal law enforcement agency, in the UAE or elsewhere;
          (c) disclosure is permitted or required under the Regulatory Law or Rules, other DFSA administered laws or any other law applicable in the DIFC; or
          (d) disclosure is made in good faith for purposes of performance and exercise of the functions and powers of the DFSA.

          Article 39 of the Regulatory Law

          5.3 In addition, Article 39 of the Regulatory Law gives the DFSA specific statutory authority to exercise its powers at the request, and on behalf, of the regulators, authorities, bodies or agencies listed in Article 39. This means that the DFSA may obtain confidential information from DIFC reporting entities, listed companies, regulated firms and individuals, and their clients on behalf of other authorities. Therefore the provisions of Article 38 and 39 must often be considered together to determine the limitations on obtaining and sharing confidential information.

          5.4 Under Article 39, the DFSA may only exercise its powers on behalf of other authorities if the request for assistance comes from:

          (a) the DIFC Companies Registrar;
          (b) a Financial Services Regulator;
          (c) a governmental or regulatory authority in the UAE or elsewhere exercising powers and performing functions relating to anti-money laundering;
          (d) a self-regulatory body or organisation exercising and performing powers and functions in relation to financial services; or
          (e) a civil or criminal law enforcement agency, in the UAE or elsewhere.

          5.5 You will notice that an identical range of regulators, authorities, bodies or agencies are listed in Article 38(3)(b) and Article 39. For the purpose of this paper we will refer to these authorities as “Article 38/39 Authorities”.

          Restrictions on disclosure by the DFSA

          5.6 Under Article 80(7) of the Regulatory Law, the DFSA is prohibited from disclosing an individual's compelled testimony to any law enforcement agency for the purpose of criminal proceedings against the person unless the person consents to the disclosure or the DFSA is required by law or court order to disclose the statement.

          5.7 Additionally, when the DFSA is requested to disclose confidential information to an Article 38/39 Authority, in circumstances other than those referred to in Article 80(7), the DFSA recognises that the information to be provided is to be used for the sole purpose of assisting the requesting authority in performing its regulatory functions. Consequently the DFSA requires the requesting authority to keep the information confidential and not to disclose it to any other person without the written consent of the DFSA.

          5.8 You will see then that there are a number of restrictions on the ability of the DFSA to disclose confidential information. In summary, they are:

          •   the DFSA may only use or disclose confidential information to fulfil a DFSA regulatory purpose or legal obligation;
          •   the DFSA may only disclose confidential information to domestic and foreign regulators and authorities if it is for the purpose of assisting them in the performance of their specific regulatory or enforcement functions regarding financial services and criminal legislation; and
          •   the DFSA may only disclose an individual's compelled testimony to a law enforcement agency for the purpose of criminal proceedings against the person if the person consents to the disclosure or if the DFSA is required by law or court order to disclose the statement.

        • 6. Requests for Confidential Information

          6.1 In deciding whether to comply with a request to disclose confidential information under Articles 38 and 39, the DFSA as a matter of policy will satisfy itself that there are legitimate reasons for the request and that the regulator or authority requesting the information has the appropriate standards in place for dealing with client confidentiality.

          6.2 Every request to disclose confidential information will be assessed by the DFSA on a case-by-case basis to determine whether there is a legitimate reason to comply with the request. In determining the legitimacy of a request, the DFSA may consider, in addition to Articles 38 and 39 of the Regulatory Law:

          (a) whether the request will enable the requesting authority to discharge more effectively its regulatory responsibilities to enforce and secure compliance with the financial services laws administered by the requesting authority;
          (b) whether the request is for the purpose of actual or possible criminal, civil or administrative enforcement proceedings relating to a violation of financial services laws administered by the requesting authority;
          (c) whether the requesting authority is governed by laws that are substantially equivalent to those governing the DFSA concerning regulatory confidentiality, data protection, legal privilege and procedural fairness;
          (d) whether the request involves the administration of justice of a law, regulation or requirement that is related to enforcing and securing compliance with the financial services laws of the requesting jurisdiction;
          (e) whether any other authority, governmental or non-governmental, is cooperating with the requesting authority or seeking information from the confidential files of the requesting authority; and
          (f) whether fulfilling the request will foster the integrity of, and confidence in, the financial services industry in the DIFC and the requesting jurisdiction.

        • 7. Exercising Powers for Other Authorities

          7.1 As discussed earlier, Article 39 of the Regulatory Law gives the DFSA specific statutory authority to exercise its powers at the request, and on behalf, of Article 38/39 Authorities. As a matter of policy and further to its commitment to the principles in Part 2 above, the DFSA will exercise its powers under Article 39 unless:

          (a) the request would require the DFSA to act in a manner that would violate applicable UAE criminal laws, DIFC laws or DFSA policies;
          (b) a regulator making a request is not a Financial Services Regulator as defined in the Regulatory Law (for the purposes of this policy a Financial Services Regulator means a regulator whose principal mandate includes regulating one or more of securities, commodities, asset management, collective investment schemes, insurance and reinsurance, banking, investment services, trust service providers, Islamic finance and companies);
          (c) the request is in relation to criminal or enforcement proceedings and criminal or enforcement proceedings have already been initiated in the DIFC or UAE relating to the same facts or same persons, or the same persons have already been penalised or sanctioned on substantively the same allegations or charges and to the same degree by the DFSA or the competent authorities in the UAE;
          (d) the request would be prejudicial to the “public interest” of the DIFC;
          (e) the requesting authority refuses to give corresponding assistance to the DFSA;
          (f) complying with the request would be so burdensome as to prejudice or disrupt the performance of DFSA regulatory functions and duties; or
          (g) the authority fails to demonstrate a legitimate reason for the request.

          7.2 If the DFSA decides to obtain and disclose confidential information on behalf of another authority under Article 39, then it must do so in accordance with the provisions of Article 38. Generally though, for the DFSA to agree to provide confidential information in response to an Article 39 request, the authority will be required to:

          (a) make the request in writing, or if urgent make the request orally and, unless otherwise agreed, confirm it in writing within ten business days;
          (b) describe the confidential information requested and the purpose for which the authority seeks the information;
          (c) provide a brief description of the facts supporting the request and the relevant legal powers authorising the request;
          (d) specify whether the purpose of the request is for actual or possible criminal, civil or administrative enforcement proceedings relating to a violation of the laws and regulations administered by the authority;
          (e) agree that it will not use the confidential information for any other purpose than that for which it was requested unless it has the express permission of the DFSA;
          (f) indicate, if known, the identity of any persons whose rights or interests may be adversely affected by the disclosure of confidential information;
          (g) indicate whether obtaining the consent of, or giving notice to, the person to whom the request for confidential information relates would jeopardise or prejudice the purpose for which the information is sought;
          (h) specify whether any other authority, governmental or nongovernmental, is co-operating with the requesting authority or seeking information from the confidential files of the requesting authority;
          (i) specify whether onward disclosure of confidential information is likely to be necessary and the purpose such disclosure would serve;
          (j) agree to revert to the DFSA in the event that it seeks to use the confidential information for any purposes other than those specified in the request;
          (k) agree to keep requested confidential information confidential, including the fact that a request for confidential information was made, except as it conforms to this policy or in response to a legally enforceable demand;
          (l) agree, in the event of a legally enforceable demand, that it, the requesting authority, will notify the DFSA prior to complying with the demand, and will assert such appropriate legal exemptions or privileges with respect to such confidential information as may be available;
          (m) agree that, prior to providing information to a self-regulatory organisation, the requesting authority will ensure that the self-regulatory organisation is able and will comply on an ongoing basis with the confidentiality provisions agreed to between the requesting authority and DFSA; and
          (n) agree to use its best efforts to protect the confidentiality of confidential information received from the DFSA pursuant to the provisions in Articles 38 and 39 of the Regulatory Law, the Data Protection Law and this policy.
          Example: In an international securities fraud or money laundering investigation the kind of documents the DFSA may provide to an Article 38/39 Authority may include, documents from contemporaneous records sufficient to reconstruct all securities, derivatives and bank transactions, records of all funds and assets transferred into and out of bank and brokerage accounts relating to these transactions, records that identify the beneficial owner and controller, and for each transaction, the account holder, the particulars of the transaction, and the individual and the authorised financial or market institution that handled the transaction. In a case where any of this confidential information has been provided to the DFSA by another authority, the DFSA will advise and consult that authority before disclosing it to a third party (Article 38/39 Authority).

        • 8. Procedural Fairness

          8.1 When the DFSA intends to disclose confidential information to other bodies pursuant to a statutory gateway, in cases where that information has been obtained from another regulatory or supervisory agency, the DFSA will notify and consult with that agency which provided the information. In these instances, the DFSA does not normally notify the persons potentially affected by the disclosure, although there are exceptions.

          8.2 The DFSA will normally give notice and an opportunity to make representations and challenge the disclosure in the following circumstances:

          (a) Where the disclosure relates to a person's compelled testimony to a law enforcement agency for the purpose of criminal proceedings against the person. Under Article 80(7) of the Regulatory Law, the DFSA must not disclose a person's compelled testimony to any law enforcement agency for the purpose of criminal proceedings against the person unless the person consents to the disclosure or the DFSA is required by law or court order to disclose the statement;
          (b) Where the disclosure of confidential information relates to private civil litigation. In these circumstances, the person requesting the confidential information will be required to obtain a DIFC Court order compelling the DFSA to disclose the confidential information. The DFSA will notify the person who is the subject of the request so that the person has an opportunity to challenge the request according to the Rules of the DIFC Court;
          (c) Where the fairness of the case requires it. Notice may be appropriate where there are serious and legitimate concerns about the appropriateness of the disclosure. For example, where the body requesting the confidential information does not perform a financial services related regulatory function. In addition there may be some other obvious reason why it might be helpful (in order to enable a fully informed decision to be made) to give notice in order to get a response from the subject of disclosure or the source of the information. One of the relevant considerations is whether the body receiving the confidential information is itself obliged to provide the person concerned with an opportunity to make representations, should it decide to rely on the information disclosed to it.

          8.3 The DFSA will not normally give notice in the following circumstances:

          (a) where it may prejudice an ongoing or pending investigation, whether carried out by the DFSA or the receiving authority or prejudice actions which the DFSA or other authority may want to take as a result of an investigation (e.g. freezing assets before they disappear);
          (b) where it may reveal the identity of informants or persons who provided the DFSA with information about potential misconduct of firms or individuals in the expectation that their identity would be kept confidential;
          (c) where it may prejudice or jeopardise the DFSA's ability to effectively discharge its monitoring and other regulatory functions particularly in its supervisory function where there is frequently a need for real-time disclosures of confidential information by telephone, e-mail or fax;
          (d) where it is agreed or understood that the regulatory practice is that certain confidential information will be passed on without notice, particularly in the context of disclosure to supervisors of international firms;
          (e) where the information disclosed to other agencies is not adverse to the person concerned (e.g. letters to overseas regulators indicating that there is no adverse information, or information as to the authorisation status of firms and individuals);
          (f) where it may undermine other regulators' fitness and propriety tests; or
          (g) where it may seriously prejudice the DFSA's relations with overseas regulators, considering the DFSA's bilateral and international obligations and the need for effective mutual cooperation and information sharing.

        • 9. Information under Memoranda of Understanding

          9.1 The DFSA may obtain confidential information pursuant to a Memorandum of Understanding (MOU) with another Financial Services Regulator. A list of DFSA MOUs is published on the DFSA website.

          9.2 This Section describes how the DFSA protects, uses and discloses confidential information that it receives pursuant to an MOU.

          Procedures for assessing disclosure

          9.3 Article 38 of the Regulatory Law ensures the confidentiality of information provided to the DFSA. This includes any confidential information received by the DFSA from a Financial Services Regulator under a MOU or similar arrangement. All information received under an MOU will be expressly marked to indicate that it is confidential regulatory information provided under an MOU or Multilateral MOU from an identified Financial Services Regulator.

          9.4 Article 38 also enables the DFSA to release confidential information to a Financial Services Regulator for the purposes of assisting the performance of its regulatory functions. The release of any confidential information by the DFSA to a third party and the method of releasing this information will be assessed and approved by a senior officer of the DFSA with delegated authority to make such a release. The delegated senior officer will consider the relevant provisions of this Policy Statement (particularly Parts 4, 5 and 6) in deciding whether to release confidential information to third parties.

          9.5 Any DFSA staff member identifying the possible release of any confidential information will ensure that the delegated senior officer assessing and approving the release is aware of the origin(s) of the information and the legal basis upon which the release is required to be made.

          9.6 The DFSA staff member and the delegated senior officer assessing and approving the release will ensure that:

          (i) the receiving party is made fully aware of the protected status of the confidential information;
          (ii) the providing Financial Services Regulator has been approached to seek written approval for the information's release to the third party;
          (iii) where a providing Financial Services Regulator does not approve the release of the confidential information, the DFSA takes all reasonable efforts, including any legal steps, to protect the information from disclosure;
          (iv) if the DFSA's efforts to protect the confidential information from disclosure are unsuccessful, eg. to a Court, the DFSA informs the providing Financial Services Regulator, and requests the receiving party to ensure that the confidential information is not made public.

          9.7 Generally, the DFSA will ensure that information released under Article 38 retains its confidential status by imposing conditions on that Financial Services Regulator that the information should only be used for a regulatory purpose and will not be released to any third party without the prior consent of the DFSA.

          Where information is subject to a legally enforceable demand

          9.8 In cases where the confidential information obtained from a Financial Services Regulator under an MOU is subject to a legally enforceable demand (such as a subpoena, notice or court order), the DFSA will notify the providing Financial Services Regulator when the demand is received by the DFSA.

          9.9 In the event of a legally enforceable demand, the DFSA will assert any legal rights, exemptions or privileges to protect such confidential information that are legally available to it. These may include, for example, objections to disclosure based on a claim of public interest immunity (see Section 10 below).

        • 10. Disclosure to a Court

          10.1 The DIFC Courts deal exclusively with all cases and claims arising out of the DIFC and its operations. The DIFC Courts have jurisdiction over civil and commercial matters only and do not have criminal jurisdiction. All criminal matters are heard and determined by the Emirati courts.

          10.2 The DIFC Court's enabling legislation, Dubai Law No. 12 of 2004, gives it exclusive judicial jurisdiction in the DIFC and over DIFC bodies including the DFSA. Therefore, the DFSA is obliged by law to disclose confidential information if it is compelled to do so pursuant to an order from the DIFC Court.

          10.3 Because the UAE criminal laws apply in the DIFC, the DFSA is obliged under Article 78, Part 2 of the UAE Penal Procedures Law Federal Law No. 35 of 1992 to comply with any legally enforceable demand or order from a competent authority responsible for administering the criminal laws in the UAE. This includes orders or demands to disclose confidential information.

          Public interest immunity and similar claims

          10.4 In an appropriate case, and particularly where a party to court proceedings seeks disclosure of confidential information obtained by the DFSA under an MOU (see Section 9 above), the DFSA will seek to invoke a claim of public interest immunity (PII) to resist the disclosure. In common law, where a government department or other public body considers that the disclosure of particular information in the course of civil or criminal litigation would be seriously harmful to the public interest, the department or body may ask the court not to order disclosure, by making a claim, in civil litigation, of PII, and, in the case of criminal litigation, a similar claim in substance. The DFSA considers that a PII claim would be appropriate, in the context of its functions, where disclosure would prejudice its ability to perform those functions or jeopardise its ability to receive information in the future from certain sources, including overseas regulators, and in such a case it would make the claim on the source's behalf.

        • 11. Foreign Secrecy Laws in the DIFC

          11.1 Foreign banking secrecy laws do not apply in the DIFC and do not apply to DFSA regulated entities and their clients in relation to financial services business conducted in or from the DIFC. This is because foreign banking secrecy laws or confidentiality provisions do not have extraterritorial effect, that is, outside the jurisdiction in which they are enacted.

          11.2 Similarly the DFSA does not have extraterritorial or direct access to confidential client information if the client's business is booked, held, serviced and managed exclusively in foreign jurisdictions subject to a strict banking secrecy regime.

          Example: A request by the DFSA to a foreign regulator or a financial institution operating in a secrecy jurisdiction for disclosure of confidential client account information will be governed by and be subject to the secrecy laws of the foreign jurisdiction.

        • 12. Information Management in the DFSA

          12.1 The statutory obligation on all DFSA employees, agents and independent contractors to maintain confidentiality of information is further reinforced by requiring:

          (a) all DFSA employees, agents and independent contractors to sign an Employment or Consultancy Services Contract that incorporates a confidentiality clause in which they irrevocably agree that during the course of their employment, and thereafter, they shall not communicate any information that might be of a confidential or proprietary nature; and
          (b) all DFSA employees to abide by a Code of Values and Ethics which requires them to comply with their statutory obligations, including the confidentiality obligations under the Regulatory Law.

          12.2 The DFSA has also adopted physical measures for management of confidential information, such as:

          (a) restricted working space accessible only through the use of electronic identification cards; and
          (b) best practice electronic and paper document control systems that monitor and audit the use of confidential information.

          12.3 To ensure the confidentiality obligations in the Regulatory Law and Data Protection Law are met, the DFSA has developed policies concerning the physical management of information by employees in discharging their licensing, supervisory and other regulatory functions. The policies also prescribe procedures regarding information technology security, restricted electronic information access, physical perimeter security, securing evidence, receiving and receipting documentation and designating sensitivity classifications of information.

          12.4 When the DFSA receives confidential information pursuant to its statutory powers under the Regulatory Law to compel production of information and documents, the documents are processed according to prescribed procedures. These procedures include processes for the manual and electronic receipt, storage, retrieval and return of confidential information and documents in and from an Evidence Management Facility purpose built to secure confidential information. Only limited nominated staff have access to the restricted area and the compelled documents while they remain in the custody of the DFSA.

          Example: The DFSA provides receipts to authorised entities for any documents forwarded to the DFSA or which the DFSA removes during the course of an onsite inspection or visit.