The Dubai Financial Services Authority (DFSA) has launched its regulatory regime for whistleblowers. The regime is the first of its kind to be introduced by a financial service regulator in the UAE and applies to all DFSA regulated entities operating in or from the Dubai International Financial Centre (DIFC).
The regime provides enhanced legal protection for persons who report misconduct internally within DFSA regulated entities or externally to their auditor, the DFSA, or a law enforcement agency.
It also aims to improve the whistleblowing culture in these entities by increasing transparency around how they handle regulatory concerns, assess those concerns and, where appropriate, escalate those concerns.
Importantly, a DFSA regulated entity must also put in place measures to protect the identity of the whistleblowers and to protect them from suffering any detriment.
The chief executive of the DFSA, F Christopher Calabia, said: “Whistleblowers form a key part of a firm’s ability to detect, identify, and escalate issues of misconduct, and the required whistleblower policies and procedures play an important role in encouraging appropriate disclosures.
“We expect all Regulated Entities to be ready to discuss and demonstrate the application of their policies and procedures when engaging with the DFSA.”
The regime, which builds on existing requirements, aims to help:
- Provide better legal protection for persons who report regulatory concerns;
- Improve the whistleblowing culture in DFSA regulated entities and increase transparency around how those Entities will handle regulatory concerns;
- Encourage more disclosures of regulatory concerns; and
- Deter wrongdoing, promote better compliance and an ethical culture, by increasing awareness that there is a higher likelihood that wrongdoing will be reported.
A regulated entity includes an authorised firm, an authorised market institution, a registered auditor and a designated non-financial business or profession.
In relation to a regulated entity, a concern held by any person may include that the authorised person, an officer or employee of the regulated entity or an affiliate of the regulated entity has or may have a) contravened a provision of legislation administered by the DFSA; or b) engaged in money laundering, fraud, or any other financial crime.
What protections have been put in place for whistleblowers?
Changes have been made to the Regulatory Law 2004 to enhance the legal protection provided to persons (for example, officers, employees or agents of a regulated entity) who report suspected misconduct internally within the Entity or externally to their auditor, the DFSA or a law enforcement agency.
This protection will only apply where the disclosure of information relates to a reasonable suspicion that the Regulated Entity, an officer or employee of the Regulated Entity or an Affiliate of an Authorised Person has or may have:
- contravened a provision of the Law, the Rules or any other legislation administered by the DFSA; or
- engaged in money laundering, fraud or any other financial crime, and where the disclosure is made in good faith.
What is “reasonable suspicion”?
This will depend on the particular circumstances and while “suspicion” is a relatively low threshold, the notion of reasonableness brings an objective test to the suspicion.
What is “good faith”?
This requires, for example, that something is done honestly rather than for a dishonest or malicious purpose.
Under the regime, it is for the person making the disclosure to establish that these tests are met in order to receive protection.
What do DFSA regulated entities need to do?
All DFSA regulated entities will need to put in place appropriate and effective policies and procedures to facilitate the reporting and assessment of regulatory concerns. We expect the policies and procedures to cover:
- Internal arrangements to allow for the disclosure of regulatory concerns;
- Adequate procedures to deal with, assess and escalate whistleblower reports within the Entity and, where appropriate, to the DFSA or any other relevant authority;
- Reasonable measures to protect the identity and confidentiality of the whistleblowers;
- Reasonable measures to protect the whistleblowers from suffering any detriment;
- Procedures to provide feedback to the whistleblowers, where appropriate; and
- Measures setting out how the Entity will manage any conflicts of interest and the fair treatment of any person accused of committing a breach by whistleblowers.
The policies and procedures put in place by DFSA Regulated Entities should be appropriate to the nature, scale and complexity of that Entity’s business and must be reviewed periodically to ensure they are adequate, effective and up to date.
A DFSA Regulated Entity should also, as part of implementing these new requirements, inform all its officers and employees of the protections available to them.
Reporting of misconduct to the DFSA
We have set up a specific DFSA Whistleblowing email address – [email protected] – where a regulatory concern can be reported directly to the DFSA regardless of whether an internal report has been made.
Any information reported to the DFSA is treated confidentially and access to that information would be limited to a small number of expert DFSA staff.
We would aim to respond to that report within 28 working days of receiving it. This would include an initial assessment of the report and potential requests for further information.
The DFSA will not, as part of this process, provide any legal advice or guidance.
What next?
The DFSA will be carefully monitoring compliance with this new regime and, in mid-2023, will carry out a review of its implementation and whether the requirements have been effective in encouraging whistleblowing and protecting whistleblowers.
Follow us on
