Implementation of passporting regime for domestic funds

On 11 March 2019, the Securities and Commodities Authority (SCA), the Dubai Financial Services Authority (DFSA) of the Dubai International Financial Centre (DIFC) and the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) issued a joint press release announcing the enactment of legislation enabling the implementation of a “passporting” scheme to facilitate UAE-wide promotion of domestic funds.

 

The three regulators had previously signed a passporting agreement last November and a public consultation process followed in the ensuing months (covered in our inBrief of 30 January 2019).

 

The press release quotes several officials. Of particular note are the comments of the Chairman of the ADGM (who is also a Minister of State in the UAE Federal Cabinet):

 

There has been an accelerating demand and appetite for a greater variety of domestic funds in the UAE by the investment community. The new passporting regime enables investors to access growth opportunities with greater ease and efficiency. It will also bolster the UAE’s economic diversification strategy and attract more foreign direct investments and new investors and institutions to participate and support the growth of our economy and the development of the region.

 

Historically, the existence of three different regulatory regimes in the UAE has been an impediment to the growth of the market for funds since a fund approved by a particular regulator was only eligible for promotion within the relevant jurisdiction and not throughout the UAE. The passporting regime aims to change this.

 

The DFSA and ADGM have published amendments to the relevant rules and regulations implementing the passporting regime. The SCA’s regulations have not yet been published.

 

The Guidance to the DFSA’s Fund Protocol Rules (FPR) explains that:

 

The three UAE securities regulators: the SCA, the DFSA and the FSRA have agreed a “Protocol” regarding co-ordinated supervision of the marketing and selling of units of domestic funds within the UAE (State). The “Protocol” introduces a notification and registration process to enhance the monitoring and supervision of the financial services associated with the marketing and sale of units in domestic funds. The Protocol sets out a common regulatory framework which is to be implemented by each of the regulators. The Protocol is implemented in the DFSA Rulebook primarily through this module (FPR).

 

The passporting regime applies to both private and public domestic funds. It does not apply to foreign funds promoted in the UAE. Foreign funds and other types of securities promoted in the UAE remain subject to the applicable rules of the jurisdiction in which they are promoted.

 

Overall, this is a positive development that will reduce the regulatory burdens faced by domestic funds. ■

New regulations offer welcome guidance to anti-money laundering law

UAE Federal Decree-Law 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations (AML Law) came into force at the end of October 2018. Containing features recommended by the Financial Action Task Force (FATF), the new AML Law has been shaped by international AML standards and provides several mechanisms to combat money-laundering and to ensure that businesses in the UAE are actively involved in managing compliance risks associated with money laundering activities.

 

While the new AML Law has introduced subtle but important changes, it is the implementing regulations to the new AML Law which have helped bring further clarity to the anticipated operation of the AML Law. The Implementing Regulations were issued on 28 January 2019 pursuant to Cabinet Resolution 10 of 2019 (AML Regulations).

 

The AML Regulations provide welcome guidance on the implementation of the AML Law and clarify the intended impact in certain key areas. In particular, guidance has been provided on the following matters:

 

• types of businesses subject to the AML Law;

• the scope of the exemption, accorded to lawyers and auditors, from the obligation to report suspicious transactions; and

• the functions and role of the Financial Intelligence Unit (FIU).

 

What businesses are subject to the AML Law?

 

Prior to the release of the AML Regulations, it was thought to be the case that all businesses engaged in economic, commercial or professional activities in the UAE were subject to the full set of AML obligations imposed by the AML Law. The AML Regulations make it clear, however, that only those entities which qualify as Financial Institutions or as Designated Non-Financial Businesses and Professions (DNFBPs) will be subject to the obligations of the AML Law.

 

A Financial Institution is a person or entity that conducts one or more financial activities or transactions for or on behalf of a Customer. Pursuant to the AML Regulations, the following are considered financial activities and transactions:

 

1. receiving deposits and other funds from the public, including deposits in accordance with Islamic Sharia;

2. providing private banking services;

3. providing credit facilities of all types;

4. providing credit facilities in accordance with Islamic Sharia;

5. providing cash brokerage services;

6. financial transactions in securities, finance and financial leasing;

7. providing currency exchange and money transfer services;

8. issuing and managing means of payment, guarantees or obligations;

9. providing stored value services, electronic payments for retail and digital cash;

10. providing virtual banking services;

11. trading, investing, operating or managing funds, option contracts, future contracts, exchange rate and interest rate transactions, other derivatives or negotiable financial instruments;

12. participating in issuing securities and providing financial services related to these issues;

13. managing funds and portfolios of all kinds;

14. saving funds;

15. preparing or marketing financial activities;

16. insurance transactions, in accordance with Federal Law 6 of 2007 Concerning the Establishment of the Insurance Authority and the Organisation of its Operations; and

17. any other activity or financial transaction determined by the Supervisory Authority.

 

A DNFBP is a person or entity engaged in the following trade or business activities:

 

1. brokers and real estate agents when they conclude operations for the benefit of their Customers with respect to the purchase and sale of real estate;

2. dealers in precious metals and precious stones when they carry out any single monetary transaction or several apparently related transactions with a value equal or exceeding AED 55,000;

3. lawyers, notaries, and other independent legal professionals and independent accountants, when preparing, conducting or executing financial transactions for their Customers in respect of the following activities:

 

a) purchase and sale of real estate;

b) management of funds owned by the Customer;

c) management of bank accounts, saving accounts or securities accounts;

d) organising contributions for the establishment, operation or management of companies;

e) creating, operating or managing legal persons or Legal Arrangements; and

f) selling and buying commercial entities.

 

4. providers of corporate services and trusts upon performing or executing a transaction on behalf of their Customers in respect of the following activities:

 

a) acting as an agent in the creation or establishment of legal persons;

b) working as or equipping another person to serve as director or secretary of a company, as a   partner or in a similar position in a legal person;

c) providing a registered office, work address, residence, correspondence address or administrative address of a legal person or Legal Arrangement;

d) performing work or equipping another person to act as a trustee for a direct Trust or to perform a similar function in favor of another form of Legal Arrangement; and

e) working or equipping another person to act as a nominal shareholder in favor of another person.

 

The AML Law also specifies that other professions and activities may be added to this list over time as determined by a resolution of the Minister.

 

Once an entity qualifies as either a Financial Institution or as a DNFBP, it will be required to undertake customer due diligence; identify, assess and understand AML risks that may arise for its business; mitigate such risks; and take measures for the enhanced management of any high risks that it identifies.

 

Exemption for lawyers and auditors from reporting suspicious transactions

 

As noted above, lawyers, notaries, and other independent legal professionals and independent accountants may qualify as DNFBP’s depending on the activities they are undertaking for their clients.

 

This has caused issues for such professionals who may be bound by client confidentiality requirements as well as non-disclosure agreements.

 

The AML Law introduced the concept of an exemption for lawyers, notaries, other legal professionals and independent legal auditors with regard to information that they receive subject to professional confidentiality. However, little detail regarding this exemption was provided in the AML law. As a result, professionals were left wondering as to the scope of the exemption and their ability to rely on it.

 

The AML Regulations have provided further clarity on the operation of this exemption.

 

As a general rule, the AML Regulations require that any Financial Institution or DNFBP who has reasonable grounds to suspect that a transaction, attempted transaction, or funds in whole or in part constitute the proceeds of a crime, are related to a crime, or are intended to be used in criminal activity, must provide a suspicious transaction report to the FIU and thereafter provide all additional information requested by the FIU.

 

The AML Regulations exempt lawyers, notaries public, other legal professionals and independent legal auditors from this requirement if the information regarding such transactions was obtained in the course of their assessment of their clients’ legal position, defending or representing the clients before judicial authorities or in arbitration or mediation proceedings, providing a legal opinion with regard to legal proceedings, or other circumstances where such clients benefit from professional privilege.

 

Furthermore, while a Financial Institution or a DNFBP is normally prohibited from disclosing to its client the fact that it has made a suspicious transaction report, the AML Regulations clarify that in cases where a lawyer, notary, other independent legal professional, or independent legal auditor attempts to discourage their client from committing a violation, this shall not be considered as such disclosure.

 

While lawyers, notary publics, other legal professionals and independent legal auditors are exempted from reporting suspicious transactions as aforesaid, they are still required to abide by all other obligations in the AML Regulations imposed on them as DNFBPs, including conducting customer due diligence and enhanced management of high risks.

 

The role of the FIU

 

The AML Law and AML Regulations have maintained the role of the FIU to receive and process information related to crime. They accord the FIU powers to investigate and to process suspicious transaction reports and to seek further information from Financial Institutions and DNFBPs. The AML Regulations grant the FIU the international role of exchanging information with and reporting to its counterparts in other countries.

 

Conclusion

 

The AML Regulations provide welcome clarity on the operation of the AML Law and in particular the changes introduced in the AML Law.

 

Such changes complement a series of other measures aimed at strengthening the integrity of the UAE’s financial system and bringing it into consistency with global standards.

 

The AML Law and AML Regulations should further be viewed as a sign that there is no tolerance for financial crime in the UAE. Businesses operating in the UAE who fall within the definition of a Financial Institution or DFNBP need to consider the application of the AML Law and AML Regulations to their business and ensure that they have internal processes in place to identify, manage and mitigate high risk customers and activities.■

Amendments to classification requirements for engineers and contractors in Abu Dhabi

Background

 

Companies licensed to conduct engineering or contracting activities in Abu Dhabi must be classified by the Contractors and Consultants Classification and Engineers Registration Office at the Abu Dhabi Department of Town Planning and Municipalities.

 

The applicable regulations setting out the classification requirements are not new and date back to 2009, although implementation was delayed until 2014. Subsequent to the 2009 regulations, new regulations were introduced in 2018.

 

Abu Dhabi Administrative Resolution 162 of 2018 on the Classification System for the Engineering Consultancy Offices in the Emirate of Abu Dhabi, and its subsequent implementing instructions, set out the classification requirements for engineering consultancies (the 2018 Regulations).

 

Administrative Resolution 160 of 2018 on the Classification of Contractors in the Emirate of Abu Dhabi, and its subsequent implementing instructions, set out the classification requirements for contractors.

 

Administrative Resolution 158 of 2018 on the Regulations for Registering Engineers in the Emirate of Abu Dhabi, and its subsequent implementing instructions, set out the classification requirements for engineers.

 

While there are similar criteria which need to be satisfied by both contractors and engineering consultancies, this InBrief highlights the key items which engineering consultancies will need to be aware of when looking to meet the rigorous classification requirements, as well as what new amendments have been introduced by the 2018 Regulations that will impact engineering consultancies.

 

Who is subject to the classification requirements?

 

Classification is a condition precedent to renewal of the professional license for any existing engineering company. A company established in the future will have one year from the date of initial licensing to satisfy the classification requirements.

 

The 2018 Regulations now also provide that no new applications may be filed for a new building or an infrastructure license, and no engineering consultancy firm may participate in any tender in the Emirate of Abu Dhabi, unless the applicant engineering firm is in possession of a valid certificate of classification. Furthermore, an engineering firm may not practice the profession of engineering consultancy, even as a sub-consultant, in any field other than the engineering consultancy specializations in which it is classified and licensed.

 

How can the classification requirements be met?

 

Classification is not a routine or automatic approval. Nor is it simply additional bureaucracy and paperwork. Classification entails a substantive review by a panel of experts of a company’s capabilities and qualifications and a company that does not meet the specified criteria will not be classified.

 

Engineering consultancies in the Emirate have to take one of the following three forms:  a local engineering office, a branch of a foreign engineering office or an advisory (opinion) engineer office. The 2018 Regulations have introduced a fourth alternative, being an associated engineering firm. An associated engineering firm is an engineering firm that is comprised of a joint venture agreement between a local engineering firm classified in the Special Category, and a foreign engineering firm or firms with no UAE presence. Upon incorporation, an associated engineering firm is granted a temporary certificate of classification for a duration of six months, during which it is permitted to conduct the engineering consultancy activities stated in the temporary certificate. The temporary certificate may be extended for an additional duration of six months.

 

The classification categories remain as Special Category, First Category and Second Category, but branches of foreign engineering offices, opinion engineer offices and associated engineering firms may apply for classification only in the Special Category. The Special Category is the highest category for engineering firms, and firms in this category may perform contracts with a value of over AED 60 million (down from AED 70 million prior to the 2018 Regulations).

 

Generally, the classification requirements — as regards technical staff, financial criteria and financial situation, prior expertise and quality, and professional insurance requirements — remain the same. However, as will be noted from our discussion below, the more onerous requirements have been eased somewhat. The 2018 Regulations have also introduced an additional criterion based upon the project’s area (quota) and number of floors in a building.

 

The classification requirements will vary from case to case. For example, a local engineering consultancy seeking classification in the Special Category must meet, among others, the following criteria:

 

• The value of the capital and assets owned by the company should not be less than AED 2 million (previously this was AED 4 million).

 

• The company is required to employ four (previously five) specialised and registered engineers having a minimum experience of ten years each. This applies to each Special Category of engineering type the company requires to undertake; e.g., for civil engineering, it must employ four civil engineers meeting the foregoing minimum experience, and for mechanical engineering, it must employ four mechanical engineers meeting the foregoing minimum experience.

 

• The cumulative value of previously executed projects must not be less than AED 240 million, provided that the value of each project submitted is not less than AED 30 million (previously this was AED 480 million and AED 60 million respectively).

 

• The company must hold an ISO 9001 certificate and professional indemnity insurance.

 

• A local engineering consultancy seeking classification in the Special Category may undertake works with unlimited number of floor levels and an area quota of 60,000 square metres.

 

Conclusion

 

All companies conducting activities involving engineering or contracting should immediately investigate whether the licensed activities currently on the company’s trade license require classification.

 

If a company is not already classified, it should begin investigating the specific requirements it will have to meet well in advance of its next licensed renewal date.

 

Companies that are already classified should ensure that they have rectified their situations according to the provisions of the implementing instructions within one year from the effective date of the 2018 Regulations, i.e., by 3 March 2019. It is hoped that the easing of some of the onerous classification requirements will encourage both contractors and engineering consultancies to do so. ■

ADGM grows up: issues first fines

The Abu Dhabi Global Market (ADGM), the financial free zone which began operations in 2015, has now come of age.

 

On 14 April 2019 Mr Alexander Guy, Senior Executive Officer and Director at Eshara Capital Limited, had the uncommon honour of becoming the first named person to be fined by ADGM’s Financial Services Regulatory Authority. Eshara Capital, in its corporate capacity, was also fined in connection with the same contraventions.

 

Commencement of regulatory enforcement actions, such as the imposition of financial penalties, demonstrates that the Financial Services Regulatory Authority has the capacity, and perhaps more importantly, the appetite to take actions against its member firms (and their senior management). Financial free zones who act too aggressively in the early days risk scaring away potential members. Being seen as too lenient is just as bad, and risks threatening the creditability of the institution itself.

 

In this instance Mr Guy has been fined a modest sum, USD 10,000. Eshara Capital has itself been fined a further USD 10,000. The size of the fines reflects the relatively low-key nature of the offenses. It appears that Eshara Capital failed to file a number of regulatory returns. These included the firm’s annual prudential return for 2017, the regulatory return auditor’s report for 2017, and the first three quarterly returns for 2018.

 

The regulator has drawn attention to the fact that Mr Guy, as SEO and a licensed director, had ultimate responsibility for the day-to-day management of Eshara Capital and held significant responsibilities for ensuring that Eshara Capital complied with all applicable legislation. The regulator also drew attention to the fact that although Mr Guy appeared to have been cooperating with the regulator in terms of remedying the defaults, the remedial action he took in respect of the contraventions was not timely or complete. Mr Guy’s conduct allowed Eshara Capital to breach and remain in breach for a considerable period of time, and despite repeated reminders from the regulator. In conclusion, it was held that Mr Guy behaved in a reckless manner.

 

The regulator did not order disgorgement in this matter as it appears that Mr Guy did not derive any personal financial benefit from the contravention or the reckless conduct.

 

In any regulated environment there will be a period of time between a contravention, the regulator becoming aware of it, investigating the same, and then taking public enforcement action. Under the circumstances, it might be reasonable to assume that there is now a pipeline of ADGM enforcement actions, and that Mr Guy’s punishment is but the first.

 

Afridi & Angell has been advising on matters of UAE financial services regulation since 1975. In 2008 we advised the first firm to be sanctioned by the Dubai Financial Service Authority, and we have continued to advise on regulatory investigations and enforcement actions in both Dubai and Abu Dhabi. ■

BVI companies – economic substance law

British Virgin Islands (BVI) companies are commonly used in the UAE by investors to hold real estate properties and/or shares in UAE companies. Investors need to be aware of a recently enacted BVI law, the Economic Substance (Companies and Limited Partnerships) Act, 2018 (the Law), which introduces economic substance requirements in the BVI.

 

In order to avoid being identified/blacklisted as a non-cooperative jurisdiction for tax purposes by the European Union’s Code of Conduct Group (a group responsible for EU’s taxation policy), many offshore jurisdictions such as the BVI, the Isle of Man, the Cayman Islands, etc., have introduced legislation requiring entities established in such jurisdictions to demonstrate economic substance in their respective jurisdictions.

 

The Law came into force on 1 January 2019. Existing legal entities (companies or limited partnerships) in the BVI are required to demonstrate compliance with the requirements of the Law by 30 June 2019.

 

Applicability: Companies and Limited Partnerships

 

The Law applies to all companies (registered in the BVI under the BVI Business Companies Act, 2004) and limited partnerships (registered in the BVI under the Limited Partnership Act, 2017), except “non-resident companies”, “non-resident limited partnerships” and limited partnerships which do not have a legal personality.

 

A “non-resident company” or a “non-resident limited partnership” is a company/limited partnership which is resident for tax purposes in a jurisdiction outside the BVI (such a jurisdiction should not be on Annex 1 to the EU list of non-cooperative jurisdictions for tax purposes).

 

The Law is applicable to all companies and limited partnerships unless such companies and limited partnerships are considered as tax residents of other jurisdictions.

 

Relevant Activities

 

A legal entity is required to demonstrate economic substance in the BVI if it is carrying on any of the following activities (called “relevant activities”): (a) banking business; (b) insurance business; (c) fund management business; (d) finance and leasing business; (e) headquarters business; (f) shipping business; (g) holding business; (h) intellectual property business; (i) distribution and service centre business. These activities are defined in detail under the Law.

 

Requirements under the Law

 

The Law requires a legal entity carrying a relevant activity during any financial period to comply with the economic substance requirements in relation to that activity. A legal entity is considered to have complied with the economic substance requirements if:

 

a) the relevant activity is directed and managed in the BVI;

b) there are adequate number of qualified employees in the BVI;

c) there is adequate expenditure incurred in the BVI;

d) there are physical offices or premises in the BVI;

e) in case the relevant activity is intellectual property business and requires the use of specific equipment, that equipment is located in the BVI; and

f) it conducts core income-generating activity.

 

Holding Business

 

A BVI company which is carrying on the business of an equity/share holding company and earns dividends and capital gains, and carries on no other relevant activity is required to comply with a slightly relaxed level of economic substance requirements. Such a BVI company is considered to have adequate substance if it (a) complies with statutory obligations under the BVI companies law; and (b) has adequate employees and premises for holding and/or managing equitable interests or shares.

 

Requirement to Provide Information

 

A legal entity shall provide (in addition to the reporting requirements under other BVI laws) any information reasonable required by the competent authority to assess if such a legal entity has complied with the requirements under the Law.

 

Penalties

 

If the competent authority has determined that a legal entity has not complied with the economic substance requirements as per the Law, the competent authority shall issue a notice to the legal entity and impose a penalty (ranging between USD 5,000 to USD 50,000). A notice issued by the competent authority shall include its findings and steps required to be taken by the said legal entity to ensure compliance under the Law.

 

If the legal entity fails to comply with the first notice, the competent authority shall issue a second notice and impose additional penalty on the legal entity (ranging between USD 10,000 to USD 400,000).

 

If the legal entity fails to comply with the second notice, the competent authority may submit a report to the Financial Service Commission in BVI recommending striking the said legal entity off the Register of Companies or the Register of Limited Partnerships (as applicable).

 

A legal entity who has received a notice from the competent authority has a right to appeal to the BVI courts against the competent authority’s determination/findings (relating to compliance with the economic substance requirements) and amount of penalty imposed.

 

Next Steps

 

All legal entities are required to assess and determine if they are in compliance with the Law and if not, what steps are required to be taken to ensure compliance. ■

Directors’ duties in DIFC

Introduction 

 

On 12 November 2018, the Dubai International Financial Centre (DIFC) introduced a suite of new legislation concerning companies operating in or from the DIFC. This consists of DIFC Law 5 of 2018 (the Companies Law), DIFC Law 7 of 2018, the Companies Regulations and the Operating Regulations.

 

The Companies Law has amplified the duties of directors of DIFC companies by enacting a set of directors’ duties, largely following the standard contained in the UK Companies Act 2006.

 

This inBrief briefly outlines the particular duties that directors of bodies corporate in the DIFC should be aware of.

 

Directors’ Duties

 

Directors’ duties are owed to the company. This means that it will in the first instance be the company, rather than the shareholders, that are entitled to enforce them.

 

Companies are permitted to go further than the statutory duties provided by placing more onerous requirements on their directors in their articles of association, or by virtue of a director’s terms of appointment.

 

The Companies Law sets out the following directors’ duties (though there may also be additional duties that are relevant to a director, for example, a duty to prepare and deliver accounts) although directors of public limited companies or financial services providers licensed by the Dubai Financial Services Authority may be subject to additional duties:

 

• duty to act within powers: directors are confined to exercising their powers in accordance with the company’s articles of association and for the purposes for which those powers have been conferred;

 

• duty to promote the success of the company: directors must act in the manner they consider, in good faith, would be most likely to promote the success of the company for the benefit of its shareholders as a whole. In doing so, directors must consider, amongst others, the interests of the company’s employees, likely consequences of any decision in the long run and the impact of the company’s operations on the community and the environment;

 

• duty to exercise independent judgement: directors must generally exercise their powers independently. As an example, directors may not agree to vote at a board meeting in a certain way if instructed by a third party (i.e. shareholder);

 

• duty to exercise reasonable care, skill and diligence: a director must act as a reasonably diligent person would at all times. A director must display the general knowledge, skill and experience to carry out the functions that are required by the director. An individual should not take on a directorship unless they are appropriately qualified or experienced to be able to perform the functions that they may reasonably be expected to carry out;

 

• duty to avoid conflicts of interest: directors must avoid scenarios in which they have or can have a direct or indirect interest that conflicts with, or may conflict with the company’s interest;

 

• duty not to accept benefits from third parties: directors must not accept any benefit from a third party which is conferred because of him being in the position as a director of the company, or for him doing (or not doing) anything in his position as director, unless the acceptance of such benefit cannot reasonably be regarded as likely to give rise to a conflict of interest. “Benefit” has not been defined in the Companies Law, but it is likely that a court considering the matter would interpret this term to have its ordinary meaning;

 

• duty to declare interest in a proposed transaction or arrangement: directors must declare, before entering into the relevant transaction or arrangement, to the other directors the nature and extent of any interest (direct or indirect) in a proposed transaction or arrangement with the company. As the legislation provides for indirect interest, the director need not be a party to the transaction for the duty to apply and directors should apply their mind to potential parties who may be regarded as connected persons;

 

• duty to declare interest in existing transaction or arrangement: directors must declare, as soon as practicable after the director became aware of the circumstances, the nature and extent of any interest (direct or indirect) in a transaction or arrangement with the company or by a subsidiary which, to a material extent, conflicts or may conflict with the interests of the company.

 

Consequences of breach

 

The consequences for directors breaching their statutory duties can be severe and may include personal civil liability, fines or payment of damages to the company. A breach of duty may also be grounds for disqualification from the position as a director.

 

Conclusion

 

Directors should familiarize themselves with the statutory duties outlined in the Companies Law (and other relevant legislation) before accepting a position as a director of a DIFC company. Individuals should assess whether they have the necessary qualifications, experience, knowledge and capabilities to perform the tasks which may be expected of the director. Directors or potential directors who are uncertain of what may be expected of them in their role as directors should seek legal advice. ■

Health data confidentiality on a rise in the UAE!

Recent events, including the investigations into Facebook’s handling of its users’ personal data, have highlighted the realization that personal data is, in today’s world, one of the most valuable resources for any business and that businesses not only collect and store their customers’ personal data but also use and even sell it for profit.

 

While there is no single federal data protection law in the UAE, and UAE law does not recognise concepts such as data controllers and data processors, over the years, there have been number of sectoral laws that deal with data protection. These include Federal Law 5 of 2012 on Combating Cyber Crimes, Federal Law 3 of 2003 Regarding the Organisation of Telecommunications Sector, and the UAE Central Bank’s Regulatory Framework for Stored Values and Electronic Payment Systems. There are also data protection laws in some of the UAE’s free zones, such as the Dubai International Financial Centre, the Abu Dhabi Global Market and Dubai Healthcare City. Dubai has a few of its own laws that deal with data protection in certain contexts, e.g., Dubai Law 28 of 2015 Concerning Dubai Statistics Centre and Dubai Law 26 of 2015 on the Regulation of Data Dissemination and Exchange in the Emirate of Dubai.

 

A new sectoral data protection law, Federal Law 2 of 2019 Concerning the Use of the Information and Communication Technology in the Areas of Health (the New Law), has been published and is set to come into force in May 2019. The New Law is aimed at regulating the collection, processing and transfer of electronic health data that originates in the UAE and will apply to all “information and communication technology methods and uses” in the healthcare sector in the UAE, whether onshore or in any of the free zones (including the Dubai Healthcare City).

 

The New Law will apply to all businesses that handle health data and information such as healthcare facilities and providers, pharmacies, medical insurance providers and intermediaries, service providers assisting with medical claims management, as well as technology service providers servicing the healthcare industry. Essentially, all businesses that process data relating to patient names, consultation, diagnosis and treatment, alpha-numerical patient identifiers, common procedural technology codes, medical scan images and laboratory results will have to comply with the New Law.

 

In view of the consistently fast paced development of healthcare related technology, the scope of application of the New Law could be much wider than was probably contemplated at the time of drafting it. A lot of the devices that we use in our day-to-day lives such as mobile phones and digital wrist watches have features that provide healthcare support. All businesses that manufacture such devices or develop applications that operate on these devices to provide healthcare support are likely collecting, processing and (in some cases) transferring data relating to fitness and lifestyles in the UAE, and as such, will likely fall under the scope of the New Law’s application.

 

The New Law requires businesses that use information and communication technology for processing health data to ensure its confidentiality, accuracy and validity, as well as its availability when required.

 

Some of the key features of the New Law are:

 

– a general prohibition on transfer of health data outside the UAE, subject to an authorisation by the relevant health authority;

– establishment and management of a central system by the UAE Ministry of Health and Prevention to store, exchange and collect healthcare data and information in compliance with the parameters set by the New Law; and

– a data retention period of not less than 25 years.

 

The parameters for storing health data and information inside the UAE will be defined by a resolution issued by the UAE Minister of Health and Prevention.

 

Non-compliance with the New Law may attract fines of up to AED 1 million. Other disciplinary sanctions include notices and warnings, and also the suspension or cancellation of an entity’s license.

 

Although a welcome step towards protection of healthcare data, the New Law is not the first law that regulates healthcare data in the UAE. UAE Federal Law 7 of 1975 concerning the Practice of Human Medicine Profession and the Ministry of Health Code of Conduct 1988 concerning the collection of health data impose obligations of confidentiality on healthcare practitioners. Those previous healthcare laws remain in effect, although the New Law repeals inconsistent provisions of prior law.

 

The timeframe to ensure compliance with the New Law as well as the scope of its application will be known once the underlying implementing regulations are issued. All concerned parties should closely monitor legislative developments in this regard and obtain legal advice to prepare for compliance with the New Law. ■

Ultimate Beneficial Ownership Regulations (DIFC)

The DIFC Authority has issued the Ultimate Beneficial Ownership (UBO) Regulations, which took effect on 12 November 2018 (the Regulations).

 

The Regulations require entities currently registered with, or to be registered with, the DIFC Authority to keep and maintain a UBO Register and (if applicable) a Register of Nominee Directors, setting out the details of the UBO and Nominee Directors respectively.

 

In this inBrief, we highlight the key items that DIFC entities need to be aware of in creating and maintaining their UBO Register and Register of Nominee Directors and in issuing the associated notifications to the DIFC Registrar of Companies.

 

Who are the Nominee Director and the UBO?

 

For the purposes of the Regulations, a Nominee Director is a director who is obligated to act in accordance with the directions and instructions of another person.

 

An ultimate beneficial owner is a natural person who:

 

– in relation to a DIFC company, owns or controls directly or indirectly:

o 25% of shares, ownership interests or voting rights in the DIFC entity; or

o has the right to appoint or remove the majority of the directors of the DIFC entity.

 

– in relation to a DIFC partnership, exercises significant control over the activities of the partnership;

 

– in relation to a DIFC foundation, exercises significant control over the council of the foundation; and

 

– in relation to a DIFC non-profit incorporated organisation, exercises significant control over the board.

 

If, after applying the foregoing rules, no natural person can be identified as an ultimate beneficial owner of the DIFC entity, anyone who exercises significant control over the DIFC entity (or its governing body) shall be required to be notified as an ultimate beneficial owner of the DIFC entity. If there is no such person, then members of the governing body of the DIFC entity shall be required to be notified as ultimate beneficial owners of the DIFC entity.

 

Obligation of DIFC entities

 

The obligations of the DIFC entities vary slightly depending on when they were registered with the DIFC Authority.

 

– DIFC entities registered prior to 12 November 2018 were required to establish a UBO Register and Register of Nominee Directors, and notify the details of the Nominee Directors and the ultimate beneficial owner to the DIFC Authority through the DIFC portal by 12 February 2019 (the DIFC Authority granted an additional penalty free grace period of 30 days, meaning that the final deadline for compliance was 14 March 2019).

 

– DIFC entities registered after 12 November 2018 were also required to comply with the deadline of 14 March 2019 to establish a UBO Register. For the Register of Nominee Directors, the deadline is 30 days of the later of the registration date of the DIFC entity or the Nominee Director becoming a director of the DIFC entity.

 

– Entities in the process of being registered with the DIFC Authority are required to establish a UBO Register 30 days following the date of registration with the DIFC Authority.

 

The latter two categories of entities need not notify the DIFC Authority of the UBO details, as they are deemed to have provided such details as part of the registration process.

 

Changes to the UBO Register

 

DIFC entities must record any changes to the UBO Register and Register of Nominee Directors, and notify the DIFC Authority of the same through the DIFC Portal, within 30 days of becoming aware of such change.

 

Penalties

 

Failing to keep and maintain the UBO Register and the Register of Nominee Directors will result in a fine of USD 25,000. If the DIFC entity fails to comply with any requirement, or notice issued, under the Regulations, the DIFC Registrar may strike the DIFC entity off the Public Register.

 

Exempt Entities

 

The Regulations set out DIFC entities that are exempt from keeping and maintaining a UBO Register and Register of Nominee Directors. These are DIFC entities that:

 

– have their securities listed or traded on an exchange recognised by the DIFC Authority;

 

– or regulated by the DFSA or any other financial services regulator recognised by the DIFC Authority;

 

– constitute a company, foundation or partnership which the DIFC Authority recognises as being subject to equivalent international standards with adequate transparency of ownership information in its home jurisdiction;

 

– are a non-profit incorporated organisation which does not, as its primary function, engage in raising or disbursing funds for charitable, religious, cultural, educational, social, fraternal or similar purposes;

 

– are wholly owned by a government or governmental agency of the UAE and any other jurisdiction which the DIFC Authority may determine from time to time; or

 

– are established under UAE law to perform governmental functions.

 

DIFC entities that fall under one of the abovementioned categories will be required to request a formal exemption.

 

Partially Exempt DIFC Entities

 

Additionally, the Regulations set out the requirements for a partially exempt DIFC entity, which is a DIFC entity that is at least 25% owned by a corporate person that falls under one of the abovementioned categories (Exempt Owner). Such DIFC entity is subject to the obligations set out in Section 4, however with respect to the Exempt Owner, instead of tracing the ownership details of the Exempt Owner, the details of the Exempt Owner are inserted in the UBO Register instead. ■

New Tawazun Economic program policy guidelines issued

The UAE has had an offset program for the better part of 30 years. It was originally conceived as an inducement for investment in industrial ventures in the UAE that would contribute to the diversification of the UAE’s economy. This underlying purpose continues today. However, the offset program, as originally devised, looked for development in non-military and non-hydrocarbon sectors. This narrow focus has long been abandoned, leading the program to landmark achievements in these sectors and others.

 

The offset program has given rise to Mubadala, Abu Dhabi’s leading strategic investor, while the original defense focus of the offset program has been assumed by the Tawazun Economic Council. But the original hallmarks of the UAE offset program have remained constant – a focus on economic diversification, technology transfer and development of personnel; a target of 60% in offset credits based on the underlying procurement contract value; bank guarantees to ensure performance; and an eight year time frame (now reduced for some projects) within which to achieve the offset milestones — all governed by a contractual framework. The latest iteration of the guidelines for the offset program, published on March 31st on the website of the Tawazun Economic Council and called the Tawazun Economic Program Policy Guidelines, clarify the program’s expectations and offer guidance to contractors.

 

The new guidelines afford increased scope for the development of technology-driven projects that extend beyond the defense and security industry, to now include aerospace; infrastructure and transportation; communication technology; education technology; sustainability, environment and climate change; food and water security; and other strategic sectors as advised from time to time by Tawazun.

 

With the added focus on technology integration, Tawazun will also consider projects that comprise dual-use of stand-alone specific technologies, such as artificial intelligence and big data analytics, blockchain, additive manufacturing, virtual and augmented reality, advanced information technologies, quantum computing and encryption, robotics, internet-of-things,  advanced energy capture, storage and propulsion and smart materials and smart sensors.

 

Offset obligations are triggered when a supplier (or group of suppliers) reaches a threshold value of USD 10 million in awarded contracts. Under the previous guidelines, this would occur when the value of a series of contracts reached the threshold value. In a significant change, offset obligations now attach only when a single contract of no less than the threshold value is awarded. Contracts of lesser value awarded thereafter are also brought under the offset program for as long as the supplier has an active account with Tawazun, but not contracts of lesser value awarded to a supplier with no active account with Tawazun.

 

Other aspects of the program remain similar to the previous guidelines. A defense contractor must sign a framework Offset Agreement to enter the program and then sign a separate supplemental agreement to govern the specific obligations incurred in respect of each supply contract.

 

Investment vehicle options available to defense contractors have been widened with the new program. These now include investments (in the form of joint ventures with local partners, non-equity co-production, or technology co-development); contractual engagements with local businesses; and capability development programs through which technical expertise is shared with local partners or employment created for UAE nationals.

 

Other key changes to the program include the removal of input and output ratios for credits; the addition of enhanced parameters for the assessment and apportioning of credits (defense contractors can now generate credits in nine different ways); and a bonus multiplier scheme that rewards projects in the higher end value chain, that produce local content or create high skilled jobs for UAE nationals.

 

Defense contractors are now also permitted to “bank” or “trade” excess credits they have generated for a period of five years following the completion of a project, and use such banked credits against future obligations or transfer or trade these credits to other entities with obligations.

 

Where a project results in a shortfall in credits at the end of the period wherein a defense contractor is eligible to generate credits, a defense contractor can choose between either paying 8.5% of the shortfall value or rolling over the shortfall value by amending an existing (or by signing a new) supplemental agreement in order to perform another project.

 

In the case where Tawazun deems a project to be non-performing, it will notify the defense contractor and provide it 180 days to rectify the situation. In the case that the defense contractor is unable to rectify the situation, Tawazun may collect the maximum penalty by liquidating the full (or remaining) bank guarantee amount, declaring the defense contractor to be in default, notifying the relevant government entities, and/or taking further action as necessary.

 

It is hoped that the new program will enable defense contractors to identify more accessible opportunities to generate offset credits and meet their obligations towards the UAE government. ■