The Dubai Financial Services Authority (DFSA), which is “the independent regulator of financial services conducted in or from” the Dubai International Financial Centre, introduced a regulatory regime for whistleblowing. The regime aims to strengthen the legal protection whistleblowers are afforded and increase transparency: it is the first regime of its kind in the United Arab Emirates (UAE).
“The regime provides enhanced legal protection for persons who report misconduct internally within DFSA Regulated Entities or externally to their auditor, the DFSA or a law enforcement agency,” the announcement states. “It also aims to improve the Whistleblowing culture in these Entities by increasing transparency around how they handle regulatory concerns, assess those concerns and, where appropriate, escalate those concerns.”
The regime also requires that each DFSA Regulated Entity “put in place measures to protect the identity of the Whistleblower and to protect them from suffering any detriment.”
The regime makes changes to the Regulatory Law 2004 “to enhance the legal protection provided to persons (for example, officers, employees or agents of a Regulated Entity) who report suspected misconduct internally within the Entity or externally to their auditor, the DFSA or a law enforcement agency.”
Notably, “[t]his protection will only apply where the disclosure of information relates to a reasonable suspicion that the Regulated Entity, an officer or employee of the Regulated Entity or an Affiliate of an Authorised Person has or may have: a) contravened a provision of the Law, the Rules or any other legislation administered by the DFSA; or b) engaged in money laundering, fraud or any other financial crime, and where the disclosure is made in good faith.” The document of the regime further explains the terms “reasonable suspicion” and “good faith.”
The document also outlines what DFSA Regulated Entities must do to be in accordance with the new whistleblowing regime and contains expectations for “appropriate and effective policies and procedures to facilitate the reporting and assessment of regulatory concerns.” According to the new regime, these policies and procedures are expected to cover “internal arrangements to allow for the disclosure of regulatory concerns,” “adequate procedures to deal with, assess and escalate Whistleblower reports within the Entity and, where appropriate, to the DFSA or any other relevant authority,” and measures to protect whistleblowers’ confidentiality and identities. “reasonable measures to protect the Whistleblower from suffering any detriment.” The policies should also include “procedures to provide feedback to the Whistleblower, where appropriate” and “measures setting out how the Entity will manage any conflicts of interest and the fair treatment of any person accused of committing a breach by a Whistleblower.”
DFSA Regulated Entities should “inform all its officers and employees” of their whistleblower protections. Additionally, the policies that the Regulated Entities put in place “should be appropriate to the nature, scale and complexity of that Entity’s business and must be reviewed periodically to ensure they are adequate, effective and up to date.”
According to the regime document, the DFSA “will be carefully monitoring compliance with this new regime.” The document announced that the DFSA will “carry out a review of its implementation and whether the requirements have been effective in encouraging Whistleblowing and protecting Whistleblowers” in mid-2023.
“Whistleblowers form a key part of a firm’s ability to detect, identify and escalate issues of misconduct, and the required Whistleblower policies and procedures play an important role in encouraging appropriate disclosures,” said F. Christopher Calabia, Chief Executive of the DFSA. “We expect all Regulated Entities to be ready to discuss and demonstrate the application of their policies and procedures when engaging with the DFSA.”
