Regulatory News

Dubai FSA consults on cyber risk rules and aspects of innovation program

The Dubai Financial Services Authority (Dubai FSA) is consulting on the cyber risk management requirements for regulated firms and on its role in supporting innovation in financial services. The consultation period ends on April 25, 2023 while the proposed compliance date for the cyber risk management rules is January 01, 2024.

As part of this consultation, Dubai FSA proposes to modify the legacy provisions in certain parts of the Dubai FSA Rulebook with respect to requiring firms to protect their information technology assets from information security threats. The amendments are being introduced to the GEN (General), AUD (Auditor), COB (Conduct of Business), AMI (Authorized Market Institutions), and PIB (Prudential: Investment, Insurance Intermediation, and Banking) modules in the Rulebook. To facilitate innovation and to support the further development of a technology and innovation-focused community in the Dubai International Financial Center (DIFC) and in Dubai, Dubai FSA has introduced new and amended rules in areas such as Crowdfunding, Fund Platforms, Money Services, Venture Capital, Investment Tokens, Credit Funds, and Crypto Tokens. Dubai FSA is planning to review some of these regimes in 2023. The authority intends to publish a Call for Evidence shortly as part of a review of the Crowdfunding regime and will welcome feedback from stakeholders on the need for further evolution of this regime.

Dubai FSA, in 2017, had introduced the Innovation Testing License (ITL) program, which is its version of regulatory sandbox. The authority is concerned that the program is at risk of being used as a vehicle to support start-up entities and entities with no regulatory history, who are not adequately prepared to apply for a DFSA license in the normal way. Thus, it seeks public comments on a series of proposals aimed at refocusing the
ITL program even more clearly on innovation and proposes to clarify some of the processes involved and the related regulatory expectations, such as the application process, the entry into and exit out of the ITL program, and changes in relation to the application criteria, timeline, and regulatory interaction. While not part of the proposals that will result in any Rulebook changes, Dubai FSA is also seeking feedback on ideas related to its engagement with technology firms providing certain non-regulated services in or from the DIFC.

 

Related links:


LEARN MORE

Find out how we can help

Moody’s brings together data, experience, and best practice capabilities, with our specialized and agile intelligence.