DFSA flexes its muscles – a warning to DIFC insurance intermediaries

The Dubai Financial Services Authority (DFSA) has fined the former SEO of a DFSA-authorised firm (the Company) US$52,500 and banned him from providing financial services in or from the Dubai International Financial Centre (DIFC). These sanctions stem from the SEO’s personal involvement in facilitating insurance for customers based in the UAE but outside of the DIFC. This investigation demonstrates the DFSA’s continued rigour as a prudential regulator of the DIFC and serves as a salutary warning to others.

Legal framework

UAE Federal Law No. 8 of 2004 Regarding the Financial Free Zones restricts free zone firms not licensed by the UAE Insurance Authority from arranging the insurance of risks situated in the UAE, but outside the applicable financial free zone (such as the DIFC or the ADGM). Complimenting this law, pursuant to Rule 7.2.2(b) of the DFSA Rulebook, Conduct of Business Module (COB), DIFC-authorised insurance intermediaries are prohibited from handling the insurance of a risk located within the UAE, but outside the DIFC, unless the contract is one of re-insurance. 

The Company

In this matter, the Company, which is a wholly owned subsidiary of a company based in the UK and regulated by the UK Financial Conduct Authority, is licensed to carry on the financial services activities of insurance intermediation and insurance management in the DIFC.

The facts

In April 2014, the DFSA met with the SEO and other senior management of the Company and raised a concern that the Company’s website enabled persons in the UAE to purchase insurance policies directly online. During that meeting the SEO told the DFSA that the Company was not carrying out direct insurance for risks in the UAE.

In August 2014, the Chairman of the Company became aware that the Company might have issued insurance policies to UAE residents (outside the DIFC) and the Company then took steps to restrict its business, pending review by a law firm. In November 2014, the law firm informed the Company that some of its activities might have breached COB Rule 7.2.2(b) and other DFSA regulations. The Company subsequently provided the DFSA with a copy of the lawyers’ report and the DFSA launched a formal investigation in February 2015.

During its investigation, the DFSA found that, despite various attempts between January 2013 and June 2014, the SEO had been unable to place a re-insurance agreement with a UAE licensed insurer. The Company confirmed that no such re-insurance agreement was ever finalised.

The DFSA also found that between January 2014 and July 2014, the Company intermediated 21 contracts of insurance involving risks situated in the UAE (and outside the DIFC) which were not contracts of re-insurance. For each of these insurance contracts, acting in the capacity as a broker, the Company (i) communicated directly with the customers; (ii) obtained all details required to process the applications; and (iii) arranged for the policies to be issued to the customers.

Compounding those breaches, the DFSA also found the Company contravened a number of other DFSA Rules for its on-boarding of clients in respect of (i) client classification (per COB Rule 2.3.1); and (ii) customer risk assessment (Rules 6.1.1 and 7.1.1 of DFSA Rulebook, Anti-Money Laundering, Counter-Terrorist Financial and Sanctions Module (AML)).

Findings against the Company

In September 2016, the DFSA issued a separate Decision Notice on the Company imposing a penalty of US$85,191 for the contravention of DFSA regulations. The Company agreed to settle the matter at an early stage and the DFSA accordingly discounted the penalty by 20% in accordance with the DFSA’s policy for early settlement. 

Findings against the SEO

In a Decision Notice issued in May 2017, in reaching its decision to the fine and ban the SEO, the DFSA found that the SEO:

  • Was aware of the Company’s intermediation activities, and  the Company’s operating restrictions under the COB and AML Rules, yet he allowed the activities to continue, including being personally involved with 7 of the 21 contracts of insurance.
  • Did not disclose these issues to the Company’s compliance department; and
  • Knowingly provided false and misleading statements to, and concealed relevant information from, the DFSA during the meeting of April 2014.

Final comment

Despite the provision of relevant compliance training to senior management of the Company and the existence of a compliance department, the Company still failed to detect, monitor or prevent the irregular activities and failed to on-board its clients properly.  This outcome reinforces the view that maintaining regulatory compliance requires constant adjustment and evolution of work-place systems and culture and best practice human resource management, in order to counter human factors and rogue employees.