UAE Announces Increased Protection for Whistleblowers

UAE regulator the Dubai Financial Services Authority (DFSA) has announced a new regulatory framework for whistleblowing that will enable those reporting misconduct to access better protection.

Comprehensive whistleblower protections and processes are a cornerstone of anti-money laundering (AML) efforts and this framework, the first of its kind in the UAE, will apply to all DFSA-regulated entities operating from the Dubai International Financial Center (DIFC). This includes banking and credit services, Islamic finance, insurance, asset management, securities and investment funds.

Established in 2004, the DIFC is home to more than 2,500 companies and has, since its inception, grown to become one of the top ten financial centers in the world. It implements its own regulatory regime and is effectively a separate jurisdiction from the wider UAE. 

The regime is overseen by the DFSA, which has a mandate to protect the DIFC, and by extension Dubai’s economy, by detecting and preventing financial crimes and enforcing AML and combating the financing of terrorism (CFT) regulations. 

The new measures will see enhanced legal protection for anyone reporting misconduct internally or externally to their auditor, the DFSA, or a law enforcement agency. They also aim to improve the whistleblowing culture by increasing transparency around how to handle, assess, and – where appropriate – escalate regulatory concerns. Firms regulated by the DFSA will need to put in place measures to protect whistleblowers’ identities.

Christopher Calabia, Chief Executive of the DFSA said: “Whistleblowers form a key part of a firm’s ability to detect, identify and escalate issues of misconduct, and the required whistleblower policies and procedures play an important role in encouraging appropriate disclosures. We expect all regulated entities to be ready to discuss and demonstrate the application of their policies and procedures when engaging with the DFSA.”

Implementation by Regulated Entities

The new measures from the DFSA follow a public consultation in 2021 and include a list of policies and procedures that regulated entities need to follow: 

1. Internal arrangements should allow for the disclosure of regulatory concerns
2. Adequate procedures to deal with, assess, and escalate whistleblower reports within the entity and, where appropriate, to the DFSA or any other relevant authority
3. Reasonable measures to protect the identity and confidentiality of the whistleblower
4. Reasonable measures to protect the whistleblower from suffering any detriment
5. Procedures to provide feedback to the whistleblower, where appropriate
6. Measures setting out how the entity will manage any conflicts of interest and the fair treatment of any person accused of committing a breach by a whistleblower

These policies and procedures should be appropriate to the nature, scale, and complexity of the entity’s business, and be reviewed periodically to ensure they are adequate, effective, and up to date. All officers and employees should be informed of the protection available to them and a special whistleblowing email address [email protected] can be used to report directly to the DFSA. 

The DFSA will be carefully monitoring compliance with this new regime and, in mid-2023, will carry out a review of its implementation and whether the requirements have been effective in encouraging whistleblowing and protecting whistleblowers.

A Culture of Whistleblowing

Whistleblowing is especially important as a defense mechanism in firms that don’t have a good “compliance culture”. In these situations, individuals may find themselves under undue pressure to conceal poor processes, or overlook potential wrongdoing in favor of profit or protecting important business relationships.For example, the EU’s proposed new AML regulatory framework includes more detailed requirements for the protection of personal data and judicial safeguards in relation to whistleblowers. And in 2021, UK regulator the Financial Conduct Authority (FCA) launched a campaign encouraging whistleblowers to come forward, and detailed how their information would be handled. 

UAE has announced a number of measures to improve AML/CFT transparency, including information-sharing partnerships with both China and the UK. However, in February 2022,  the Financial Action Task Force (FATF) added UAE to its gray list. FATF determined that while UAE had made “significant progress” since its 2020 assessment on ML/TF issues, confiscating criminal proceeds, and international cooperation, further progress was required to ensure investigations and prosecutions of ML cases were “consistent with UAE’s risk profile”.

FATF’s gray list classification is not as punitive as the blacklist, but listed countries may still face economic sanctions from institutions like the International Monetary Fund (IMF) and the World Bank, and experience adverse effects on trade. UAE’s global standing has also been damaged by allegations that it has opened its doors to Russian oligarchs escaping Western sanctions.

While the whistleblower program will help to bolster its international reputation, these issues may impact Dubai’s recent efforts to attract crypto firms, which included a blend of virtual asset license offers.

For firms doing business in or with UAE, details of the DFSA’s whistleblowing regime will be of interest, particularly as an example of what makes a good compliance culture.