Sunday, 15 July 2018

US Under Secretary for Terrorism and Financial Intelligence Delivers Speech in DIFC

Ms Sigal P. Mandelker, US Under Secretary for Terrorism and Financial Intelligence, U.S. department of the Treasury, visited the Dubai International Financial Centre on 12th July 2018 to deliver a speech. 

Ms Mandelka emphasised the importance of the financial sector in assisting in the fight against illicit actors (including criminals, terrorists and proliferators) that threaten global  security by furthering their illicit aims.

In her tour of the region she was looking to help enhance controls and inform leadership of steps to be taken collectively to inhibit bad actors. More specifically to counter Iran’s malign activities in the region and improve AML defenses of companies and governments in relation to such activities.

Following Donald Trump’s decision to withdraw the US from the JCPOA (Joint Comprehensive Plan of Action) the US are intent on building a global coalition with governments, including the UAE. This is to counter Iran’s destabilising activity and their financing of terror and address its proliferation of missiles and advanced technology.

They are very intent on applying “unprecedented financial pressure” on the Iranian regime. All previous sanctions are reimposed subject to 90 day and 180 wind down periods.

A core part of the US strategy is highlighting “deceptive Iranian business practices”. Iran has systematically exploited the global finance system. Their tactics include forging documents, obfuscating data and hiding illicit activities under official cover of government entities. The Central Bank of Iran is facilitating the flow of financing to the Quds forces.

Recent examples include:

1.     Millions of US dollars were channeled through the Iraqi Al Bilad Bank, to the Quds forces. The Central Bank of Iran coordinating this. Valiollah Seif, the central bank of Iran governor has been designated as a result as well as his deputy and the Chairman of the bank.
2.     Iran also managed to procure and transfer millions of US dollars from Iran and the UAE using an network of exchange houses. The was again facilitated by the Central Bank of Iran through providing licenses and documentation. The network was designated and shut down.
3.     It has also been discovered that they have facilitated the counterfeiting of currency by purchasing printing machinery and supplies in Europe to print counterfeit Yemeni currency.
4.     Turkish front companies were used to purchase airline aviation parts for Iranian airline Mahan Air and other designated airlines.
The US are encouraging all participants in the financial services sector to maintain a high level of alert as companies are being put at risk of US sanctions through their unwitting involvement. Those that seek to do business there (in Iran) do so at their own risk.

All companies are urged to take additional steps with regards to Iran. Asking for more information to identify front and shell companies. Everyone should look at all counterparties associated with any closed accounts and any shared characteristics.

There is also a need to continue to develop information sharing. Everyone is encouraged to review the FinCEN advisory notices on a regular basis
https://www.fincen.gov/resources/advisoriesbulletinsfact-sheets



HOLT consultancy can assist you with client onboarding, AML and sanctions training and client file reviews. If you would like help, please email HOLT consultancy using info@holtconsultancy.com or call +971 4 386 6360.

Tuesday, 26 June 2018

Dubai Financial Services Authority - Outreach Session 2018


The DFSA’s annual outreach session, targeted at Compliance Officers and Money Laundering Reporting Officers from the DFSA’s Authorised Firms and Designated Non Financial Businesses and Professions, was held on 25 June 2018.

The outreach session was a full day event.

The morning session included presentations providing regulatory updates, trends and risks from:

Bryan Stirewalt, Managing Director, Supervision
Patrick Meaney, Head of Enforcement
Peter Smith, Managing Director, Policy and Strategy

Further discussions took place in the afternoon sections within the four breakout groups and the slides can be downloaded below.

Breakout Group 1– Conduct of Business Risks 

Breakout Group 2– Prudential Supervision

Breakout Group 3– Financial Crime Risks

Breakout Group 4– Authorisation Update and Fintech Approach 

Tuesday, 15 May 2018

Cybercrime and Cyberterrorism

What is Cybercrime and Cyberterrorism?

Cybercrime includes hacking, theft, cyber stalking, malicious software, child soliciting and abuse, phishing, ransomware, malware, identity theft and scams.

According to the U.S. Federal Bureau of Investigation, Cyber terrorism is a “premeditated, politically motivated attack against information, computer systems, computer programs and data which results in violence against non-combatant targets by subnational groups or clandestine agents”

On 12th May 2017 a Wannacry ransomware outbreak began and eventually spread to more than 150 countries. The ransomware affected older unpatched operating systems including Windows 7. The National Health Service in England was affected with PCs being locked with no access to patient information until a ‘ransom’ was paid. It was reported that applying security patches could have protected against the attack.

How to tackle cybercrime

The FBI does not recommend paying a ransom in exchange for a decryption key. The payment could fund illicit activities and the cybercriminal may not release the key after payment has been made.

While organisations are significantly investing in keeping their firms at bay from cyber criminals, financial investment alone won’t be enough. Effective defence does not end by delegating responsibility to an IT specialist who will use antivirus and anti-spam software, firewalls, intrusions-detection systems (IDSs) and other add-ons to reduce the threats.

The National Cyber Security Centre in the United Kingdom offers 10 steps to cyber security which includes:
  • Protecting networks from attack.
  • Maintaining awareness of cyber risks, training staff and producing policies for secure use of systems.
  • Implementing removable media controls, such as scanning for malware before importing documents.
  • Applying security patches and maintaining systems.
  • Establishing incident responses and disaster recovery and testing the plans.
  • Developing and testing a Business Continuity Plan to deal with a ransomware attack.
More information can be found at: https://www.fbi.gov/investigate/cyber and 10 Steps to Cyber Security: https://www.ncsc.gov.uk/file/1473/download?token=eLNoAX4O 

UAE on cybercrime


Federal Law No. 5 of 2012 concerning Combating Information Technology Crimes (Cyber Crimes Law 2012) came into effect in December 2012. The law, which builds on the previous Federal Law No. 2 of 2006, is more comprehensive in its nature and scope and covers a range of new offences and higher penalties. The law addresses the increase in cybercrime incidences, defines additional categories of offences and expands on the definition of each crime.


The penalties depend on the type of data obtained and what the criminal did with the data, for example, any person accessing an electronic information system without authorisation to obtain government data or confidential data relating to a financial, commercial or economical facility may receive temporary imprisonment and a fine not less than AED250,000, but not in excess of AED1.5m.

Cyber risk and risk management

Good risk management is about identifying and evaluating risks and implementing measures to treat those risks. It is expected that every business should determine their cyber exposures and be integrated into an organisation’s overall risk exposure and risk appetite. Some risks may not be preventable and cyber insurance may provide a suitable risk transfer mechanism.

Every Risk Management professional within an organisation should have a full understanding of the risk and the practice tools and techniques to mitigate such risks.

Cyber Insurance


Many organisations around the world have suffered a data or cyber security breach. Some are recognised global brands including Equifax which suffered a data breach in September 2017 and Yahoo in October 2013. With an increased media focus on data breaches, large companies face, not only reputational risk but financial and legal risks.


Cyber insurance, also known as cyber liability insurance coverage (CLIC), has been around for many years. With many laws requiring mandatory notifications of breaches, the cost of notifying those who are affected may be expensive.

CLIC is an insurance product designed to protect businesses by offsetting costs involved with recovery after a cyber-related security breach or similar events. There are no standard underwriting policies but the policy may cover costs related to first party liability (e.g. legal fees, investigations related to company related costs) and/or third-party liability (litigation as a result of the event).

According to PwC’s Insurance 2020 & Beyond report it estimates the gross annual premiums of cyber insurance will grow to $7.5bn by 2020 (estimated $2.5bn in 2014). The report also tells us that about one-third of U.S. companies are currently purchasing cyber insurance.

Any organisation that stores and maintains customer information should consider purchasing cyber insurance. With the implementation of the EU’s General Data Protection Regulation (GDPR) demand may increase for cyber insurance along with and a better understanding of whether insurance will cover fines/penalties from regulators.

The Board’s role in managing cyber risks

The Board has a responsibility to its shareholders and there is a clear threat from cyber criminals to reputational, legal and financial risk which must be addressed.

It is important, however, for all board members, regardless of technical background, to participate in ensuring the right policies and practices are in place and followed.

Below are some key areas for Boards to consider:

1. Set the tone from the top, if the Board is taking the threat seriously then this will filter down to employees.
2. Include cyber security on the agenda at Board meetings.
3. Provide annual training to employees about the threats that exist, the tactics cyber criminals use and how to keep data and systems safe.
4. Implement a policy of reporting attacks, data breaches or suspicious activity.
5. Recruit an IT security expert to conduct an audit on an annual basis and present findings to the Board.

Keeping the data secure may seem like a demanding task and incorporating cybersecurity into a Board’s responsibilities so that security is on an equal footing with other crucial corporate governance issues, is a major step towards safeguarding an organisation. No matter how well an organisation is prepared, it cannot fully prevent cyber attacks. What can be done is to have the right plans and systems in place to block attacks and mitigate the effect.

Regulatory Spotlight

According to Aon’s 2018 Cybersecurity Predictions Report, regulators at the international, national and local levels will strictly enforce cybersecurity regulations and increase compliance pressures by introducing new ones. Coordination between financial institutions and various authorities is essential to deal with cyber risk.

In January 2018, the World Bank Group released a paper on Financial Sector’s Cybersecurity Regulations and Supervisions presenting sections on viewpoints on the need for new cybersecurity regulations, coordination between financial sector authorities, internal system and controls, and guidelines for supervisors.


The Future

In the past there has been very serious cybercrime. A catastrophic cyberattack is yet to happen resulting to massive data loss, business interruption or reputational damage.


Products are already available for individuals, families and High Net Worth Individuals covering identify theft, cyber bullying, cyber extortion and system restoration after an attack. However, with an increase in demand and with challenging technologies, new products are designed to meet the requirements of business based on volume of data and supply chains (third parties). Businesses are more vulnerable to cyberattacks because of supply chains. Recently, businesses have extended their CLIC to supply chains.

With the implementation of the EU General Data Protection Regulation (GDPR) and the ever emerging and evolving cyber threats, it is likely that the number of insurance products and players within the market will continue to grow.

Monday, 23 April 2018

Dubai Financial Services Authority Consultation Paper 120 - April 2018

Consultation Paper No 120 on proposed changes to the DFSA's anti-money laundering, counter-terrorist financing and sanctions regime

Date of Notice of Consultation Paper: 18 April 2018
Deadline for providing comments: 20 May 2018

The Dubai Financial Services Authority (“DFSA”) has issued Consultation Paper No. 120 (“CP”) proposing changes to the AML module of the DFSA Rulebook.

The DFSA has clarified that changes have been proposed in light of the upcoming Financial Action Task Force (FATF) Mutual Evaluation of UAE, scheduled to take place in the second half of 2019. Enhancements to the DFSA’s AML module have been considered to ensure the DFSA AML regime is compliant with the FATF’s 2012 Recommendations.

Summary of proposed changes: Given below is a summary of some of the key changes/enhancements proposed in the CP:

(a) New products, practices and technologies: 
  • Firms are required to ensure that they have assessed and identified money laundering risks relating to new products, practices and technologies before any of these are launched. 
  • Appropriate measures should be taken by firms to mitigate any risks identified. 

(b) Customer risk assessment:
  • Guidance on potential factors which could signify a higher or lower risk of money laundering has been replaced by Rules.
  • Firms are required to obtain information on, and take into consideration, the customer’s business while undertaking a customer risk assessment.
  • The DFSA has clarified what are considered to be “credible sources” in relation to evaluating jurisdiction risks associated with customers. These include the FATF, the IMF, the World Bank and the OECD.

(c) Customer due diligence (CDD):
  • Amendments have been proposed to the current section 7.3 of the AML module, describing in more detail the customer due diligence to be undertaken by firms. 
  • New Rules have been introduced (removing information currently contained as Guidance) listing requirements for verifying the identity of customers and their beneficial owners (where customers are individuals/body corporates/foundations/trusts/similar arrangements).
  • Amended definitions of source of funds (‘SoF’) and source of wealth (‘SoW’) have been introduced.
  • The existing requirement under AML 7.3.1 for firms to understand a customer’s SoF and SoW while undertaking CDD has been removed, however, it is to be noted that while carrying out a customer risk assessment, in some cases, firms may still have to identify a customer’s SoF or SoW.  Further, identification and verification of a customer’s SoF and SoW is still required when undertaking enhanced due diligence. 

(d) Politically Exposed Persons (PEPs):
  • New Rules have been introduced to clarify what action the DFSA expects firms to carry out while undertaking enhanced due diligence on PEPs, including where a beneficiary of a life insurance policy (or similar) is a PEP.


(e) Beneficial Owners:
  • A new definition of Beneficial Owners has been introduced, along with new Rules on how Beneficial Owners are to be identified by firms where the customer is a body corporate, foundation, trust and in relation to life insurance/similar policies. 
  • Where a customer is subject to adequate public disclosure requirements (for instance, where the customer has shares listed on a Regulated Exchange), firms are not required to identify and verify the Beneficial Owner.

(f) Other miscellaneous amendments:
  • Reliance on a third party: Where reliance is placed on a third party for CDD, firms are required to take into consideration the factors now listed under new Rules when assessing the AML regime applicable to the third party.
  • Electronic fund transfers: Existing Rules on wire transfers are proposed to be replaced entirely with new Rules describing the application of the section, definitions for terms used and introducing other requirements to ensure the regime is in compliance with relevant FATF recommendations.
  • Government, regulatory and international findings: While complying with applicable findings, recommendations, guidance, sanctions, etc., firms are required to take into consideration the measures listed in the new Rule.
  • Group, branches and subsidiaries: Where a DIFC firm has a branch or subsidiary in another jurisdiction, the firm must require the branch/subsidiary to apply the higher of the two standards (i.e. higher of DFSA AML Rules or the rules applicable in the other jurisdiction). Further, firms that are part of a Group are required to ensure they have adequate policies and procedures in place for sharing of AML information between Group entities.

Conclusion:

While there are a number of changes proposed to the DFSA’s AML module, it is not believed that these will significantly alter the DFSA’s existing AML regime and approach to CDD. However, when the amendments will come into force, relevant firms in the DIFC will be required to:

(a) review their existing AML related policies and procedures and ascertain what changes are required to be made thereto;
(b) update their existing AML manuals/related documentation to ensure they are in line with the new AML Rules;
(c) update the AML portion of their compliance monitoring programme to ensure it is in line with the new Rules; and
(d) provide training to relevant employees on the new Rules and changes made to internal documents, policies and procedures.


HOLT consultancy LLC can assist with the above-mentioned tasks. Please contact us on +971 4 386 6360 or info@holtconsultancy.com to discuss further how we may be able to assist you.   

Thursday, 15 February 2018

DFSA Publishes Findings of a Thematic Review of Client Classification and Suitability


In 2016, the Dubai Financial Services Authority (DFSA) carried out a thematic review to determine how Authorised Firms carried out client classification assessments and how they documented it. The review followed changes to the client classification rules that came into force in April 2015.

The review had four phases:

Phase One - A survey issued to 217 Authorised Firms. The response rate was 89%.
Phase Two - A desk-based assessment of the survey results.
Phase Three – On-site visits to 22 Authorised Firms offering a range of financial services across each of the DFSA licence categories. Interviews were conducted with key staff and client files were reviewed to assess the firm’s record keeping and implementation of client classification and suitability procedures.
Phase Four – Analysis, observations and report write up.

Since the client classification rules came into effect, Authorised Firms have been required to classify Professional Clients as ‘deemed’, ‘service based’ or ‘assessed’.

The Client classification process involves a qualitative assessment of a client’s knowledge and experience. The Authorised Firm must document the decision-making process and record the client classification.

The DFSA’s Client Classification and Suitability Thematic Review 2017 report highlights both good and bad practices. The following concerns were noted

  • Employees performing client classification are not receiving sufficient training and guidance.
  • There is a lack of clear documentation supporting how client classifications were assessed.
  • Assessments were more tick-box than detailed and qualitative.

Concerns relating to Suitability were:
  • Failure to carry out or document assessments in connection with advice or discretionary transactions.
  • The use of suitability waivers in Client Agreements to limit obligations, liability or duties with regards to suitability.
  • Inadequacies in internal policies and procedures relating to suitability and client classification.

The DFSA provides the following recommendations to improvement systems and controls including:
  • Improve policies and procedures to ensure there is sufficient guidance on how to assess clients and record the final classification.
  • Train staff on how to carry out assessments and record decision making.
  • Suitability waivers should not be included in client documentation – it is not possible for a client to waive suitability obligations and responsibilities.  
The full report, which also details best practice can be read at https://www.dfsa.ae/CMSPages/GetFile.aspx?guid=1b6dfb0e-ba8f-4ff7-94ce-6615d4a61cd6

If you would like HOLT consultancy to review your client files please contact us using info@holtconsultancy.com or call +971 4 386 6360.

Tuesday, 30 January 2018

HOLT consultancy is recruiting for a Compliance Officer









Compliance Officer

HOLT consultancy LLC is an award winning professional compliance and risk management service provider, based in the DIFC. It was established in 2012. Its reputation within the DIFC has attracted some large clients who require expertise in licence applications and outsourced Compliance Officer and Money Laundering Reporting Officer (MLRO) services.

We are a friendly team who work closely together to develop our clients’ businesses through premier quality and expert execution. Our vision is to be the premier choice for companies when selecting a professional compliance and risk management service provider.

HOLT consultancy is growing and an opportunity has arisen for a Compliance Officer to join the team.

In order to be successful, applicants should meet the skills and experience detailed below. 

Applications will only be accepted from candidates who are currently or have been previously registered with the DFSA.

Responsibilities will include:

  • Assisting clients in obtaining authorisation with the DFSA;
  • Acting as the outsourced Compliance Officer and MLRO for DFSA Authorised Firms;
  • Drafting and updating compliance and AML manuals, policies and procedures as well as compliance plans and compliance monitoring programmes;
  • Delivering specialist training to clients on compliance, AML and corporate governance;
  • Providing compliance and AML related advice to clients;
  • Participating in ad-hoc Compliance and AML related projects;
  • Keeping abreast of any changes in rules and regulations within the DIFC.

Desired skills and experience:

  • At least 3-5 years of experience in a compliance role;
  • Currently or previously registered with the DFSA;
  • Detailed knowledge of DFSA rules and regulations;
  • Very good knowledge of Investment Funds, Private Banking and Investment Banking;
  • Strong written and verbal skills in English;
  • The ability to work autonomously as well as within a team;
  • Excellent interpersonal and relationship management skills;
  • Self-directed with an ability to manage multiple tasks and to work under pressure;
  • Degree educated.          

Candidates are invited to send a CV to info@holtconsultancy.com. Please ensure you include your contact details along with your current job status and, if relevant, your notice period.

To find out more about HOLT consultancy, our services and the team please visit our website at www.holtconsultancy.com.

HOLT consultancy LLC
Office 418
Liberty House
Dubai International Financial Centre
Dubai
United Arab Emirates

Email: info@holtconsultancy.com
Tel: +971 4 386 6360
Blog: 
www.holtconsultancy.blogspot.com
Website: www.holtconsultancy.com
Twitter: www.twitter.com/holtconsultancy

Monday, 18 December 2017

HOLT consultancy's Corporate Social Responsibility (CSR) Policy

HOLT consultancy is committed to operating with integrity, helping others and giving back to the community. To this end, it is our policy to actively engage in Corporate Social Responsibility activities in an effort to:
  • promote education and enhance skills for employees, clients, university students and school children
  • provide a safe working environment that promotes health and well-being
  • support charities to improve the well-being of others
  • manage the environmental impact of our business activities
  • safeguard the reputation of the compliance industry and financial services sector

HOLT consultancy continually identifies CSR activities in line with our policy and encourages employees to participate.


Promoting Education and Skills

Employees - we want our employees to enjoy their work, feel challenged and have opportunities for development. To this end we have introduced Continuing Professional Development of 35 hours per year. This means our staff take time out to attend relevant conferences and events and sit professional exams, supported by HOLT consultancy.

Interns – we provide opportunities for a student with an interest in compliance to join us as a Compliance Intern to get involved in all aspects of our business.

Schools – HOLT consultancy are sponsors of the F1 in Schools initiative and take time out each year to help students to design, manufacture and test a compressed air powered balsa wood F1 car.

Clients – we want our clients to have a good reputation and have a good relationship with their regulator. We provide tools, training and mentoring that help our clients to understand the importance of maintaining stability within the financial sector through compliance and AML.

Supporting Health and Wellbeing

Helping others  - we want our employees to be able to help others in an emergency, should the need arise. To this end, our employees are trained in Heart Saver First Aid CPR and Fire Safety.

Staying healthy - exercise is important for the well-being of our employees. We actively encourage training and exercise and staff have access to a swimming pool and gym.

Fundraising - we encourage fund raising events, particularly those that involve exercise, e.g. football matches, marathons, walking, fun-runs. Our staff took part in the Standard Chartered marathon, Standard Chartered 10km walk and the 5km Darkness into Light walk for mental health awareness in 2017.

Donating and volunteering - DIFC regularly encourages firms in the DIFC to take part in its CSR initiatives and we are committed to supporting its ongoing efforts. In 2017 we were involved in the Eliminate the Thirst Campaign where we handed out bottles of water to workers around the DIFC area and the Donate Clothes for Humanity campaign where our team donated clothes and shoes.


Reducing our Environmental Impact

HOLT consultancy is a small company but understands that every company should take action to conserve energy and resources.

Our office policy requires staff to turn off PCs, monitors and printers at the end of each working day.

Our company recycles paper including shredded paper. This is collected by InfoFort who provide a free collection service through their GreenBox service.

We ask that staff keep printing to a minimum. 


If you can offer HOLT consultancy an opportunity to help you, please contact using