A summary of the new developments from the DFSA, surrounding whistleblowing in the DIFC

Nicky Eilers, Governance Risk and Compliance Advisor at Equiom Corporate Services (Middle East) Limited, talks about whistleblowing, whereby, employees can play a pivotal role in highlighting wrongdoing they see taking place in their firm. The Dubai Financial Services Authority (DFSA) recently introduced a new policy on whistleblowing, to promote good corporate governance. Some of the key points are highlighted below.

Long has the culture of “snitches get stitches” been an environment in which the lucrative business of corruption and money laundering can flourish. This kind of misconduct is a direct attack on the financial and social well-being of every person within an economic system and as a result, it is a culture that needs to change.

On 7 July 2021, the Dubai Financial Services Authority (“DFSA”) released a consultation paper setting out proposals to implement a more coherent process and methodology for the reporting of whistleblowing, and on 7 April 2022 the regime came into effect. The new regime requires all regulated entities to implement policies and procedures in order to facilitate whistleblower reporting and the assessment of any concerns that have been reported to the entity internally. A register of any complaints must be kept with the appropriate supporting documents to enable the DFSA to thoroughly inspect and assess a matter which may have been reported. This is the first of its kind to be introduced by a financial service regulator in the UAE. 

The regime aims to:

• enhance the whistleblowing culture in DFSA regulated entities
• provide better legal protection for whistleblowers
• encourage disclosure and transparency; and
• promote an ethical culture and increased awareness around reporting and thereby ultimately deter transgression.

Changes to the Regulatory Law 2004 now provide protection for whistleblowing by officers, employees, or agents of a regulated entity when it is ‘the reasonable belief of the employee to disclose their knowledge that such an entity has contravened a provision of Law or DFSA rules or has engaged in money laundering, fraudulent activity, or any other financial crime’.

Such disclosure must relate to a reasonable suspicion and must be made in good faith and may be reported either within an entity or externally, to any watchdog, the DFSA, any criminal law enforcement agency or the external auditor. 

The protection offered by the whistleblowing regime, however, is not completely infallible, for instance in the case of a court order or a mandatory requirement under another law or legislation. In the case where the DFSA is requested to provide confidential information to other law enforcement agencies, it will have discretion to do so. However, the regulator will, as far as practically possible, maintain the confidentiality of the whistleblower’s identity.

The regime further outlines requirements for the policies and procedures developed to include, but not be limited to:

• internal arrangements
• procedures for dealing with, escalating, and assessing reports
• measures of protection for whistleblowers
• measures to protect identity and confidentiality
• procedures for providing feedback to the whistleblower; and
• managing conflicts of interest and fair treatment of the accused party.

The bottom line

The DFSA will be monitoring the status of compliance with the new regime and is expected to carry out a review in the next 12 months to ensure that the measures have been effectively implemented. 

It is essential that for any regulatory framework to be effectively employed in any entity, it is expected that regulated entities take into account the nature, scale and complexity of their operations and ensure that that the whistleblowing framework is appropriate. Furthermore, reporting lines, e.g., a branch or subsidiary to a parent company, must be considered and frameworks and policies must be assessed, monitored, updated, and maintained.

How can we help?

At Equiom our experienced Compliance team can help you to conform with the new requirements, but also provide advice on developing, and implementing the necessary policies and procedures. 

Please contact Nicky Eilers regarding your organisation’s governance, risk and compliance needs and to ensure your firm has a holistic all-encompassing Compliance Framework. 

This article has been carefully prepared, but it has been written in general terms and should be seen as broad guidance only. The article cannot be relied upon to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact Equiom to discuss these matters in the context of your particular circumstance. Equiom Group, its partners, employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this article or for any decision based on it.

For information on the regulatory status of our companies, please visit www.equiomgroup.com/regulatory