A Controller is a Person who, either alone or with any Associate:
(a) holds 10% or more of the shares in either the Authorised Person or a Holding Company of that Authorised Person; or
(b) is entitled to exercise, or controls the exercise of, 10% or more of the voting rights in either the Authorised Person or a Holding Company of that Authorised Person; or
(c) is able to exercise significant influence over the management of the Authorised Person as a result of holding shares or being able to exercise voting rights in the Authorised Person or a Holding Company of that Authorised Person or having a current exercisable right to acquire such shares or voting rights.
A reference in this chapter to the term:
(a) “share” means:
(і) in the case of an Authorised Person, or a Holding Company of an Authorised Person, which has a share capital, its allotted shares;
(ii) in the case of an Authorised Person, or a Holding Company of an Authorised Person, with capital but no share capital, rights to a share in its capital; and
(iii) in the case of an Authorised Person, or a Holding Company of an Authorised Person, without capital, any interest conferring a right to share in its profits or losses or any obligation to contribute to a share of its debt or expenses in the event of its winding up; and
(b) “a holding” means, in respect of a Person, shares, voting rights or a right to acquire shares or voting rights in an Authorised Person or a Holding Company of that Authorised Person held by that Person either alone or with any Associate.
For the purposes of determining whether a Person is a Controller, any shares, voting rights or rights to acquire shares or voting rights that a Person holds, either alone or with any Associate, in an Authorised Person or a Holding Company of that Authorised Person are disregarded if:
(a) they are shares held for the sole purpose of clearing and settling within a short settlement cycle; or
(b) they are shares held in a custodial or nominee capacity and the voting rights attached to the shares are exercised only in accordance with written instructions given to that Person by another Person; or
(c) the Person is an Authorised Person or a Regulated Financial Institution and it:
(і) acquires the shares as a result of an underwriting of a share issue or a placement of shares on a firm commitment basis;
(ii) does not exercise the voting rights attaching to the shares or otherwise intervene in the management of the issuer; and
(iii) retains the shares for a period less than one year.
For the purposes of section 48(b) of the Framework Regulations, the thresholds at which the prior written approval of the AFSA is required are when the relevant holding is increased:
(a) from below 30% to 30% or more; or
(b) from below 50% to 50% or more.
(1) A Person who is required to obtain the prior written approval of the AFSA pursuant to section 48 of the Framework Regulations must make an application to the AFSA using the form prescribed in Schedule 3.
(2) Where the AFSA proposes to approve a proposed change of control, it will:
(a) do so as soon as practicable and in any event within 30 days of the receipt of a duly completed application, unless a different period is considered appropriate by the AFSA and notified to the applicant in writing; and
(b) issue to the applicant, and where appropriate to the Authorised Person, an approval notice as soon as practicable after making that decision.
(3) Where the AFSA proposes to object to or grant a conditional approval to a proposed change of control, it will follow the procedures in Schedule 1 to the Framework Regulations.
(1) An approval, including a conditional approval granted by the AFSA pursuant to GEN 3.2.1, is valid for a period of one year from the date of the approval, unless an extension is granted by the AFSA in writing.
(2) A Person who has been approved by the AFSA as a Controller of an Authorised Person subject to any conditions must comply with the relevant conditions of approval.
A Controller of an Authorised Person which is incorporated in the AIFC must submit, using the form prescribed in Schedule 3, a written notification to the AFSA where that Person:
(a) proposes to cease being a Controller; or
(b) proposes to decrease that Person’s holding from more than 50% to 50% or less.
(1) In the case of an Authorised Person which is a Branch, a written notification to the AFSA must be submitted by a Controller or a Person proposing to become a Controller of that Authorised Person in accordance with (3) in respect of any one of the events specified in (2).
(2) For the purposes of (1), a notification to the AFSA is required when:
(a) a Person becomes a Controller;
(b) an existing Controller proposes to cease being a Controller; or
(c) an existing Controller’s holding is:
(і) increased from below 30% to 30% or more;
(ii) increased from below 50% to 50% or more; or
(iii) decreased from more than 50% to 50% or less.
(3) The notification required under (1) must be made by a Controller or Person proposing to become a Controller of a Branch using the Form prescribed in Schedule 3 as soon as possible, and in any event, before making the relevant acquisition or disposal.
(1) An Authorised Person must have adequate systems and controls to monitor:
(a) any change or proposed change of its Controllers; and
(b) any significant changes in the conduct or circumstances of existing Controllers which might reasonably be considered to impact on the fitness and propriety of the Authorised Person or its ability to conduct business soundly and prudently.
(2) An Authorised Person must, subject to (3), notify the AFSA in writing of any event specified in (1) as soon as possible after becoming aware of that event.
(3) An Authorised Person need not comply with the requirement in (2) if it is satisfied on reasonable grounds that a proposed or existing Controller has either already obtained the prior approval of the AFSA or notified the event to the AFSA as applicable.
(1) An Authorised Person must submit to the AFSA an annual report on its Controllers within four months of its financial year end.
(2) The Authorised Person’s annual report on its Controllers must include:
(a) the name of each Controller; and
(b) the current holding of each Controller, expressed as a percentage.
The Principles for Authorised Persons set out in Section 4.2 apply to Authorised Persons in respect of Regulated Activities and Market Activities.
The Principles for Approved Individuals and Designated Individuals set out in Section 4.3 apply to Approved Individuals and Designated Individuals in respect of Controlled Functions and Designated Functions.
An Authorised Person must observe high standards of integrity and fair dealing.
In conducting its business activities, an Authorised Person must act with due skill, care and diligence.
An Authorised Person must ensure that its affairs are managed effectively and responsibly by its senior management.
An Authorised Person must have adequate systems and controls to ensure, as far as is reasonably practical, that it complies with all relevant Regulations and Rules.
An Authorised Person must maintain and be able to demonstrate the existence of adequate resources to conduct and manage its affairs. These include adequate financial and system resources as well as adequate and competent human resources.
An Authorised Person must observe proper standards of conduct in financial markets.
An Authorised Person must pay due regard to the interests of its Clients and communicate information to them in a way which is clear, fair and not misleading.
An Authorised Person must take all reasonable steps to ensure that conflicts of interest between itself and its Clients, between its Employees and Clients and between one Client and another are identified and then prevented or managed, or disclosed, in such a way that the interests of a Client are not adversely affected.
An Authorised Person must take reasonable care to ensure the suitability of its Advice and discretionary decisions for Clients who are entitled to rely upon its judgment.
Where an Authorised Person has control of or is otherwise responsible for assets or money belonging to a Client which it is required to safeguard, it must arrange proper protection for them in accordance with the responsibility it has accepted.
An Authorised Person must deal with the AFSA in an open and co‐operative manner and keep the AFSA promptly informed of significant events or anything else relating to the Authorised Person of which the AFSA would reasonably expect to be notified.
An Authorised Person must have a corporate governance framework as appropriate to the nature, scale and complexity of its business and structure, which is adequate to promote the sound and prudent management and oversight of the Authorised Person's business and to protect the interests of its Clients and stakeholders.
An Authorised Person must have a Remuneration structure and strategies which are well aligned with the long-term interests of the Authorised Person, and are appropriate to the nature, scale and complexity of its business.
Each Approved Individual and Designated Individual must observe high standards of integrity and fair dealing in carrying out every Controlled Function or Designated Function.
Each Approved Individual and Designated Individual must act with due skill, care and diligence in carrying out every Controlled Function or Designated Function.
Each Approved Individual and Designated Individual must observe proper standards of conduct in financial markets in carrying out every Controlled Function or Designated Function.
Each Approved Individual and Designated Individual must deal with the AFSA in an open and co‐operative manner and must disclose appropriately any information of which the AFSA would reasonably be expected to be notified.
Each Approved Individual and Designated Individual who has significant responsibility must take reasonable care to ensure that the business of the Authorised Person for which he is responsible is organised so that it can be managed and controlled effectively.
Each Approved Individual and Designated Individual who has significant responsibility must take reasonable care to ensure that the business of the Authorised Person for which he is responsible complies with any Regulations or Rules.
An Authorised Person must establish and maintain systems and controls, including but not limited to financial and risk systems and controls that ensure that its affairs are managed effectively and responsibly by its senior management.
An Authorised Person must undertake regular reviews of its systems and controls.
(1) An Authorised Person must produce a business plan which enables it, amongst other things, to manage the risks to which it and its Clients are exposed.
(2) The business plan must take into account the Authorised Person's current business activities and the business activities forecast for the next twelve months.
(3) The business plan must be documented and updated as appropriate to take account of changes in the business environment and to reflect changes in and the complexities of the business of the Authorised Person.
An Authorised Person must establish and maintain systems and controls that ensure, as far as reasonably practical, that the Authorised Person and its Employees do not engage in conduct, or facilitate others to engage in conduct, which may constitute:
(a) Market Abuse, wherever committed;
(b) a Financial Crime under any applicable laws; or
(c) a contravention of applicable Regulations or Rules.
An Authorised Person which outsources any of its functions or activities directly related to Regulated Activities or Market Activities to a service provider (including a service provider within its Group) is not relieved of its regulatory obligations and remains responsible for compliance with the Framework Regulations and Rules.
The outsourced function under GEN 5.2.1 shall be deemed to be carried out by the Authorised Person itself.
An Authorised Person which uses a service provider as referred to in GEN 5.2.1 must ensure that it:
(a) has undertaken due diligence in choosing a suitable service provider;
(b) effectively supervises the outsourced functions or activities; and
(c) deals effectively with any act or failure to act by the service provider that leads, or might lead, to a breach of any Regulations or Rules.
An Authorised Person must inform the AFSA about any material outsourcing arrangements.
An outsourcing arrangement will be considered to be material if it is a service of such importance that weakness or failure of that service would cast serious doubt on the Authorised Person's continuing ability to remain fit and proper or to comply with the Framework Regulations and Rules administered by the AFSA.
An Authorised Person which has a material outsourcing arrangement must:
(a) establish and maintain comprehensive outsourcing policies, contingency plans and outsourcing risk management programmes;
(b) enter into an appropriate and written outsourcing contract; and
(c) ensure that the outsourcing arrangements neither reduce its ability to fulfil its obligations to Clients and the AFSA, nor hinder supervision of the Authorised Person by the AFSA.
An Authorised Person must ensure that the terms of its outsourcing contract with each service provider under a material outsourcing arrangement require the service provider to:
(a) provide information and documents where required by the AFSA under section 96 of the Framework Regulations; and
(b) deal in an open and co‐operative way with the AFSA.
An Authorised Person must have a Governing Body that meets the requirements of GEN 5.3.2 (membership), 5.3.3 (responsibilities) and 5.3.4 (competence, training and access to information).
An Authorised Person’s Governing Body must comply with the requirements set out below:
(a) the composition of the Governing Body of an Authorised Person must reflect an adequately broad range of experience;
(b) the Governing Body must possess adequate collective knowledge, skills and experience in order to understand the Authorised Person’s activities and risks; and
(c) members of the Governing Body must:
(і) commit sufficient time to perform their functions on the Governing Body; and
(ii) act with honesty, integrity and independence of mind; and
(iii) effectively assess and challenge, where necessary, the decisions of the senior management, and oversee and monitor decision making.
The Governing Body of an Authorised Person must:
(a) define and oversee the implementation of governance arrangements that ensure the effective and prudent management of the Authorised Person in a manner which promotes the integrity of the market, which at least must include: the segregation of duties in the organisation; and the prevention of conflicts of interest in its operation;
(b) monitor and periodically assess the effectiveness of the Authorised Person’s governance arrangements; and
(c) take appropriate steps to address any deficiencies found as a result of the monitoring under sub-paragraph (b).
An Authorised Person must:
(a) devote adequate human and financial resources to the induction and training of members of the Governing Body;
(b) ensure that the Governing Body has access to the information and documents it requires to oversee and monitor management decision-making; and
(c) engage a broad set of qualities and competences when recruiting Persons to the Governing Body, and for that purpose have a policy promoting diversity on the management body; and
(d) notify the AFSA of the identity of all the members of its Governing Body.
An Authorised Person must ensure that the senior management of the Authorised Person have clear responsibility for the day‐to‐day management of the Authorised Person's business in accordance with the business objectives and strategies approved or set by the Governing Body.
An Authorised Person must establish and maintain arrangements to provide its Governing Body and senior management with the information necessary to organise, monitor and control its activities, to comply with all relevant Regulations and Rules and to manage risks. The information must be relevant, accurate, comprehensive, timely and reliable.
The Governing Body of an Authorised Person must ensure that the Remuneration structure and strategy of that Authorised Person:
(a) are consistent with the business objectives and strategies and the identified risk parameters within which the Authorised Person's business is to be conducted;
(b) provide for effective alignment of risk outcomes and the roles and functions of the Employees, taking account of:
(і) the nature of the roles and functions of the relevant Employees; and
(ii) whether the actions of the Employees may expose the Authorised Person to unacceptable financial, reputational and other risks;
(c) at a minimum, include the members of its Governing Body, the senior management, Approved Individuals and any Designated Individuals; and
(d) are implemented and monitored to ensure that they operate, on an on‐going basis, effectively and as intended.
An Authorised Person must establish and maintain compliance arrangements, including processes and procedures that ensure and evidence, as far as reasonably practicable, that the Authorised Person complies with all relevant Regulations and Rules.
An Authorised Person must document the organisation, responsibilities and procedures of the compliance function.
An Authorised Person must ensure that the Compliance Officer has access to sufficient resources, including an adequate number of competent staff, to perform his duties objectively and independently of operational and business functions.
An Authorised Person must ensure that the Compliance Officer has unrestricted access to relevant records and to the Authorised Person’s Governing Body and senior management.
An Authorised Person must establish and maintain monitoring and reporting processes and procedures to ensure that any compliance breaches are readily identified, reported and promptly acted upon.
An Authorised Person must document the monitoring and reporting processes and procedures as well as keep records of breaches of any relevant Regulations or Rules.
An Authorised Person must establish and maintain an internal audit function with responsibility for monitoring the appropriateness and effectiveness of its systems and controls.
An Authorised Person must ensure that its internal audit function is independent from operational and business functions.
An Authorised Person must ensure that its internal audit function has unrestricted access to all relevant records and recourse when needed to the Authorised Person's Governing Body or the relevant committee, established by its Governing Body for this purpose.
An Authorised Person must document the organisation, responsibilities and procedures of the internal audit function.
An Authorised Person must take all reasonable steps to identify conflicts of interest that may arise between:
(a) the Authorised Person, including its managers and Employees, and the Clients of the Authorised Person, or any Person directly or indirectly linked to them by control; or
(b) one Client of the Authorised Person and another Client,
in the course of the Authorised Person carrying on any Regulated Activity or Market Activity.
For the purposes of identifying the types of conflict of interest that arise, or may arise, in the course of providing a service and whose existence may entail a material risk of damage to the interests of a Client, an Authorised Person must take into account, as a minimum, whether the Authorised Person or a Person directly or indirectly linked by control to the Authorised Person:
(a) is likely to make a financial gain, or avoid a financial loss, at the expense of the Client; or
(b) has an interest in the outcome of a service provided to the Client or of a transaction carried out on behalf of the Client, which is distinct from the Client's interest in that outcome; or
(c) has a financial or other incentive to favour the interest of another Client or group of Clients over the interests of the Client; or
(d) carries on the same business as the Client; or
(e) receives or will receive from a Person other than the Client an inducement in relation to a service provided to the Client, in the form of monies, goods or services, other than the standard commission or fee for that service.
If arrangements made by an Authorised Person to manage conflicts of interest are not sufficient to ensure, with reasonable confidence, that risks of damage to the interests of a Client will be prevented, the Authorised Person must clearly disclose the general nature and/or sources of conflicts of interest to the Client before undertaking business for the Client.
The disclosure in GEN 5.6.3 must:
(a) be made in a durable medium; and
(b) include sufficient detail, taking into account the nature of the Client, to enable that Client to take an informed decision with respect to the service in the context of which the conflict of interest arises.
When an Authorised Person establishes and maintains an information barrier (that is, an arrangement that requires information held by an Authorised Person in the course of carrying on one part of the business to be withheld from, or not to be used for, Persons with or for whom it acts in the course of carrying on another part of its business) it may:
(a) withhold or not use the information held; and
(b) for that purpose, permit Employees in the first part of its business to withhold the information held from Employees in the other part of the business,
but only to the extent that the business of one of those parts involves the carrying on of Regulated Activities or Market Activities.
Information may also be withheld or not used by an Authorised Person when this is required by an established arrangement maintained between different parts of the business (of any kind) in the same group
Acting in conformity with GEN 5.7.1 and 5.7.2 does not amount to Market Abuse.
When an Authorised Person manages a conflict of interest using the arrangements in GEN 5.7.1 and 5.7.2 which take the form of an information barrier, individuals on the other side of the information barrier will not be regarded as being in possession of knowledge denied to them as a result of the information barrier.
An Authorised Person must establish a robust operational risk management framework with appropriate systems and controls to identify, monitor and manage operational risks that key participants, other Authorised Persons, service providers (including outsources) and utility providers might pose to itself.
An Authorised Person must have a well‐founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions.
An Authorised Person must establish and maintain effective systems and controls to:
(a) deter and prevent suspected fraud against the Authorised Person; and
(b) report suspected fraud and other financial crimes to the AFSA and other relevant authorities.
An Authorised Person must have a business continuity plan, which is subjected to periodic review and scenario testing, that addresses events posing a significant risk of disrupting operations, including events that could cause a widespread or major disruption.
An Authorised Person must make and retain records of matters and dealings, including Accounting Records and corporate governance practices which are the subject of requirements and standards under the Framework Regulations and Rules.
An Authorised Person must ensure that records stored pursuant to GEN 5.9.1 are capable of reproduction on paper within a reasonable period not exceeding five Business Days.
The supervisory powers of the AFSA are set out in sections 96 to 101 of the Framework Regulations and include:
Section 96: Power to gather information
Section 97: Power to require the production of a report
Section 98: Power to restrict, withdraw or suspend a Licence
Section 99: Power to impose a prohibition
Section 100: Power to impose a requirement
Section 101: Power to enter into an enforceable arrangement
Section 95(1) of the Framework Regulations provides that the AFSA may exercise any of the above powers “at any time where it considers it necessary or desirable to do so in accordance with its Regulatory Objectives.”
The AFSA is likely to exercise the supervisory powers in sections 96 to 101 of the Framework Regulations in the following circumstances:
(a) an Authorised Person is failing, or is likely to fail, to satisfy the criteria referred to in sections 34 or 37 of the Framework Regulations as appropriate (Criteria for the grant of a Licence); or
(b) an Authorised Person has failed, during a period of at least 12 months, to carry on a Regulated Activity or Market Activity for which it has a Licence; or
(c) it is desirable to take such steps to exercise such power in order to protect the interests of clients or customers of an Authorised Person or the financial system; or
(d) an Authorised Person is in breach of, or has been, in breach of one or more conditions, restrictions or requirements applicable to its Licence; or
(e) an Authorised Person is (or has been) otherwise in breach of the AIFC Constitutional Law, the Framework Regulations or any Rules or other relevant legislation; or
(f) an Authorised Person is in breach of a requirement under section 48 of the Framework Regulations (Requirement for AFSA approval to change in control); or
(g) a request has been received from a Financial Services Regulator; or
(h) there is a reasonable likelihood that an Authorised Person will contravene a requirement of any Regulations or Rules; or
(і) an Authorised Person has contravened a relevant requirement and there is a reasonable likelihood that the contravention will continue or be repeated; or
(j) there is loss, risk of loss, or other adverse effect on an Authorised Person’s Clients; or
(k) an investigation is being carried out in relation to an act or omission by an Authorised Person that constitutes or may constitute a Contravention of any applicable Regulation or Rule; or
(l) an enforcement action has commenced against an Authorised Person for a Contravention of any applicable Regulation or Rule; or
(m) civil proceedings have commenced against an Authorised Person; or
(n) an Authorised Person or any of its Employees may be or has been engaged in Market Abuse; or
(o) an Authorised Person is subject to a merger; or
(p) a meeting has been called to consider a resolution for an Authorised Person’s Winding‐Up; or
(q) an application has been made for the commencement of any insolvency proceedings or the appointment of any receiver, administrator or provisional liquidator under the law of any country, territory or jurisdiction outside the AIFC for an Authorised Person; or
(r) there is a notification to dissolve an Authorised Person or strike it from the register maintained by the Registrar of Companies, or a comparable register in another jurisdiction; or
(s) there is information to suggest that an Authorised Person is involved in Financial Crime; or
(t) the AFSA considers that the exercise of the power is necessary or desirable to ensure Clients, Authorised Persons, or the financial system, are not adversely affected.
Where the AFSA requires an Authorised Person to provide it with a report under section 97 of the Framework Regulations (Power to require the production of a report) it will give written notification to the Authorised Person of:
(a) the purpose of its report, and
(b) its scope, and
(c) the timetable for completion and
(d) any other relevant matters.
(a) The Person appointed to produce a report shall be referred to as the “Skilled Person”.
(b) Where the AFSA nominates the Skilled Person, the Authorised Person must appoint the Person so nominated.
(c) Where the AFSA invites the Authorised Person to nominate a Skilled Person, the Authorised Person must provide the AFSA with the details of an appropriately qualified Person within such period as the AFSA may direct. The AFSA will confirm within a reasonable period where it approves the appointment of the Person so nominated. If the AFSA does not approve the Person so nominated, it may require the Authorised Person to nominate another Person or itself nominate a Person.
When an Authorised Person appoints a Skilled Person, it must enter into a written contract with the Skilled Person whose terms:
(a) require and permit the Skilled Person to co‐operate with the AFSA in relation to the Authorised Person and to communicate to the ASFA information on, or his opinion on, matters of which he has, or had, become aware in his capacity as a Skilled Person reporting on the Authorised Person in the following circumstances:
(і) the Skilled Person reasonably believes that, as regards the Authorised Person concerned:
(A) there is or has been, or may be or may have been, a contravention of any requirement that applies to the Authorised Person concerned; and
(B) that the contravention may be of material significance to the AFSA in determining whether to exercise, in relation to the Authorised Person concerned, any powers conferred on the AFSA under any provision of the Framework Regulations;
(ii) the Skilled Person reasonably believes that the information on, or his opinion on, those matters may be of material significance to the AFSA in determining whether the Authorised Person concerned satisfies and will continue to satisfy the fit and proper requirements; or
(iii) the Skilled Person reasonably believes that the Authorised Person is not, may not be, or may cease to be, a going concern;
(b) require the Skilled Person to prepare a report within the time specified by the AFSA; and
(c) waive any duty of confidentiality owed by the Skilled Person to the Authorised Person which might limit the provision of information or opinion by that Skilled Person to the AFSA in accordance with (a) or (b).
An Authorised Person must ensure that the contract required under GEN 6.1.2:
(a) is governed by the law of the AIFC; and
(b) expressly provides that the AFSA has a right to enforce the provisions included in the contract under GEN 6.1.2; and
(c) expressly provides that, in proceedings brought by the AFSA for the enforcement of those provisions, the skilled Person is not to have available by way of defence, set‐off or counter claim any matter that is not relevant to those provisions; and
(d) if the contract includes an arbitration agreement, expressly provides that the AFSA is not, in exercising the right in (b) to be treated as a party to, or bound by, the arbitration agreement; and
(e) provides that the provisions included in the contract under GEN 6.1.2 are irrevocable and may not be varied or rescinded without the AFSA's consent.