The DFSA is an integrated principles-based regulator that follows a risk-based approach in the supervision of regulated firms, including Financial Institutions, Registered Auditors, and Credit Rating Agencies. The DFSA’s risk-based approach to the supervision of a firm may vary depending upon the nature, scale, complexity, size and circumstances of each individual firm and the specific risks it poses to the DFSA’s objectives.

We conduct prudential and conduct of business supervision and deploy our supervisory resources to those firms and financial services activities that pose the greatest risk to our regulatory objectives. The DFSA does not operate a “zero failure” regime because doing so would place excessive regulatory burden on financial institutions and adversely impact the efficiency of the financial system. Therefore, we aim to reduce the risk and impact of failure or of inappropriate behaviour by deploying supervisory resources to those Firms and activities that present the greatest risk to the DFSA’s objectives.

Regulatory Objectives

- To foster and maintain fairness, transparency and efficiency in the financial services industry (namely, the financial services and related activities carried on) in the DIFC.
- To foster and maintain confidence in the financial services industry in the DIFC.
- To foster and maintain the financial stability of the financial services industry in the DIFC, including the reduction of systemic risk.
- To prevent, detect and restrain conduct that causes or may cause damage to the reputation of the DIFC or the financial services industry in the DIFC, through appropriate means, including the imposition of sanctions.
- To protect direct and indirect users and prospective users of the financial services industry in the DIFC.
- To promote public understanding of the regulation of the financial services industry in the DIFC.
- To pursue any other objectives as the Ruler of Dubai may, from time-to-time, set under DIFC Law.

SUPERVISION FRAMEWORK

The DFSA requires an open, transparent and cooperative relationship between itself and the Authorised Firm. The DFSA seeks to maintain an up-to-date knowledge of an Authorised Firm’s business. Therefore, an Authorised Firm is required to keep the DFSA informed of significant events, or anything related to the firm of which the DFSA would reasonably expect to be notified.

The DFSA encourages open and proactive communication with all Authorised Firms. To achieve this, the DFSA follows a multi-channel approach to communication with Authorised Firms:
- Supervisors are the primary contact point with Authorised Firms, through regular visits and on-site risk assessments.
- From time-to-time, the DFSA issues letters addressed to Senior Executive Officers (SEOs) regarding specific issues.
- The DFSA hosts periodic outreach sessions to discuss specific regulatory issues in an open forum.
- The DFSA issues Alerts regarding possible fraud issues and other regulatory warnings.
- The DFSA reviews its regulatory regime on an ongoing basis and updates its Rulebook as and when required.
- Firms are also required to complete regular reports.
- Firms are required to file Suspicious Transaction Reports immediately.

SUPERVISORY RISK FRAMEWORK

There are two general types of supervisory engagement under which all Authorised Firms are supervised. The types of supervision are “Team Supervision” and “Relationship Management.” The type of supervision that is applied to an Authorised Firm is determined according to a risk-based assessment of the risks each Firm presents to the DFSA’s regulatory objectives.

- Team Supervision: Authorised Firms that the DFSA deems to present lower risk to the DFSA’s objectives are assigned to Team Supervision. Under this method, a Firm will engage with the DFSA via the “Supervised Firm Contact Form.” A Supervisor from Team Supervision will then be assigned to engage with the Firm. Firms are subject to thematic reviews; desk-based and onsite risk assessments; senior management meetings; and quarterly, annual, and periodic reporting requirements.

- Relationship Management: Authorised Firms that the DFSA deems to present higher risk to the DFSA’s objectives are assigned a dedicated Supervisor. The higher risk determination may be the result of firm-specific or sector-specific factors. Under this method of supervision, a Firm will initiate contact with the DFSA via the “Supervised Firm Contact Form.” The Firm’s follow up engagement will be with its dedicated Supervisor, unless the Firm is notified otherwise. Firms are subject to thematic reviews; desk-based and onsite risk assessments; senior management meetings; and quarterly, annual, and periodic reporting requirements.

Our risk-based approach to supervision uses the two dimensions of impact and probability to measure the risk each Authorised Firm presents to the DFSA’s objectives. Each Authorised Firm is assigned a separate impact and probability rating. These ratings, in conjunction with supervisory judgement, are used to determine the level of supervisory resource that is applied to each Firm.

Impact

Impact is the size of the harm that a firm/risk can do to our objectives. We assess impact in the two categories of financial and non-financial impact.

- The first category assesses the impact of a Firm’s failure to the financial system. In this context, we assess each Firm’s scale, scope and complexity; the financial services it provides; and its interconnectedness to other financial institutions. .

- The second category assesses the non-financial impact in the event a Firm engages in improper conduct. In this context, we assess the size and classification of each Firm’s client base and the size and nature of relevant client assets.

Probability

Probability is the likelihood of a risk materialising and the likelihood that a firm/risk may cause harm to the DFSA objectives if no action is taken. We assess probability within the three dimensions of inherent risk, control effectiveness, and residual risk across the five categories of
(1) Business Model, Strategy, and Corporate Governance;
(2) Financial risk;
(3) Operational risk;
(4) Conduct of Business risk; and
(5) AML/Financial Crime risk.