The DFSA is an integrated principles-based regulator that follows a risk-based approach in the supervision of regulated firms, including Financial Institutions, Registered Auditors, and Credit Rating Agencies. The DFSA’s risk-based approach to the supervision of a firm may vary depending upon the nature, scale, complexity, size and circumstances of each individual firm and the specific risks it poses to the DFSA’s objectives.
We conduct prudential and conduct of business supervision and deploy our supervisory resources to those firms and financial services activities that pose the greatest risk to our regulatory objectives. The DFSA does not operate a “zero failure” regime because doing so would place excessive regulatory burden on financial institutions and adversely impact the efficiency of the financial system. Therefore, we aim to reduce the risk and impact of failure or of inappropriate behaviour by deploying supervisory resources to those Firms and activities that present the greatest risk to the DFSA’s objectives.
The DFSA requires an open, transparent and cooperative relationship between itself and the Authorised Firm. The DFSA seeks to maintain an up-to-date knowledge of an Authorised Firm’s business. Therefore, an Authorised Firm is required to keep the DFSA informed of significant events, or anything related to the firm of which the DFSA would reasonably expect to be notified.
The DFSA encourages open and proactive communication with all Authorised Firms. To achieve this, the DFSA follows a multi-channel approach to communication with Authorised Firms:
- Supervisors are the primary contact point with Authorised Firms, through regular visits and on-site risk assessments.
- From time-to-time, the DFSA issues letters addressed to Senior Executive Officers (SEOs) regarding specific issues.
- The DFSA hosts periodic outreach sessions to discuss specific regulatory issues in an open forum.
- The DFSA issues Alerts regarding possible fraud issues and other regulatory warnings.
- The DFSA reviews its regulatory regime on an ongoing basis and updates its Rulebook as and when required.
- Firms are also required to complete regular reports.
- Firms are required to file Suspicious Transaction Reports immediately.
There are two general types of supervisory engagement under which all Authorised Firms are supervised. The types of supervision are “Team Supervision” and “Relationship Management.” The type of supervision that is applied to an Authorised Firm is determined according to a risk-based assessment of the risks each Firm presents to the DFSA’s regulatory objectives.
- Team Supervision: Authorised Firms that the DFSA deems to present lower risk to the DFSA’s objectives are assigned to Team Supervision. Under this method, a Firm will engage with the DFSA via the “Supervised Firm Contact Form.” A Supervisor from Team Supervision will then be assigned to engage with the Firm. Firms are subject to thematic reviews; desk-based and onsite risk assessments; senior management meetings; and quarterly, annual, and periodic reporting requirements.
- Relationship Management: Authorised Firms that the DFSA deems to present higher risk to the DFSA’s objectives are assigned a dedicated Supervisor. The higher risk determination may be the result of firm-specific or sector-specific factors. Under this method of supervision, a Firm will initiate contact with the DFSA via the “Supervised Firm Contact Form.” The Firm’s follow up engagement will be with its dedicated Supervisor, unless the Firm is notified otherwise. Firms are subject to thematic reviews; desk-based and onsite risk assessments; senior management meetings; and quarterly, annual, and periodic reporting requirements.
Our risk-based approach to supervision uses the two dimensions of impact and probability to measure the risk each Authorised Firm presents to the DFSA’s objectives. Each Authorised Firm is assigned a separate impact and probability rating. These ratings, in conjunction with supervisory judgement, are used to determine the level of supervisory resource that is applied to each Firm.
Impact is the size of the harm that a firm/risk can do to our objectives. We assess impact in the two categories of financial and non-financial impact.
- The first category assesses the impact of a Firm’s failure to the financial system. In this context, we assess each Firm’s scale, scope and complexity; the financial services it provides; and its interconnectedness to other financial institutions. .
- The second category assesses the non-financial impact in the event a Firm engages in improper conduct. In this context, we assess the size and classification of each Firm’s client base and the size and nature of relevant client assets.
Probability is the likelihood of a risk materialising and the likelihood that a firm/risk may cause harm to the DFSA objectives if no action is taken. We assess probability within the three dimensions of inherent risk, control effectiveness, and residual risk across the five categories of
(1) Business Model, Strategy, and Corporate Governance;
(2) Financial risk;
(3) Operational risk;
(4) Conduct of Business risk; and
(5) AML/Financial Crime risk.
SUPERVISION FRAMEWORK