Middle East | Publication | March 2025
On 6 March 2025, the Dubai Financial Services Authority (DFSA) published Consultation Paper No. 165 (CP165) outlining proposed changes to its Authorised Individual and Licensed Functions regimes.
The proposed changes place greater responsibility and accountability on firms for the appointment and ongoing review of the suitability of their key individuals. The DFSA anticipates that its proposal will improve the allocation of its resources amid the rapid expansion of the DIFC, without imposing material additional burdens on firms.
This article highlights some of the core proposals identified in CP165.
Currently, firms are required to obtain DFSA approval for the appointment of Compliance Officers, Finance Officers, and Senior Managers. As part of the current approval process, the DFSA makes an assessment as to whether the individual is fit and proper to perform that function. Firms are required to assess the competence of such persons to perform the relevant function and, under General Rulebook module (GEN) Rule 5.3.19, they must also ensure that their Employees are fit and proper.
CP165 proposes to remove the requirement for the DFSA’s authorisation of Compliance Officers, Finance Officers, and Senior Managers. Instead, firms will be solely responsible for assessing the fitness and propriety of these key officers. As such functions will no longer be authorised by the DFSA, the DFSA proposes renaming these roles from ‘Licensed Functions’ to ‘Designated Functions’, carried out by ‘Designated Individuals’.
When firms assess fitness and propriety of Designated Individuals, the DFSA proposes to require that firms apply the same criteria as the DFSA does when selecting individuals for Licensed Functions. Firms must maintain records of the assessment process for a minimum of six years and must make these available to the DFSA on request.
Under the CP165 proposals, firms will be required to notify the DFSA of any changes in the appointment of Designated Individuals and attest the fitness and propriety of these individuals as part of the firm’s regular annual reporting to the DFSA. In this way, firms are required to assess the ongoing fitness and propriety of Designated Individuals.
The SEO and MLRO functions will continue to be subject to DFSA approval.
CP165 sets out the DFSA’s policy position on Designated Individuals performing more than one Licensed and/or Designated Function, so-called “double-hatting”. The DFSA proposes to apply its existing double-hatting policy such that, before appointing an individual to perform more than one Licensed and/or Designated Function, firms must satisfy themselves that:
At present, a Compliance Officer appointed by an Authorised Firm is deemed under DFSA rules as having responsibility for:
“…the Authorised Firm’s compliance with Rules and applicable legislation to the Authorised Firm’s Financial Services”.
The DFSA proposes that the definition of a Compliance Officer will change such that the person would in future have responsibility for:
“…the implementation and management of the control framework that is in place to ensure compliance with Rules and applicable legislation relating to the Authorised Firm’s Financial Services”.
This change in definition would remove the Compliance Officer’s responsibility for the firm’s compliance with the DFSA regulations and would instead make the Compliance Officer responsible for the implementation and management of the firm’s control framework. This proposal would create a significant de-risking for Compliance Officers, particularly in circumstances where the firm is subject to DFSA enforcement action.
Finally, the DFSA also proposes to remove the requirement for a Compliance Officer to be a Director or Partner of the Authorised Firm for which the person is appointed. If implemented, this would be a further de-risking for Compliance Officers since it would also remove the respective director/partner duties that may apply at law. However, the DFSA proposes a new rule that would require an Authorised Firm to ensure that its Compliance Officer has sufficient seniority and independence, to meet the DFSA’s expectations of persons who carry out the Compliance Officer role. This rule would require firms to demonstrate and document the basis upon which it has concluded that the Compliance Officer is of sufficient seniority and independence to conduct his or her role.
Under the DFSA’s current rules, only Directors, Partners, or Senior Managers can perform the Finance Officer function. CP165 proposes to remove this limitation, instead requiring that individuals performing the Finance Officer function to have sufficient seniority and independence. The DFSA is proposing to make an equivalent amendment to the Compliance Officer function.
The DFSA has also recognised that the application and scope of the Senior Manager function is causing confusion for some firms. To address this, the DFSA is proposing to amend GEN to clarify that the Senior Manager function can only be conducted by individuals not already holding another specified Licensed or Designated Function.
Currently, individuals authorised by the DFSA to perform a Licensed Function (ie, Authorised Individuals) are subject to the Core Principles outlined in GEN. These principles include, amongst others, acting with due skill, care and diligence, and dealing with the DFSA in an open and cooperative manner. Under the proposals, despite ceasing to be Authorised Individuals, Compliance Officers, Finance Officers, and Senior Managers will remain subject to the Core Principles.
In quite a significant change, all employees of an Authorised Firm involved in activities carried on in connection with the financial services business, except those in ancillary roles, will also be subject to the Principles 1 to 4 (1. Integrity, 2. Due skill, care, and diligence, 3. Market conduct, and 4. Relations with the DFSA). In expanding the application of Principles 1 to 4, the DFSA seeks to align its rules with practices in jurisdictions like the UK.
Given the expanded list of persons subject to these standards of conduct, firms will need to ensure that affected staff are properly trained in, and understand, what the relevant Principles mean for them in the context of their roles.
CP165 proposes to introduce measures that require firms to take responsibility for the appointment and ongoing suitability and competence of their staff holding key functions. The proposals in CP165 are part of a wider piece of work the DFSA is undertaking to look at requirements relating to corporate governance in firms. Firms should expect further changes to the corporate governance rules.
The deadline for comments on CP165 is 5 May 2025. Subject to the outcome of consultation, the DFSA is proposing that the revised rules come into force on 1 September 2025. Given the relatively short lead-in time, firms should begin considering whether their internal and outsourced processes are compliant with the proposed framework.
This article has been written by Middle East Partner and Head of Financial Services Regulatory Matthew Shanahan, Associates Hasanali Pirbhai and Jack Abrehart, and International Trainee Lucrezia Cavuto.
Should you have any queries or questions, please get in touch with one the key contacts listed below.
Publication
On 6 March 2025, the Dubai Financial Services Authority (DFSA) published Consultation Paper No. 165 (CP165) outlining proposed changes to its Authorised Individual and Licensed Functions regimes.
Publication
In the recent judgment of Carmon Reestrutura (available here), the DIFC Court of Appeal confirmed that the DIFC Courts have jurisdiction to issue worldwide freezing orders in support of foreign proceedings.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2025
