DFSA shows increasing interest in enforcement and individual accountability

​This article examines two enforcement actions taken last year by the DFSA against senior executives.

Focus on individual accountability

2017 saw increased enforcement activity by the Dubai Financial Services Authority (DFSA), with a focus on individual accountability. This included enforcement action against two senior executives, including prohibitions and the imposition of financial penalties.

The DFSA’s recent enforcement focus on individual accountability is in keeping with its objectives. In its 2017/2018 Business Plan, the DFSA stated, “Enforcement action will be taken where this is relevant and appropriate, and an increased emphasis will be placed on individual accountability”. This focus is supported by the DFSA’s continued efforts to increase its enforcement capabilities including the recruitment of a new Head of Enforcement, who joins the DFSA from the UK’s Financial Conduct Authority.

Enforcement actions

In the first instance of an enforcement action against a senior executive, the DFSA issued a Decision Notice1 against Andrew Grimes, a former Senior Executive Officer (SEO) of CDL, a DFSA authorised insurance intermediary, on 03 May 2017. The DFSA fined Mr Grimes $52,500 for his involvement in his firm’s provision of prohibited insurance intermediation services. He was also banned from performing any function in connection with the provision of financial services in or from the Dubai International Financial Centre (DIFC).

The DFSA found that from January to July 2014 Mr Grimes was knowingly involved in undertaking insurance intermediation activities which contravened DFSA legislation. These activities included intermediating 21 contracts of insurance for customers with risks situated in the UAE but outside the DIFC, where CDL did not have the appropriate arrangements in place to do so (in breach of COB Rule 7.2.2(b)), and failing to properly on-board clients (in breach of a number of COB Rules and AML Modules of the DFSA Rulebook).

The Decision Notice concluded that Mr Grimes failed to take reasonable care to ensure that the business, “for which he was responsible as SEO”, complied with the applicable DIFC legislation. The Decision Notice emphasised that Mr Grimes was “ultimately responsible for the day-to-day management, supervision and control2 of the firm’s activities.

The DFSA also found that Mr Grimes provided false and misleading information to them during their investigation. In particular, Mr Grimes told the DFSA during a meeting that CDL had not intermediated any direct insurance (as opposed to re-insurance) outside the DIFC. In fact, CDL had intermediated 12 contracts of direct insurance outside the DIFC by the point of the meeting.

In a media release from the DFSA regarding the Decision Notice, Mr Ian Johnston, Chief Executive of the DFSA, said: “The DFSA expects SEOs of Authorised Firms to meet their obligations and perform their duties to the standards required of them.”

In the second instance of an enforcement action against a senior executive, the DFSA accepted an Enforceable Undertaking dated 08 May 2017 from S Ravishankar Naidu, SEO of Royal Shield Limited (RSL), an insurance intermediary licensed by the DFSA. As part of the Enforceable Undertaking, Mr Naidu agreed to step down as SEO and pay a financial penalty of $70,000 ($60,000 of which was suspended indefinitely and becomes payable only if Mr Naidu fails to comply with the Enforceable Undertaking).

The action resulted from a number of failings on behalf of Mr Naidu, whereby he failed to arrange re-insurance cover in accordance with a client’s instructions and allowed incorrect information to be provided to the client. Further, Mr Naidu failed to comply with the DFSA’s requirement that SEOs must be resident in the UAE (Rule 7.5.2 of the GEN Module), due to his principal place of residence being the Seychelles, and Mr Naidu failed to ensure that the firm’s 2014 financial statements accurately reflected its financial position. The DFSA also concluded that Mr Naidu failed to ensure that his firm had adequate systems and controls.

The Enforceable Undertaking stated that Mr Naidu was “ultimately responsible for the day-to-day management, supervision and control” of the firm’s activities however he “failed to discharge that responsibility properly” and his “conduct fell short of the standard reasonably expected of him”.

The enforcement actions taken against Mr Grimes and Mr Naidu show that the DFSA will not hesitate to hold senior individuals accountable for wrongdoings at the firms for which they are ultimately responsible.

Individuals and the Senior Managers and Certification Regime (SM&CR)

The DFSA’s focus on individual accountability comes amidst increasing international regulatory focus on individual accountability. In the UK, the SM&CR was introduced for dual regulated firms in March 2016, and it is due to be extended to all financial services firms from the end of 2018. The aim of the SM&CR, as set out by the FCA in Policy Statement 15/30, is to “encourage senior individuals to take more responsibility for their actions, make it easier for both firms and regulators to hold individuals to account where things go wrong, and improve standards of individual conduct at all levels in these firms”. The regime has prompted significant change for both senior managers and the firms for which they are responsible. For example, individuals fulfilling "senior manager functions" are now required to be pre-approved by the regulators and the scope of each senior manager's role must be documented in a Statement of Responsibilities. In addition, the SM&CR brings in the "duty of responsibility" which requires senior managers to take reasonable steps to prevent regulatory breaches from occurring or continuing to occur.

Prior to the SM&CR, the UK had in place the approved persons regime. While the requirements of the SM&CR are similar to those of the old approved persons regime, the SM&CR places greater emphasis on individual accountability.

The DFSA already has some requirements similar to those in the SM&CR. For example, the DFSA requires firms to notify it of the names of certain individuals in senior positions, i.e. individuals responsible for risk management, senior risk-taking positions and client-facing decisions. However, there has been no indication from the DFSA that it intends to extend it current regime or adopt the SM&CR model. Nevertheless, given the DFSA’s increasing focus on individual accountability it is possible that it may make changes to its regulatory regime in the near future and continue to focus its enforcement efforts on holding senior executives to account for misconduct.

SEOs and other senior executives must therefore be aware that their individual conduct is coming under increasingly regulatory scrutiny and that they must hold themselves up to the highest standards.


1 A Decision Notice issued by the DFSA is the equivalent of a Final Notice issued by the FCA.

2 Ibid

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.