The regime applies to all DFSA regulated entities operating in or from the DIFC. Image Credit: WAM

Dubai: The Dubai Financial Services Authority (DFSA) on Thursday launched a set of regulations aimed at protecting whistleblowers.

The regime applies to all DFSA regulated entities operating in or from the Dubai International Financial Centre (DIFC).

Dubai’s financial watchdog said the regulatory regime provides enhanced legal protection for persons who report misconduct internally within DFSA regulated entities or externally to their auditor, the DFSA or a law enforcement agency.

Whistleblowing is the term used when a worker passes on information concerning wrongdoing. The wrongdoing will typically (although not necessarily) be something they have witnessed at work.

It also seeks to improve the whistleblowing culture in these entities by increasing transparency around how they handle regulatory concerns, assess those concerns and, where appropriate, escalate those concerns. A DFSA-regulated entity must also put in place measures to protect the identity of the whistleblower and to protect them from suffering any detriment.

“Whistleblowers form a key part of a firm’s ability to detect, identify and escalate issues of misconduct, and the required Whistleblower policies and procedures play an important role in encouraging appropriate disclosures,” said F. Christopher Calabia, CEO of the DFSA.

“We expect all regulated entities to be ready to discuss and demonstrate the application of their policies and procedures when engaging with the DFSA.”

Protections in place

Changes have been made to the Regulatory Law 2004 to enhance the legal protection provided to persons (for example, officers, employees or agents of a regulated entity) who report suspected misconduct internally within the entity or externally to their auditor, the DFSA or a law enforcement agency.

This protection will only apply where the disclosure of information relates to a reasonable suspicion that the regulated entity, an officer or employee of the regulated entity or an affiliate of an authorised person has or may have:

  • Contravened a provision of the Law, the Rules or any other legislation administered by the DFSA; or
  • Engaged in money laundering, fraud or any other financial crime, and where the disclosure is made in good faith.
Reasonable suspicion
This will depend on the particular circumstances and while “suspicion” is a relatively low threshold, the notion of reasonableness brings an objective test to the suspicion.

What do DFSA regulated entities need to do?

They will need to put in place appropriate and effective policies and procedures to facilitate the reporting and assessment of regulatory concerns. DFSA expects the policies and procedures to cover:

  • Internal arrangements to allow for the disclosure of regulatory concerns;
  • Adequate procedures to deal with, assess and escalate Whistleblower reports within the entity and, where appropriate, to the DFSA or any other relevant authority;
  • Reasonable measures to protect the identity and confidentiality of the whistleblower;
  • Measures to protect the whistleblower from suffering any detriment;
  • Procedures to provide feedback to the whistleblower, where appropriate; and
  • Measures setting out how the entity will manage any conflicts of interest and the fair treatment of any person accused of committing a breach by a whistleblower.

The policies and procedures put in place should be appropriate to the nature, scale and complexity of that entity’s business and must be reviewed periodically to ensure they are adequate, effective and up to date.

The entity should also, as part of implementing these new requirements, inform all its officers and employees of the protections available to them.

Reporting misconduct

The regulator has set up a specific DFSA whistleblowing email address – – where a regulatory concern can be reported directly to the DFSA regardless of whether an internal report has been made.

Any information reported to the DFSA is treated confidentially and access to that information would be limited to a small number of expert DFSA staff.

“We would aim to respond to that report within 28 working days of receiving it - this would include an initial assessment of the report and potential requests for further information,” DFSA said.

DFSA will not, as part of this process, provide any legal advice or guidance, it added