On April 7, 2022 the Dubai Financial Services Authority (DFSA) announced and immediately implemented a new regulatory regime to protect whistleblowers. The regime, while building on existing requirements, is the first of its kind in the United Arab Emirates. It establishes a set of whistleblower protection requirements with the following goals:
You can read the announcement in full here, and we’ve broken down the need-to-know elements below.
All entities regulated by the DFSA and operating in the Dubai International Finance Centre (DIFC) are subject to the new requirements.
Regulated entities include:
Under the new regime, protected whistleblowers include officers, employees, or agents of a DFSA-regulated entity who report suspected misconduct.
A whistleblower must have a “reasonable suspicion” that an employee, agent, authorized person, or affiliate of a regulated entity has engaged in money laundering, fraud, other financial crimes, or any other breaches of DFSA rules, provisions, or laws.
They must also make their report “in good faith”, meaning that whistleblowers who knowingly submit false reports are not protected under the new regime.
The DFSA Rulebook establishes protections in Article 68A(4):
The DFSA announcement on April 7 emphasized that companies need to establish “appropriate and effective” policies and procedures to enable whistleblowing. Those policies and procedures must include:
To meet these requirements effectively and in a timely manner, you may choose to outsource your whistleblowing channel and case management to a vendor – choose the right one with this advice.
Want to know more about the new regime’s policy and procedure requirements? Continue your research with this DataGuidance article.
They can submit reports internally within the entity where they work, or externally to an auditor, the DFSA, or law enforcement. Whistleblowers who choose to go to the DFSA can do so regardless of whether they’ve already reported internally, and the DFSA has set up an email address to accept those reports: email@example.com.
They should! Protecting whistleblower anonymity, preventing retaliation, and establishing two-way communication with whistleblowers are hallmarks of the EU Whistleblower Protection Directive, which entered into force for companies with more than 250 EU-based workers on December 17, 2021. More significantly, the new DFSA Whistleblowing Regime shares much in common with the UK FCA Handbook’s Rule 18 on whistleblowing.
The DFSA will spend just over a year monitoring compliance with the new regime, and will conduct a review in mid-2023 on whether it has been effective in encouraging and protecting whistleblowers.
When implementing a helpline and case-management system, it is essential to keep in mind the requirements of the DFSA whistleblowing regime – namely, that you protect whistleblower anonymity and confidentiality, can communicate with whistleblowers when needed, and are able to effectively prevent retaliation.
OneTrust’s Helpline and Case Manager may help you meet these requirements. Request a demo today to see them in action.