On April 7, 2022 the Dubai Financial Services Authority (DFSA) announced and immediately implemented a new regulatory regime to protect whistleblowers. The regime, while building on existing requirements, is the first of its kind in the United Arab Emirates. It establishes a set of whistleblower protection requirements with the following goals:
You can read the announcement in full here, and we’ve broken down the need-to-know elements below.
Who is subject to the requirements of the DFSA Whistleblowing Regime?
All entities regulated by the DFSA and operating in the Dubai International Finance Centre (DIFC) are subject to the new requirements.
What is a DFSA regulated entity?
Regulated entities include:
Who’s protected under the DFSA Whistleblowing Regime?
Under the new regime, protected whistleblowers include officers, employees, or agents of a DFSA-regulated entity who report suspected misconduct.
What requirements must a whistleblower meet in order to be protected?
A whistleblower must have a “reasonable suspicion” that an employee, agent, authorized person, or affiliate of a regulated entity has engaged in money laundering, fraud, other financial crimes, or any other breaches of DFSA rules, provisions, or laws.
They must also make their report “in good faith”, meaning that whistleblowers who knowingly submit false reports are not protected under the new regime.
How are whistleblowers protected under the DFSA Whistleblowing Regime?
The DFSA Rulebook establishes protections in Article 68A(4):
How can DIFC-based companies comply with the DFSA Whistleblowing Regime?
The DFSA announcement on April 7 emphasized that companies need to establish “appropriate and effective” policies and procedures to enable whistleblowing. Those policies and procedures must include:
To meet these requirements effectively and in a timely manner, you may choose to outsource your whistleblowing channel and case management to a vendor – choose the right one with this advice.
Want to know more about the new regime’s policy and procedure requirements? Continue your research with this DataGuidance article.
How can whistleblowers submit reports under the DFSA whistleblowing regime?
They can submit reports internally within the entity where they work, or externally to an auditor, the DFSA, or law enforcement. Whistleblowers who choose to go to the DFSA can do so regardless of whether they’ve already reported internally, and the DFSA has set up an email address to accept those reports: firstname.lastname@example.org.
Do these requirements sound familiar?
They should! Protecting whistleblower anonymity, preventing retaliation, and establishing two-way communication with whistleblowers are hallmarks of the EU Whistleblower Protection Directive, which entered into force for companies with more than 250 EU-based workers on December 17, 2021. More significantly, the new DFSA Whistleblowing Regime shares much in common with the UK FCA Handbook’s Rule 18 on whistleblowing.
What happens next?
The DFSA will spend just over a year monitoring compliance with the new regime, and will conduct a review in mid-2023 on whether it has been effective in encouraging and protecting whistleblowers.
My company needs a helpline and case-management system… what can I do?
When implementing a helpline and case-management system, it is essential to keep in mind the requirements of the DFSA whistleblowing regime – namely, that you protect whistleblower anonymity and confidentiality, can communicate with whistleblowers when needed, and are able to effectively prevent retaliation.
OneTrust’s Helpline and Case Manager may help you meet these requirements. Request a demo today to see them in action.