Dear Gordon,Thanks for all your valuable feedback!I have a query regarding regulatory compliance.I work in a UAE local bank.Our Vendor risk management program is still very immature.The problem which we often face is whether this service provided by the vendor is regulated or not regulated.Though we have the central bank outsourcing regulations with us which provides a non exhaustive list of material activities.Since this is a new process even regulatory compliance Dept are not too sure whether the activity is regulated or not.The business units complete the risk assessment and they need guidance to understand which are regulated activities so this causes delay and is a major bottleneck.Is there a list of all the regulated activities performed by a Financial Institution/ Banks in UAE and what further controls to be taken for regulated activities?
The UAE has been adopting regulatory requirements we've been held accountable for in many U.S. industries for a few years now. To that end you will see OFAC checks expanded to all of your critical and high-risk vendors. As you know, the onshore, offshore or free zone "relevant activities" include banking. The Ministry of Finance (MOF) also has specific guidelines that are very specific. The MOF is asking the banking sector to know their customer AND know the vendors you're utilizing at a higher level than you may have in the past. Unless the vendor is directly or indirectly owned by the UAE government or part of the sovereign investment fund or a related entity, your regulatory requirements will affect all of your vendors.
Here are some helpful tips as you perform your regulatory compliance reviews:
I hope you find this information useful. I'd love to hear if anyone else has any advice regarding regulatory compliance in the UAE.