Expand all | Collapse all

Regulatory Compliance

  • 1.  Regulatory Compliance

    Posted 06-18-2020 09:15 AM

    Dear Gordon,

    Thanks for all your valuable feedback!
    I have a query regarding regulatory compliance.I work in a UAE local bank.Our Vendor risk management program is still very immature.The problem which we often face is whether this service provided by the vendor is regulated or not regulated.Though we have the central bank outsourcing regulations with us which provides a non exhaustive list of material activities.Since this is a new process even regulatory compliance Dept are not too sure whether the activity is regulated or not.
    The business units complete the risk assessment and they need guidance to understand which are regulated activities so this causes delay and is a major bottleneck.

    Is there a list of all the regulated activities performed by a Financial Institution/ Banks in UAE 
    and what further controls to be taken for regulated activities?

  • 2.  RE: Regulatory Compliance

    Posted 06-22-2020 03:43 PM

    The UAE has been adopting regulatory requirements we've been held accountable for in many U.S. industries for a few years now. To that end you will see OFAC checks expanded to all of your critical and high-risk vendors. As you know, the onshore, offshore or free zone "relevant activities" include banking. The Ministry of Finance (MOF) also has specific guidelines that are very specific. The MOF is asking the banking sector to know their customer AND know the vendors you're utilizing at a higher level than you may have in the past.  Unless the vendor is directly or indirectly owned by the UAE government or part of the sovereign investment fund or a related entity, your regulatory requirements will affect all of your vendors.


    Here are some helpful tips as you perform your regulatory compliance reviews:


    • Before working with a vendor, I recommend reference checks. I've found that about 60% of the references will give the vendor glowing reviews, while 40% will have something to say that isn't a glowing review.  So, yes, vendor supplied references can be helpful.  I do take the additional step of asking people I know in the industry what they think of the vendor's.  That too can give you a better picture of the vendor.
    • Do an OFAC check on both contract and purchase order vendors and an OFAC/world check on a company's authorized signatories/owners of the companies for all critical and high-risk vendors for two reasons (1) While the guidelines the MOF has issued don't specifically state you have to perform OFAC checks, the do appear to indicate that anyone with a material interest in the vendor you're doing business with  should have a background check performed on them. In the U.S. we require background checks and drug screens for anyone who owns a material interest in any critical or high-risk vendor. (2) When you start doing OFAC checks on the principals of your vendors, you're going to get a surprise or two.  You will find individuals with ownership interests that may cause you to reconsider using a vendor.
    • Of course there's more due diligence to do in addition to risk assessments and OFAC checks, but for critical and high risk vendors, I encourage you to always know how they're trending financially and their complaint volume.
    • As far as international vendors are concerned, do your standard due diligence but also ensure the vendor is a good fit for your organization by checking the reputation of the vendor and doing everything you can to ensure you can legally do business with the international vendor. The other considerations I recommend that you manage with international vendors center around their country's privacy laws. You'll want to know how they view privacy and if that view is compatible with your organization.


    I hope you find this information useful. I'd love to hear if anyone else has any advice regarding regulatory compliance in the UAE.