Fintech 2025

UAE Law and Practice Contributed by: Stefan Mrozinski, Gabrielle Margerison (nee Lowe) and Arnold Krutilins, White & Case LLP

es. The authors are also aware of the increased enforcement appetite of the DFSA and the FSRA in recent times. However, the VARA’s investiga - tory process suggests that the VARA is willing to work with companies that are in violation of regulations and provide opportunities for them to correct their transgressions. 2.11 Implications of Additional, Non- Financial Services Regulations Federal Decree-Law No 45/2021 (the “Personal Data Protection Law” ) is “onshore UAE’s” first written data protection law of general appli - cation. The Personal Data Protection Law is inspired by the EU’s General Data Protection Law (the “GDPR” ) but is lighter touch. As of the time of publication, the Executive Regulations, which will flesh out the provisions of the Person - al Data Protection Law, are yet to be released. Data and information is also protected in other aspects of “onshore UAE” law. For example, Federal Decree-Law No 31/2021 prohibits the unlawful copy, distribution or provision of infor - mation or data. Cybercrime Federal Decree-Law No 34/2021 Concerning the Fight against Rumours and Cybercrime sets out a wide range of offences, including in relation to illegal digital content and illegal uses of informa - tion technology. This is a broad law that goes considerably further than equivalent regulation in this area in Western Europe and the US. “Offshore UAE” Data protection “Onshore UAE” Data protection Both the DIFC and the ADGM have had consoli - dated data protection regimes for many years and both were recently reformed. They bear a significant resemblance to the GDPR, albeit

being more business friendly and somewhat lighter touch. 2.12 Review of Industry Participants by Parties Other than Regulators There are a growing number of formal industry bodies emerging in the fintech space such as the MENA Fintech Association. These indus - try bodies have an increasingly important role to play with respect to representing industry participants, communicating with regulators to address concerns and seeking guidance in respect of, or input with respect to, planned regulations within the fintech space. The DIFC Innovation Hub and the ADGM RegLab also oversee the fintech market and can influence the rules and regulations within the industry as an informal network by interpreting the practical application of the rules and regulations, thereby influencing how the market operates. Regulatory sandboxes also play a part in helping regulators to examine how their regulatory regimes impact real life business models, enabling regulators to adapt and develop in line with their aim of pro - moting the UAE as a global fintech industry hub. 2.13 Conjunction of Unregulated and Regulated Products and Services While it will depend on the nature of the business activities contemplated, it is generally expect - ed that corporate entities maintain a degree of separation between regulated and unregulated business activities to ensure that they can ring- fence those which are regulated and have higher supervision requirements from those which are not. For instance, in the ADGM it is prohibited to combine financial and non-financial services on the licence of a single entity. 2.14 Impact of AML and Sanctions Rules AML/CTF is regulated in the UAE by:

912 CHAMBERS.COM

Powered by