Fintech 2025

UAE Law and Practice Contributed by: Stefan Mrozinski, Gabrielle Margerison (nee Lowe) and Arnold Krutilins, White & Case LLP

In August 2023, the DFSA signed a memoran - dum of understanding with the UAE’s Financial Intelligence Unit to further advance co-ordina - tion and sharing of information to ensure AML/ CTF compliance. It also released a consultation paper designed to align DIFC law with a number of guidelines released at the federal level, pro - posing increased obligations on money launder - ing reporting offices, changing the threshold for notifications and increasing the scope of those who may be responsible for compliance with AML/CTF conduct standards. 12.3 Responsibility for Losses Responsibility of fintech service providers for losses suffered by a customer would depend on the specific facts and circumstances surround - ing the situation. Below are examples of situations and the corre - sponding responsibility imposed by the relevant regulator on a fintech service provider for losses suffered by a customer. • The VARA stipulates that VASPs must have procedures for ensuring that all virtual assets transfer and settlement services carried out for a client are authorised by the client, and that the VASP is acting in line with the client’s instructions. If any virtual assets transmis - sion/transfer, and/or settlement processed by a VASP is not authorised by the client, or is not carried out in line with the client’s instruc - tions, the VASP: (a) will, as soon as practicable but in all events within 24 hours of becoming aware of the erroneous execution, refund the client or otherwise restore the cli - ent’s account to the state it would have been in, had the wrongful transmission or transfer, and/or settlement not been effected; and

(b) is liable to the client in respect of the loss suffered by the client as a direct result of the VASP’s actions or omissions. • The DFSA COB Rulebook Module states that if an authorised firm is responsible for an unauthorised or incorrectly executed pay - ment transaction, or for the non-execution of a payment transaction, and the user’s pay - ment account has been incorrectly debited, it must promptly and within three business days restore the user’s payment account to the state it would have been in had the payment transaction been correctly executed. • The FSRA, in its COB Rulebook Module, states that where an executed payment trans - action was not authorised by the payer, the payment service provider must: (a) refund the amount of the unauthorised payment transaction; and (b) where applicable, restore the debited payment account to the state it would have been in had the unauthorised pay - ment transaction not taken place. The payment service provider must provide a refund as soon as practicable, and in any event no later than the end of the day following the day on which it becomes aware of the unauthorised payment transaction, although the requirement to provide a refund does not apply where the payment service provider has reasonable grounds to suspect fraudulent behaviour by the payment service user.

928 CHAMBERS.COM

Powered by