DFSA | THE INDEPENDENT REGULATOR OF FINANCIAL SERVICES
Enquiries
Services
E-portal Login

Supervision Framework

The DFSA utilises numerous tools to conduct its supervisory work.

The DFSA requires an open, transparent and cooperative relationship between itself and the Authorised Firm. The DFSA seeks to maintain an up-to-date knowledge of an Authorised Firm’s business. Therefore, an Authorised Firm is required to keep the DFSA informed of significant events, or anything related to the firm of which the DFSA would reasonably expect to be notified.

The DFSA encourages open and proactive communication with all Authorised Firms. To achieve this, the DFSA follows a multi-channel approach to communication with Authorised Firms:

  • Supervisors are the primary contact point with Authorised Firms, through regular visits and on-site risk assessments.
  • From time-to-time, the DFSA issues letters addressed to Senior Executive Officers (SEOs) regarding specific issues. Refer to SEO Letters.
  • The DFSA hosts periodic outreach sessions to discuss specific regulatory issues in an open forum.
  • The DFSA issues Alerts regarding possible fraud issues and other regulatory warnings. To view or subscribe to Alerts, click here.
  • The DFSA reviews its regulatory regime on an ongoing basis and updates its Rulebook as and when required. To view or subscribe to notification of changes, click here.
  • Firms are also required to complete regular reports. To access the EPRS system, click here.
  • Firms are required to file Suspicious Transaction Reports immediately. To access contact information for filing of SARs, click here

For more information regarding being supervised by the DFSA, please refer to the DFSA Rulebook and the Regulatory Policy and Process Sourcebook.

Supervisory Risk Framework

There are two general types of supervisory engagement under which all Authorised Firms are supervised. The types of supervision are “Team Supervision” and “Relationship Management.” The type of supervision that is applied to an Authorised Firm is determined according to a risk-based assessment of the risks each Firm presents to the DFSA’s regulatory objectives.

  1. Team Supervision 
    Authorised Firms that the DFSA deems to present lower risk to the DFSA’s objectives are assigned to Team Supervision. Under this method, a Firm will engage with the DFSA via the “Supervised Firm Contact Form.” A Supervisor from Team Supervision will then be assigned to engage with the Firm. Firms are subject to thematic reviews; desk-based and onsite risk assessments; senior management meetings; and quarterly, annual, and periodic reporting requirements.
  2. Relationship Management
    Authorised Firms that the DFSA deems to present higher risk to the DFSA’s objectives are assigned a dedicated Supervisor. The higher risk determination may be the result of firm-specific or sector-specific factors. Under this method of supervision, a Firm will initiate contact with the DFSA via the “Supervised Firm Contact Form.” The Firm’s follow up engagement will be with its dedicated Supervisor, unless the Firm is notified otherwise. Firms are subject to thematic reviews; desk-based and onsite risk assessments; senior management meetings; and quarterly, annual, and periodic reporting requirements.

Our risk-based approach to supervision uses the two dimensions of impact and probability to measure the risk each Authorised Firm presents to the DFSA’s objectives. Each Authorised Firm is assigned a separate impact and probability rating. These ratings, in conjunction with supervisory judgement, are used to determine the level of supervisory resource that is applied to each Firm.

A combination of quantitative sectoral and firm-specific factors are used to determine the impact and probability risk of each Firm. We then apply supervisory judgment to consider reputational, and other non-quantifiable, risk factors in order to determine the appropriate level of supervisory engagement for each sector and Firm. 

Impact

Impact is the size of the harm that a firm/risk can do to our objectives. We assess impact in the two categories of financial and non-financial impact. 

  1. The first category assesses the impact of a Firm’s failure to the financial system. In this context, we assess each Firm’s scale, scope and complexity; the financial services it provides; and its interconnectedness to other financial institutions. 
  2. The second category assesses the non-financial impact in the event a Firm engages in improper conduct. In this context, we assess the size and classification of each Firm’s client base and the size and nature of relevant client assets. 

Probability

Probability is the likelihood of a risk materialising and the likelihood that a firm/risk may cause harm to the DFSA objectives if no action is taken. We assess probability within the three dimensions of inherent risk, control effectiveness, and residual risk across the five categories of (1) Business Model, Strategy, and Corporate Governance; (2) Financial risk; (3) Operational risk; (4) Conduct of Business risk; and (5) AML/Financial Crime risk.

For better web experience, please use the website in portrait mode