Hammad & Al-Mehdar’s partner Suhaib Hammad authored the Saudi Arabia chapter of the Data Protection 2021 guide, published by Global Legal Group in July 2021.
This chapter discusses the data protection laws and regulations in Saudi Arabia.
To read the chapter, please visit the link.
The General Secretariat of Tax Committees has launched an electronic edition of the tax regulations guidance. The electronic edition has been issued to create a comprehensive reference for all tax and zakat regulations.
The electronic edition aims to improve the processing times of tax disputes and raise public awareness about the tax regulations.
The M&A team at Hammad & Al-Mehdar advised VentureSouq and its managed funds as lead investor in the $30.5m Series B equity financing of Sary, a Saudi-based B2B marketplace connecting small businesses with wholesalers and lenders.
The HMCo team was led by partner Abdulrahman Hammad, and included Samy Elsheikh, Tarek Bilani, and Dina Golfaridan.
Saudi Arabia’s Central Bank has announced that Fintech companies can join the national Mada payment system. Saudi Payments said the companies STC Pay and Geidea had joined the network as the first two non-banking companies to join the service.
The aim is to enable financial companies to support the private sector and establish a financial infrastructure. The licenses given to the Fintech companies mean they can issue digital and plastic Mada payment cards to enable customers to make payments online or withdraw money. They will also provide hosting services for Point of Sale devices to merchants directly and provide them with Point of Sale devices with complete services. To learn more, contact us.
Hammad & Al-Mehdar’s partner Suhaib Hammad has authored the Saudi Arabia chapter in the International Comparative Legal Guide publication on Digital Health, 2nd edition, published by Global Legal Group Ltd in March 2021.
The chapter covers issues such as digital health and healthcare IT, regulatory, digital health technologies, data use, data sharing, intellectual property, commercial agreements, AI, and machine learning and liability. Saudi Arabia is one of the 22 jurisdictions included in the prominent edition of Digital Health Laws and Regulations 2021.
To download the chapter, please click here.
The Abu Dhabi Global Market (the “ADGM”) has now enacted its Data Protection Regulations on 14 February 2021 (the “ADGM Data Protection Regulations”). The ADGM requires entities to adopt with the published ADGM Protection Regulations within 12 months for existing establishments and 6 months for new establishments starting from 14 February 2021.
The ADGM Data Protection Regulations are available on the ADGM official portal. Read more>>
Introduction
The final draft of the Crypto-asset Platform Operators (CPO) regulation module in the Kingdom of Bahrain was announced in February, 2019 by the Central Bank of Bahrain (CBB). The CBB is the regulator and responsible for regulating and monitoring financial system and financial stability in the Kingdom of Bahrain. Further, the CBB administers Fintech Bay, which supports a number of financial technology initiatives, including the CPO.
Types of Tokens
Crypto-assets are virtual, digital assets, or tokens operating on a block chain platform and protected by cryptography. A CPO is an entity that deals in accepted types of crypto assets whether as a principal or an agent, and is permitted to store and maintain custody of the crypto-assets on behalf of its clients.
The regulation acknowledges four primary types of tokens
1. Payment tokens: tokens that are primarily used for acquiring goods/services.
2. Utility tokens: tokens that provide access to a specific application or service but cannot be used as method of payment for external applications.
3. Asset tokens: tokens that represent legally grounded assets, which include debt or shares.
4. Hybrid Tokens: tokens that possess features of one or more of the other mentioned types of tokens.
Licensing
Pursuant to the regulation, the corporate form of a CPO is restricted to being a Bahraini joint stock company. Foreign crypto-asset exchange licensees, however, may be licensed in Bahrain provided that the applicant maintains management presence and premise(s) in Bahrain.
In addition, the applicant is required to maintain a professional indemnity insurance coverage of a minimum of BHD 100,000; and must have an appropriate cybersecurity policy.
Capital Requirements
The regulation divides the types of crypto-asset services into four categories, each with a different minimum capital requirement and a different set of services that the crypto-asset operator may provide.
The first category, and one with the lowest capital requirement, is for reception and transmission of orders and provision of investment advice in relation to accepted crypto asset services. The minimum capital requirement for a licensee of this category is BHD 25,000. At the other end of the spectrum is the operation of a licensed crypto-asset exchange and provision of crypto-asset custody services. The minimum capital requirement for this category is BHD 300,000.
Time To Launch
The regulation provides that a CPO licensee must commence operations within six months from receiving the approval from the CBB or risk having the decision withdrawn. Following receiving CBB approval to commence the offer of services, the licensee is required to retain an independent third party to create a readiness assessment report.
Crypto wallets
The regulation also provides two primary types of crypto wallets by CPO licensees, a custodial crypto wallet that restricts clients from having full control of their assets since the licensee is the designated custodian of the client’s private keys, and a non-custodial crypto wallet that provides clients with full control of their assets.
The CBB is the first banking regulator in the GCC to finalize regulations for crypto-assets. At the time of this article, Rain Management W.L.L is the only licensed crypto asset services provider in the Kingdom of Bahrain.
For more information on the license requirements, please feel free to contact us.
The Financial Services Regulatory Authority of Abu Dhabi Global Market released a regulatory framework for Digital Investment Managers (Robo-advisors). They recently issued a new Supplementary Guidance: Autorisation of Digital Investment Management (“Robo-advisory”) Activities. The organization believes that these regulations will promote oversight, fairness, accountability, and transparency in the digital financial sector.
“Robo-advice leveraging AI and data analytics is an area of FinTech that has enormous potential to improve investment decision making in the Middle East and Africa region,” said Richard Teng, the Financial Services Regulatory CEO of ADGM. “With this guidance, we aim to make it easier for digital investment businesses to operate in ADGM and in turn provide investors with greater access to professional investment tools to help achieve their financial goals.”
The ADGM issued the guidance under Section 15(2) of the Financial Services and Markets Regulations 2015 (FSMR). According to the organization, the regulation is relevant to those who apply for Financial Services Permissions to conduct Regulated Activities, as defined in the FSMR (Section 19), where applicants undertake Digital Investment Management.
The ADGM defines “Digital Investment Management” as financial services that use algorithm-based technology. These tools require limited human interaction between clients and Robo-advisory providers. Their affluent customers are comfortable receiving financial services through digital channels. It also influences how they select service providers.
Digital Investment Management business models fall under two different categories within the GCC region. The first one is the fully digital model which requires little human interaction with clients, other than technical support services. The second is the hybrid model, where clients can interact with a financial adviser to discuss automated digital investment strategies produced by algorithm-based technology.
Digitized platforms allow financial managers to offer customized, cost-effective investment management services to their clients. Unfortunately, this technology has inherent risks that differ from traditional business investment models. The guidance explains how the FSRA applies regulatory safeguards to Digital Investment Managers. Additionally, the document discusses how managers can mitigate risks this technology poses to clients and the ADGM’s goals.
“As an international financial center, ADGM actively enhances its framework and platform to support innovation and the varying financial needs of businesses, investors, and consumers,” Teng said. “We look forward to welcoming more Robo-advisors to establish their presence in Abu Dhabi in ADGM and support investors with their innovative solutions.”
The guidance addresses two critical areas. The first involves regulatory permissions that the ADGM requires operators need to provide digital investment services. The second addresses how the FSRA will apply authorization criteria to areas such as governing technology and algorithms, and suitability and disclosure. The ADGM has established the following guidelines for Robo-advisors in their new supplementary guidance.
Permission Required for Digital Investment Management – As part of their business plan, Digital Investment Managers must have Financial Services Permissions to undertake Regulated Activities. They include credit advising, investment arrangements, and managing assets. Additionally, the manager may hold the assets of clients. They can also establish direct, asset-holding relationships with customers and regulated Custodians. In the latter case, the administrator needs an FSP to conduct “Regulated Activity of Managing Assets,” unless they meet exclusion criteria (Schedule 1, Paragraph 47.) FSP-accredited managers don’t need separate permissions to advise on investments, credit issues, or financial deals if these Regulated Activities are an incidental part of their business. For details, read Sections 3.1 – 3.4.
Prudential capital requirements – The ADGM requires Digital Investment Managers (who manage assets under 3C Category) to have a base capital of $250,000. Businesses that advise on investments or credit arranging deals must meet the $10,000 base capital requirement. The regulators require a higher prudential capital requirement for Digital Investment Managers because of the inherent risks involved with the investment process. These administrators can make investment decisions without first obtaining a client’s approval. Additionally, there is an increased operational complexity to hold client assets as part of the discretionary asset management process. For details, read Section 3.5.
Algorithm governance – Digital Investment Managers offer algorithms as their primary service. These professionals oversee critical components of the investment management process including portfolio allocation, risk profiling, and rebalancing. The FSRA requires Digital Investment Managers to create internal governance structures and hire a competent Board and top administrators. They must regulate and control the deployment, performance, design, and security of all algorithms. Qualified staff should ensure algorithm models functions, and provide documentation to explain its logical structure or decision tree. Additionally, businesses must establish safeguards to provide security and access controls for their model’s integrity. Companies should conduct ongoing monitoring and testing to assess whether the models achieve their outcomes and objectives. For details, read Sections 4.4 – 4.5.
Technology governance – Digital Investment Managers must ensure that its systems and controls are commensurate for the scale and complexity of its business operations. These controls include information transmission and storage, investor safeguards and protections, outsourcing, technical operations, and contingency arrangements. Additionally, managers must assess and mitigate risks for their clientele. For details, read Sections 4.6 – 4.7.
Suitability requirements – Digital Investment Managers should follow suitability rules outlined in the FSRA’s Conduct of Business Rulebook (COBS). The ADGM requires Digital Investment Managers to offer reasons for Specified Investments they recommend to clients. Companies should design a Risk Profile Questionnaire. They must ensure the information used to assess suitability can handle the risk and complexity of Specified Investment transactions on their platform. For details, read Sections 4.8 – 4.10.
Disclosure – The FSRA expects Digital Investment Managers to comply with the disclosure requirements in COBS. The professionals must provide sufficient details about the services they provide to Retail and Professional Clients. Digital Investment Managers should provide clear, fair communications to their customers that are not misleading. They should provide details about the nature and scope of services, products, and if they’re suitable to meet the client’s objectives. The companies should tell customers about any conflicts of interest. For details read Sections 4.11 – 4.14.
For a full list of requirements read the Supplementary Guidance: Autorisation of Digital Investment Management (“Robo-advisory”) Activities.
Trust the Hammad & Al-Mehdar Law Firm to handle your corporate legal services. We are a leading law firm in Saudi Arabia that has more than 35 years of experience. Our veteran team has seasoned attorneys that specialize in international law and common law. The Hammad & Al-Mehdar Law Firm’s focus sectors include private equity, venture capital, private client advisory, and real estate. Contact us to schedule a consultation today.
The Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market (ADGM) recently updated its governance of crypto assets. In May 2019, the Authority released the second edition of its “Guidance for the Regulation of Crypto Asset Activities.” The regulation focuses on the FSRA’s oversight of crypto assets and related financial services that occur within the ADGM.
Last year, the ADGM released the first edition of its Guidance when it launched its comprehensive regulatory framework that oversees digital assets on June 25, 2018. The ADGM issued these new policies under section 15(2) of the Financial Services and Markets Regulations 2015 (FSMR).
The ADGM created the framework to address the full range of risks that crypto asset activities present for traders. These risks include money laundering, financial crimes, technology governance, consumer protections, custody, and exchange operations.
The FSRA notes that the new regulations will provide more clarity about crypto assets in light of recent technology developments.
The document addresses consumer protection, safe custody, technology governance, and disclosure/transparency. Additionally, they addressed Market Abuse and the regulation of Crypto Asset Exchanges in a regulatory approach similar to how global exchanges oversee securities and derivatives.
The FSRA’s enhanced Guidance applies to four types of persons:
The main features of the enhanced regulations are:
The Guidance does not provide comprehensive regulations about crypto assets. Interested entities should consult Financial Services and Market Regulations (FSMR) for a full list of rules and see “Guidance & Policies Manual of FSRA,” and “Guidance – Regulation of Crypto Asset Activities in ADGM.”
If you’re a crypto asset trader, you need expert legal advice to help them navigate Saudi Arabia’s evolving financial marketplace. Hire the Hammad & Al-Mehdar Law Firm to manage all of your legal affairs. We are a respected law firm with more than 35 years of industry experience. Our legal experts can help you in the Kingdom’s financial sectors, including private equity.
The Islamic Finance News awarded us the Best Law Firm in the category of Mergers & Acquisitions in 2018. We also receive an honorable mention in the Private Equity category. Our professional expertise allows us to be a good partner for international businesses. The Hammad & Al-Mehdar Law Firm also has alliances with other global law firms. Contact us today for more information. You can also follow us on our official Linked In and Twitter pages.
Constant technological improvements are disrupting most industries, providing new and more innovative products and services to customers. The financial industry is no exception, and technological advancements in this sector, referred to as FinTech, are on the rise.
In its early stages, there was no official definition of FinTech. The International Organization of Securities Commissions (IOSCO) has rectified this problem by formally defining eight areas of FinTech development in its 2017 FinTech Report:
Specifically, innovative FinTech is defined as business models that offer one or more financial products or services in an automated fashion, through use of the internet and emerging technologies. These technologies could include cognitive computing, machine learning, artificial intelligence, or Distributed Ledger Technologies (DLT).
There is no doubt that Fintech has the ability to significantly change the financial services industry – but as with all new technology, it doesn’t come without risk or concern from regulators.
It is often the case that the speed of technology outpaces the speed at which lawmakers and regulators can adapt to address concerns raised by this new technology. This is certainly the case for FinTech, which has seen explosive growth over the last several years. In 2005, there were approximately 1,600 companies involved in FinTech investment with funding at around $5.5 billion. By 2016, the number of companies involved in FinTech had grown to 8,800 with $100.2 billion in funding.
The 2016 numbers, however, are nothing compared to 2018 when FinTech really began to take off. The size of the FinTech nearly doubled in a single year and saw two massive deals: acquisition of WorldPay by Vantiv for $12.9 billion and a $14 billion VC funding round raised by Ant Financial. These significant investments show the maturity of the market.
As the FinTech market grows at a rapid pace, regulators are struggling to deal with a number of pressing regulatory issues, including:
There are two main finance regulators in Saudi Arabia – the Saudi Arabian Monetary Authority (SAMA) and the Capital market Authority (CMA). The Saudi Arabian regulators are taking steps to ensure the FinTech industry can thrive in Saudi Arabia.
In May 2017, SAMA issued a Cyber Security Framework aimed at building an infrastructure for cyber security governance for regulated entities. This infrastructure was developed specifically with an aim of ensuring that Saudi Arabian banking, insurance, and financing sectors can manage and withstand cyber security threats.
As part of the infrastructure’s development, SAMA contemplated the ways in which the effected entities use technology. The framework provides specific considerations for financial technologies such as electronic banking services and payment systems. The guidelines specifically address the fact that new online services and new developments can introduce new issues with respect to confidentiality.
Development of cybersecurity standards help regulated entities seek guidance for issues that are commonly difficult and uncertain for FinTech companies.
In 2018, SAMA launched the Fintech Saudi initiative, aimed at establishing Saudi Arabia as a FinTech hub. The stated goal of the initiative is to transform “Saudi Arabia into an innovative fintech hub with a thriving and responsible fintech ecosystem.”
The initiative includes establishment of a sandbox regulatory environment in February 2019, following the lead of other regulators in the Arabian Gulf. The goal is for SAMA to better understand and asses the impact of FinTech technologies in the financial services market. The sandbox regulatory environment will allow for relaxed regulatory controls, allowing established financial institutions the opportunity to interact with start-ups in the FinTech space without fear of regulatory backlash.
The regulatory sandbox is intended to provide a variety of benefits to various FinTech stakeholders, including:
Because Saudi Arabia is still concerned with protecting consumers, it is only likely to offer flexibility with respect to the following requirements:
There is not likely to be any flexibility on issues of consumer data protection, anti-money laundering, handling of customer’s assets by intermediaries, resolution of disputes process, requirements of consumer disclosures, and requirements on cyber security.
FinTech providers interested in qualifying for the regulatory sandbox are required to apply, and the second batch of companies were selected in June 2019. It was only available to innovators who are proposing (1) technology that is currently non-regulated under existing SAMA regulations; and (2) new digital business models that are not covered under SAMA regulations. Currently the FintechSaudi Initiative has 22 members and 54 partners.
Saudi Arabia’s measured approach to ensuring protection for consumers while still allowing FinTech an opportunity to flourish is a great example of the flexibility needed for FinTech technology. Other countries should watch the FintechSaudi initiative to gauge its success and determine whether a similar model would be beneficial in other tech hubs.
If you are wondering how your FinTech company or technology could benefit from increased presence in Saudi Arabia, contact us today for advice.