Evolving Landscape for Whistleblower Protection in the UAE
by Suditi Surana
Whistleblowing or simply put, the act of drawing attention to or complaining about perceived wrongdoing, misconduct, unethical activity within one’s organisation has been a topic of great relevance in the last few years. While there is no federal law relating to whistleblowing in the UAE, there have been significant legal developments in this area.
The Dubai Law No. 4/2016 on Dubai Economic Security Centre which applies to all entities licensed in Dubai and the freezones established the Dubai Economic Security Centre (DESC). The DESC is tasked to fight corruption, crimes of fraud, bribery, embezzlement, damage to public property, forgery, counterfeiting, money laundering, financing terrorism and monitor financial violations and markets. This law defines a whistleblower as a person who notifies or cooperates with the DESC about any matter that may prejudice the economic security of Dubai. DESC is required to ensure confidentiality and provide the necessary protection to the whistleblower from retaliation or discrimination. However, this law has not seen much practical implementation and is yet to be tested.
In this inBrief, we look at whistleblowing policies that have been adopted by three freezones in the UAE: the Dubai Multi Commodity Centre, the Dubai International Financial Centre, and the Abu Dhabi Global Markets.
Dubai Multi Commodity Centre (DMCC)
Subsequent to the establishment of the DESC, the DMCC, one of Dubai’s most prominent freezones, also issued a whistleblowing guidance note for its members on 10 November 2019. The DMCC has defined whistleblowing very widely to include any concern regarding actual or potential illegal activity, or unacceptable or undesirable behavior of public concern which may have reputational impact including financial malpractice, fraud, failure to comply with a legal obligation, human rights abuses, dangers to health and safety or the environment, etc. The guidance extends to (i) employees and former employees; (ii) consultants; (iii) accredited members of DMCC clubs; (iv) owners, residents and visitors to DMCC free zone; and (v) owners’ associations and management companies.
Any such complaint must be made to the dedicated email ID of DMCC Authority and may be made anonymously. It also contains principles relating to confidentiality and protection if such complaint is made in good faith and with reasonable suspicion.
Dubai International Financial Centre
The Dubai Financial Services Authority (DFSA) published its own Whistleblowing Regime in April 2022 that applies to a registered auditor, a DFSA Authorised Person (an entity licensed to undertake financial services in the DIFC), or a Designated Non-Financial Business or Profession (which includes real estate developers, dealers in precious metals, law firms, accounting firms, company service providers or a singly family office). All these entities need to put in place appropriate and effective policies and procedures to facilitate the reporting and assessment of regulatory concerns. The whistleblowers may make a complaint to its organisation or directly to the DFSA. Legal protections are available to the whistleblowers only when the disclosure relates to a reasonable suspicion that the organisation has contravened any law or is engaged in money laundering, fraud or any other financial crime provided that the disclosure is made in good faith. These provisions have been given legal effect by making adequate amendments to the DIFC Regulatory Law 2004.
The Abu Dhabi Global Markets (ADGM)
The ADGM, the other financial freezone in the UAE aside from the DIFC, is the latest entrant to this regulatory space. The ADGM issued Guiding Principles on Whistleblowing in December 2022 and, unlike the DIFC, the ADGM has issued a non-binding Guidance which is proposed to complement its regulatory framework and act as guidance for all ADGM entities when designing and implementing a whistleblowing infrastructure. It is worth noting that the ADGM Authority and its financial regulator, the Financial Services Regulatory Authority, also provide infrastructure (on their websites) to make such complaints directly to the authorities. However, it is advised (but not mandated) that the complainant tries contacting the relevant entity directly in the first instance as this can often lead to a swift and efficient resolution of the issue.
The ADGM Guidance is very comprehensive and sets out the following principles:
1.Guiding Definition of Whistleblowing: ADGM encourages entities to use a broad definition of whistleblowing which could include references to fraud, money laundering, corruption, breaches of legal or regulatory requirements, unethical conduct and/or acts to cover up wrongdoing. It should be clear that whistleblowing is distinct from an employee grievance or a customer complaint.
2.Non-Retaliation: A whistleblowing framework should at all times adequately protect whistleblowers from any and all forms of retaliation or disadvantage arising from their whistleblowing. The policy of non-retaliation should be credible and convincing.
3.Confidentiality and Due Process: ADGM entities should have controls in place to prevent unauthorised access to whistleblowing reports or any information that might inadvertently or inappropriately reveal the identity of a whistleblower or the subject of the complaint. Disclosure of information to appropriate external whistleblowing channels – such as a regulator or independent investigator – should be expressly exempt from confidentiality requirements.
4.Reporting in Good Faith: Protection to whistleblowers is only afforded if the report is made in good faith, i.e. based on an honestly held belief that the information offered at the time of disclosure is true. While a genuine misunderstanding should still be protected, deliberate false disclosures or those made exclusively in self-interest do not meet this criterion.
5.Components of a Whistleblowing Framework: No one-size-fits-all approach. Each entity has the flexibility to decide its own policy and reporting requirements depending on its size, business, risk profile and complexity. Independent assessment and investigation should be supported with appropriate training and awareness sessions for staff and managers.
6.Culture: The Guidance insists on a ‘tone from the top’ approach and emphasises that a robust whistleblowing approach is ineffective if not supported in practice. It highlights issues such as under resourcing, low responsiveness, inadequate investigation and poor confidentiality as roadblocks and insists that the entity culture should be such that whistleblowers feel safe to raise issues, and that there are credible channels they are aware of and can use.
The ADGM Guidance adds to the regulatory regime applicable across UAE and provides entities with several key issues that they must consider while drafting their internal whistleblowing policies. Similar to the DIFC, it can be expected that the existence of an effective whistleblowing policy, and measures taken by an entity to enforce it, may be considered as a relevant factor while determining any penalties or sanctions imposed by the ADGM against such an entity. This would imply that an ADGM entity should take adequate measures to formulate and maintain its internal policies in line with the Guidance. ■