The Dubai International Financial Centre (DIFC) is often described as the free zone with the most sophisticated legal regime in the UAE.

It is not only favoured for the absence of foreign ownership restrictions prevalent in onshore UAE but also praised for its international standards of accountability and its consistent approach towards implementing its laws and regulations.

The DIFC provides a comprehensive legal framework together with secure, easy access to an electronic public register for companies incorporated in the DIFC. Companies’ records are maintained by the DIFC Registrar of Companies (ROC). The ROC’s records are linked to an online platform - the DIFC Portal, for each company incorporated in the DIFC, and each company account on the portal is to be maintained and updated by that company itself. However, this framework is costly to maintain, and that cost is compliance obligation, and the time and money involved.

Beware of Non-Compliance

Compliance with DIFC law is monitored by the Dubai Financial Services Authority (DFSA) and depending on the nature/extent of the breach, non-compliance or breaches result in the prompt levying of administrative fines on companies and their management after the lapse of the applicable grace period (which can be for 30 days).

Fines can range from USD 1,000 (for failing to maintain accounting records open to inspection) to USD 50,000 (for provision of false or misleading information to the ROC) and in some cases, where there is prolonged non-compliance, the ROC has the right to deregister the company (i.e. cancel its license and declare the company defunct).

While the UAE does not have a dedicated data protection law currently in place at a federal level, the DIFC has its own Data Protection Law No. 1 of 2007 and its corresponding regulations in place. When processing personal data, an entity is required to appoint a data controller from amongst its employees and notify the Commissioner of Data Protection in the DIFC if it intends to process personal information. A company’s data controller must notify the Commissioner of any changes related to personal data operations within 14 days. Failing to notify the Commissioner may result in the imposition of a fine of USD 5,000.

A Culture of Compliance

The DIFC promotes a culture of compliance through its educational seminars, publications, discussion panels as well as its imposition of sanctions. These high standards of accountability have over the past decade, enabled the DIFC to acquire its reputation as an international hub.

It is crucial for companies operating in sophisticated free zones like the DIFC to allocate the right resources to compliance, including company secretarial functions. Finding the right individuals may be challenging but compliance with DIFC laws should not be compromised. In our experience, professional corporate service providers are under-used by DIFC companies.

A number of corporate service providers operate in the DIFC and companies willing to outsource their compliance functions can rely on them to maintain their books and records, including DIFC registers and to renew their commercial licences.

Our experience indicates that many DIFC companies pay insufficient attention to their overall corporate governance, particularly filing of returns with the Registrar ROC. The DIFC monitors the compliance of companies operating in the DIFC and periodically inspects the office premises and in-house corporate records of these companies. Non-compliance with any requirements can lead to sanctions being imposed by ROC and/or the DFSA.

Conclusion

In a challenging economic climate, companies are often focussed on pressing business concerns. Compliance can fall by the wayside.

We predict companies will increasingly outsource their compliance needs to trustworthy corporate service providers, allowing management to generate profits without undue distraction.