A Comprehensive Guide to DFSA Category 3C License: Requirements, Obligations, and Compliance

IMPORTANT DISCLAIMER: This article is based on the official DFSA Rulebook modules. All regulatory references, capital requirements, and compliance obligations are subject to change. Readers must always consult the most current version of the DFSA Rulebook and seek professional advice before making any decisions regarding DFSA licensing or compliance matters.

Introduction

The Dubai Financial Services Authority (DFSA) is the independent regulator of financial services conducted in or from the Dubai International Financial Centre (DIFC). The DFSA employs a risk-based approach to regulation, categorizing financial services firms into different license categories based on the nature and complexity of activities they undertake and the corresponding risks they pose to the financial system and clients.

Category 3C is a specific authorization class within the DFSA’s prudential framework. This category is designed for firms providing certain financial services with specific risk profiles that warrant a distinct regulatory approach. This article provides an overview of the Category 3C license, based on the DFSA Rulebook modules and regulatory materials. It is specifically tailored for Money Laundering Reporting Officers (MLROs) and Compliance Officers who need to understand the regulatory requirements and compliance obligations associated with this license category.

Regulatory Framework

The DFSA’s regulatory framework for Category 3C firms is primarily established in the following key modules of the DFSA Rulebook:

  • General Module (GEN): Defines the financial service activities and the overall authorization framework
  • Prudential – Investment, Insurance Intermediation and Banking Business Module (PIB): Establishes the prudential requirements including capital adequacy
  • Conduct of Business Module (COB): Sets out the standards of conduct for financial services activities
  • Anti-Money Laundering, Counter-Terrorist Financing and Sanctions Module (AML): Specifies AML/CTF requirements

According to PIB Rule 1.3.5, an Authorised Firm is in Category 3C if:

(a) its Licence authorises it to carry on one or more of the Financial Services of: (i) Managing Assets; (ii) Managing a Collective Investment Fund; (iii) Providing Custody (where it does so other than for a Fund and other than in relation to Crypto Assets); (iv) Managing a PSIA (which is a PSIAr); (v) Providing Trust Services (where it is acting as trustee in respect of at least one express trust); or (vi) Providing Money Services (where it issues Stored Value); and

(b) it does not meet the criteria of Categories 1, 2, 3A, 3B or 5.

The PIB Guidance to Rule 1.3.5 further clarifies that a Category 3C Authorised Firm may be authorised to conduct other Financial Services, but it is the authorisation for Managing Assets, Managing a Collective Investment Fund, Providing Custody other than for a Fund or in relation to Crypto Assets, Managing a PSIA which is a PSIAr, Providing Trust Services (where it is acting as a trustee in respect of at least one express trust), or Providing Money Services (where it issues Stored Value) and the absence of authorisation for the activities specified in PIB Rules 1.3.1, 1.3.2, 1.3.3 and 1.3.4 that are determinative of its belonging to Category 3C.

Scope of Activities

According to the DFSA Rulebook PIB 1.3.5, a Category 3C Authorised Firm is permitted to carry out the following Financial Services:

  • Managing Assets
  • Managing a Collective Investment Fund
  • Providing Custody (where it does so other than for a Fund and other than in relation to Crypto Assets)
  • Managing a PSIA (which is a PSIAr – Profit Sharing Investment Account that is restricted)
  • Providing Trust Services (where it is acting as trustee in respect of at least one express trust)
  • Providing Money Services (where it issues Stored Value)

A Category 3C firm may also be authorized to conduct other Financial Services from Category 4 (such as Arranging Deals in Investments, Advising on Financial Products, etc.), but it cannot provide Financial Services in Categories 1, 2, 3A, or 3B.

Regulatory Requirements

Capital Requirements

According to the PIB Module, Category 3C firms are subject to specific capital requirements:

  • Base Capital Requirement: The amount of permanent share capital that must be maintained by a Category 3C firm at all times
  • Expenditure Based Capital Minimum (EBCM): A calculation based on a firm’s operating expenses

The Category 3C firm must maintain Capital Resources that exceed the higher of its Base Capital Requirement or EBCM at all times. The precise figures and calculation methods are set out in the PIB Module, and firms should consult the current version for the most up-to-date requirements.

Risk Capital Requirements

In addition to the base requirements, Category 3C firms must calculate and monitor their risk capital as specified in the PIB Module. This typically includes:

  • Credit Risk Capital Requirement
  • Market Risk Capital Requirement
  • Operational Risk Capital Requirement

The total Risk Capital Requirement is the sum of these components, and the firm must ensure its Capital Resources exceed this requirement at all times.

Liquidity Requirements

The PIB Module sets out the liquidity requirements for Category 3C firms. These include maintaining adequate liquidity resources to meet liabilities as they fall due. Specific liquidity coverage ratio requirements are detailed in the PIB Module.

Compliance Obligations

AML/CTF Requirements

Category 3C firms must comply with the comprehensive requirements set out in the AML Module. These include:

  • Appointment of an MLRO
  • Development and implementation of AML policies, procedures, systems, and controls
  • Customer due diligence
  • Enhanced due diligence for higher-risk customers
  • Ongoing monitoring of customer relationships
  • Suspicious activity reporting
  • AML training for employees
  • Record-keeping

The MLRO must be resident in the UAE, have sufficient seniority and independence, and have unfettered access to all business lines and support functions.

Client Classification Requirements

As stipulated in the COB Module, Category 3C firms must classify clients as:

  • Retail Clients
  • Professional Clients (Service-based or Assessed)
  • Market Counterparties

This classification determines the level of regulatory protection afforded to clients and the corresponding obligations on the firm. Professional Client classification requires meeting specific net asset thresholds or knowledge and experience criteria as outlined in the COB Module.

Record-keeping Obligations

The GEN Module outlines comprehensive record-keeping requirements. Category 3C firms must maintain records for the period specified in the rulebook. Specific records required include:

  • All business transactions
  • Client identification and classification documentation
  • Client agreements and instructions
  • Financial instruments held for clients
  • Compliance reviews and audits
  • Staff training records
  • Communications with clients

Reporting Requirements

Category 3C firms have several reporting obligations to the DFSA, including:

  • Prudential Returns
  • AML Return
  • Quarterly regulatory returns
  • Notification of material events
  • Annual financial statements

Governance Requirements

Required Appointments for an Authorized Firm

According to the DFSA Rulebook, a Category 3C firm must make the following mandatory appointments:

  • Board of Directors: With appropriate expertise and experience
  • Senior Executive Officer (SEO): Responsible for day-to-day operations
  • Finance Officer (FO): Responsible for the financial affairs of the firm
  • Compliance Officer (CO): Responsible for compliance matters
  • Money Laundering Reporting Officer (MLRO): Responsible for AML/CTF compliance
  • Risk Officer: Responsible for risk management functions

Some of these functions may be outsourced in accordance with the DFSA’s outsourcing requirements, but the firm remains responsible for compliance with all relevant obligations.

Control Functions

The GEN Module requires Category 3C firms to establish and maintain the following control functions:

  • Compliance Function: To monitor compliance with applicable laws and regulations
  • Risk Management Function: To identify, measure, monitor, and control risks
  • Internal Audit Function: To examine and evaluate the adequacy and effectiveness of systems and controls

These functions must be independent of operational functions and have sufficient authority, resources, and direct access to the Board.

Fit and Proper Standards

All individuals performing Licensed Functions must satisfy the DFSA’s fit and proper criteria as outlined in the GEN Module. These criteria include:

  • Integrity
  • Competence and capability
  • Financial soundness

Application Process

The application process for a Category 3C license generally involves several key steps:

  1. Initial Assessment: Determine if Category 3C is the appropriate license class based on intended activities
  2. Pre-application Meeting: Meeting with the DFSA to discuss the application
  3. Preparation of Documentation:
    • Regulatory Business Plan
    • Financial model and projections
    • Policies and procedures
    • Application forms
  4. Formal Application Submission: Submit completed application forms and supporting documentation
  5. DFSA Review: The DFSA reviews the application
  6. Interviews: The DFSA conducts interviews with proposed senior management
  7. In-principle Approval: If satisfied, the DFSA grants approval in principle
  8. Operational Readiness: Establish physical presence in the DIFC, implement systems and controls
  9. Final Approval: Upon confirmation of operational readiness and capital deposit, the DFSA grants the license

Required documentation typically includes:

  • Regulatory Business Plan
  • Financial projections
  • AML/CTF policies and procedures
  • Compliance manual
  • Risk management framework
  • Personal questionnaires for Controllers and proposed Authorized Individuals
  • Corporate structure diagrams
  • Evidence of capital

Ongoing Obligations

Regular Reporting

Category 3C firms must submit various reports to the DFSA on an ongoing basis, including:

  • Prudential returns
  • Annual audited financial statements
  • Annual AML return
  • Reports on material changes to business or control functions

Notifications

The GEN Module outlines events that require notification to the DFSA, including:

  • Changes to Controllers
  • Changes to Authorized Individuals
  • Breaches of Rules or Laws
  • Significant changes to business operations
  • Matters that could have a significant impact on the firm’s reputation or financial position

Annual Fees

Category 3C firms must pay annual fees to the DFSA as specified in the Fees Module (FER). The fee is based on the regulated activities the firm is authorized to conduct.

Compliance Reviews and Audits

Firms must conduct regular reviews of their compliance with DFSA Rules, including:

  • Review of AML systems and controls
  • Periodic review of compliance with conduct of business rules
  • Independent audit of financial statements
  • Periodic assessment of capital adequacy

Comparison with Other License Categories

Category 3C vs. Category 3B

Based on PIB Rules 1.3.4 and 1.3.5, key differences include:

  • Category 3B focuses on:
    • Providing Custody (where it does so for a Fund or Provides Custody of Crypto Assets)
    • Acting as the Trustee of a Fund
    • Operating an Employee Money Purchase Scheme
    • Acting as the Administrator of an Employee Money Purchase Scheme
  • Category 3C focuses on:
    • Managing Assets
    • Managing a Collective Investment Fund
    • Providing Custody (where it does so other than for a Fund and other than in relation to Crypto Assets)
    • Managing a PSIA (which is a PSIAr)
    • Providing Trust Services (where it is acting as trustee in respect of at least one express trust)
    • Providing Money Services (where it issues Stored Value)

Category 3C vs. Category 3A

Based on PIB Rules 1.3.3 and 1.3.5, key differences include:

  • Category 3A focuses on:
    • Dealing in Investments as Principal (where it does so only as a Matched Principal)
    • Dealing in Investments as Agent
  • Category 3C has no dealing authorization but focuses on asset management, custody, and trust services as detailed above.

Category 3C vs. Category 4

Based on PIB Rules 1.3.5 and 1.3.6, key differences include:

  • Category 4 is limited to arranging and advisory activities such as:
    • Arranging Deals in Investments
    • Advising on Financial Products
    • Arranging Custody
    • Insurance Intermediation
    • Insurance Management
    • And other specified activities
  • Category 3C involves more direct management of assets and provision of services that involve greater responsibility for client assets.

Best Practices for Compliance

For MLROs

  1. Risk-Based Approach: Implement a risk-based approach to AML/CTF that reflects the specific risks of Category 3C activities
  2. Customer Risk Assessment: Develop robust procedures for risk-profiling clients
  3. Transaction Monitoring: Implement systems to detect unusual patterns in asset movements
  4. Independent Testing: Conduct regular independent reviews of AML/CTF framework
  5. Stay Updated: Maintain awareness of DFSA notices and updates to AML requirements

For Compliance Officers

  1. Regulatory Calendar: Maintain a comprehensive calendar of all reporting deadlines and reviews
  2. Capital Monitoring: Implement daily monitoring of capital adequacy against requirements
  3. Conflicts Management: Develop robust procedures for identifying and managing conflicts of interest
  4. Training Program: Establish comprehensive training on regulatory requirements specific to Category 3C activities
  5. Change Management: Implement processes to assess regulatory impact of new products or services
  6. Client Classification: Ensure robust procedures for client classification and regular review of classifications

Common Compliance Pitfalls

  1. Misunderstanding permissions: Confusion about what activities are permitted under Category 3C
  2. Inadequate capital planning: Not accounting for future business growth in capital projections
  3. Inadequate segregation of client assets: Failure to properly segregate client assets from firm assets
  4. Insufficient documentation: Particularly around client classification and suitability assessments
  5. Inadequate governance arrangements: Especially around control function independence
  6. Delayed notifications: Failing to notify the DFSA of material events in a timely manner

Conclusion

The Category 3C license offers a specific regulatory framework for firms engaged in asset management, fund management, custody (other than for a fund or crypto assets), restricted PSIAs, trust services, and certain money services. The DFSA’s regulatory approach is designed to ensure that firms operating under this category maintain appropriate systems, controls, and capital to manage the risks associated with these activities.

For MLROs and Compliance Officers, understanding the specific requirements and obligations associated with Category 3C is essential for maintaining regulatory compliance. The DFSA takes a risk-based approach to supervision, focusing on areas of higher risk, which for Category 3C firms typically includes custody arrangements, client asset protection, and governance.

By implementing robust compliance frameworks aligned with the DFSA requirements, Category 3C firms can ensure they meet their regulatory obligations while providing valuable financial services in the DIFC.

IMPORTANT: This article provides general guidance only. Always consult the current version of the DFSA Rulebook directly and seek professional advice from qualified consultants or legal advisors with expertise in DFSA regulations before making any decisions regarding licensing or compliance matters.

Last Updated

This article was last updated in March 2025. Regulatory requirements may have changed since this date. Readers should:

  1. Verify all regulatory references against the current DFSA Rulebook
  2. Confirm all capital requirements, thresholds, and ratios with the latest PIB Module
  3. Check for any DFSA notices or circulars that may impact Category 3C firms
  4. Consult the DFSA website for any updates to application processes or forms
  5. Seek professional advice on the current regulatory landscape

Scroll to Top