This handbook guides compliance officers through:
✓ Understanding DFSA regulatory requirements
✓ Securing AMI authorization and licenses
✓ Maintaining ongoing compliance obligations
✓ Managing facility-specific requirements
✓ Navigating supervision and control regimes
Part 1: Understand Your Regulatory Framework
1.1. Understand the Legal Foundation
Use this handbook as your essential guide to navigate compliance requirements for compliance officers, senior management, and key personnel of Authorised Market Institutions (AMIs) operating within the Dubai International Financial Centre (DIFC). Its purpose is to provide a clear and strategically-focused overview of the regulatory obligations mandated by the Dubai Financial Services Authority (DFSA). This initial section establishes the foundational legal framework that underpins the licensing and supervision of AMIs, which are critical infrastructures for the stability and integrity of the financial markets.
The legal authority for the DFSA’s regulatory regime governing AMIs is established by a clear statutory hierarchy. The Regulatory Law 2004 and the Markets Law 2012 provide the high-level legal mandate, while the AMI Rulebook contains the detailed, binding rules that operationalize these legal principles. The Regulatory Law 2004 provides the overarching authority for the DFSA’s supervisory functions, explicitly prohibiting any Person from carrying on a Financial Service without a licence (Article 41) and permitting a licensed Person to conduct the specific Financial Services for which they are authorised (Article 42).
Complementing this, the Markets Law 2012 establishes a dedicated framework for the creation and administration of an Official List of Securities. This crucial market function can be maintained either directly by the DFSA or by an AMI that has been granted a specific endorsement on its licence to perform this activity (AMI 1.2.3).
This high-level legal architecture creates the environment within which the specific rules of the AMI Rulebook operate, defining the scope of entities and individuals subject to its detailed provisions.
1.2. Identify Who Must Comply
Identify which entities and individuals must comply with the AMI Rulebook. The regulatory objective is to ensure comprehensive oversight not only of the licensed institution but also of the key individuals and controllers who direct and influence its operations.
The AMI Rulebook applies directly to the following Persons:
• A Person applying to become, or currently operating as, an Authorised Market Institution (AMI).
• A Key Individual, or a Person intending to become a Key Individual, of an AMI.
• A Controller, or a Person intending to become a Controller, of an AMI.
Understanding this scope is the first step in navigating the detailed process of obtaining and maintaining a license to operate within the DIFC’s financial ecosystem.
Part 2: Navigate the Licensing Process
2.1. Prepare for the Licensing Process
The licensing phase is the gateway to operating as an AMI within the DIFC. It is a critical and rigorous process during which an applicant must build and demonstrate a robust compliance framework capable of meeting the DFSA’s high standards of governance, operational resilience, and financial adequacy. This is not a one-time assessment; the applicant must prove it can satisfy these requirements at the point of authorisation and, crucially, on an ongoing basis throughout its operational life.
The initial application and assessment process is the foundational step where an aspiring AMI must prove its fitness and propriety to the regulator.
2.2. Complete the Authorization Process
A Person (“applicant”) seeking to become an AMI must formally demonstrate to the DFSA’s satisfaction that it can meet all relevant Licensing Requirements at the time of the license grant and continuously thereafter (AMI 3.2.1). These requirements, which necessitate the development of comprehensive internal policies and systems, are detailed across several chapters of the AMI rulebook.
The key chapters containing the Licensing Requirements that an applicant must meet are:
• Chapter 5: General requirements for all Exchanges and Clearing Houses.
• Chapter 5A: Additional requirements for operating a facility for Investment Tokens.
• Chapter 5B: Additional requirements for operating a facility for Crypto Tokens.
• Chapter 6: Specific additional requirements for Exchanges.
• Chapter 7: Specific additional requirements for Clearing Houses.
During its assessment, the DFSA has broad powers to ensure a thorough evaluation of the applicant. The DFSA may:
1. Make any enquiries it considers appropriate, including those independent of the applicant (AMI 3.2.2(a)).
2. Require the applicant to provide additional information (AMI 3.2.2(b)).
3. Require information on how the applicant intends to ensure compliance with a particular requirement (AMI 3.2.2(c)).
4. Require that any information provided by the applicant be verified in a manner the DFSA specifies (AMI 3.2.2(d)).
5. Take into account any other information it considers relevant to the application (AMI 3.2.2(e)).
Applicants should consult the DFSA’s RPP Sourcebook for a comprehensive understanding of the regulator’s general policies and processes, which complement the specific rules in the AMI module (AMI 2.4.1 Guidance note 2).
2.3. Obtain Required Endorsements
In addition to the core license, an AMI may require specific endorsements to conduct certain specialized activities. These endorsements require the AMI to demonstrate the necessary capabilities and controls for these functions.
| Endorsement Activity | Key Requirements |
| Operate a Multilateral Trading Facility (MTF) | Must hold a Licence to Operate an Exchange and satisfy the requirement in Rule 4.2.1(3) (AMI 2.3.1). |
| Act as a Trade Repository | Must meet the requirements detailed in Appendix 5 of the GEN Rulebook (AMI 2.3.2). |
2.4. Secure Key Individual Approvals
Under Article 43 of the Regulatory Law, it is a regulatory necessity for every AMI to have DFSA-approved Key Individuals appointed to perform designated Licensed Functions. These individuals are central to the governance and control of the institution, and the DFSA must be satisfied as to their fitness and propriety before they can perform their roles (AMI 3.3 Guidance).
In certain circumstances, an AMI may need to appoint a non-Key Individual to temporarily cover the functions of an absent Key Individual. This is permitted under strict conditions:
• The absence of the Key Individual must be temporary or reasonably unforeseen (AMI 5.3.6(1)(a)).
• The temporary appointment must not exceed a maximum of 26 weeks in any consecutive 12-month period (AMI 5.3.6(1)(b)).
Firms must implement a robust succession plan and tracking mechanism to ensure these temporary appointments do not breach the 26-week limit, which would constitute a significant regulatory violation.
2.5. Manage Post-Licensing Changes
An AMI has an ongoing duty to notify and, where required, seek prior approval from the DFSA for any significant changes to its operations or license scope. A formal internal change management process is essential to ensure compliance with these obligations.
When proposing a material change to its arrangements, an AMI must provide the DFSA with a notice that includes:
• The details of the proposed change (AMI 4.3.2(1)(a)).
• The reasons for the proposed change (AMI 4.3.2(1)(b)).
• An assessment of the potential impact the change might have on the AMI’s ability to discharge its Regulatory Functions (AMI 4.3.2(1)(c)).
When applying to change the scope of its license, such as to add a new financial service, an AMI should provide the DFSA with particulars of the new activities and a revised business plan that outlines the rationale for the change (AMI 2.4.1 Guidance note 1).
The DFSA has the power to reject a proposed material change. If it does so, the AMI has the right to refer the matter to the Financial Markets Tribunal (FMT) for review (AMI 4.3.3 and AMI 4.3.2(2)).
Successfully navigating the licensing and modification processes is the prerequisite for operation. The subsequent challenge lies in adhering to the substantive, day-to-day operational requirements that ensure market integrity and stability.
Part 3: Maintain Ongoing Compliance
3.1. Prioritize Ongoing Compliance
Securing a license is only the beginning of the regulatory journey. The DFSA framework imposes a comprehensive and continuous set of obligations that an AMI must meet to maintain its authorized status. Adherence to these ongoing requirements is a core function for managing enterprise risk, ensuring market stability, protecting stakeholder interests, and upholding the integrity of the DIFC’s financial ecosystem.
The foundational pillar of this ongoing compliance is a robust corporate governance framework and a clear organizational structure.
3.2. Establish Corporate Governance
An AMI must establish and maintain a corporate governance framework appropriate to the nature, scale, and complexity of its business. This framework’s primary purpose is to promote the sound and prudent management of the institution while protecting the interests of its stakeholders (AMI 5.2.3). The General Module (GEN) of the DFSA Rulebook sets the baseline corporate governance requirements for all authorised persons, which the AMI Rulebook then augments with specific obligations for market infrastructure (GEN 5.3.30).
Key personnel and functional requirements necessitate board-level responsibility and clear internal policies:
• Key Individuals: An AMI must have DFSA-approved Key Individuals appointed to perform specified Licensed Functions, forming the core of its senior management and control functions (AMI 3.3 Guidance).
• Finance Officer: The AMI must appoint a Finance Officer who holds overall responsibility for compliance with the firm’s financial resource requirements. This individual must be a member of the Governing Body or a Senior Manager (AMI 5.3.5).
• Employee Fitness and Propriety: An AMI is obligated to establish and maintain systems and controls to ensure that all of its employees are, and remain, fit and proper for their roles. Records of this assessment must be kept for at least six years after an individual’s employment ceases (AMI 5.2.1).
A critical component of governance is the management of conflicts of interest. An AMI must have effective arrangements to promptly identify, prevent, manage, or disclose any conflicts that may arise. This duty requires arrangements to identify and manage conflicts arising in two distinct categories: (a) between the AMI itself and its shareholders, Members, or other users of its facilities; and (b) between its Members and other users of its facilities, and among those Members and users themselves (AMI 5.4.2). Senior management is specifically expected to identify and manage situations where the AMI’s commercial interests could potentially conflict with the proper performance of its Regulatory Functions (AMI 5.4.5 Guidance).
3.3. Implement Risk Management Systems
AMIs must establish and maintain adequate systems and controls for all aspects of their business. A crucial element of this obligation is the requirement to undertake regular reviews to ensure these systems and controls remain adequate and operate as intended, evolving with the business and threat landscape (AMI 5.5.1(3)). The general risk management requirements detailed in the GEN Rulebook apply to all AMIs (GEN Rules 5.3.5-5.3.7; AMI 5.5.2 Guidance).
For outsourcing, any material arrangements require prior approval from the DFSA. The AMI must follow the same procedure as it would for notifying the regulator of any other material change to its operations (AMI 5.5.3).
Information Technology (IT) Systems are fundamental to the operation of any modern market. An AMI’s IT systems must be adequate to ensure:
• Operational reliability (AMI 5.5.5(3)(i)).
• Business continuity in the event of a system failure (AMI 5.5.5(3)(ii)).
• The integrity of all data processed through its systems (AMI 5.5.5(3)(iii)).
Furthermore, AMIs must meet the testing requirements detailed in Appendix 1 of the AMI Rulebook to assess the adequacy and effectiveness of their own IT systems and those of their members (AMI 5.5.5(4)).
3.4. Maintain Financial Resources
AMIs are required to maintain, at all times, sufficient financial resources. The regulatory objective is twofold: to ensure an AMI can meet its liabilities as they fall due during normal operations, and, critically, to allow for an orderly wind-down of the business if circumstances require it, thereby preventing systemic disruption (AMI 5.5.4 Guidance note 1).
The financial resources held by an AMI must have the following characteristics:
• They must be of high quality and sufficiently liquid to allow the AMI to meet its current and projected operating expenses under a range of adverse scenarios, including in adverse market conditions (AMI 5.5.4(4)(a)).
• If held in the form of cash, they must be placed with an acceptable Bank or a supervised financial institution (AMI 5.5.4(4)(b)).
To ensure compliance, an AMI must have systems and controls in place to assess its financial resources on an ongoing basis, particularly after any significant event that could impact its operations (AMI 5.5.4 Guidance note 2).
3.5. Govern Market Operations
An AMI’s operations are governed by a detailed set of Business Rules. These rules, which are assessed by the DFSA at the time of licensing, form the contractual and operational basis for all activity on its facilities (AMI 5.6.1). Any subsequent amendment to these Business Rules can only be made in accordance with a strict process involving notification to the DFSA (AMI 5.6.4 to 5.6.7). The DFSA has the power to reject a proposed amendment or require the AMI to make changes to it (AMI 5.6.6(3)).
A “Member” is a Person granted access to the AMI’s facilities in accordance with its Business Rules (AMI 5.7.1(2)). Members are the primary entities through which trading and clearing occur, and the AMI’s due diligence on them represents a cornerstone of its gatekeeping function for market integrity. Before admitting a Person as a Member, an AMI must conduct thorough due diligence to ensure the person meets certain criteria, including:
• A sufficient level of competence and experience (AMI 5.7.2(3)(b)).
• Appropriate standards of conduct for its staff (AMI 5.7.2(3)(b)).
• Organizational arrangements, including financial and technological resources, that are adequate for its proposed activities (AMI 5.7.2(3)(c)).
An AMI may also permit a Member to provide its clients with Direct Electronic Access (DEA) to its trading facilities, provided the Member retains responsibility for all orders and trades and has systems to identify and, if necessary, stop orders from a DEA client (AMI 5.7.3).
These general operational principles are supplemented by specific requirements tailored to different types of market facilities.
3.6. Ensure Integrity and Transparency
AMIs have a core obligation to promote and maintain high standards of integrity and fair dealing on their facilities (AMI 5.9.1). This is supported by robust requirements for record-keeping, asset protection, and the prevention of financial crime, which necessitate the implementation of effective market surveillance and client asset protection frameworks.
An AMI must maintain comprehensive records for each transaction. This information is crucial for market surveillance and dispute resolution and must include key details such as:
• The name of the investment or Crypto Token (AMI 5.9.3 Guidance).
• The price, quantity, and date of the transaction (AMI 5.9.3 Guidance).
• The identities of the counterparties (AMI 5.9.3 Guidance).
In maintaining these records, AMIs must also comply with their obligations under the Data Protection Law, DIFC Law No. 5 of 2020 (AMI 5.9.3 Guidance).
For the safeguarding of assets, an AMI must have adequate custody arrangements in place. Any material changes to these arrangements, such as the appointment of a new custodian, require prior DFSA approval (AMI 5.10.1 Guidance note 3).
Finally, AMIs must operate appropriate measures to identify, deter, and prevent market abuse, money laundering, and financial crime on their facilities. They have an explicit duty to notify the DFSA immediately if they have reasonable grounds to suspect that such conduct has occurred (AMI 5.11.2).
Part 4: Meet Facility-Specific Requirements
4.1. Apply Facility-Specific Rules
While general obligations apply to all AMIs, the DFSA imposes a further layer of specific, detailed rules tailored to the unique risks and operational realities of different market types. This risk-based approach ensures that the regulatory framework is robust and proportionate to the activities being conducted, whether on a traditional exchange, a central clearing house, or a facility for digital assets. This section delineates those specialized requirements.
The first set of specific rules applies to AMIs operating as an Exchange.
4.2. Comply with Exchange Requirements
An AMI operating an Exchange must meet several specific obligations designed to ensure fair, orderly, and transparent markets (AMI 6.2.1).
• Derivatives Trading: An Exchange that trades Derivative contracts must have rules and mechanisms in place to monitor market activity and eliminate manipulative or disorderly conduct (AMI 6.3.1).
• Volatility Controls: An Exchange must have effective systems, controls, and procedures to ensure its trading systems are resilient, have adequate capacity, and can operate in an orderly manner under conditions of market stress (AMI 6.5.1).
• Error Trade Policy: An Exchange is required to establish and maintain an appropriate and adequate policy to prevent, identify, and rectify Error Trades (AMI 6.6.1).
• Short Selling and Foreign Ownership: The Exchange must have effective systems to monitor and manage Short Selling activities and to control any foreign ownership restrictions that apply to investments traded on its facilities (AMI 6.7.1 and AMI 6.8.1).
• Liquidity Incentive Schemes: An Exchange may only introduce a liquidity incentive scheme if it meets certain conditions, including limiting participation to its Members or other Persons who have undergone appropriate due diligence (AMI 6.9.1).
• Official List of Securities: An Exchange that wishes to maintain its own Official List of Securities must have its listing rules approved by the DFSA. Any subsequent amendments to these rules also require prior DFSA approval (AMI 6.11.2).
4.3. Fulfill Clearing House Requirements
This section applies to an AMI that operates a Clearing House, a systemically important entity that mitigates counterparty credit risk in financial markets (AMI 7.1.1). Clearing Houses are subject to stringent risk management requirements to ensure their resilience.
| Risk Category | Key Requirements |
| Legal Risk | Must have a well-founded, clear, transparent, and enforceable legal basis for all its material activities in all relevant jurisdictions (AMI 7.2.2). |
| Liquidity Risk | Must determine and maintain sufficient liquid resources to effect same-day settlement of its payment obligations with a high degree of confidence under a wide range of potential stress scenarios (AMI 7.2.3). |
| Credit Risk (for CCPs) | A Clearing House acting as a Central Counterparty (CCP) must establish a robust process to manage current and potential future credit exposures to its market counterparties and perform regular stress tests of its financial resources (AMI 7.3.1). |
| Segregation and Portability (for CCPs) | A CCP must have effective arrangements to protect the positions and collateral of a Member’s customers from the default or insolvency of that Member, ensuring these assets can be transferred (ported) to another solvent Member (AMI 7.3.3). |
Additionally, a Clearing House acting as a Central Securities Depository (CSD) has further obligations, including maintaining the integrity of securities issues and prohibiting securities overdrafts or debit balances in securities accounts (AMI 7.4.2).
4.4. Meet Digital Asset Requirements
AMIs that operate facilities for either Investment Tokens or Crypto Tokens are subject to a specialized rule set in Chapters 5A and 5B, respectively. These rules are designed to address the novel risks associated with Distributed Ledger Technology (DLT) and the unique characteristics of digital assets.
Investment Token Facilities (AMI Chapter 5A)
An AMI operating a facility for Investment Tokens must meet the technology audit report standards applicable to an Authorised Firm under COB section 14.5 (AMI 5A.3.1). This ensures a consistent level of technological scrutiny. The AMI must also be able to demonstrate that it has effective procedures built directly into its DLT application to manage its operations securely and efficiently.
Crypto Token Facilities (AMI Chapter 5B)
AMIs operating facilities for Crypto Tokens face a number of significant additional obligations, reflecting the increased compliance burden associated with these products, particularly where they are accessible to retail clients:
• Direct Access: If the facility permits direct access, the AMI must treat each Direct Access Member as its own Client and clearly set out its duties to them in its Business Rules (AMI 5B.3.1).
• Information Provision: Before permitting a Crypto Token to be traded, the AMI must publish a “key features document” on its website, including details on large holders (10% or more) and, for Fiat Crypto Tokens, details about the reserves backing the token (AMI 5B.4.1).
• Risk Warnings: Any website or mobile application promoting the facility must display a risk warning that is statically fixed and visible at the top of the screen, ensuring it cannot be missed by users (AMI 5B.4.4).
• Safe Custody: If the AMI also provides safe custody for Crypto Tokens, it must comply with the same stringent client asset and custody requirements that apply to an Authorised Firm acting as a Digital Wallet Service Provider (AMI 5B.5.1).
• Technology Audit: All systems and controls facilitated through DLT must be included within the scope of an annual audit, culminating in a written report to ensure their ongoing integrity and effectiveness (AMI 5B.6.1).
The specific rules governing different facility types underscore the DFSA’s risk-based approach, which transitions seamlessly into its oversight of an AMI’s ownership structure and its ongoing supervisory relationship with the regulator.
Part 5: Manage Control and Supervision
5.1. Understand Control Requirements
The integrity of financial market infrastructure is deeply linked to the quality and suitability of its ownership. To prevent unsuitable actors from controlling critical market infrastructure, the DFSA places significant regulatory focus on who controls an AMI. This final section details the rules governing controllers and outlines the ongoing supervisory relationship, which together form a cornerstone of market trust and stability.
The control regime is designed to ensure that those in a position of influence are, and remain, acceptable to the regulator.
5.2. Navigate the Control Regime
A “Controller” is a specifically defined term for a Person who, either alone or with associates, acquires a significant level of ownership or influence over an AMI (AMI 8.1.2). The criteria are quantitative, typically defined as holding 10% or more of the shares or voting power in the AMI or its holding company, or being in a position to exercise significant influence over the management of the AMI.
A Controller of an AMI incorporated under DIFC law must submit a written notification to the DFSA if that Person proposes to take one of the following actions (AMI 8.2.6):
• Cease to be a Controller.
• Decrease an existing holding from more than 50% to 50% or less.
To maintain ongoing transparency, every AMI must provide the DFSA with an annual statement identifying all of its Controllers (AMI 8.2.9).
The DFSA has the power to object to a Person becoming or remaining a Controller if it determines they are not acceptable. In such cases, the DFSA must provide the Person with a written notice stating its reasons and giving them an opportunity to make representations before a final decision is made (AMI 8.2.11).
5.3. Submit Required Notifications
AMIs have a continuous duty to keep the DFSA informed of specific events and changes that could impact their regulatory standing or operations. This proactive notification ensures that the DFSA can exercise its supervisory functions effectively and respond to emerging issues in a timely manner.
| Notification Trigger | Requirement | Source Rule |
| Change in Key Individual | Must notify the DFSA immediately of the cessation of a Key Individual’s appointment or any information that might adversely affect their fit and proper status. | AMI 9.4.2 |
| Amendment to Constitution | Must immediately give the DFSA notice of any amendment to its memorandum, articles of association, or other constitutional documents. | AMI 9.5.2 |
| Audit Committee Report | Must immediately give the DFSA a copy of any audit committee report that relates to the AMI’s Regulatory Functions. | AMI 9.6.2 |
| Trading of New Investment/Crypto Token | Must give the DFSA at least 5 business days’ notice before permitting trading of a new Investment or Crypto Token on its facilities. | AMI 9.8.1 |
| Suspension/Cessation of Trading | Must immediately notify the DFSA and facility users of any decision to suspend, restore from suspension, or cease trading in any Investment or Crypto Token. | AMI 9.8.2 |
| IT Systems Failure Plan Change | Must immediately notify the DFSA of any change to its action plans for responding to a failure of its IT systems. | AMI 9.9.1 |
5.4. Exercise Your Right to Appeal
The regulatory framework provides an appeal mechanism for Persons who are aggrieved by a decision made by an AMI. Pursuant to Article 30 of the Regulatory Law, a Person has a right to appeal a decision made by an AMI to a tribunal, in accordance with the procedures set out in the AMI’s own Business Rules (AMI 11.1.1). This ensures a fair process and provides an avenue for independent review of an AMI’s decisions.
This handbook has outlined the comprehensive regulatory lifecycle of an Authorised Market Institution, from initial application to ongoing supervision. It serves as a vital strategic asset for ensuring robust and continuous compliance with the DFSA’s regulatory framework, thereby safeguarding the integrity and stability of the DIFC’s financial markets.