1. |
VASPs shall appoint a CO who—
|
|
a. |
possesses at least five [5] years of relevant experience in a compliance function; |
|
b. |
is a Fit and Proper Person as approved by VARA; |
|
c. |
is a resident in the UAE or holds a UAE passport; |
|
d. |
is a full-time employee of the VASP; and |
|
e. |
reports directly to the Board. |
|
Such appointment shall be reviewed annually to ensure that the CO remains a Fit and Proper Person capable of discharging all relevant duties. VARA has the sole discretion to request a VASP to provide such evidence as VARA may require which shows that the above requirements are satisfied.
|
2. |
The CO shall be responsible for—
|
|
a. |
ensuring Staff, including Senior Management, are properly and adequately trained in respect of their understanding and compliance with all applicable laws and regulatory requirements, including those relating to consumer protection and AML/CFT; |
|
b. |
developing and implementing compliance policies and procedures, including a Business Continuity and Disaster Recovery Plan [BCDR Plan] as required in the Technology and Information Rulebook; |
|
c. |
assessing emerging issues and risks; |
|
d. |
reporting compliance activities and compliance audits to the Board; and |
|
e. |
if necessary, ensuring appropriate corrective actions are taken in response to deficiencies in the CMS and/or non-compliance with any applicable laws or regulatory requirements.
|
3. |
Compliance activities may be delegated to appropriate professionals, provided that—
|
|
a. |
the CO shall continue to be held accountable for all responsibilities and obligations in relation to the implementation of the CMS; and |
|
b. |
all applicable requirements in the Company Rulebook, including Outsourcing management requirements, are complied with.
|
4. |
Subject to relevant requirements in the Company Rulebook and if deemed appropriate by the VASP, the CO may hold more than one [1] non-client facing role within the VASP, provided such roles do not create conflicting duties, including but not limited to, the Money Laundering Reporting Officer [MLRO] and the head of the risk function. VARA will take into account other roles held by the CO in determining whether the individual is a Fit and Proper Person.
|