DIFC Compliance Obligations

Entities operating within the Dubai International Financial Centre (DIFC) are subject to a comprehensive set of regulatory and compliance obligations that reflect the DIFC alignment with international standards and best practices. As one of the region’s most prominent financial hubs, the DIFC continuously enhances its regulatory environment through increased supervisory oversight, structured reporting obligations, and robust enforcement mechanisms.

DIFC entities must comply with requirements set by the DIFC Authority and if licensed, the entity shall comply with the Dubai Financial Services Authority (DFSA), including licensing conditions, anti-money laundering (AML) and counter-terrorist financing (CTF) obligations, data protection rules, and financial reporting standards.

General Compliance Obligations

The below specific obligations may vary depending on the type of entity, regulatory status, and business activities conducted in or from the DIFC:

• Annual license renewal
• Maintaining a register of stakeholders
• Filing CRS and FATCA self-assessments
• CRS and FATCA audit questionnaires
• Submission of a risk assessment report
• Filing of CRS and FATCA reports via the UAE Ministry of Finance (MoF) portal
• Completion of the DIFC Compliance Assessment
• Submission of the Fintech Compliance Assessment

About FATCA/CRS Compliance

DIFC entities that received the FATCA/CRS self-assessment notification from crsfatca@difc.ae were required to submit their completed forms by April 10, 2025. This assessment is part of the UAE’s broader commitment to Automatic Exchange of Information (AEOI) under international tax cooperation frameworks.

DIFC entities (as required) must classify themselves as:

• Reporting Financial Institutions
• Non-Reporting Financial Institutions
• Active Non-Financial Entities (NFEs)
• Passive Non-Financial Entities (NFEs)

In addition to self-assessments, entities must ensure timely and accurate reporting of financial accounts held by reportable persons and controlling individuals via the UAE MoF portal, if required. The information is then exchanged with partner jurisdictions under FATCA (with the U.S. IRS) and CRS (with peer tax authorities).

The DIFC Authority may also request ad hoc clarifications or additional reports, especially where inconsistencies or gaps are observed.

Consequences of Non-Compliance

Failure to meet any of the above obligations, whether due to missed deadlines, inadequate documentation, or incorrect classification, may result in financial penalties, public disclosure, corrective orders, or license suspension or revocation in severe or repeated cases.

To mitigate risk, DIFC entities are expected to implement and maintain a compliance framework that includes regular staff training, documented policies and procedures, and board-level oversight.

Rasma Legal can support DIFC entities in handling their annual compliance obligations by offering end-to-end assistance with regulatory filings, classification assessments, and ongoing compliance monitoring to ensure full alignment with DIFC requirements.