The Riffle
The DFSA has released a Thematic Review assessing how MLROs in the DIFC are complying with Continuing Professional Development (CPD) requirements.
While 79% met the minimum 15-hour requirement, the review revealed major qualitative gaps—especially around relevance, record-keeping, employer support, and the effectiveness of CPD strategies.
The DFSA has made it clear: future Risk Assessments will scrutinise how firms address these gaps.
KEY FINDINGS
1. Compliance Numbers Mask True Gaps
93% reported compliance, but only 79% had 15 valid hours.
All non-compliance came from hybrid MLRO/CO roles.
2. CPD Hours Often Invalid
Irrelevant courses, sessions under 30 minutes, and self-study wrongly logged.
“Bare minimum” approach risked falling short when invalid hours were removed.
3. Quality of Training is Weak
Over-reliance on free, generic content.
Low attendance at Targeted Financial Sanctions (TFS) training.
Internal training often too basic and not DIFC-specific.
4. Record-Keeping is Poor
Missing details, vague descriptions, inconsistent time logging.
Some logs excluded valid hours or included clearly invalid activities.
5. Employer Support Lacks Structure
Financial support is strong.
Non-financial support — L&D plans, tracking, time allocation — is weak.
6. DNFBPs Overstate CPD Compliance
Despite 92% claiming 15 hours, only two MLROs actually met it with AML-relevant CPD.
WHY IT MATTERS
The DFSA expects CPD to be meaningful, relevant, and well-documented, not a box-ticking exercise. Firms must now strengthen L&D frameworks, improve record-keeping, tailor training to business models, and ensure MLRO capability aligns with the complexity of financial crime risks.
Next Steps:
Future DFSA Risk Assessments will review what actions firms took to address these findings — making this a priority compliance area for 2025.
Read the full briefing document presented by 10 Leaves here -
