The Riffle
On 29 January 2026, the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM) published a thematic review examining how Authorised Persons (APs) manage outsourcing arrangements.
The review highlights recurring weaknesses in how firms identify outsourcing, assess materiality, conduct due diligence, oversee service providers, and plan for operational resilience. Importantly, the FSRA reiterates that regulatory responsibility always remains with the AP and cannot be outsourced, regardless of the service provider or group structure.
Key Highlights from the Review
Responsibility cannot be outsourced
APs retain full accountability for compliance with GEN, AML, PRU and FUNDS requirements.
Misidentification of outsourcing remains common
Firms frequently fail to identify:
IT and RegTech solutions (eKYC, fund pricing tools)
Intra-group service arrangements
as outsourcing under GEN.
Materiality assessments are often weak or undocumented
Firms struggle to distinguish material vs non-material outsourcing, limiting effective contingency planning.
Increased scrutiny on outsourced Approved Persons
The FSRA is closely reviewing time allocation and capacity of outsourced Compliance Officers, MLROs and Finance Officers—especially as firms scale.
Due diligence practices lack depth
Common issues include:
Over-reliance on group-level due diligence
Conflicts of interest (e.g. outsourced CO assessing their own firm)
Limited assessment beyond AML checks
Contracts and KPIs are poorly defined
Vague scopes of work and weak performance metrics undermine oversight and enforcement.
Contingency and record-access gaps persist
Several firms were unable to access critical records when outsourced individuals became unavailable.
Why This Matters
As the ADGM ecosystem matures, the FSRA expects outsourcing governance to scale in line with business complexity.
The review signals a clear supervisory direction:
Outsourcing is not a compliance shortcut
Reliance on group structures, software providers, or external professionals does not dilute accountability
Firms with growing operations are expected to re-evaluate whether outsourced models remain appropriate
Weaknesses in outsourcing arrangements can directly impact:
Regulatory compliance
AML/TFS effectiveness
Operational resilience
Consumer and investor protection
Key Actions Firms Should Take
Perform a gap analysis against FSRA-identified good and poor practices
Identify all outsourcing arrangements, including IT systems and intra-group services
Define and document material outsourcing and related risk assessments
Strengthen due diligence using a conflict-free, risk-based approach
Review contracts and KPIs to ensure clarity, access, and enforceability
Test contingency plans and record access regularly
Reassess outsourced resourcing as business scale and complexity increase
Conclusion
The FSRA’s thematic review sends a clear message: outsourcing arrangements must be deliberate, well-governed, and resilient.
As Authorised Persons grow, informal or lightly governed outsourcing models are unlikely to meet supervisory expectations. Firms that proactively reassess their frameworks, strengthen oversight, and align resourcing with business complexity will be better positioned for future regulatory engagement in ADGM.
