Administrative Decision No. 120/RT/2012

On the Technical Rules Required for the Provision of Direct Market Access (DMA)

Date of issue: 30/11/2012

Effective date: 30/11/2012

The Chief Executive Officer,

Having perused the Federal Law No. 4/2000 on UAE Securities & Commodities Authority and Market, and its amendments;

Federal Decree No. 64/2004 on the appointment of the Chief Executive Officer;

Cabinet Decision No. 13/2000 on the functioning system of the Securities and Commodities Authority, and its amendments;

Securities and Commodities Authority Decision No. 1/2000 on the Regulation of Brokers, and its amendments;

Securities and Commodities Authority Decision No. 2/2001 on the Regulation of Trading, Clearing, Settlement, Transfer of Ownership and Custody of Securities, and its amendments;

Securities and Commodities Authority Decision No. 3/R/2001 on the market work regulation, and its amendments;

Securities and Commodities Authority Decision No. 17/R/2010 on the Procedures of Combating Money Laundering and the Financing of Terrorism;

Securities and Commodities Authority Decision No. 70/R/2007 on the Powers of the Chief Executive Officer,

After coordination with the concerned markets,

And as required by the public interest,

Decided:

Article 1 - Definitions

The following words and expressions shall have the meanings stated beside them unless the context requires otherwise:

Direct Market Access (DMA): The Global Broker implementing purchase orders and sale of securities through the access to the (DMA) programme allocated by the licensed brokerage company as a form of e-trading via the Internet.

Global Broker: Legal person trading on behalf of a group of physical persons under their authorisation through the Direct Market Access DMA system.

Article 2

In order for the brokerage company to be approved to provide Direct Market Access (DMA), the following requirements shall be met:

First: A technical system to receive and record the orders of Global Brokers.

The system shall have the following properties

1-Possibility of verifying all the market rules and parametres.

2-Sending commands through the messaging protocol from the brokerage company to the marketFIX Gateway and through a Direct Market Access (DMA) user assigned by the market to each brokerage company wishing to provide this service, so that it is recorded electronically on the system before its implementation.

3-Possibility of cancelling or amending the command that is not implemented in whole or in part by the Global Broker.

4-Archiving and recording the information exchanged between the Global Broker and the brokerage company (Audit Trail Log) stating the date, time and place of issue (IP Address).

5-The Global Broker shall have the ability to enquire or extract reports on the following:

a-Status of the command (suspended, partial execution, total execution, cancellation) at any time, indicating the time of the status.

b-Position of its portfolio of securities and cash account.

c-Statements of account and balances movement.

Second: Information Protection and Security Systems.

The brokerage company shall provide the following protection systems:

1-Communication protection and security systems between the brokerage company and the market:

a-Firewall security system for the external communication networks including the (Internet) in addition to the networks related to the market, clearing and settlement.

b-Anti Virus.

2-Security protection systems for mutual communication between the Global Broker and the brokerage company:

a-Systems and mechanisms for securing the connection lines and encrypting the data transferred between the local brokerage company and the Global Broker (Secured Connection).

b-Security systems to verify the personality and identity of the Global Broker related to the brokerage company.

3-Operating and protection systems:

a-Messaging system related to the market (FIX Messages) according to the rules determined by the markets.

b-Secure and highly operational databases where non-stop working systems are available (FOULT TOLERANT or HOT-STANDBY or CLUSTER).

c-Modern and secure operating systems allowing to operate as central servers.

d-Disaster Recovery Site having a copy of all the servers and backup copies of the data and applications updated instantaneously, provided that the disaster recovery site is connected to the company's headquarters through a main link and a backup link with the FAILOVER system.

Third: Reports of the External Auditor responsible for information security.

The brokerage company shall appoint an external auditor to audit the information security and programs, provided that he submits his report to the Authority upon submittal of the application and at the end of June and December of every year.

The brokerage company may submit a consolidated report on this service and online trading in case it is licensed to do so.

Fourth: Deal agreements, opening accounts and providing documents

The brokerage company shall, in addition to following money laundering procedures:

1-Sign a deal agreement with the Global Broker including the rights and obligations of both parties according to the conditions and obligations stated in these rules and in the Authority's law, regulations and decisions.

2-Provide the Authority and the market with all the data and documents required by the Authority at any time and in case of suspicion in any of the Global Broker's customers.

Article 3

This Decision shall enter into effect on the date of issuance thereof and shall be communicated to whomever deemed appropriate to act in accordance therewith.

Issued in Abu Dhabi

On 18 Safar 1434 H

Corresponding to December 31, 2012

Abdullah Salem Al-Turifi

Chief Executive Officer