If you’ve ever tried to read an FSRA rulebook cover to cover, you’ve encountered the phrase “applicable to Category X firms” roughly every third paragraph. The entire ADGM regulatory framework is built on a categorisation system that determines which obligations apply to which firms. Get the category wrong, and your entire obligation register is wrong.
Despite its importance, firm categorisation is one of the least well-explained parts of ADGM regulation. The rules are spread across multiple instruments. The boundaries between categories involve judgment calls. And the consequences of misclassification range from wasted compliance spend to regulatory breach.
This post walks through the FSRA’s firm categorisation framework, explains what each category means in practice, and identifies the common traps that compliance officers fall into.
Why Categorisation Matters
ADGM’s regulatory framework is not one-size-fits-all. The FSRA recognised that a Category 1 bank with thousands of clients and billions in assets under management has fundamentally different risk characteristics than a Category 4 advisory firm with ten clients and no custody of client assets.
Rather than applying every rule to every firm, the FSRA built a tiered system. Each firm category carries a different set of obligations across capital requirements, conduct rules, reporting, governance, and operational standards.
This means your firm category is the single most important input to your compliance programme. It determines:
- Which rulebook provisions apply to you — many FSRA rules are explicitly scoped to specific categories
- Your capital adequacy requirements — base capital, expenditure-based capital, and risk-based capital calculations vary dramatically by category
- Your governance obligations — board composition, committee requirements, and senior management responsibilities scale with category
- Your reporting frequency and scope — Category 1 firms face quarterly prudential reporting that Category 4 firms do not
- Your conduct of business obligations — client categorisation, suitability, best execution, and disclosure requirements differ by category
If your obligation register doesn’t start with an accurate firm categorisation, every downstream mapping is potentially wrong.
The Categories
The FSRA categorises authorised firms into four main categories, with sub-categories that carry distinct regulatory consequences.
Category 1: Banks and Principal Dealers
Category 1 covers firms that accept deposits, deal in investments as principal, or provide custody services at scale. These are the systemically significant firms in the ADGM ecosystem: banks, major broker-dealers, and custodians.
Category 1 firms face the heaviest regulatory burden. They are subject to the full scope of the FSRA’s prudential rules, including Basel-aligned capital adequacy requirements, large exposure limits, liquidity requirements, and detailed risk management frameworks.
The governance expectations are correspondingly high: independent board members, a dedicated risk committee, an internal audit function, and detailed recovery and resolution planning.
Most ADGM-regulated firms are not Category 1. But if you deal with Category 1 counterparties — and many firms do — understanding their regulatory obligations helps you assess counterparty risk and manage your own compliance programme accordingly.
Category 2: Dealing and Brokerage Firms
Category 2 covers firms that deal in investments as agent, manage investments, or provide custody as a core part of their business. This includes broker-dealers that execute on behalf of clients, discretionary portfolio managers, and firms providing safekeeping and administration of assets.
Category 2 firms carry meaningful prudential requirements, though less onerous than Category 1. The key differentiator is that Category 2 firms handle client assets — either through execution, management, or custody. This triggers the Client Money and Assets (CMA) rules, which impose specific requirements around segregation, reconciliation, and record-keeping.
If you are a Category 2 firm, the interaction between conduct of business rules and CMA rules is where most compliance complexity lives. The FSRA’s expectations around best execution, order handling, and trade reporting layer on top of the asset protection requirements.
Category 3: Asset Management and Advisory (with Sub-Categories)
Category 3 is where most ADGM-regulated financial services firms sit. It covers fund managers, investment advisers, and firms arranging deals in investments. The sub-categories matter significantly:
Category 3A — Managing a Collective Investment Fund. These firms manage pooled investment vehicles. They face the full scope of the Collective Investment Funds (CIF) Rulebook, including fund governance requirements, valuation obligations, prospectus disclosures, and investor reporting.
Category 3B — Managing Assets (discretionary, non-fund). These firms manage individual client portfolios on a discretionary basis but do not operate collective investment funds. The conduct requirements are high — suitability, ongoing monitoring, and performance reporting — but they avoid the fund-specific governance framework.
Category 3C — Arranging, Advising, or Managing (non-discretionary). This is the broadest sub-category and covers firms that provide investment advice, arrange deals, or manage assets on a non-discretionary basis. Category 3C firms have lower capital requirements and lighter prudential obligations than 3A or 3B, but they still face the full conduct of business framework for their regulated activities.
The distinctions between 3A, 3B, and 3C are not always intuitive. A firm that starts by advising clients and later takes on discretionary mandates moves from 3C to 3B — and that move triggers new obligations around suitability assessment, portfolio monitoring, and capital adequacy that were not previously applicable.
Category 4: Minimal Scope
Category 4 covers firms with the most limited regulated activities: operating a representative office, providing certain ancillary services, or holding a restricted scope licence. Category 4 firms have the lightest regulatory burden — reduced capital requirements, simplified reporting, and narrower conduct obligations.
However, “lightest” does not mean “light.” Category 4 firms still must maintain a compliance monitoring programme, appoint a Compliance Officer and MLRO (which can be the same person in smaller firms), and comply with the AML framework in full. AML obligations do not scale down with firm category.
Common Categorisation Traps
Having worked inside ADGM-regulated firms for a decade, I’ve seen the same categorisation mistakes repeatedly:
Trap 1: Ignoring Sub-Category Distinctions
A firm licensed for “managing assets” might assume it falls into a single category. But the distinction between managing a collective investment fund (3A), managing discretionary portfolios (3B), and managing non-discretionary portfolios (3C) carries materially different obligation sets. I’ve seen firms operating under 3C compliance programmes while actually conducting 3B activities — the gap only surfaced during an FSRA thematic review.
Trap 2: Activity Creep Without Reclassification
Firms evolve. A Category 3C advisory firm takes on its first discretionary mandate. A Category 4 representative office starts arranging introductions that cross into regulated territory. The business moves, but the compliance programme doesn’t move with it.
The FSRA expects firms to notify changes in the nature of their regulated activities. But the compliance programme should anticipate the regulatory consequences of those changes before the notification is filed — not after the examiner identifies the discrepancy.
Trap 3: Applying the Wrong Jurisdiction’s Framework
This is especially common for firms with parent entities regulated by the FCA, SEC, or SFC. The compliance team applies the parent’s framework to the ADGM entity, assuming the categories are roughly equivalent. They are not. The FCA’s IFPRU/BIPRU categorisation does not map onto FSRA categories. The capital calculation methodologies differ. The conduct requirements differ. The governance expectations differ.
An ADGM compliance programme must be built on ADGM rules, not adapted from another jurisdiction’s framework.
Trap 4: Underestimating AML Obligations at Lower Categories
Category 4 firms sometimes assume their reduced prudential burden extends to AML. It does not. The AML and Sanctions Rules and the Countering Financing of Terrorism Rules apply to all ADGM-authorised firms regardless of category. Customer due diligence, ongoing monitoring, suspicious activity reporting, and record-keeping obligations are the same for a Category 4 representative office as for a Category 1 bank.
The difference is in the volume and complexity of the application — but the obligation itself is identical.
How Categorisation Feeds Your Obligation Register
Your firm category is not just an administrative classification. It is the primary filter that determines which rules apply to you.
When I was building obligation registers manually, the first step was always: read the scope provision of each rulebook section and determine whether it applied to my firm type. That meant reading hundreds of scope provisions across the General Rulebook, COBS, CIF, CMA, AML, and every applicable instrument.
That’s the kind of derivation that a knowledge graph makes possible at scale. Given a firm’s category, sub-category, and regulated activities, the graph can traverse the scope provisions of every applicable rule and return the specific set of obligations that applies to that firm — with citations to the exact scope provision that brings each rule into scope.
That’s what Seif does. Your firm context — category, regulated activities, client types, products — is the input. The output is a personalised obligation register that reflects the specific combination of rules that applies to your firm, not a generic checklist.
Getting It Right From the Start
Firm categorisation is the foundation of your compliance programme. If it’s wrong, everything built on top of it is at risk.
If you’re not certain your obligation register accurately reflects your firm’s category, sub-category, and regulated activities, that’s the first thing to fix — before the next FSRA circular arrives and you have to figure out whether it applies to you.
If you want to see how Seif maps obligations to your specific firm type and regulated activities, book a demo. We’ll generate your personalised obligation register and walk through how firm context drives the obligation mapping.
This post is for informational purposes and reflects the author’s understanding of the FSRA’s firm categorisation framework based on publicly available ADGM regulations. It is not legal advice. For specific guidance on your firm’s categorisation or regulatory obligations, consult a qualified compliance professional or legal adviser.