• HC HC High-Level Controls

    • HC-A HC-A Introduction

      • HC-A.1 HC-A.1 Purpose

        • HC-A.1.1

          This Module presents requirements that have to be met by conventional bank licensees with respect to:

          a) the role and composition of their Boards and Board Committees; and
          b) related high-level controls and policies.

        • HC-A.1.2

          In addition, this Module contains requirements for the notification and pre-approval of individuals, undertaking certain designated functions with respect to conventional bank licensees. These functions (called "controlled functions"), include Directors and members of senior management. The controlled functions regime supplements the BMA's corporate governance requirements by ensuring that key persons involved in the running of conventional bank licensees are fit and proper. Those approved by the BMA to undertake controlled functions are called approved persons.

        • HC-A.1.3

          Finally, this Module contains certain notification and approval requirements regarding the use of Special Purpose Vehicles ("SPVs"; see Section HC-1.5).

        • HC-A.1.4

          This Module supplements various provisions relating to corporate governance contained in Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law ("Commercial Companies Law 2001"). In case of conflict, the Commercial Companies Law shall prevail. The Module also supplements (for companies listed on the Bahrain Stock Exchange), Stock Exchange regulations that are relevant to corporate governance and high-level controls. Compliance with this Module does not guarantee compliance with either the Commercial Companies Law 2001 or the BSE regulations.

      • HC-A.2 HC-A.2 Key requirements

        • Corporate governance

          • HC-A.2.1

            The Chairman of the Board should preferably be non-executive and independent. The role of Chairman and Chief Executive may not be exercised by the same person. (See Rule HC-1.3.9.)

          • HC-A.2.2

            The Board must approve a code of conduct for itself, senior management and employees, and define the responsibilities of itself and senior management. This should include procedures for dealing with conflicts of interest, and a prohibition on insider trading. (See Paragraphs HC-1.2.9 to HC-1.2.13.)

          • HC-A.2.3

            The Board should meet at least four times per year. (see Paragraph HC-1.3.3).

          • HC-A.2.4

            Boards must have an adequate number of members that are "independent" and "non-executive" to serve the interests of minority shareholders and other stakeholders. (See Paragraphs HC-1.3.5 and HC-1.3.6.)

          • HC-A.2.5

            The Board should consider the setting up of committees to assist it in fulfilling its responsibilities. The setting up of an Audit Committee is mandatory. (See Paragraphs HC-1.3.10 to HC-1.3.13.)

          • HC-A.2.6

            Conventional bank licensees are required to notify the BMA, in writing, of all major changes (regardless of type and/or effect) proposed to the strategy and/or corporate plan of the bank prior to implementation, as well as of any Special Purpose Vehicle they intend to establish as a subsidiary, or with respect to which they intend to act as sponsor or manager (see Section HC-1.5).

        • Approved Persons

          • HC-A.2.7

            Conventional bank licensees are required to secure prior BMA approval for those persons wishing to undertake a controlled function. Such persons are assessed against BMA's "fit and proper" requirements. Conventional bank licensees must also notify the BMA of any changes in their approved persons. (See Chapter HC-2)

        • Compliance officer/manager

          • HC-A.2.8

            Conventional bank licensees must appoint a senior member of staff with responsibility for compliance. The Compliance Officer is a controlled function. (See Chapter HC-3.)

      • HC-A.3 HC-A.3 Module history

        • Evolution of the Module

          • HC-A.3.1

            This Module was first issued in July 2004, as part of the initial release of Volume 1 of the BMA Rulebook. It was dated July 2004. All subsequent changes to this Module are shown with the month and year in which the change was made, at the base of the relevant page and in the Table of Contents. Chapter UG-3 provides further details on Rulebook maintenance and version control.

          • HC-A.3.2

            A list of recent changes made to this Module is shown below:

            Module Ref. Change Date Description of Changes
            HC-1.5 01/04/05 Transparency requirements formalised
            HC-1.6 01/04/05 Notification requirements formalised
            HC-1.1, HC-1.2 & HC-1.4 01/10/05 High level controls
            HC-1.5 01/10/05 New SPV requirements
            HC-3.1HC-3.2 01/10/05 Revised compliance function requirements
            HC-1.5.3, HC-1.5.5 & HC-4.1 01/01/06 Revised notification requirements for SPVs and dealing staff
            HC-2, HC-3 and HC-4 01/07/06 Requirements relating to controllers moved to Module GR; Remaining requirements relating to "fit and proper" re-drafted to ensure consistent terminology and procedures with other Rulebook Volumes (without changing the substance of the previous 'fit and proper' requirements); Requirements relating to dealers incorporated into the 'fit and proper' requirements.

        • Superseded Requirements

          • HC-A.3.3

            Prior to the development of this Rulebook, the BMA issued various circulars covering different aspects of corporate governance. These circulars were consolidated into the first version of this Module as shown below:

            Circular Ref. Date of Issue Module Ref. (July 2004 version) Circular Subject
            BC/23/99 8 Nov 1999 HC-1 'Enhancing Corporate Governance in Banking Organisations'
            BC/904/95 24 Jul 1995 HC-1.6 Notification to, and approval from the Agency for certain matters
            ODG/329/03 10 Sep 2003 HC-1.6 Corporate Governance Reporting
            BC/11/98 27 Jul 1998 HC-2 Terms and Definitions Applying to the Management of Banks and Financial Institutions
            BC/8/00 24 May 2000 HC-2 Controllers of, and holdings and transfers of significant ownership or controlling interests in, Agency licensees
            BC/13/99 15 Jun 1999 HC-3 Compliance, Risk Management and Internal Controls
            BMA/1287/94 6 Nov 1994 HC-4 Foreign Exchange, Securities and Other Dealers

          • HC-A.3.4

            The contents in this Module are effective from the dates depicted in HC-A.3.2 and HC-A.3.3, from which the requirements are compiled. Section HC-1.3 is effective from January 2007.

    • HC-B HC-B General guidance and best practice

      • HC-B.1 HC-B.1 Guidance provided by other international bodies

        • Basel Committee: Enhancing Corporate Governance in Banking Organisations and High Level Controls for Banks

          • HC-B.1.1

            These papers (see www.bis.org/publ/bcbs56.pdf) issued in September 1998 and September 1999 provide guidance on corporate governance and high-level controls in banks. These papers form part of an ongoing effort by the Committee to strengthen procedures for risk management and disclosure in banks.

          • HC-B.1.2

            The papers draw on supervisory experience with corporate governance problems at banking organisations and suggest the types of practices that could help to avoid such problems. They identify a number of practices as critical elements of any financial institution's corporate governance process.

          • HC-B.1.3

            The BMA draws banks' attention to the Basel papers as benchmarks of best practice for corporate governance standards and high-level controls to be followed by banks operating in the Kingdom of Bahrain.

      • HC-B.2 HC-B.2 Enforceability

        • HC-B.2.1

          The requirements of Chapter HC-1, Sections HC-1.1HC-1.4 are binding requirements, which banks and their Boards should follow on an "apply or explain" basis. If a Board or a bank elects not to follow these requirements, they must explain why to the Agency and document the reasons for not applying the concerned requirements in the Minutes of the Board. The remaining chapters are binding requirements except where shown as guidance.

        • HC-B.2.2

          This Module and Chapter HC-1 in particular supplements various provisions relating to Corporate Governance contained in Legislative Decree No. 21 of 2001 with respect to promulgating the Commercial Companies Law. In any cases of potential conflict, the Commercial Companies Law shall prevail. Compliance with this Module does not guarantee compliance with the Commercial Companies Law.

    • HC-1 HC-1 Corporate Governance

      • HC-1.1 HC-1.1 Scope

        • HC-1.1.1

          The contents of this Chapter are applicable to locally incorporated banks. Bahrain branches of foreign banks must satisfy the Agency that equivalent arrangements are in place at the parent level and that these arrangements provide for effective high level controls over activities conducted under the Bahrain licence.

        • HC-1.1.2

          This Chapter covers the high level controls aspects of corporate governance of banks, and therefore focuses on the functions of the constituent parts of high level controls, starting with the respective roles and responsibilities of the Board and senior management.

        • HC-1.1.3

          This Chapter therefore does not cover matters of corporate governance relating to the Commercial Companies Law (e.g. General Meetings, the role of shareholders and other administrative matters) or Listing Requirements.

        • HC-1.1.4

          The BMA has historically pursued a "best practice" guidance approach to high level controls and corporate governance, rather than a prescriptive rules-based approach. The Agency has chosen to notify licensees of international best practice standards, and allowed banks to interpret these, according to the scope of operations of the concerned bank. This Chapter blends a best practice-based approach with minimum requirements.

        • HC-1.1.5

          Banks must satisfy the BMA that financial services activities conducted in subsidiaries and other group members including foreign branches are subject to the same or equivalent arrangements for ensuring effective high-level controls over their activities. In instances where local jurisdictional requirements are more stringent than those applicable in this Module, the local requirements are to be applied.

        • HC-1.1.6

          Where a bank is unable to satisfy the BMA that its subsidiaries and other group members or foreign branches are subject to the same or equivalent arrangements, the BMA will assess the potential impact of risks — both financial and reputational — to the bank arising from inadequate high-level controls in the rest of the group of which it is a member. In such instances, the BMA may impose restrictions on dealings between the bank and other group members. Where weaknesses in controls are assessed by the BMA to pose a major threat to the stability of the bank, then its authorisation may be called into question.

      • HC-1.2 HC-1.2 The Board of Directors — Its Functions and Responsibilities

        • Strategy

          • HC-1.2.1

            In most banks, shareholders, creditors, employees, depositors and investment account holders ("stakeholders") are unable to closely monitor management, its strategies and the bank's performance due to a lack of information and resources. A key responsibility of the Board is to fill the gap between uninformed stakeholders to whom it owes a duty of care, and the more fully informed executive management by monitoring management closely on behalf of stakeholders.

          • HC-1.2.2

            The Board is ultimately accountable and responsible for the affairs and performance of the bank. The Board must establish the objectives of the bank and develop the strategies that direct the ongoing activities of the bank to achieve these objectives. The strategies should be communicated throughout the bank, and be disclosed publicly (e.g. via the website or in the annual report in an abbreviated form as applicable). In its strategy document, the Board must demonstrate that it is able to proactively identify and understand the significant risks that the bank faces in achieving its business objectives through its business strategies and plans.

          • HC-1.2.3

            The precise functions reserved for the Board, and those delegated to management and committees will vary, dependent upon the business of the institution, its size and ownership structure. However, at a minimum, the Board must establish and maintain a statement of its responsibilities for:

            a) The adoption and annual review of strategy;
            b) The adoption and review of management structure and responsibilities;
            c) The adoption and review of the systems and controls framework; and
            d) Monitoring the implementation of strategy by management.

          • HC-1.2.4

            In its strategy review process, the Board should:

            a) Review the bank's business plans and the inherent level of risk in these plans;
            b) Assess the adequacy of capital to support the business risks of the bank;
            c) Set performance objectives;
            d) Review the performance of executive management; and
            e) Oversee major capital expenditures, divestitures and acquisitions.

          • HC-1.2.5

            The BMA expects the Board to have effective policies and processes in place for:

            a) Ensuring a formal and transparent Board nomination process;
            b) Appointing senior managers, and ensuring that they have the necessary integrity, technical and managerial competence, and experience;
            c) Overseeing succession planning and replacing key executives when necessary, and ensuring appropriate resources are available, and minimising reliance on key individuals;
            d) Reviewing the remuneration and incentive packages of the executive management and members of the Board of Directors and ensuring that such packages are consistent with the corporate values and strategy of the bank;
            e) Effectively monitoring and making formal (annual) evaluations of senior management's performance in implementing agreed strategy and business plans;
            f) Approving budgets and reviewing performance against those budgets and key performance indicators; and
            g) The management of the bank's compliance risk.

        • Risk Recognition and Assessment

          • HC-1.2.6

            The Board is responsible for ensuring that the systems and controls framework, including the Board structure and organisational structure of the bank is appropriate for the bank's business and associated risks (see HC-1.2.3 c)). The Board must ensure that collectively it has sufficient expertise to identify, understand and measure the significant risks to which the bank is exposed in its business activities.

            In assessing the systems and controls framework, the BMA expects the Board to demonstrate that the bank's operations, individually and collectively:

            a) Are measured, monitored and controlled by appropriate, effective and prudent risk management systems commensurate with the scope of the bank's activities. The Board should ensure that senior management have put in place appropriate systems of control for the business of the bank and the information needs of the Board; in particular, there should be appropriate systems and functions for identifying as well as for monitoring risk, the financial position of the bank, and compliance with applicable laws, regulations and best practice standards. The systems should produce information on a timely basis; and
            b) Are supported by an appropriate control environment. The compliance, risk management and financial reporting functions must be adequately resourced, independent of business lines and must be run by individuals not involved with the day-to-day running of the various business areas. The Board must additionally ensure that management develops, implements and oversees the effectiveness of comprehensive know your customer standards, as well as ongoing monitoring of accounts and transactions, in keeping with the requirements of relevant law, regulations and best practice (with particular regard to anti-money laundering measures). The control environment should maintain necessary client confidentiality and ensure that the privacy of the bank is not violated, and ensure that client's rights and assets are properly safeguarded.

          • HC-1.2.7

            In its review of the systems and controls framework, the Board should:

            a) Effectively make use of the work of internal and external auditors. The Board should ensure the integrity of the bank's accounting and financial reporting systems through regular independent review (by internal and external audit). Audit findings should be used as an independent check on the information received from management about the bank's operations and performance and the effectiveness of internal controls; and
            b) Identify any significant issues related to the bank's adopted governance framework, processes and practices and ensure that appropriate and timely action is taken to address identified adverse deviations from the requirements of this Module.

            The determinations under HC-1.2.6 and this paragraph might be made through the use of self-assessments, stress/scenario tests, and/or independent judgments made by external advisors. The Board may appoint supporting committees, and engage senior management to assist it in the oversight of risk management, but the Board may not delegate its ultimate responsibility to ensure that an adequate, effective, comprehensive and transparent corporate governance process is in place.

        • Corporate Ethics, Conflicts of Interest and Code of Conduct

          • HC-1.2.8

            Banks are subject to a wide variety of laws, regulations and codes of best practice that directly affect the conduct of business. Such laws involve the Bahraini Stock Exchange Law, the Labour Law, the Commercial Companies Law, occupational health and safety, even environment and pollution laws, as well as codes of conduct and regulations of the Agency. The Board sets the "tone at the top" of a bank, and has a responsibility to oversee compliance with these various requirements. The Board should ensure that the staff conduct their affairs with a high degree of integrity, taking note of applicable laws, codes and regulations.

          • HC-1.2.9

            The Board should establish corporate standards for itself, senior management, and employees. This requirement should be met by way of a documented and published code of conduct or similar document. These values should be communicated throughout the bank, so that the Board and senior management and staff understand the importance of conducting business based on good corporate governance values and understand their accountabilities to the various stakeholders of the licensee. Banks' Boards, senior management and staff must be informed of and be required to fulfil their fiduciary responsibilities to the bank's stakeholders.

          • HC-1.2.10

            An internal code of conduct is separate from the business strategy of a bank. A code of conduct should outline the practices that Directors, senior management and staff should follow in performing their duties. Banks may wish to use procedures and policies to complement their codes of conduct. The suggested contents of a code of conduct are covered below:

            a) Commitment by the Board and management to the code. The code of conduct should be linked to the objectives of the bank, and its responsibilities and undertakings to customers, shareholders, staff and the wider community (see HC-1.2.8 and HC-1.2.9). The code should give examples or expectations of honesty, integrity, leadership and professionalism;
            b) Commitment to the law and best practice standards. This commitment would include commitments to following accounting standards, industry best practice (such as ensuring that information to clients is clear, fair, and not misleading), transparency, and rules concerning potential conflicts of interest (see HC-1.2.11);
            c) Employment practices. This would include rules concerning health and safety of employees, training, policies on the acceptance and giving of business courtesies, prohibition on the offering and acceptance of bribes, and potential misuse of company assets;
            d) How the company deals with disputes and complaints from clients and monitors compliance with the code; and
            e) Confidentiality. Disclosure of client or bank information should be prohibited, except where disclosure is required by law (see HC-1.2.6 b).

          • HC-1.2.11

            The Board must establish and disseminate to its members and management, policies and procedures for the identification, reporting, disclosure, prevention, or strict limitation of potential conflicts of interest. It is senior management's responsibility to implement these policies. Rules concerning connected party transactions and potential conflicts of interest may be dealt with in the Code of Conduct (see HC-1.2.9). In particular, the Agency requires that any decisions to enter into transactions, under which Board members or any member of management would have conflicts of interest that are material, should be formally and unanimously approved by the full Board. Best practice would dictate that a Board member or member of senior management should:

            a) Not enter into competition with the bank;
            b) Not demand or accept substantial gifts from the bank for himself or his associates;
            c) Not misuse the banks' assets;
            d) Not use company privileged information or take advantage of business opportunities to which the company is entitled for himself or his associates;
            e) Report to the Board any (potential) conflict of interest in their activities with, and commitments to other organisations. In any case, all Board members and members of senior management must declare in writing all of their other interests in other enterprises or activities (whether as a shareholder of more than 5% of the voting capital of a company, a manager, or other form of significant participation) to the Board (or the Nominations or Audit Committees) on an annual basis; and
            f) Absent themselves from any discussions or decision-making that involves a subject where they are incapable of providing objective advice, or which involves a subject or (proposed) transaction where a conflict of interest exists.

          • HC-1.2.12

            The Agency expects that the Board and its members individually and collectively:

            a) Act with honesty, integrity and in good faith, with due diligence and care, with a view to the best interest of the bank and its shareholders and other stakeholders (see paragraphs HC-1.2.8 to HC-1.2.11);
            b) Act within the scope of their responsibilities (which should be clearly defined — see HC-1.3.7 and HC-1.3.8 below) and not participate in the day-to-day management of the bank;
            c) Have a proper understanding of, and competence to deal with the affairs and products of the bank and devote sufficient time to their responsibilities;
            d) To independently assess and question the policies, processes and procedures of the bank, with the intent to identify and initiate management action on issues requiring improvement. (i.e. to act as checks and balances on management).

          • HC-1.2.13

            All Directors whether non-executive or executive should exercise independence in their decision-making. To facilitate independence, the Board should agree procedures whereby the Board or its individual members (or committees) may take independent professional advice at the bank's expense.

      • HC-1.3 HC-1.3 Board Composition and The Role of Committee

        • Board Composition & Frequency of Meetings

          • HC-1.3.1

            To fulfil its responsibility for the review of the systems and controls framework (HC-1.2.3 c), the Board must periodically assess its composition and size and, where appropriate, reconstitute itself and its committees by selecting new Directors to replace long-standing members or those members whose contribution to the bank or its committees (such as the audit committee) is not adequate.

          • HC-1.3.2

            No Board member may have more than one directorship of a Full Commercial Bank and an Offshore Banking Unit or Investment Bank. This would mean an effective cap of a maximum of two directorships of financial institutions inside Bahrain. Two directorships of licensees within the same category (e.g. "OBU") would not be permitted. Banks may approach the Agency for exemption from this limit where the directorships concern banks or financial institutions within the same group.

          • HC-1.3.3

            The Board must meet sufficiently often to enable it to discharge its responsibilities effectively, taking into account the bank's scale and complexity. The full Board should meet preferably no less than four times per year. The Agency recommends that meetings should take place once every quarter to address the Board's responsibilities for management oversight and performance monitoring.

          • HC-1.3.4

            Board rules should require members to step down if they are not actively participating in Board meetings.

        • Independent and Non-Executive Directors

          • HC-1.3.5

            Where there is the potential for conflict of interest, or there is a need for impartiality, the Board must assign a sufficient number of independent non-executive Board members capable of exercising independent judgment. The Board should outline its criteria and materiality thresholds in the annual report for the definition of "independence". The Directors should be identified in the annual report as executive, non-executive, and independent non-executive, as follows:

            a) Executive Director (or "Managing Director" under the Commercial Companies Law "CCL") — A person who is involved in the day-to-day management and/or is in full-time employment of the bank and/or any of its affiliates or subsidiaries or parent companies. An executive Director may not occupy the post of "Chairman";
            b) Non-Executive Director — A person not involved in the day-to-day management and/or is not a full-time salaried employee of the bank and/or any of its affiliates, or subsidiaries or parent companies; and
            c) Independent Non-Executive Director — A non-executive Director (as defined above), who also:
            • Is not a "controller" of the bank (see Section HC-2.1).
            • Is not an Associate (see paragraph HC-2.1.4 (g)) of a Director or a member of senior management of the bank.
            • Is not a professional advisor to the bank or group (A partner or member of senior management of an accountancy or law firm that provides services to the bank would not be perceived by the Agency as an independent non-executive Director).
            • Is not a large depositor with, or large borrower from the bank (i.e. whose deposits or credit facilities exceed 10% of the capital base of the bank).
            • Has no significant contractual or business relationship with the bank or group which could be seen to materially interfere with the person's capacity to act in an independent manner.

          • HC-1.3.6

            Independent non-executive Directors should be permitted to meet periodically (for example at separate meetings from the main Board) without executive management present.

        • Checks and Balances

          • HC-1.3.7

            To ensure a clear segregation of duties, the Board should clearly define, document and enforce its own responsibilities, including those of its Chairman, as well as the delegated authorities, responsibilities and accountabilities of the Board and management committees, the bank's Chief Executive and senior management to the stakeholders of the bank.

          • HC-1.3.8

            In particular, the Board should issue formal letters of appointment both to senior management and Board members, outlining their specific responsibilities and accountabilities. Wherever possible, these documents or a summary of responsibilities should be disclosed publicly, for example in the annual report. Letters of appointment facilitate better understanding of the respective accountabilities of the Board and management.

        • Responsibilities of the Chairman

          • HC-1.3.9

            The Chairman is responsible for the leadership of the Board, and for the efficient functioning of the Board. The Chairman is responsible for ensuring that Board members are adequately briefed in sufficient time for issues arising at Board meetings; therefore it is vital that the Chairman commit sufficient time to perform his role effectively, taking into account the points below:

            a) First, the Chairman of the Board preferably should be non-executive and independent (see HC-1.3.5 for the definitions of "non-executive" and "independent");
            b) Also, the role of Chairman and Chief Executive may not be exercised by the same person; and
            c) Furthermore, there needs to be a clear division of responsibility between these two positions (see also HC-1.3.8 in this regard).

        • The benefits and functions of committees

          • HC-1.3.10

            In order to perform its duties more efficiently, the Board may set up committees where it feels appropriate with specific responsibilities, which must be documented. Where committees are set up, they should keep full minutes of their activities and meet regularly to fulfil their mandates. In particular, there are three areas where there is a need for checks and balances within the Board itself:

            a) The nomination of Directors;
            b) The remuneration of Directors; and
            c) The audit of the bank's financial performance.

            In these areas, executive Directors have clear potential conflicts of interest. Nomination is all about the continuation of their own jobs and the jobs of their colleagues and potential new colleagues. Remuneration is all about the rewards that executive Directors and/or senior management receive for their services to the bank. Audit concerns the probity of the financial and non-financial reporting of the performance of the company by the very same persons who are responsible for its performance.

            For larger banks that deal with the general public, committees can be a more efficient mechanism to assist the main Board in its monitoring and control of the activities of the bank. The establishment of committees should not mean that the role of the Board is diminished, or that the Board becomes fragmented. Each Committee must have a clear written mandate outlining its purpose, objectives and responsibilities, including composition, frequency of meetings and reporting relationships.

        • Audit Committee

          • HC-1.3.11

            The Agency requires all banks to establish an Audit Committee. The committee members must have sufficient technical expertise to enable the committee to perform its functions effectively. Preferably, there should be at least one qualified and appropriately experienced accountant in the committee. All members of the committee must be financially literate. The CEO may not be a member of this committee.

          • HC-1.3.12

            Responsibilities of the Audit Committee are as follows:

            a) To review the integrity of the bank's financial reporting (particularly with reference to information passed to the Board — see HC-1.2.6 a). This review should include the choice of accounting policies. The information needs of the Board to perform its monitoring responsibilities must be defined in writing, and regularly monitored by the Audit Committee;

            To oversee the selection and compensation of the external auditor for appointment and approval at the shareholders' meeting. The audit committee should oversee relations with the external auditors, including ensuring the external auditor's independence (in particular, making sure that the external audit firm and its partners have no other financial or business relationship without the Board's knowledge), the terms and conditions of the auditor's appointment and remuneration arrangements. The committee should monitor rotation arrangements for audit engagement partners. The audit committee should monitor the performance of the external auditor and the non-audit services provided by the external auditor. The committee should meet with the external auditor at least twice per year, and at least once per year in the absence of any members of executive management;
            b) To regularly review the activities and performance of the internal audit function;
            c) To review whether the bank complies with all relevant laws, regulations, codes and business practices, and ensure that the bank communicates with shareholders and relevant stakeholders (internal and external) openly and promptly, and with substance of compliance prevailing over form; and
            d) To review and supervise the implementation of, enforcement of and adherence to the bank's code of conduct.

          • HC-1.3.13

            Below the Audit Committee, the bank must set up an internal audit function, which reports directly to the Audit Committee (with a parallel reporting line to senior management for day-to-day matters as appropriate).

      • HC-1.4 HC-1.4 Transparency and Disclosure

        • Board's Responsibility for Disclosure

          • HC-1.4.1

            The Board should oversee the process of disclosure and communications with internal and external stakeholders. The Board should ensure that disclosures made by the bank are fair, transparent, comprehensive and timely and reflect the character of the bank and the nature, complexity and risks inherent in the bank's business activities. Disclosure policies must be reviewed for compliance with the Agency's disclosure requirements (see Rulebook Chapter PD-1).

      • HC-1.5 HC-1.5 Notification, reporting, and approval requirements for changes to activities, personnel and ownership, strategy, Board meetings and special purpose vehicles ("SPVs")

        • HC-1.5.1

          Banks must notify the Agency in writing of all major proposed changes to the strategy and/or corporate plan of the bank prior to implementation.

        • HC-1.5.2

          Banks must notify the Agency in writing of any proposed changes to senior positions or ownership changes mentioned in sections HC-2.1, HC-3.2 and HC-4.1 (whether in terms of structure or identity of personnel) prior to the change. The communication should include the reason for the departure of the personnel and the Curriculum Vitae of any new persons taking up the relevant positions in the bank. See also Section BR-5.1 for notification requirements concerning contact details of senior staff.

        • HC-1.5.3

          All locally incorporated banks, in addition to the requirements in paragraphs HC-1.5.1 and HC-1.5.2, should obtain the Agency's prior specific written approval before establishing any subsidiaries (including SPVs where the bank exercises a majority shareholding or has majority voting control by virtue of direct ownership or by proxy/nominee arrangements), branches and/or representative offices, either inside or outside of Bahrain. In order to avoid any delays and/or disruption in implementation of banks' plans in this context, the Agency should be approached as soon as possible, even at a very preliminary stage.

        • HC-1.5.4

          All locally incorporated banks are required to submit, on an annual basis, as an attachment to the year-end quarterly PIR, a report recording the meetings during the year by their Board of Directors. For a sample report, refer to Appendix BR-10.

        • HC-1.5.5

          All locally incorporated banks must notify the Agency if they intend to act as sponsor or manager of a special purpose vehicle ("SPV"), or if they intend to participate in the creation of an SPV, or if they intend to acquire shares in an SPV. All locally incorporated banks must notify the Agency if they are appointed as nominee shareholders of SPVs or hold votes by proxy arrangement in SPVs on behalf of other investors. In all cases listed above, the concerned bank must notify the Agency quarterly of any new commitments to, or engagements in business arrangements with SPVs. These reporting and notification arrangements apply in addition to arrangements under HC-1.5.3 where the SPV is a subsidiary.

        • HC-1.5.6

          The Agency requires any locally incorporated bank associated with an SPV to give the background to the following points in any notification under HC-1.5.5 above:

          a) the purpose of the SPV;
          b) the nature of the relationship between the bank and the SPV (i.e. sponsor, manager, investor, controller etc.);
          c) the external auditor's proposed consolidation/accounting treatment of the SPV;
          d) the availability of financial and other information relevant to the SPV and access to its business premises and records;
          e) whether the bank is providing any guarantees, warranties or financial/liquidity support of any kind to the SPV.

        • HC-1.5.7

          Where the SPV is consolidated into the accounts of a locally incorporated bank, the bank must provide separate accounting information on the SPV to the Agency on a quarterly basis. Furthermore, the annual audited financial statements of all consolidated SPVs must be submitted to the Agency within 3 months of the year end of the concerned SPV.

        • HC-1.5.8

          Where a locally incorporated bank has a controller or majority ownership relationship with an SPV, or acts as sponsor, the bank must obtain the prior approval of the Agency for any changes to the capital, ownership, management or control of the SPV. All locally incorporated banks must also notify the Agency of any significant events in relation to the SPV. If necessary, the Agency may require that formal information exchange arrangements are put in place (e.g. a memorandum of understanding) if the SPV is located in a foreign jurisdiction and its activities are not supervised locally.

    • HC-2 HC-2 Approved Persons

      • HC-2.1 HC-2.1 BMA Notification and Approval

        • General Requirement

          • HC-2.1.1

            All persons wishing to undertake a controlled function in a conventional bank licensee must be approved by the BMA prior to their appointment (subject to the variations contained in Rule HC-2.1.3).

          • HC-2.1.2

            Controlled functions are those of:

            (a) Director;
            (b) Chief Executive Officer or General Manager;
            (c) Senior Manager;
            (d) Compliance officer;
            (e) Money Laundering Reporting Officer; and
            (f) Financial Instruments Trader.

          • HC-2.1.3

            Prior approval is required for controlled functions (a), (b), (c), (d) and (e). Controlled functions (d) and (e) may be combined, however (see also FC-4.1, regarding the MLRO function). Controlled function (f) does not require prior approval: instead, notification only is required, once the person concerned has accepted to undertake that function.

        • Basis for Approval

          • HC-2.1.4

            Approval under Rule HC-2.1.1 is only granted by the BMA, if it is satisfied that the person is fit and proper to hold the particular position in the licensee concerned. "Fit and proper" is determined by the BMA on a case-by-case basis. The definition of "fit and proper" and associated guidance is provided in Sections HC-2.2 and HC-2.3 respectively.

        • Definitions

          • HC-2.1.5

            Director is any person who occupies the position of a Director, as defined in Article 173 of the Commercial Companies Law (Legislative Decree No. 21 of 2001).

          • HC-2.1.6

            The fact that a person may have "Director" in their job title does not of itself make them a Director within the meaning of the definition noted in Rule HC-2.1.5. For example, a 'Director of Marketing', is not necessarily a member of the Board of Directors and therefore may not fall under the definition of Rule HC-2.1.5.

          • HC-2.1.7

            The Chief Executive Officer or General Manager means a person who is responsible for the conduct of the licensee (regardless of actual title). The Chief Executive Officer or General Manager must be resident in Bahrain. This person is responsible, alone or jointly, for the conduct of the whole of the firm, or, in the case of an overseas conventional bank licensee, for all of the activities of the branch (in which case, he may hold the title of "Branch Manager").

          • HC-2.1.8

            Senior Manager means a person who, under the immediate authority of a Director or the Chief Executive Officer/General Manager, exercises major managerial responsibilities, is responsible for a significant business or operating unit, or has major managerial responsibility for maintaining accounts or other records of the licensee.

          • HC-2.1.9

            Whether a person is a Senior Manager will depend on the facts in each case and is not determined by the presence or absence of the word in their job title. Examples of Senior Managers might include, depending on the scale, nature and complexity of the business, a deputy Chief Executive Officer; and heads of departments such as Risk Management, or Internal Audit; or the Chief Financial Officer.

          • HC-2.1.10

            Financial Instruments Trader means a person who is engaged in buying or selling financial instruments.

          • HC-2.1.11

            Where a firm is in doubt as to whether a function should be considered a controlled function it must discuss the case with the BMA.

        • Notification Requirements and Process

          • HC-2.1.12

            Conventional bank licensees must obtain BMA approval before a person is formally appointed to a controlled function; the request for BMA approval must be made by submitting to BMA a duly completed Form 3 (Application for Approved Person status). In the case of a financial instruments trader, notification only is required (see Rule HC-2.1.3): this notification must also be made by submitting a Form 3.

          • HC-2.1.13

            In the case of license applications, the Form 3 must be marked for the attention of the Director, Licensing and Policy Directorate. When made by a conventional bank licensee, the Form 3 must be marked for the attention of either the Director, Retail Banks Supervision or the Director, Wholesale Banks Supervision, as appropriate.

          • HC-2.1.14

            Licensees should give the BMA a reasonable amount of notice in order for an application for approval to be reviewed. The BMA aims to respond within 2 weeks of receipt of an application, although in some cases, where referral to an overseas supervisor is required, the response time is likely to be longer.

          • HC-2.1.15

            Licensees seeking to appoint Board Directors should seek BMA approval for all the candidates to be put forward for election at a shareholder meeting, in advance of the agenda being issued to shareholders. BMA approval of the candidates does not in any way limit shareholders' rights to refuse those put forward for election.

          • HC-2.1.16

            All refusals by the BMA to grant a person approved person status have to be reviewed and approved by an Executive Director of the BMA. A notice of intent is issued to the person concerned, setting out the basis for the decision. The person has 30 calendar days from the date of the notice in which to appeal the decision. The BMA then has 30 calendar days from the date of the representation in which to make a final determination. See also Chapter EN-5.

          • HC-2.1.17

            Conventional bank licensees must immediately notify BMA when an approved person ceases to hold the controlled function for which they have been approved, for whatever reason.

          • HC-2.1.18

            Thus, licensees are required to notify BMA should an approved person transfer to another function within the licensee, or to another group entity; or else resign, be suspended or dismissed. BMA may require further clarification as to the reasons for the person's transfer or departure. BMA will automatically withdraw the individual's approved person status: should the person wish to undertake another controlled function, whether within the same licensee or in another licensee, then a new application should be resubmitted.

          • HC-2.1.19

            Conventional bank licensees must immediately notify the BMA should they become aware of information that could reasonably be viewed as calling into question an approved person's compliance with the BMA's "fit and proper" requirement (see HC-2.2).

      • HC-2.2 HC-2.2 "Fit and proper" requirement

        • HC-2.2.1

          Licensees seeking an approved person authorisation for an individual, must satisfy the BMA that the individual concerned is "fit and proper" to undertake the controlled function in question.

        • HC-2.2.2

          To be considered "fit and proper", those nominated must demonstrate:

          (a) personal integrity, honesty and good reputation;
          (b) professional competence, experience and expertise, sufficient for the controlled function for which authorisation is being applied for, and given the scale, complexity and nature of the conventional bank licensee concerned; and
          (c) financial soundness.

        • HC-2.2.3

          In assessing the conditions prescribed in Rule HC-2.2.2, the BMA will take into account the criteria contained in Section HC-2.3. The BMA reviews each application on a case-by-case basis, taking into account all relevant circumstances. A person may be considered "fit and proper" to undertake one type of controlled function but not another, depending on the function's job size and required levels of experience and expertise. Similarly, a person approved to undertake a controlled function in one conventional bank licensee may not be considered to have sufficient expertise and experience to undertake nominally the same controlled function but in a much bigger licensee.

        • HC-2.2.4

          Approved persons undertaking a controlled function must act prudently, and with honesty, integrity, care, skill and due diligence in the performance of their duties. They must avoid conflicts of interest arising whilst undertaking a controlled function.

        • HC-2.2.5

          In determining whether a conflict of interest may arise, factors that may be considered include whether:

          (a) a person has breached any fiduciary obligations to the company or terms of employment;
          (b) a person has undertaken actions that would be difficult to defend, when looked at objectively, as being in the interest of the licensee; and
          (c) a person has failed to declare a personal interest that has a material impact in terms of the person's relationship with the licensee.

      • HC-2.3 HC-2.3 Interpretative Guidance on "Fit and Proper" Requirement

        • HC-2.3.1

          In assessing a person's fitness and propriety, the BMA will consider previous professional and personal conduct (in Bahrain or elsewhere) including, but not limited to, the following:

          (a) the propriety of a person's conduct, whether or not such conduct resulted in a criminal offence being committed, the contravention of a law or regulation, or the institution of legal or disciplinary proceedings;
          (b) a conviction or finding of guilt in respect of any offence, other than a minor traffic offence, by any court or competent jurisdiction;
          (c) any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct in connection with the formation or management of a corporation or partnership;
          (d) whether the person has been the subject of any disciplinary proceeding by any government authority, regulatory agency or professional body or association;
          (e) the contravention of any financial services legislation or regulation;
          (f) whether the person has ever been refused a license, authorisation, registration or other authority;
          (g) dismissal or a request to resign from any office or employment;
          (h) disqualification by a court, regulator or other competent body, as a Director or as a manager of a corporation;
          (i) whether the person has been a Director, partner or manager of a corporation or partnership which has gone into liquidation or administration or where one or more partners have been declared bankrupt whilst the person was connected with that partnership;
          (j) the extent to which the person has been truthful and open with supervisors;
          (k) the extent to which the person has appropriate professional and other qualifications for the controlled function in question;
          (l) the extent to which the person has sufficient experience, or is otherwise able to perform the functions of the controlled function in question;
          (m) whether the person has ever been adjudged bankrupt, entered into any arrangement with creditors in relation to the inability to pay due debts, or failed to satisfy a judgment debt under a court order.

        • HC-2.3.2

          With respect to HC-2.3.1(b), (c), (d) and (e), the BMA will take into account the length of time since any such event occurred, as well as the seriousness of the matter in question.

        • HC-2.3.3

          Further guidance on the process for assessing a person's "fit and proper" status is given in Module EN (Enforcement): see Chapter EN-8.

      • HC-2.4 [This section deleted 07/2006]

        [This Section was deleted in 07/2006: it has been left blank.]

    • HC-3 HC-3 Compliance officer/manager

      • HC-3.1 HC-3.1 Introduction

        • HC-3.1.1

          In order to promote best practice with respect to banks' internal systems and controls and international banking supervision, the Agency, in this chapter, outlines its requirements for the compliance function of banks. The expression "Compliance Function" in this Chapter is used to describe staff carrying out compliance duties.

        • HC-3.1.2

          The expression 'Compliance Risk', in this chapter refers to the risk of legal or regulatory sanctions, material or financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, reporting requirements, standards and codes of conduct applicable to its activities, rather than compliance with a bank's internal limits or procedures.

        • HC-3.1.3

          For further information and guidance on compliance risk and the compliance function, banks should refer to the Basel Committee publication, "Compliance and the compliance function in banks" (www.bis.org/publ April 2005). The Agency expects banks to carry out a review of their compliance with the principles in this paper on a regular basis (either by way of a self-assessment or by way of a review by the internal or external audit function).

      • HC-3.2 HC-3.2 Requirement for and approval of a compliance officer/manager

        • HC-3.2.1

          All banks must appoint a senior member of staff with responsibility for the management of compliance risk as their Compliance Officer/Manager.

        • HC-3.2.2

          The compliance function must be independent (i.e. it must not be placed in a position where its other duties or responsibilities may cause a conflict of interest with its compliance risk management responsibilities). Therefore the compliance function must be separate from the internal audit function. The compliance officer or manager may however, perform other limited related compliance roles (e.g. the MLRO or legal advisor), subject to the Agency's prior approval.

        • HC-3.2.3

          The compliance officer/manager must be appropriately qualified and experienced and the compliance function must have adequate resources to carry out its functions effectively.

        • HC-3.2.4

          The appointment of a compliance manager/officer requires the Agency's prior approval and the submission of the appointee's Personal Questionnaire (Appendix LR 2) and Curriculum Vitae to the Agency. The bank must also outline how the compliance function fits into the bank's senior management reporting structure, and must give details of relevant reporting lines within the bank.

        • HC-3.2.5

          In the case of locally incorporated banks, the compliance officer/manager must have access to the Board of Directors in addition to the senior management.

    • HC-4 [This chapter deleted 07/2006]

      [This chapter deleted 07/2006 — left blank.]